/src/mozilla-central/security/manager/ssl/nsPKCS11Slot.cpp

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsPKCS11Slot.h"

#include <string.h>

#include "mozilla/Casting.h"
#include "mozilla/Logging.h"
#include "mozilla/Telemetry.h"
#include "mozilla/Unused.h"
#include "nsCOMPtr.h"
#include "nsIMutableArray.h"
#include "nsNSSComponent.h"
#include "nsPK11TokenDB.h"
#include "nsPromiseFlatString.h"
#include "secmod.h"

using mozilla::LogLevel;

extern mozilla::LazyLogModule gPIPNSSLog;

NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)

nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot)
{
  MOZ_ASSERT(slot);
  mSlot.reset(PK11_ReferenceSlot(slot));
  mIsInternalCryptoSlot = PK11_IsInternal(mSlot.get()) &&
                          !PK11_IsInternalKeySlot(mSlot.get());
  mIsInternalKeySlot = PK11_IsInternalKeySlot(mSlot.get());
  mSeries = PK11_GetSlotSeries(slot);
  Unused << refreshSlotInfo();
}

nsresult
nsPKCS11Slot::refreshSlotInfo()
{
  CK_SLOT_INFO slotInfo;
  nsresult rv = MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo));
  if (NS_FAILED(rv)) {
    return rv;
  }

  // Set the Description field
  if (mIsInternalCryptoSlot) {
    nsresult rv;
    if (PK11_IsFIPS()) {
      rv = GetPIPNSSBundleString("Fips140SlotDescription", mSlotDesc);
    } else {
      rv = GetPIPNSSBundleString("SlotDescription", mSlotDesc);
    }
    if (NS_FAILED(rv)) {
      return rv;
    }
  } else if (mIsInternalKeySlot) {
    rv = GetPIPNSSBundleString("PrivateSlotDescription", mSlotDesc);
    if (NS_FAILED(rv)) {
      return rv;
    }
  } else {
    const char* ccDesc =
      mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.slotDescription);
    mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
    mSlotDesc.Trim(" ", false, true);
  }

  // Set the Manufacturer field
  if (mIsInternalCryptoSlot || mIsInternalKeySlot) {
    rv = GetPIPNSSBundleString("ManufacturerID", mSlotManufacturerID);
    if (NS_FAILED(rv)) {
      return rv;
    }
  } else {
    const char* ccManID =
      mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.manufacturerID);
    mSlotManufacturerID.Assign(
      ccManID,
      strnlen(ccManID, sizeof(slotInfo.manufacturerID)));
    mSlotManufacturerID.Trim(" ", false, true);
  }

  // Set the Hardware Version field
  mSlotHWVersion.Truncate();
  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major);
  mSlotHWVersion.Append('.');
  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor);

  // Set the Firmware Version field
  mSlotFWVersion.Truncate();
  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major);
  mSlotFWVersion.Append('.');
  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor);

  return NS_OK;
}

nsresult
nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
                         /*out*/ nsACString& xpcomOutParam)
{
  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
    nsresult rv = refreshSlotInfo();
    if (NS_FAILED(rv)) {
      return rv;
    }
  }

  xpcomOutParam = attribute;
  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Slot::GetName(/*out*/ nsACString& name)
{
  if (mIsInternalCryptoSlot) {
    if (PK11_IsFIPS()) {
      return GetPIPNSSBundleString("Fips140TokenDescription", name);
    }
    return GetPIPNSSBundleString("TokenDescription", name);
  }
  if (mIsInternalKeySlot) {
    return GetPIPNSSBundleString("PrivateTokenDescription", name);
  }
  name.Assign(PK11_GetSlotName(mSlot.get()));

  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Slot::GetDesc(/*out*/ nsACString& desc)
{
  return GetAttributeHelper(mSlotDesc, desc);
}

NS_IMETHODIMP
nsPKCS11Slot::GetManID(/*out*/ nsACString& manufacturerID)
{
  return GetAttributeHelper(mSlotManufacturerID, manufacturerID);
}

