/src/mozilla-central/security/nss/lib/pk11wrap/dev3hack.c

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef PKIT_H
#include "pkit.h"
#endif /* PKIT_H */

#ifndef DEVM_H
#include "devm.h"
#endif /* DEVM_H */

#include "pki3hack.h"
#include "dev3hack.h"
#include "pkim.h"

#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */

#include "pk11func.h"
#include "secmodti.h"
#include "secerr.h"

NSS_IMPLEMENT nssSession *
nssSession_ImportNSS3Session(NSSArena *arenaOpt,
                             CK_SESSION_HANDLE session,
                             PZLock *lock, PRBool rw)
{
    nssSession *rvSession = NULL;
    if (session != CK_INVALID_SESSION) {
        rvSession = nss_ZNEW(arenaOpt, nssSession);
        if (rvSession) {
            rvSession->handle = session;
            rvSession->lock = lock;
            rvSession->ownLock = PR_FALSE;
            rvSession->isRW = rw;
        }
    }
    return rvSession;
}

NSS_IMPLEMENT nssSession *
nssSlot_CreateSession(
    NSSSlot *slot,
    NSSArena *arenaOpt,
    PRBool readWrite)
{
    nssSession *rvSession;

    if (!readWrite) {
        /* nss3hack version only returns rw swssions */
        return NULL;
    }
    rvSession = nss_ZNEW(arenaOpt, nssSession);
    if (!rvSession) {
        return (nssSession *)NULL;
    }

    rvSession->handle = PK11_GetRWSession(slot->pk11slot);
    if (rvSession->handle == CK_INVALID_HANDLE) {
        nss_ZFreeIf(rvSession);
        return NULL;
    }
    rvSession->isRW = PR_TRUE;
    rvSession->slot = slot;
    /*
     * The session doesn't need its own lock.  Here's why.
     * 1. If we are reusing the default RW session of the slot,
     *    the slot lock is already locked to protect the session.
     * 2. If the module is not thread safe, the slot (or rather
     *    module) lock is already locked.
     * 3. If the module is thread safe and we are using a new
     *    session, no higher-level lock has been locked and we
     *    would need a lock for the new session.  However, the
     *    current usage of the session is that it is always
     *    used and destroyed within the same function and never
     *    shared with another thread.
     * So the session is either already protected by another
     * lock or only used by one thread.
     */
    rvSession->lock = NULL;
    rvSession->ownLock = PR_FALSE;
    return rvSession;
}

NSS_IMPLEMENT PRStatus
nssSession_Destroy(nssSession *s)
{
    PRStatus rv = PR_SUCCESS;
    if (s) {
        if (s->isRW) {
            PK11_RestoreROSession(s->slot->pk11slot, s->handle);
        }
        rv = nss_ZFreeIf(s);
    }
    return rv;
}

static NSSSlot *
nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
    NSSSlot *rvSlot;
    NSSArena *arena;
    arena = nssArena_Create();
    if (!arena) {
        return NULL;
    }
    rvSlot = nss_ZNEW(arena, NSSSlot);
    if (!rvSlot) {
        nssArena_Destroy(arena);
        return NULL;
    }
    rvSlot->base.refCount = 1;
    rvSlot->base.lock = PZ_NewLock(nssILockOther);
    rvSlot->base.arena = arena;
    rvSlot->pk11slot = PK11_ReferenceSlot(nss3slot);
    rvSlot->epv = nss3slot->functionList;
    rvSlot->slotID = nss3slot->slotID;
    /* Grab the slot name from the PKCS#11 fixed-length buffer */
    rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
    rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
    rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
    rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
    rvSlot->isPresentThread = NULL;
    rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
    return rvSlot;
}

NSSToken *
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
    NSSToken *rvToken;
    NSSArena *arena;

