From 319ebe9c7c968229849647a67d7511f84d0e0eb6 Mon Sep 17 00:00:00 2001 From: "nelsonb%netscape.com" Date: Wed, 3 Aug 2005 01:57:40 +0000 Subject: [PATCH] Implement PK11_CopyTokenPrivKeyToSessionPrivKey, function to copy token RSA private key to a session key, to eliminate DB lookups and 3DES unwrapping for every use. Bug 274538. r=rrelyea. Modified Files: nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11pub.h git-svn-id: svn://10.0.0.236/trunk@177048 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/nss/nss.def | 1 + mozilla/security/nss/lib/pk11wrap/pk11akey.c | 40 ++++++++++++++++++++ mozilla/security/nss/lib/pk11wrap/pk11pub.h | 2 + 3 files changed, 43 insertions(+) diff --git a/mozilla/security/nss/lib/nss/nss.def b/mozilla/security/nss/lib/nss/nss.def index 69d7d19e4d4..ca3fd0d335d 100644 --- a/mozilla/security/nss/lib/nss/nss.def +++ b/mozilla/security/nss/lib/nss/nss.def @@ -859,6 +859,7 @@ PK11_TokenKeyGenWithFlags; ;+NSS_3.11 { # NSS 3.11 release ;+ global: CERT_CompareValidityTimes; +PK11_CopyTokenPrivKeyToSessionPrivKey; PK11_FreeSlotListElement; PK11_GenerateRandomOnSlot; SECMOD_HasRootCerts; diff --git a/mozilla/security/nss/lib/pk11wrap/pk11akey.c b/mozilla/security/nss/lib/pk11wrap/pk11akey.c index e937140cbad..6d1707fdee4 100644 --- a/mozilla/security/nss/lib/pk11wrap/pk11akey.c +++ b/mozilla/security/nss/lib/pk11wrap/pk11akey.c @@ -1630,6 +1630,46 @@ loser: return NULL; } +SECKEYPrivateKey* +PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot, + SECKEYPrivateKey *privKey) +{ + CK_RV crv; + CK_OBJECT_HANDLE newKeyID; + + static const CK_BBOOL ckfalse = CK_FALSE; + static const CK_ATTRIBUTE template[1] = { + { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse } + }; + + if (destSlot && destSlot != privKey->pkcs11Slot) { + SECKEYPrivateKey *newKey = + pk11_loadPrivKey(destSlot, + privKey, + NULL, /* pubKey */ + PR_FALSE, /* token */ + PR_FALSE);/* sensitive */ + if (newKey) + return newKey; + } + destSlot = privKey->pkcs11Slot; + PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx); + PK11_EnterSlotMonitor(destSlot); + crv = PK11_GETTAB(destSlot)->C_CopyObject( destSlot->session, + privKey->pkcs11ID, + (CK_ATTRIBUTE *)template, + 1, &newKeyID); + PK11_ExitSlotMonitor(destSlot); + + if (crv != CKR_OK) { + PORT_SetError( PK11_MapError(crv) ); + return NULL; + } + + return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, + newKeyID, privKey->wincx); +} + SECKEYPrivateKey* PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void* wincx) { diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pub.h b/mozilla/security/nss/lib/pk11wrap/pk11pub.h index 70f7566ceee..9986689497c 100644 --- a/mozilla/security/nss/lib/pk11wrap/pk11pub.h +++ b/mozilla/security/nss/lib/pk11wrap/pk11pub.h @@ -433,6 +433,8 @@ PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx); SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey( SECKEYPrivateKey *privk, void* wincx); +SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot, + SECKEYPrivateKey *privKey); /********************************************************************** * Certs