NS_IMETHODIMP
nsPKCS11Slot::GetHWVersion(/*out*/ nsACString& hwVersion)
{
  return GetAttributeHelper(mSlotHWVersion, hwVersion);
}

NS_IMETHODIMP
nsPKCS11Slot::GetFWVersion(/*out*/ nsACString& fwVersion)
{
  return GetAttributeHelper(mSlotFWVersion, fwVersion);
}

NS_IMETHODIMP
nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
{
  NS_ENSURE_ARG_POINTER(_retval);
  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
  token.forget(_retval);
  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName)
{
  if (!PK11_IsPresent(mSlot.get())) {
    tokenName.SetIsVoid(true);
    return NS_OK;
  }

  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
    nsresult rv = refreshSlotInfo();
    if (NS_FAILED(rv)) {
      return rv;
    }
  }

  if (mIsInternalCryptoSlot) {
    if (PK11_IsFIPS()) {
      return GetPIPNSSBundleString("Fips140TokenDescription", tokenName);
    }
    return GetPIPNSSBundleString("TokenDescription", tokenName);
  }
  if (mIsInternalKeySlot) {
    return GetPIPNSSBundleString("PrivateTokenDescription", tokenName);
  }

  tokenName.Assign(PK11_GetTokenName(mSlot.get()));
  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Slot::GetStatus(uint32_t* _retval)
{
  NS_ENSURE_ARG_POINTER(_retval);
  if (PK11_IsDisabled(mSlot.get())) {
    *_retval = SLOT_DISABLED;
  } else if (!PK11_IsPresent(mSlot.get())) {
    *_retval = SLOT_NOT_PRESENT;
  } else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) {
    *_retval = SLOT_UNINITIALIZED;
  } else if (PK11_NeedLogin(mSlot.get()) &&
             !PK11_IsLoggedIn(mSlot.get(), nullptr)) {
    *_retval = SLOT_NOT_LOGGED_IN;
  } else if (PK11_NeedLogin(mSlot.get())) {
    *_retval = SLOT_LOGGED_IN;
  } else {
    *_retval = SLOT_READY;
  }
  return NS_OK;
}

NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)

nsPKCS11Module::nsPKCS11Module(SECMODModule* module)
{
  MOZ_ASSERT(module);
  mModule.reset(SECMOD_ReferenceModule(module));
}

// Convert the UTF8 internal name of the module to how it should appear to the
// user. In most cases this involves simply passing back the module's name.
// However, the builtin roots module has a non-localized name internally that we
// must map to the localized version when we display it to the user.
static nsresult
NormalizeModuleNameOut(const char* moduleNameIn, nsACString& moduleNameOut)
{
  // Easy case: this isn't the builtin roots module.
  if (strnlen(moduleNameIn, kRootModuleNameLen + 1) != kRootModuleNameLen ||
      strncmp(kRootModuleName, moduleNameIn, kRootModuleNameLen) != 0) {
    moduleNameOut.Assign(moduleNameIn);
    return NS_OK;
  }

  nsAutoString localizedRootModuleName;
  nsresult rv = GetPIPNSSBundleString("RootCertModuleName",
                                      localizedRootModuleName);
  if (NS_FAILED(rv)) {
    return rv;
  }
  moduleNameOut.Assign(NS_ConvertUTF16toUTF8(localizedRootModuleName));
  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Module::GetName(/*out*/ nsACString& name)
{
  return NormalizeModuleNameOut(mModule->commonName, name);
}

NS_IMETHODIMP
nsPKCS11Module::GetLibName(/*out*/ nsACString& libName)
{
  if (mModule->dllName) {
    libName = mModule->dllName;
  } else {
    libName.SetIsVoid(true);
  }
  return NS_OK;
}

NS_IMETHODIMP
nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval)
{
  NS_ENSURE_ARG_POINTER(_retval);

  nsresult rv = CheckForSmartCardChanges();
  if (NS_FAILED(rv)) {
    return rv;
  }