    /* Don't create a token object for a disabled slot */
    if (nss3slot->disabled) {
        PORT_SetError(SEC_ERROR_NO_TOKEN);
        return NULL;
    }
    arena = nssArena_Create();
    if (!arena) {
        return NULL;
    }
    rvToken = nss_ZNEW(arena, NSSToken);
    if (!rvToken) {
        nssArena_Destroy(arena);
        return NULL;
    }
    rvToken->base.refCount = 1;
    rvToken->base.lock = PZ_NewLock(nssILockOther);
    if (!rvToken->base.lock) {
        nssArena_Destroy(arena);
        return NULL;
    }
    rvToken->base.arena = arena;
    rvToken->pk11slot = PK11_ReferenceSlot(nss3slot);
    rvToken->epv = nss3slot->functionList;
    rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
                                                           nss3slot->session,
                                                           nss3slot->sessionLock,
                                                           nss3slot->defRWSession);
#if 0 /* we should do this instead of blindly continuing. */
    if (!rvToken->defaultSession) {
    PORT_SetError(SEC_ERROR_NO_TOKEN);
        goto loser;
    }
#endif
    if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
        rvToken->cache = nssTokenObjectCache_Create(rvToken,
                                                    PR_TRUE, PR_TRUE, PR_TRUE);
        if (!rvToken->cache)
            goto loser;
    }
    rvToken->trustDomain = td;
    /* Grab the token name from the PKCS#11 fixed-length buffer */
    rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena);
    rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
    if (!rvToken->slot) {
        goto loser;
    }
    rvToken->slot->token = rvToken;
    if (rvToken->defaultSession)
        rvToken->defaultSession->slot = rvToken->slot;
    return rvToken;
loser:
    PZ_DestroyLock(rvToken->base.lock);
    nssArena_Destroy(arena);
    return NULL;
}

NSS_IMPLEMENT void
nssToken_UpdateName(NSSToken *token)
{
    if (!token) {
        return;
    }
    token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena);
}

NSS_IMPLEMENT PRBool
nssSlot_IsPermanent(NSSSlot *slot)
{
    return slot->pk11slot->isPerm;
}

NSS_IMPLEMENT PRBool
nssSlot_IsFriendly(NSSSlot *slot)
{
    return PK11_IsFriendly(slot->pk11slot);
}

NSS_IMPLEMENT PRStatus
nssToken_Refresh(NSSToken *token)
{
    PK11SlotInfo *nss3slot;

    if (!token) {
        return PR_SUCCESS;
    }
    nss3slot = token->pk11slot;
    token->defaultSession =
        nssSession_ImportNSS3Session(token->slot->base.arena,
                                     nss3slot->session,
                                     nss3slot->sessionLock,
                                     nss3slot->defRWSession);
    return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
}

NSS_IMPLEMENT PRStatus
nssSlot_Refresh(NSSSlot *slot)
{
    PK11SlotInfo *nss3slot = slot->pk11slot;
    PRBool doit = PR_FALSE;
    if (slot->token && slot->token->base.name[0] == 0) {
        doit = PR_TRUE;
    }
    if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
        return PR_FAILURE;
    }
    if (doit) {
        nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
                                              slot->token);
    }
    return nssToken_Refresh(slot->token);
}

NSS_IMPLEMENT PRStatus
nssToken_GetTrustOrder(NSSToken *tok)
{
    PK11SlotInfo *slot;
    SECMODModule *module;
    slot = tok->pk11slot;
    module = PK11_GetModule(slot);
    return module->trustOrder;
}

NSS_IMPLEMENT PRBool
nssSlot_IsLoggedIn(NSSSlot *slot)
{
    if (!slot->pk11slot->needLogin) {
        return PR_TRUE;
    }
    return PK11_IsLoggedIn(slot->pk11slot, NULL);
}

NSSTrustDomain *
nssToken_GetTrustDomain(NSSToken *token)
{
    return token->trustDomain;
}

NSS_EXTERN PRStatus
nssTrustDomain_RemoveTokenCertsFromCache(
    NSSTrustDomain *td,
    NSSToken *token);

NSS_IMPLEMENT PRStatus
nssToken_NotifyCertsNotVisible(
    NSSToken *tok)
{
    return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
}

