Implement PK11_CopyTokenPrivKeyToSessionPrivKey, function to copy token

RSA private key to a session key, to eliminate DB lookups and 3DES unwrapping for every use. Bug 274538. r=rrelyea. Modified Files: nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11pub.h git-svn-id: svn://10.0.0.236/trunk@177048 18797224-902f-48f8-a5cc-f745e15eee43
2005-08-03 01:57:40 +00:00 · 2005-08-03 01:57:40 +00:00 · 319ebe9c7c
commit 319ebe9c7c
parent 32e6b5af26
3 changed files with 43 additions and 0 deletions
--- a/mozilla/security/nss/lib/nss/nss.def
+++ b/mozilla/security/nss/lib/nss/nss.def
@ -859,6 +859,7 @@ PK11_TokenKeyGenWithFlags;
 ;+NSS_3.11 { 	# NSS 3.11 release
 ;+    global:
 CERT_CompareValidityTimes;
+PK11_CopyTokenPrivKeyToSessionPrivKey;
 PK11_FreeSlotListElement;
 PK11_GenerateRandomOnSlot;
 SECMOD_HasRootCerts;
--- a/mozilla/security/nss/lib/pk11wrap/pk11akey.c
+++ b/mozilla/security/nss/lib/pk11wrap/pk11akey.c
@ -1630,6 +1630,46 @@ loser:
    return NULL;
 }

+SECKEYPrivateKey*
+PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
+				      SECKEYPrivateKey *privKey)
+{
+    CK_RV             crv;
+    CK_OBJECT_HANDLE  newKeyID;
+
+    static const CK_BBOOL     ckfalse = CK_FALSE;
+    static const CK_ATTRIBUTE template[1] = { 
+       { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse }
+    };
+
+    if (destSlot && destSlot != privKey->pkcs11Slot) {
+	SECKEYPrivateKey *newKey =
+	       pk11_loadPrivKey(destSlot, 
+				privKey, 
+			        NULL,     /* pubKey    */
+			        PR_FALSE, /* token     */
+			        PR_FALSE);/* sensitive */
+	if (newKey)
+	    return newKey;
+    }
+    destSlot = privKey->pkcs11Slot;
+    PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx);
+    PK11_EnterSlotMonitor(destSlot);
+    crv = PK11_GETTAB(destSlot)->C_CopyObject(	destSlot->session, 
+						privKey->pkcs11ID,
+						(CK_ATTRIBUTE *)template, 
+						1, &newKeyID);
+    PK11_ExitSlotMonitor(destSlot);
+
+    if (crv != CKR_OK) {
+	PORT_SetError( PK11_MapError(crv) );
+	return NULL;
+    }
+
+    return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, 
+			    newKeyID, privKey->wincx);
+}
+
 SECKEYPrivateKey*
 PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void* wincx)
 {
--- a/mozilla/security/nss/lib/pk11wrap/pk11pub.h
+++ b/mozilla/security/nss/lib/pk11wrap/pk11pub.h
@ -433,6 +433,8 @@ PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
 	void *wincx);
 SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
 	SECKEYPrivateKey *privk, void* wincx);
+SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
+				      SECKEYPrivateKey *privKey);

 /**********************************************************************
 *                   Certs