Fix Solaris break for case-sensitive file name

git-svn-id: svn://10.0.0.236/branches/PSM_GLUE_JAVI@72695 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/extensions/psm-glue/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= public src res
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = public src res
+
+include <$(DEPTH)\config\rules.mak>

mozilla/extensions/psm-glue/public/MANIFEST

@@ -0,0 +1,4 @@
+nsIPSMComponent.idl
+nsIPSMUIHandler.idl
+nsISecureBrowserUI.idl
+nsISSLSocketProvider.idl

mozilla/extensions/psm-glue/public/Makefile.in

@@ -0,0 +1,45 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#   Terry Hayes <thayes@netscape.com>
+# 
+
+MODULE = psmglue
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+XPIDLSRCS = \
+	nsIPSMComponent.idl \
+	nsIPSMUIHandler.idl \
+	nsISecureBrowserUI.idl \
+    nsIPSMSocketInfo.idl \
+	nsISSLSocketProvider.idl \
+	nsISecretDecoderRing.idl \
+	$(NULL)
+
+PREF_JS_EXPORTS	= $(srcdir)/psm-glue.js
+
+include $(topsrcdir)/config/rules.mk

mozilla/extensions/psm-glue/public/makefile.win

@@ -0,0 +1,53 @@
+#!nmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is mozilla.org code.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+# 
+# Contributor(s):
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#   Terry Hayes <thayes@netscape.com>
+#
+
+MODULE = psmglue
+
+DEPTH=..\..\..
+IGNORE_MANIFEST=1
+
+DLLNAME       = psmglue
+PDBFILE       = $(DLLNAME).pdb
+MAPFILE       = $(DLLNAME).map
+DLL           = .\$(OBJDIR)\$(DLLNAME).dll
+MAKE_OBJ_TYPE = DLL
+
+include <$(DEPTH)/config/config.mak>
+
+XPIDL_INCLUDES=-I$(DEPTH)\..\mozilla\dist\idl
+
+XPIDLSRCS= \
+    .\nsIPSMComponent.idl \
+    .\nsIPSMUIHandler.idl \
+    .\nsISecureBrowserUI.idl \
+    .\nsISSLSocketProvider.idl \
+    .\nsIPSMSocketInfo.idl \
+    .\nsISecretDecoderRing.idl \
+    $(NULL)
+
+include <$(DEPTH)\config\rules.mak>
+
+install::
+    $(MAKE_INSTALL) .\psm-glue.js $(DIST)\bin\defaults\pref

mozilla/extensions/psm-glue/public/nsIPSMComponent.idl

@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ *   Mitch Stoltz <mstoltz@netscape.com>
+*/
+
+#include "nsISupports.idl"
+interface nsIPrincipal;
+
+%{C++
+#include "cmtcmn.h"
+%}
+
+[ptr] native nsCMTControlStar(CMT_CONTROL);
+
+[scriptable, uuid(9e482670-5412-11d3-bbc8-0000861d1237)]
+interface nsIPSMComponent : nsISupports 
+{
+
+  [noscript] nsCMTControlStar getControlConnection( );
+
+  /**
+   *  Display the Security Advisor.  PickledStatus and hostName can be null. 
+   *  If they are, the "Selected Info" dialog will be empty.
+   */
+
+  void displaySecurityAdvisor(in string pickledStatus, in string hostName);
+
+  /**
+   *  This will send PSM all preferences that we know about.
+   */
+  void passPrefs();
+};
+
+%{C++
+#define PSM_COMPONENT_PROGID "component://netscape/psm"
+#define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component"
+%}
+

mozilla/extensions/psm-glue/public/nsIPSMSocketInfo.idl

@@ -0,0 +1,50 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISupports.idl"
+
+%{C++
+#include "cmtcmn.h"
+#include "nsPSMShimLayer.h"
+%}
+
+[ptr] native psmtControlStar(CMT_CONTROL);
+[ptr] native cmSocketStar(CMSocket);
+[ptr] native nsFileDescStar(PRFileDesc);
+
+[noscript, uuid(deeb8dfc-fb7a-11d3-ac84-00c04fa0d26b)]
+interface nsIPSMSocketInfo : nsISupports {
+    
+    readonly attribute string           hostName;
+    readonly attribute PRInt32          hostPort;
+    
+    readonly attribute string           proxyName;
+    readonly attribute PRInt32          proxyPort;
+
+    readonly attribute psmtControlStar  controlPtr;
+    readonly attribute cmSocketStar     socketPtr;
+    readonly attribute nsFileDescStar   fileDescPtr;
+    
+    void getPickledStatus(out charPtr pickledStatus);
+};
+