  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
  if (!array) {
    return NS_ERROR_FAILURE;
  }

  /* applications which allow new slot creation (which Firefox now does
   * since it uses the WaitForSlotEvent call) need to hold the
   * ModuleList Read lock to prevent the slot array from changing out
   * from under it. */
  AutoSECMODListReadLock lock;
  for (int i = 0; i < mModule->slotCount; i++) {
    if (mModule->slots[i]) {
      nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
      rv = array->AppendElement(slot);
      if (NS_FAILED(rv)) {
        return rv;
      }
    }
  }

  return array->Enumerate(_retval, NS_GET_IID(nsIPKCS11Slot));
}

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include "nsPKCS11Slot.h"
6
7		#include <string.h>
8
9		#include "mozilla/Casting.h"
10		#include "mozilla/Logging.h"
11		#include "mozilla/Telemetry.h"
12		#include "mozilla/Unused.h"
13		#include "nsCOMPtr.h"
14		#include "nsIMutableArray.h"
15		#include "nsNSSComponent.h"
16		#include "nsPK11TokenDB.h"
17		#include "nsPromiseFlatString.h"
18		#include "secmod.h"
19
20		using mozilla::LogLevel;
21
22		extern mozilla::LazyLogModule gPIPNSSLog;
23
24		NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
25
26		nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot)
27	0	{
28	0	MOZ_ASSERT(slot);
29	0	mSlot.reset(PK11_ReferenceSlot(slot));
30	0	mIsInternalCryptoSlot = PK11_IsInternal(mSlot.get()) &&
31	0	!PK11_IsInternalKeySlot(mSlot.get());
32	0	mIsInternalKeySlot = PK11_IsInternalKeySlot(mSlot.get());
33	0	mSeries = PK11_GetSlotSeries(slot);
34	0	Unused << refreshSlotInfo();
35	0	}
36
37		nsresult
38		nsPKCS11Slot::refreshSlotInfo()
39	0	{
40	0	CK_SLOT_INFO slotInfo;
41	0	nsresult rv = MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo));
42	0	if (NS_FAILED(rv)) {
43	0	return rv;
44	0	}
45	0
46	0	// Set the Description field
47	0	if (mIsInternalCryptoSlot) {
48	0	nsresult rv;
49	0	if (PK11_IsFIPS()) {
50	0	rv = GetPIPNSSBundleString("Fips140SlotDescription", mSlotDesc);
51	0	} else {
52	0	rv = GetPIPNSSBundleString("SlotDescription", mSlotDesc);
53	0	}
54	0	if (NS_FAILED(rv)) {
55	0	return rv;
56	0	}
57	0	} else if (mIsInternalKeySlot) {
58	0	rv = GetPIPNSSBundleString("PrivateSlotDescription", mSlotDesc);
59	0	if (NS_FAILED(rv)) {
60	0	return rv;
61	0	}
62	0	} else {
63	0	const char* ccDesc =
64	0	mozilla::BitwiseCast<char, CK_UTF8CHAR>(slotInfo.slotDescription);
65	0	mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
66	0	mSlotDesc.Trim(" ", false, true);
67	0	}
68	0
69	0	// Set the Manufacturer field
70	0	if (mIsInternalCryptoSlot \|\| mIsInternalKeySlot) {
71	0	rv = GetPIPNSSBundleString("ManufacturerID", mSlotManufacturerID);
72	0	if (NS_FAILED(rv)) {
73	0	return rv;
74	0	}
75	0	} else {
76	0	const char* ccManID =
77	0	mozilla::BitwiseCast<char, CK_UTF8CHAR>(slotInfo.manufacturerID);
78	0	mSlotManufacturerID.Assign(
79	0	ccManID,
80	0	strnlen(ccManID, sizeof(slotInfo.manufacturerID)));
81	0	mSlotManufacturerID.Trim(" ", false, true);
82	0	}
83	0
84	0	// Set the Hardware Version field
85	0	mSlotHWVersion.Truncate();