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#ifndef PKIT_H
6		#include "pkit.h"
7		#endif /* PKIT_H */
8
9		#ifndef DEVM_H
10		#include "devm.h"
11		#endif /* DEVM_H */
12
13		#include "pki3hack.h"
14		#include "dev3hack.h"
15		#include "pkim.h"
16
17		#ifndef BASE_H
18		#include "base.h"
19		#endif /* BASE_H */
20
21		#include "pk11func.h"
22		#include "secmodti.h"
23		#include "secerr.h"
24
25		NSS_IMPLEMENT nssSession *
26		nssSession_ImportNSS3Session(NSSArena *arenaOpt,
27		CK_SESSION_HANDLE session,
28		PZLock *lock, PRBool rw)
29	0	{
30	0	nssSession *rvSession = NULL;
31	0	if (session != CK_INVALID_SESSION) {
32	0	rvSession = nss_ZNEW(arenaOpt, nssSession);
33	0	if (rvSession) {
34	0	rvSession->handle = session;
35	0	rvSession->lock = lock;
36	0	rvSession->ownLock = PR_FALSE;
37	0	rvSession->isRW = rw;
38	0	}
39	0	}
40	0	return rvSession;
41	0	}
42
43		NSS_IMPLEMENT nssSession *
44		nssSlot_CreateSession(
45		NSSSlot *slot,
46		NSSArena *arenaOpt,
47		PRBool readWrite)
48	0	{
49	0	nssSession *rvSession;
50	0
51	0	if (!readWrite) {
52	0	/* nss3hack version only returns rw swssions */
53	0	return NULL;
54	0	}
55	0	rvSession = nss_ZNEW(arenaOpt, nssSession);
56	0	if (!rvSession) {
57	0	return (nssSession *)NULL;
58	0	}
59	0
60	0	rvSession->handle = PK11_GetRWSession(slot->pk11slot);
61	0	if (rvSession->handle == CK_INVALID_HANDLE) {
62	0	nss_ZFreeIf(rvSession);
63	0	return NULL;
64	0	}
65	0	rvSession->isRW = PR_TRUE;
66	0	rvSession->slot = slot;
67	0	/*
68	0	* The session doesn't need its own lock. Here's why.
69	0	* 1. If we are reusing the default RW session of the slot,
70	0	* the slot lock is already locked to protect the session.
71	0	* 2. If the module is not thread safe, the slot (or rather
72	0	* module) lock is already locked.
73	0	* 3. If the module is thread safe and we are using a new
74	0	* session, no higher-level lock has been locked and we
75	0	* would need a lock for the new session. However, the
76	0	* current usage of the session is that it is always
77	0	* used and destroyed within the same function and never
78	0	* shared with another thread.
79	0	* So the session is either already protected by another
80	0	* lock or only used by one thread.
81	0	*/
82	0	rvSession->lock = NULL;
83	0	rvSession->ownLock = PR_FALSE;
84	0	return rvSession;
85	0	}
86
87		NSS_IMPLEMENT PRStatus
88		nssSession_Destroy(nssSession *s)
89	0	{
90	0	PRStatus rv = PR_SUCCESS;
91	0	if (s) {
92	0	if (s->isRW) {
93	0	PK11_RestoreROSession(s->slot->pk11slot, s->handle);
94	0	}
95	0	rv = nss_ZFreeIf(s);
96	0	}
97	0	return rv;
98	0	}
99
100		static NSSSlot *
101		nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain td, PK11SlotInfo nss3slot)
102	0	{
103	0	NSSSlot *rvSlot;
104	0	NSSArena *arena;
105	0	arena = nssArena_Create();
106	0	if (!arena) {
107	0	return NULL;
108	0	}
109	0	rvSlot = nss_ZNEW(arena, NSSSlot);
110	0	if (!rvSlot) {
111	0	nssArena_Destroy(arena);
112	0	return NULL;
113	0	}
114	0	rvSlot->base.refCount = 1;
115	0	rvSlot->base.lock = PZ_NewLock(nssILockOther);
116	0	rvSlot->base.arena = arena;
117	0	rvSlot->pk11slot = PK11_ReferenceSlot(nss3slot);
118	0	rvSlot->epv = nss3slot->functionList;
119	0	rvSlot->slotID = nss3slot->slotID;
120	0	/* Grab the slot name from the PKCS#11 fixed-length buffer */
121	0	rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
122	0	rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
123	0	rvSlot->isPresentLock = PZ_NewLock(nssiLockOther);
124	0	rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock);
125	0	rvSlot->isPresentThread = NULL;
126	0	rvSlot->lastTokenPingState = nssSlotLastPingState_Reset;
127	0	return rvSlot;
128	0	}
129
130		NSSToken *
131		nssToken_CreateFromPK11SlotInfo(NSSTrustDomain td, PK11SlotInfo nss3slot)
132	0	{
133	0	NSSToken *rvToken;
134	0	NSSArena *arena;
135	0
136	0	/* Don't create a token object for a disabled slot */
137	0	if (nss3slot->disabled) {