mozilla/extensions/psm-glue/public/nsIPSMUIHandler.idl

@@ -0,0 +1,36 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Mozilla browser.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications, Inc.  Portions created by Netscape are
+ * Copyright (C) 1999, Mozilla.  All Rights Reserved.
+ * 
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(d92be9b0-601b-11d3-8c4a-000064657374)]
+interface nsIPSMUIHandler : nsISupports
+{
+    void DisplayURI(in long width, in long height, in PRBool modal, in string urlStr);
+    void PromptForFile(in wstring prompt, in string fileRegEx, in boolean shouldFileExist, out string outFile);
+};
+
+%{C++
+#define PSM_UI_HANLDER_PROGID "component://netscape/psm/ui"
+#define PSM_UI_HANLDER_CLASSNAME "Mozilla PSM UI Handler"
+%}

mozilla/extensions/psm-glue/public/nsISSLSocketProvider.idl

@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISocketProvider.idl"
+
+[noscript, uuid(856a93d0-5415-11d3-bbc8-0000861d1237)]
+interface nsISSLSocketProvider : nsISocketProvider {
+};
+
+%{C++
+#define NS_ISSLSOCKETPROVIDER_PROGID     NS_NETWORK_SOCKET_PROGID_PREFIX "ssl"
+#define NS_ISSLSOCKETPROVIDER_CLASSNAME  "Mozilla SSL Socket Provider Component"
+
+%}

mozilla/extensions/psm-glue/public/nsISecretDecoderRing.idl

@@ -0,0 +1,63 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *  thayes@netscape.com
+ *
+ */
+
+#include "nsISupports.idl"
+
+/* Buffer type - for storing 8-bit octet values */
+[ptr] native buffer(unsigned char);
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+
+  /* Encrypt a buffer - callable only from C++ */
+  [noscript] long encrypt(in buffer data, in long dataLen, out buffer result);
+
+  /* Decrypt a buffer - callable only from C++ */
+  [noscript] long decrypt(in buffer data, in long dataLen, out buffer result);
+
+  /* Encrypt nul-terminated string to BASE64 output */
+  string encryptString(in string text);
+
+  /* Decrypt BASE64 input to nul-terminated string output */
+  /* There is no check for embedded nul values in the decrypted output */
+  string decryptString(in string crypt);
+
+  /* Prompt the user to change the password on the SDR key */
+  void changePassword();
+
+  /* Logout of the security device that protects the SDR key */
+  void logout();
+};
+
+/*
+ * Configuration interface for the Secret Decoder Ring
+ *  - this interface allows setting the window that will be
+ *    used as parent for dialog windows (such as password prompts)
+ */
+[scriptable, uuid(01D8C0F0-0CCC-11d4-9FDD-000064657374)]
+interface nsISecretDecoderRingConfig: nsISupports {
+  void setWindow(in nsISupports w);
+};
+
+

mozilla/extensions/psm-glue/public/nsISecureBrowserUI.idl

@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsISupports.idl"
+
+interface nsIDOMWindow;
+interface nsIDOMElement;
+
+[scriptable, uuid(081e31e0-a144-11d3-8c7c-00609792278c)]
+interface nsSecureBrowserUI : nsISupports
+{
+	void init(in nsIDOMWindow window, in nsIDOMElement button);
+    void displayPageInfoUI();
+};
+
+%{C++
+#define NS_SECURE_BROWSER_UI_PROGID "component://netscape/secure_browser_ui"
+#define NS_SECURE_BROWSER_UI_CLASSNAME "Mozilla Secure Browser UI Handler"
+
+#define NS_SECURE_BROWSER_UI_CID \
+{ 0x10fe7ea0, 0xa10a, 0x11d3, {0x8c, 0x7c, 0x00, 0x60, 0x97, 0x92, 0x27, 0x8c}}
+
+%}

mozilla/extensions/psm-glue/public/psm-glue.js

@@ -0,0 +1,11 @@
+pref("general.useragent.security",       "U");
+
+pref("security.enable_ssl2",             true);
+pref("security.enable_ssl3",             true);
+pref("security.default_personal_cert",   "Select Automatically");
+pref("security.ask_for_password",        0);
+pref("security.password_lifetime",       30);
+pref("security.warn_entering_secure",    true);
+pref("security.warn_leaving_secure",     true);
+pref("security.warn_viewing_mixed",      true);
+pref("security.warn_submit_insecure",    true);

mozilla/extensions/psm-glue/res/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= content locale
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/res/content/MANIFEST