86	0	mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major);
87	0	mSlotHWVersion.Append('.');
88	0	mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor);
89	0
90	0	// Set the Firmware Version field
91	0	mSlotFWVersion.Truncate();
92	0	mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major);
93	0	mSlotFWVersion.Append('.');
94	0	mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor);
95	0
96	0	return NS_OK;
97	0	}
98
99		nsresult
100		nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
101		/out/ nsACString& xpcomOutParam)
102	0	{
103	0	if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
104	0	nsresult rv = refreshSlotInfo();
105	0	if (NS_FAILED(rv)) {
106	0	return rv;
107	0	}
108	0	}
109	0
110	0	xpcomOutParam = attribute;
111	0	return NS_OK;
112	0	}
113
114		NS_IMETHODIMP
115		nsPKCS11Slot::GetName(/out/ nsACString& name)
116	0	{
117	0	if (mIsInternalCryptoSlot) {
118	0	if (PK11_IsFIPS()) {
119	0	return GetPIPNSSBundleString("Fips140TokenDescription", name);
120	0	}
121	0	return GetPIPNSSBundleString("TokenDescription", name);
122	0	}
123	0	if (mIsInternalKeySlot) {
124	0	return GetPIPNSSBundleString("PrivateTokenDescription", name);
125	0	}
126	0	name.Assign(PK11_GetSlotName(mSlot.get()));
127	0
128	0	return NS_OK;
129	0	}
130
131		NS_IMETHODIMP
132		nsPKCS11Slot::GetDesc(/out/ nsACString& desc)
133	0	{
134	0	return GetAttributeHelper(mSlotDesc, desc);
135	0	}
136
137		NS_IMETHODIMP
138		nsPKCS11Slot::GetManID(/out/ nsACString& manufacturerID)
139	0	{
140	0	return GetAttributeHelper(mSlotManufacturerID, manufacturerID);
141	0	}
142
143		NS_IMETHODIMP
144		nsPKCS11Slot::GetHWVersion(/out/ nsACString& hwVersion)
145	0	{
146	0	return GetAttributeHelper(mSlotHWVersion, hwVersion);
147	0	}
148
149		NS_IMETHODIMP
150		nsPKCS11Slot::GetFWVersion(/out/ nsACString& fwVersion)
151	0	{
152	0	return GetAttributeHelper(mSlotFWVersion, fwVersion);
153	0	}
154
155		NS_IMETHODIMP
156		nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
157	0	{
158	0	NS_ENSURE_ARG_POINTER(_retval);
159	0	nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
160	0	token.forget(_retval);
161	0	return NS_OK;
162	0	}
163
164		NS_IMETHODIMP
165		nsPKCS11Slot::GetTokenName(/out/ nsACString& tokenName)
166	0	{
167	0	if (!PK11_IsPresent(mSlot.get())) {
168	0	tokenName.SetIsVoid(true);
169	0	return NS_OK;
170	0	}
171	0
172	0	if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
173	0	nsresult rv = refreshSlotInfo();
174	0	if (NS_FAILED(rv)) {
175	0	return rv;
176	0	}
177	0	}
178	0
179	0	if (mIsInternalCryptoSlot) {
180	0	if (PK11_IsFIPS()) {
181	0	return GetPIPNSSBundleString("Fips140TokenDescription", tokenName);
182	0	}
183	0	return GetPIPNSSBundleString("TokenDescription", tokenName);
184	0	}
185	0	if (mIsInternalKeySlot) {
186	0	return GetPIPNSSBundleString("PrivateTokenDescription", tokenName);
187	0	}
188	0
189	0	tokenName.Assign(PK11_GetTokenName(mSlot.get()));
190	0	return NS_OK;
191	0	}
192
193		NS_IMETHODIMP
194		nsPKCS11Slot::GetStatus(uint32_t* _retval)
195	0	{
196	0	NS_ENSURE_ARG_POINTER(_retval);
197	0	if (PK11_IsDisabled(mSlot.get())) {
198	0	*_retval = SLOT_DISABLED;
