/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * The following code handles the storage of PKCS 11 modules used by the * NSS. This file is written to abstract away how the modules are * stored so we can deside that later. */ #include "pkcs11i.h" #include "sdb.h" #include "prprf.h" #include "prenv.h" #include "utilpars.h" #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } static void sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) { parsed->readOnly = NSSUTIL_ArgHasFlag("flags","readOnly",tmp); parsed->noCertDB = NSSUTIL_ArgHasFlag("flags","noCertDB",tmp); parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags","noKeyDB",tmp); parsed->forceOpen = NSSUTIL_ArgHasFlag("flags","forceOpen",tmp); parsed->pwRequired = NSSUTIL_ArgHasFlag("flags","passwordRequired",tmp); parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags","optimizeSpace",tmp); return; } static void sftk_parseFlags(char *tmp, sftk_parameters *parsed) { parsed->noModDB = NSSUTIL_ArgHasFlag("flags","noModDB",tmp); parsed->readOnly = NSSUTIL_ArgHasFlag("flags","readOnly",tmp); /* keep legacy interface working */ parsed->noCertDB = NSSUTIL_ArgHasFlag("flags","noCertDB",tmp); parsed->forceOpen = NSSUTIL_ArgHasFlag("flags","forceOpen",tmp); parsed->pwRequired = NSSUTIL_ArgHasFlag("flags","passwordRequired",tmp); parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags","optimizeSpace",tmp); return; } static CK_RV sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed) { int next; char *tmp = NULL; char *index; index = NSSUTIL_ArgStrip(param); while (*index) { NSSUTIL_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updatedir,"updateDir=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updCertPrefix, "updateCertPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updKeyPrefix, "updateKeyPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updateID,"updateID=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updtokdes, "updateTokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,tmp,"minPWLen=", if(tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; }) NSSUTIL_HANDLE_STRING_ARG(index,tmp,"flags=", if(tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; }) NSSUTIL_HANDLE_FINAL_ARG(index) } return CKR_OK; } static void sftk_parseTokens(char *tokenParams, sftk_parameters *parsed) { char *tokenIndex; sftk_token_parameters *tokens = NULL; int i=0,count = 0,next; if ((tokenParams == NULL) || (*tokenParams == 0)) return; /* first count the number of slots */ for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex; tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) { count++; } /* get the data structures */ tokens = (sftk_token_parameters *) PORT_ZAlloc(count*sizeof(sftk_token_parameters)); if (tokens == NULL) return; for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0; *tokenIndex && i < count ; i++ ) { char *name; name = NSSUTIL_ArgGetLabel(tokenIndex,&next); tokenIndex += next; tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name); tokens[i].readOnly = PR_FALSE; tokens[i].noCertDB = PR_FALSE; tokens[i].noKeyDB = PR_FALSE; if (!NSSUTIL_ArgIsBlank(*tokenIndex)) { char *args = NSSUTIL_ArgFetchValue(tokenIndex,&next); tokenIndex += next; if (args) { sftk_parseTokenParameters(args,&tokens[i]); PORT_Free(args); } } if (name) PORT_Free(name); tokenIndex = NSSUTIL_ArgStrip(tokenIndex); } parsed->token_count = i; parsed->tokens = tokens; return; } CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS) { int next; char *tmp = NULL; char *index; char *certPrefix = NULL, *keyPrefix = NULL; char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL; char *slotdes = NULL, *pslotdes = NULL; char *fslotdes = NULL, *ftokdes = NULL; char *minPW = NULL; index = NSSUTIL_ArgStrip(param); PORT_Memset(parsed, 0, sizeof(sftk_parameters)); while (*index) { NSSUTIL_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updatedir,"updateDir=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->updateID,"updateID=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;) NSSUTIL_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;) /* constructed values, used so legacy interfaces still work */ NSSUTIL_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;) NSSUTIL_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,ftokdes,"FIPSTokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,pupdtokdes, "updateTokenDescription=",;) NSSUTIL_HANDLE_STRING_ARG(index,minPW,"minPWLen=",;) NSSUTIL_HANDLE_STRING_ARG(index,tmp,"flags=", if(tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; }) NSSUTIL_HANDLE_STRING_ARG(index,tmp,"tokens=", if(tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; }) NSSUTIL_HANDLE_FINAL_ARG(index) } if (parsed->tokens == NULL) { int count = isFIPS ? 1 : 2; int index = count-1; sftk_token_parameters *tokens = NULL; tokens = (sftk_token_parameters *) PORT_ZAlloc(count*sizeof(sftk_token_parameters)); if (tokens == NULL) { goto loser; } parsed->tokens = tokens; parsed->token_count = count; tokens[index].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID; tokens[index].certPrefix = certPrefix; tokens[index].keyPrefix = keyPrefix; tokens[index].minPW = minPW ? atoi(minPW) : 0; tokens[index].readOnly = parsed->readOnly; tokens[index].noCertDB = parsed->noCertDB; tokens[index].noKeyDB = parsed->noCertDB; tokens[index].forceOpen = parsed->forceOpen; tokens[index].pwRequired = parsed->pwRequired; tokens[index].optimizeSpace = parsed->optimizeSpace; tokens[0].optimizeSpace = parsed->optimizeSpace; certPrefix = NULL; keyPrefix = NULL; if (isFIPS) { tokens[index].tokdes = ftokdes; tokens[index].updtokdes = pupdtokdes; tokens[index].slotdes = fslotdes; fslotdes = NULL; ftokdes = NULL; pupdtokdes = NULL; } else { tokens[index].tokdes = ptokdes; tokens[index].updtokdes = pupdtokdes; tokens[index].slotdes = pslotdes; tokens[0].slotID = NETSCAPE_SLOT_ID; tokens[0].tokdes = tokdes; tokens[0].slotdes = slotdes; tokens[0].noCertDB = PR_TRUE; tokens[0].noKeyDB = PR_TRUE; pupdtokdes = NULL; ptokdes = NULL; pslotdes = NULL; tokdes = NULL; slotdes = NULL; } } loser: FREE_CLEAR(certPrefix); FREE_CLEAR(keyPrefix); FREE_CLEAR(tokdes); FREE_CLEAR(ptokdes); FREE_CLEAR(pupdtokdes); FREE_CLEAR(slotdes); FREE_CLEAR(pslotdes); FREE_CLEAR(fslotdes); FREE_CLEAR(ftokdes); FREE_CLEAR(minPW); return CKR_OK; } void sftk_freeParams(sftk_parameters *params) { int i; for (i=0; i < params->token_count; i++) { FREE_CLEAR(params->tokens[i].configdir); FREE_CLEAR(params->tokens[i].certPrefix); FREE_CLEAR(params->tokens[i].keyPrefix); FREE_CLEAR(params->tokens[i].tokdes); FREE_CLEAR(params->tokens[i].slotdes); FREE_CLEAR(params->tokens[i].updatedir); FREE_CLEAR(params->tokens[i].updCertPrefix); FREE_CLEAR(params->tokens[i].updKeyPrefix); FREE_CLEAR(params->tokens[i].updateID); FREE_CLEAR(params->tokens[i].updtokdes); } FREE_CLEAR(params->configdir); FREE_CLEAR(params->secmodName); FREE_CLEAR(params->man); FREE_CLEAR(params->libdes); FREE_CLEAR(params->tokens); FREE_CLEAR(params->updatedir); FREE_CLEAR(params->updateID); }