@@ -0,0 +1,3 @@
+securityOverlay.xul
+securityUI.js
+PSMTaskMenu.xul

mozilla/extensions/psm-glue/res/content/Makefile.in

@@ -0,0 +1,38 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+COMMUNICATOR_CONTENT_DIR = $(DIST)/bin/chrome/packages/core/communicator/content/
+COMMUNICATOR_EXPORT_CONTENT = \
+  $(srcdir)/securityOverlay.xul \
+  $(srcdir)/securityUI.js       \
+  $(srcdir)/PSMTaskMenu.xul \
+  $(NULL)
+
+install::
+	$(INSTALL) $(COMMUNICATOR_EXPORT_CONTENT) $(COMMUNICATOR_CONTENT_DIR)

mozilla/extensions/psm-glue/res/content/PSMTaskMenu.xul

@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+
+<!DOCTYPE window SYSTEM "chrome://communicator/locale/PSMTaskMenu.dtd" >
+
+<overlay id="psmTaskMenuID"
+         xmlns:html="http://www.w3.org/1999/xhtml"
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <script language="JavaScript">
+    function displaySecurityAdvisor()
+    {
+      var psm = Components.classes["component://netscape/psm"].getService();
+      psm = psm.QueryInterface(Components.interfaces.nsIPSMComponent);
+      psm.displaySecurityAdvisor( null, null );
+    }
+  </script>
+
+  <menupopup id="personalManagers">
+    <menuitem id="PSMMentItem" position="1" value="&PSMCmd.label;" oncommand="displaySecurityAdvisor()"/>
+  </menupopup>
+
+</overlay>

mozilla/extensions/psm-glue/res/content/makefile.win

@@ -0,0 +1,35 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+include <$(DEPTH)/config/config.mak>
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(DLL)
+    $(MAKE_INSTALL) securityOverlay.xul     $(DIST)\bin\chrome\packages\core\communicator\content
+    $(MAKE_INSTALL) securityUI.js           $(DIST)\bin\chrome\packages\core\communicator\content
+    $(MAKE_INSTALL) PSMTaskMenu.xul	$(DIST)\bin\chrome\packages\core\communicator\content
+    
+clobber::
+    $(RM) $(DIST)\bin\chrome\packages\core\communicator\content\securityOverlay.xul
+    $(RM) $(DIST)\bin\chrome\packages\core\communicator\content\securityUI.js
+    $(RM) $(DIST)\bin\chrome\packages\core\communicator\content\PSMTaskMenu.xul
+

mozilla/extensions/psm-glue/res/content/securityOverlay.xul

@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://communicator/skin/securityOverlay.css" type="text/css"?> 
+
+<!DOCTYPE window SYSTEM "chrome://communicator/locale/securityOverlay.dtd">
+
+<overlay id="NavSecurityOverlay"
+         xmlns:html="http://www.w3.org/TR/REC-html40"
+         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+
+  <script language="JavaScript" src="chrome://communicator/content/securityUI.js" />
+
+  <statusbarpanel id="security-button" onclick="displayPageInfo()" tooltip="aToolTip" tooltiptext="&lockIcon.label;"/>    
+      
+</overlay>

mozilla/extensions/psm-glue/res/content/securityUI.js

@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+window.addEventListener("load", SetSecurityButton, false);
+
+var securityUI;
+
+function SetSecurityButton()
+{
+    dump("in SetSecurityButton\n");
+
+    var ui = Components.classes["component://netscape/secure_browser_ui"].createInstance();
+    securityUI = ui.QueryInterface(Components.interfaces.nsSecureBrowserUI);
+
+    var button  = document.getElementById('security-button');
+	if (button && window.content)
+		securityUI.init(window.content, button);
+}
+
+function displayPageInfo()
+{
+   if (securityUI)
+     securityUI.displayPageInfoUI();
+}
+
+

mozilla/extensions/psm-glue/res/locale/Makefile.in

@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= en-US
+
+include $(topsrcdir)/config/rules.mk
+