138	0	PORT_SetError(SEC_ERROR_NO_TOKEN);
139	0	return NULL;
140	0	}
141	0	arena = nssArena_Create();
142	0	if (!arena) {
143	0	return NULL;
144	0	}
145	0	rvToken = nss_ZNEW(arena, NSSToken);
146	0	if (!rvToken) {
147	0	nssArena_Destroy(arena);
148	0	return NULL;
149	0	}
150	0	rvToken->base.refCount = 1;
151	0	rvToken->base.lock = PZ_NewLock(nssILockOther);
152	0	if (!rvToken->base.lock) {
153	0	nssArena_Destroy(arena);
154	0	return NULL;
155	0	}
156	0	rvToken->base.arena = arena;
157	0	rvToken->pk11slot = PK11_ReferenceSlot(nss3slot);
158	0	rvToken->epv = nss3slot->functionList;
159	0	rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
160	0	nss3slot->session,
161	0	nss3slot->sessionLock,
162	0	nss3slot->defRWSession);
163		#if 0 /* we should do this instead of blindly continuing. */
164		if (!rvToken->defaultSession) {
165		PORT_SetError(SEC_ERROR_NO_TOKEN);
166		goto loser;
167		}
168		#endif
169	0	if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
170	0	rvToken->cache = nssTokenObjectCache_Create(rvToken,
171	0	PR_TRUE, PR_TRUE, PR_TRUE);
172	0	if (!rvToken->cache)
173	0	goto loser;
174	0	}
175	0	rvToken->trustDomain = td;
176	0	/* Grab the token name from the PKCS#11 fixed-length buffer */
177	0	rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena);
178	0	rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
179	0	if (!rvToken->slot) {
180	0	goto loser;
181	0	}
182	0	rvToken->slot->token = rvToken;
183	0	if (rvToken->defaultSession)
184	0	rvToken->defaultSession->slot = rvToken->slot;
185	0	return rvToken;
186	0	loser:
187	0	PZ_DestroyLock(rvToken->base.lock);
188	0	nssArena_Destroy(arena);
189	0	return NULL;
190	0	}
191
192		NSS_IMPLEMENT void
193		nssToken_UpdateName(NSSToken *token)
194	0	{
195	0	if (!token) {
196	0	return;
197	0	}
198	0	token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena);
199	0	}
200
201		NSS_IMPLEMENT PRBool
202		nssSlot_IsPermanent(NSSSlot *slot)
203	0	{
204	0	return slot->pk11slot->isPerm;
205	0	}
206
207		NSS_IMPLEMENT PRBool
208		nssSlot_IsFriendly(NSSSlot *slot)
209	0	{
210	0	return PK11_IsFriendly(slot->pk11slot);
211	0	}
212
213		NSS_IMPLEMENT PRStatus
214		nssToken_Refresh(NSSToken *token)
215	0	{
216	0	PK11SlotInfo *nss3slot;
217	0
218	0	if (!token) {
219	0	return PR_SUCCESS;
220	0	}
221	0	nss3slot = token->pk11slot;
222	0	token->defaultSession =
223	0	nssSession_ImportNSS3Session(token->slot->base.arena,
224	0	nss3slot->session,
225	0	nss3slot->sessionLock,
226	0	nss3slot->defRWSession);
227	0	return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
228	0	}
229
230		NSS_IMPLEMENT PRStatus
231		nssSlot_Refresh(NSSSlot *slot)
232	0	{
233	0	PK11SlotInfo *nss3slot = slot->pk11slot;
234	0	PRBool doit = PR_FALSE;
235	0	if (slot->token && slot->token->base.name[0] == 0) {
236	0	doit = PR_TRUE;
237	0	}
238	0	if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
239	0	return PR_FAILURE;
240	0	}
241	0	if (doit) {
242	0	nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
243	0	slot->token);
244	0	}
245	0	return nssToken_Refresh(slot->token);
246	0	}
247
248		NSS_IMPLEMENT PRStatus
249		nssToken_GetTrustOrder(NSSToken *tok)
250	0	{
251	0	PK11SlotInfo *slot;
252	0	SECMODModule *module;
253	0	slot = tok->pk11slot;
254	0	module = PK11_GetModule(slot);
255	0	return module->trustOrder;
256	0	}
257
258		NSS_IMPLEMENT PRBool
259		nssSlot_IsLoggedIn(NSSSlot *slot)
260	0	{
261	0	if (!slot->pk11slot->needLogin) {
262	0	return PR_TRUE;
263	0	}
264	0	return PK11_IsLoggedIn(slot->pk11slot, NULL);
265	0	}
266
267		NSSTrustDomain *
268		nssToken_GetTrustDomain(NSSToken *token)
269	0	{
270	0	return token->trustDomain;
271	0	}
272
273		NSS_EXTERN PRStatus
274		nssTrustDomain_RemoveTokenCertsFromCache(
275		NSSTrustDomain *td,
276		NSSToken *token);
277
278		NSS_IMPLEMENT PRStatus
279		nssToken_NotifyCertsNotVisible(
280		NSSToken *tok)
281	0	{
282	0	return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
283	0	}