199	0	} else if (!PK11_IsPresent(mSlot.get())) {
200	0	*_retval = SLOT_NOT_PRESENT;
201	0	} else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) {
202	0	*_retval = SLOT_UNINITIALIZED;
203	0	} else if (PK11_NeedLogin(mSlot.get()) &&
204	0	!PK11_IsLoggedIn(mSlot.get(), nullptr)) {
205	0	*_retval = SLOT_NOT_LOGGED_IN;
206	0	} else if (PK11_NeedLogin(mSlot.get())) {
207	0	*_retval = SLOT_LOGGED_IN;
208	0	} else {
209	0	*_retval = SLOT_READY;
210	0	}
211	0	return NS_OK;
212	0	}
213
214		NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
215
216		nsPKCS11Module::nsPKCS11Module(SECMODModule* module)
217	0	{
218	0	MOZ_ASSERT(module);
219	0	mModule.reset(SECMOD_ReferenceModule(module));
220	0	}
221
222		// Convert the UTF8 internal name of the module to how it should appear to the
223		// user. In most cases this involves simply passing back the module's name.
224		// However, the builtin roots module has a non-localized name internally that we
225		// must map to the localized version when we display it to the user.
226		static nsresult
227		NormalizeModuleNameOut(const char* moduleNameIn, nsACString& moduleNameOut)
228	0	{
229	0	// Easy case: this isn't the builtin roots module.
230	0	if (strnlen(moduleNameIn, kRootModuleNameLen + 1) != kRootModuleNameLen \|\|
231	0	strncmp(kRootModuleName, moduleNameIn, kRootModuleNameLen) != 0) {
232	0	moduleNameOut.Assign(moduleNameIn);
233	0	return NS_OK;
234	0	}
235	0
236	0	nsAutoString localizedRootModuleName;
237	0	nsresult rv = GetPIPNSSBundleString("RootCertModuleName",
238	0	localizedRootModuleName);
239	0	if (NS_FAILED(rv)) {
240	0	return rv;
241	0	}
242	0	moduleNameOut.Assign(NS_ConvertUTF16toUTF8(localizedRootModuleName));
243	0	return NS_OK;
244	0	}
245
246		NS_IMETHODIMP
247		nsPKCS11Module::GetName(/out/ nsACString& name)
248	0	{
249	0	return NormalizeModuleNameOut(mModule->commonName, name);
250	0	}
251
252		NS_IMETHODIMP
253		nsPKCS11Module::GetLibName(/out/ nsACString& libName)
254	0	{
255	0	if (mModule->dllName) {
256	0	libName = mModule->dllName;
257	0	} else {
258	0	libName.SetIsVoid(true);
259	0	}
260	0	return NS_OK;
261	0	}
262
263		NS_IMETHODIMP
264		nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval)
265	0	{
266	0	NS_ENSURE_ARG_POINTER(_retval);
267	0
268	0	nsresult rv = CheckForSmartCardChanges();
269	0	if (NS_FAILED(rv)) {
270	0	return rv;
271	0	}
272	0
273	0	nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
274	0	if (!array) {
275	0	return NS_ERROR_FAILURE;
276	0	}
277	0
278	0	/* applications which allow new slot creation (which Firefox now does
279	0	* since it uses the WaitForSlotEvent call) need to hold the
280	0	* ModuleList Read lock to prevent the slot array from changing out
281	0	* from under it. */
282	0	AutoSECMODListReadLock lock;
283	0	for (int i = 0; i < mModule->slotCount; i++) {
284	0	if (mModule->slots[i]) {
285	0	nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
286	0	rv = array->AppendElement(slot);
287	0	if (NS_FAILED(rv)) {
288	0	return rv;
289	0	}
290	0	}
291	0	}
292	0
293	0	return array->Enumerate(_retval, NS_GET_IID(nsIPKCS11Slot));
294	0	}