mozilla/extensions/psm-glue/res/locale/en-US/MANIFEST

@@ -0,0 +1,3 @@
+PSMTaskMenu.dtd
+securityOverlay.dtd
+security.properties

mozilla/extensions/psm-glue/res/locale/en-US/Makefile.in

@@ -0,0 +1,41 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+COMMUNICATOR_RESOURCE_CONTENT = \
+	$(srcdir)/PSMTaskMenu.dtd \
+	$(srcdir)/security.properties \
+	$(srcdir)/securityOverlay.dtd \
+	$(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
+install:: 
+	$(INSTALL) $(COMMUNICATOR_RESOURCE_CONTENT) $(DIST)/bin/chrome/locales/en-US/communicator/locale
+
+
+

mozilla/extensions/psm-glue/res/locale/en-US/PSMTaskMenu.dtd

@@ -0,0 +1 @@
+<!ENTITY PSMCmd.label     "Security Manager">

mozilla/extensions/psm-glue/res/locale/en-US/makefile.win

@@ -0,0 +1,37 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..\..
+
+include <$(DEPTH)\config\rules.mak>
+
+COMMUNICATOR_DIST=$(DIST)\bin\chrome\locales\en-US\communicator\locale
+
+
+install::
+	$(MAKE_INSTALL) PSMTaskMenu.dtd $(COMMUNICATOR_DIST)
+	$(MAKE_INSTALL) security.properties $(COMMUNICATOR_DIST)
+	$(MAKE_INSTALL) securityOverlay.dtd $(COMMUNICATOR_DIST)
+
+clobber::
+  $(RM) -f $(DIST)\bin\chrome\locales\en-US\communicator\locale\PSMTaskMenu.dtd
+  $(RM) -f $(DIST)\bin\chrome\locales\en-US\communicator\locale\security.properties
+  $(RM) -f $(DIST)\bin\chrome\locales\en-US\communicator\locale\securityOverlay.dtd

mozilla/extensions/psm-glue/res/locale/en-US/security.properties

@@ -0,0 +1,29 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+# 
+
+Title=Security Warning
+MixedContentMessage=You have requested a secure document that contains some insecure information.
+LeaveSiteMessage=You have requested an insecure document. The document and any information you send back could be observed by a third party while in transit.
+EnterSiteMessage=You have requested a secure document. The document and any information you send back are encrypted for privacy while in transit.
+PostToInsecure=Warning! Although this document is secure, the information you have submitted is insecure and could be observed by a third party while in transit. If you are submitting passwords, credit card numbers, or other information you would like to keep private, it would be safer for you to cancel the submission.
+PostToInsecureFromInsecure=Any information you submit is insecure and could be observed by a third party while in transit. If you are submitting passwords, credit card numbers, or other information you would like to keep private, it would be safer for you to cancel the submission. 
+DontShowAgain=Show Me This Alert Next Time.
+FindText=Please find the Personal Security Manager application

mozilla/extensions/psm-glue/res/locale/en-US/securityOverlay.dtd

@@ -0,0 +1,2 @@
+
+<!ENTITY  lockIcon.label  "Show security information for this window">

mozilla/extensions/psm-glue/res/locale/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..\..
+
+DIRS=en-US
+
+include <$(DEPTH)\config\rules.mak>
+

mozilla/extensions/psm-glue/res/makefile.win

@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = content locale
+
+include <$(DEPTH)\config\rules.mak>

mozilla/extensions/psm-glue/src/Makefile.in

@@ -0,0 +1,66 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+# 
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+MODULE = psmglue
+
+IS_COMPONENT	= 1
+LIBRARY_NAME	= psmglue
+
+
+CPPSRCS	= \
+	nsPSMComponent.cpp \
+	nsPSMUICallbacks.cpp \
+	nsSSLSocketProvider.cpp \
+	nsPSMModule.cpp \
+	nsSSLIOLayer.cpp \
+	nsSecureBrowserUIImpl.cpp \
+	nsSDR.cpp \
+	nsFSDR.cpp \
+	nsCrypto.cpp \
+	nsKeygenHandler.cpp \
+	$(NULL)
+
+CSRCS = \
+	nsPSMMutex.c	\
+	nsPSMShimLayer.c	\
+	$(NULL)
+
+EXTRA_DSO_LDOPTS = \
+	$(MOZ_COMPONENT_LIBS) \
+	-lcmt \
+	-lprotocol \
+	$(MOZ_JS_LIBS) \
+	$(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
+INCLUDES	+= \
+		-I$(srcdir) \
+		$(NULL)

mozilla/extensions/psm-glue/src/makefile.win

@@ -0,0 +1,72 @@
+#!nmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is mozilla.org code.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+# 
+# Contributor(s):
+#   Hubbie Shaw
+#   Doug Turner <dougt@netscape.com>
+#
+
+MODULE = psmglue
+
+DEPTH=..\..\..
+IGNORE_MANIFEST=1
+
+DLLNAME       = psmglue
+PDBFILE       = $(DLLNAME).pdb
+MAPFILE       = $(DLLNAME).map
+DLL           = .\$(OBJDIR)\$(DLLNAME).dll
+MAKE_OBJ_TYPE = DLL
+
+include <$(DEPTH)/config/config.mak>
+
+LINCS = $(LINCS)     \
+    -I$(PUBLIC)      \
+    -I$(PUBLIC)/security \
+    $(NULL)
+
+LLIBS   = \
+    $(LIBNSPR) \
+    $(DIST)\lib\neckobase_s.lib \
+    $(DIST)\lib\xpcom.lib \
+    $(DIST)\lib\js3250.lib \
+    $(DIST)\lib\cmt.lib       \
+    $(DIST)\lib\protocol.lib  \
+    $(DIST)\lib\mozreg.lib       \
+    $(DIST)\lib\jsdom.lib \
+    $(NULL)
+
+OBJS = \
+    .\$(OBJDIR)\nsPSMMutex.obj \
+    .\$(OBJDIR)\nsPSMShimLayer.obj \
+    .\$(OBJDIR)\nsPSMComponent.obj \
+    .\$(OBJDIR)\nsPSMUICallbacks.obj \
+    .\$(OBJDIR)\nsPSMModule.obj \
+    .\$(OBJDIR)\nsSecureBrowserUIImpl.obj \
+    .\$(OBJDIR)\nsSSLIOLayer.obj \
+    .\$(OBJDIR)\nsSSLSocketProvider.obj \
+    .\$(OBJDIR)\nsSDR.obj \
+    .\$(OBJDIR)\nsFSDR.obj \
+    .\$(OBJDIR)\nsCrypto.obj \
+    .\$(OBJDIR)\nsKeygenHandler.obj \
+    $(NULL)
+
+include <$(DEPTH)\config\rules.mak>
+
+install:: $(DLL)
+    $(MAKE_INSTALL) .\$(OBJDIR)\$(DLLNAME).dll $(DIST)\bin\components

mozilla/extensions/psm-glue/src/nsCrypto.h

@@ -0,0 +1,112 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ */
+#ifndef _nsCrypto_h_
+#define _nsCrypto_h_
+#include "nsIDOMCRMFObject.h"
+#include "nsIDOMCrypto.h"
+#include "nsIScriptObjectOwner.h"
+#include "nsIDOMPkcs11.h"
+
+#define NS_CRYPTO_CLASSNAME "Crypto JavaScript Class"
+#define NS_CRYPTO_CID \
+  {0x929d9320, 0x251e, 0x11d4, { 0x8a, 0x7c, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
+
+#define NS_PKCS11_CLASSNAME "Pkcs11 JavaScript Class"
+#define NS_PKCS11_CID \
+  {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
+
+class nsIPSMComponent;
+class nsIDOMScriptObjectFactory;
+
+
+class nsCRMFObject : public nsIDOMCRMFObject,
+                     public nsIScriptObjectOwner {
+public:
+  nsCRMFObject();
+  virtual ~nsCRMFObject();
+  NS_DECL_IDOMCRMFOBJECT
+  NS_DECL_ISUPPORTS
+
+  NS_IMETHOD GetScriptObject(nsIScriptContext *aContext, void** aScriptObject);
+  NS_IMETHOD SetScriptObject(void* aScriptObject);
+
+  nsresult init();
+
+  nsresult SetCRMFRequest(char *inRequest);
+private:
+
+  nsString mBase64Request;
+  void *mScriptObject;
+};
+
+
+class nsCrypto: public nsIDOMCrypto,
+                public nsIScriptObjectOwner {
+public:
+  nsCrypto();
+  virtual ~nsCrypto();
+  nsresult init();
+  
+  NS_IMETHOD GetScriptObject(nsIScriptContext *aContext, void** aScriptObject);
+  NS_IMETHOD SetScriptObject(void* aScriptObject);
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_IDOMCRYPTO
+
+  static nsresult GetScriptObjectFactory(nsIDOMScriptObjectFactory **aResult);
+  static nsIDOMScriptObjectFactory *gScriptObjectFactory;
+  static nsIPrincipal* GetScriptPrincipal(JSContext *cx);
+  static const char *kPSMComponentProgID;
+
+ private:
+
+  nsIPSMComponent *mPSM;
+  nsString         mVersionString;
+  PRBool           mVersionStringSet;
+  void            *mScriptObject;
+};
+
+class nsPkcs11 : public nsIDOMPkcs11,
+                 public nsIScriptObjectOwner {
+public:
+  nsPkcs11();
+  virtual ~nsPkcs11();
+
+  nsresult init();
+  NS_DECL_ISUPPORTS
+  NS_DECL_IDOMPKCS11
+  NS_IMETHOD GetScriptObject(nsIScriptContext *aContext, void** aScriptObject);
+  NS_IMETHOD SetScriptObject(void* aScriptObject);
+
+private:
+  nsIPSMComponent *mPSM;
+  void            *mScriptObject;
+};
+
+nsresult
+getPSMComponent(nsIPSMComponent ** retPSM);
+
+#endif //_nsCrypto_h_
+
+
+
+

mozilla/extensions/psm-glue/src/nsFSDR.h

@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Terry Hayes <thayes@netscape.com>
+ *   Steve Morse <morse@netscape.com>
+ */
+
+#ifndef _NSFSDR_H_
+#define _NSFSDR_H_
+
+#include "nsISecretDecoderRing.h"
+
+// ===============================================
+// nsFSecretDecoderRing - "fake" implementation of nsISecretDecoderRing
+// ===============================================
+
+#define NS_FSDR_CLASSNAME "Fake Secret Decoder Ring"
+#define NS_FSDR_CID \
+  { 0x1ee28720, 0x2b93, 0x11d4, { 0xa0, 0xa4, 0x0, 0x0, 0x64, 0x65, 0x73, 0x74 } }
+
+#define NS_FSDR_PROGID "netscape.security.fsdr"
+
+class nsFSecretDecoderRing : public nsISecretDecoderRing
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  nsFSecretDecoderRing();
+  virtual ~nsFSecretDecoderRing();
+
+  nsresult init();
+
+private:
+  nsIPSMComponent *mPSM;
+
+  static const char *kPSMComponentProgID;
+
+  nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
+  nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval);
+};
+
+#endif /* _NSFSDR_H_ */

mozilla/extensions/psm-glue/src/nsKeygenHandler.cpp

@@ -0,0 +1,255 @@
+//For some weird reason, nsProxiedService has to be the first file 
+//included.  Don't ask me, I'm just the messenger.
+#include "nsProxiedService.h"
+#include "nsKeygenHandler.h"
+#include "nsVoidArray.h"
+#include "nsSecureBrowserUIImpl.h"
+#include "nsIServiceManager.h"
+#include "nsIDOMHTMLSelectElement.h"
+#include "nsIContent.h"
+#include "nsIPSMComponent.h"
+#include "nsIPSMUIHandler.h"
+#include "nsPSMUICallbacks.h"
+#include "nsCrypto.h"
+#include "cmtcmn.h"
+#include "cmtjs.h"
+
+//These defines are taken from the PKCS#11 spec
+#define CKM_RSA_PKCS_KEY_PAIR_GEN     0x00000000
+#define CKM_DH_PKCS_KEY_PAIR_GEN      0x00000020
+#define CKM_DSA_KEY_PAIR_GEN          0x00000010
+
+static NS_DEFINE_IID(kFormProcessorIID,   NS_IFORMPROCESSOR_IID); 
+static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
+
+static const char *mozKeyGen = "-mozilla-keygen";
+
+NS_IMPL_ADDREF(nsKeygenFormProcessor); 
+NS_IMPL_RELEASE(nsKeygenFormProcessor); 
+NS_IMPL_QUERY_INTERFACE(nsKeygenFormProcessor, kFormProcessorIID); 
+
+nsKeygenFormProcessor::nsKeygenFormProcessor() 
+{ 
+   NS_INIT_REFCNT(); 
+   getPSMComponent(&mPSM);
+} 
+
+char *
+nsKeygenFormProcessor::ChooseToken(PCMT_CONTROL control, 
+				   CMKeyGenTagArg *psmarg,
+				   CMKeyGenTagReq *reason)
+{
+  CMUint32 resID;
+  CMTStatus crv;
+  CMTItem url;
+  char *keyString = nsnull;
+  nsresult rv = NS_OK;
+  NameList *tokenNames;
+  int i;
+
+  // In this case, PSM provided us with a list of potential tokens to choose
+  // from, but we're gonna make it use it's UI for now, so let's delte the
+  // memory associated with the structure it sent back.
+  tokenNames = (NameList*)psmarg->current;
+  for (i=0; i < tokenNames->numitems; i++) {
+    nsCRT::free(tokenNames->names[i]);
+  }
+  nsCRT::free((char*)tokenNames);
+  resID = psmarg->rid;
+  memset(&url, 0, sizeof(CMTItem));
+  NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+  crv = CMT_GetStringAttribute(control, resID, SSM_FID_CHOOSE_TOKEN_URL, &url);
+  if (crv != CMTSuccess) {
+    goto loser;
+  }
+  if (NS_SUCCEEDED(rv)) {
+    handler->DisplayURI(400, 300, PR_TRUE, (char*)url.data);
+  } else {
+    goto loser;
+  }
+  return CMT_GetGenKeyResponse(control, psmarg, reason);
+ loser:
+  if (keyString)
+    nsCRT::free(keyString);
+  return nsnull;
+}
+
+char *
+nsKeygenFormProcessor::SetUserPassword(PCMT_CONTROL control, 
+				       CMKeyGenTagArg *psmarg,
+				       CMKeyGenTagReq *reason)
+{
+  nsresult rv;
+  CMTStatus crv;
+  CMTItem url;
+  char *keystring=nsnull;
+
+  // We need to delete the memory the PSM client API allocated for us since
+  // we're just gonna tell it to use it's own UI.
+  nsCRT::free((char*)psmarg->current);
+  NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+  memset (&url, 0, sizeof(CMTItem));
+  crv = CMT_GetStringAttribute(control,psmarg->rid, SSM_FID_INIT_DB_URL, &url);
+  if (crv != CMTSuccess || NS_FAILED(rv)){
+    goto loser;
+  }
+
+  handler->DisplayURI(500, 450, PR_TRUE, (char*)url.data);
+  
+  return CMT_GetGenKeyResponse(control, psmarg, reason);
+ loser:
+  if (keystring)
+    nsCRT::free(keystring);
+  return nsnull;
+}
+
+nsresult
+nsKeygenFormProcessor::GetPublicKey(nsString& value, nsString& challenge, 
+				    nsString& keyType,
+				    nsString& outPublicKey, nsString& pqg)
+{
+    PCMT_CONTROL control;
+    nsresult rv;
+    CMKeyGenParams *params = nsnull;
+    CMKeyGenTagArg *psmarg = nsnull;
+    CMKeyGenTagReq reason;
+    char *emptyCString = "null";
+    char *keystring = nsnull;
+
+    rv = mPSM->GetControlConnection(&control);
+    if (NS_FAILED(rv)) {
+	goto loser;
+    }
+    params = new CMKeyGenParams;
+    if (params == nsnull) {
+      goto loser;
+    }
+    params->typeString = (keyType.IsEmpty()) ? emptyCString : 
+                                               keyType.ToNewCString();
+    params->challenge  = (challenge.IsEmpty()) ? emptyCString : 
+                                                 challenge.ToNewCString();
+    params->choiceString = value.ToNewCString();
+    params->pqgString = (pqg.IsEmpty()) ? emptyCString : pqg.ToNewCString();
+    psmarg = new CMKeyGenTagArg;
+    if (psmarg == nsnull) {
+      goto loser;
+    }
+    // ARGH, while this is going on, we need to lock the control
+    // connection so that the event loop doesn't drop our response on
+    // the floor.
+    CMT_LockConnection(control);
+    psmarg->op = CM_KEYGEN_START;
+    psmarg->rid = 0;
+    psmarg->tokenName = NULL;
+    psmarg->current = params;
+    keystring = CMT_GenKeyOldStyle(control, psmarg, &reason);
+    while (!keystring) {
+      psmarg->op = reason;
+      switch (psmarg->op) {
+      case CM_KEYGEN_PICK_TOKEN:
+	keystring = ChooseToken(control, psmarg, &reason);
+	break;
+      case CM_KEYGEN_SET_PASSWORD:
+	keystring = SetUserPassword(control, psmarg, &reason);
+	break;
+      case CM_KEYGEN_ERR:
+      default:
+	goto loser;
+      }
+    }
+    CMT_UnlockConnection(control);
+    outPublicKey.AssignWithConversion(keystring);
+    nsCRT::free(keystring);
+    return NS_OK;
+ loser:
+    return NS_ERROR_FAILURE;
+}
+
+NS_METHOD 
+nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement *aElement, 
+				    const nsString& aName, 
+				    nsString& aValue) 
+{ 
+#ifdef DEBUG_javi
+  char *name = aName.ToNewCString(); 
+  char *value = aValue.ToNewCString(); 
+  printf("ProcessValue: name %s value %s\n",  name, value); 
+  delete [] name; 
+  delete [] value; 
+#endif 
+  nsresult rv = NS_OK;
+  nsCOMPtr<nsIDOMHTMLSelectElement>selectElement;
+  nsresult res = aElement->QueryInterface(kIDOMHTMLSelectElementIID, 
+					  getter_AddRefs(selectElement));
+  if (NS_SUCCEEDED(res)) {
+    nsAutoString keygenvalue;
+    nsAutoString challengeValue;
+    nsString publicKey;
+    nsString mozillaKeygen;
+    nsString mozType;
+
+    mozType.AssignWithConversion("_moz-type");
+    mozillaKeygen.AssignWithConversion(mozKeyGen);
+    res = selectElement->GetAttribute(mozType, keygenvalue);
+
+    if (NS_CONTENT_ATTR_HAS_VALUE == res && keygenvalue.Equals(mozillaKeygen)) {
+      nsString challenge;
+      nsString keyType;
+      nsString keyTypeValue;
+      nsString pqg, pqgValue;
+
+      challenge.AssignWithConversion("challenge");
+      pqg.AssignWithConversion("pqg");
+      res = selectElement->GetAttribute(pqg, pqgValue);
+      keyType.AssignWithConversion("keytype");
+      res = selectElement->GetAttribute(keyType, keyTypeValue);
+      if (NS_FAILED(res) || keyTypeValue.IsEmpty()) {
+	// If this field is not present, we default to rsa.
+	keyTypeValue.AssignWithConversion("rsa");
+      }
+      res = selectElement->GetAttribute(challenge, challengeValue);
+      rv = GetPublicKey(aValue, challenge, keyTypeValue, 
+			publicKey, pqgValue);
+      aValue = publicKey;
+    }
+  }
+
+  return rv; 
+} 
+
+NS_METHOD nsKeygenFormProcessor::ProvideContent(const nsString& aFormType, 
+						nsVoidArray& aContent, 
+						nsString& aAttribute) 
+{ 
+  nsString selectString;
+  nsresult rv;
+  PCMT_CONTROL control;
+  PRUint32 i;
+
+  selectString.AssignWithConversion("SELECT");
+  if (aFormType.EqualsIgnoreCase(selectString)) {
+    nsString *selectString;
+    char **result;
+
+    rv = mPSM->GetControlConnection(&control);
+    if (NS_FAILED(rv)) {
+	goto loser;
+    }
+    result = CMT_GetKeyChoiceList(control, "rsa"/*Need to figure out if DSA*/,
+				  nsnull);
+    for (i=0; result[i] != nsnull; i++) {
+	selectString = new nsString;
+	selectString->AssignWithConversion(result[i]);
+	aContent.AppendElement(selectString);
+	delete []result[i];
+    }
+    delete []result;
+    aAttribute.AssignWithConversion(mozKeyGen);
+  }
+  return NS_OK;
+ loser:
+  return NS_ERROR_FAILURE; 
+} 
+
+
+

mozilla/extensions/psm-glue/src/nsKeygenHandler.h

@@ -0,0 +1,32 @@
+#ifndef _NSKEYGENHANDLER_H_
+#define _NSKEYGENHANDLER_H_
+// Form Processor 
+#include "nsIFormProcessor.h" 
+#include "ssmdefs.h"
+#include "cmtcmn.h"
+
+class nsIPSMComponent;
+
+class nsKeygenFormProcessor : public nsIFormProcessor { 
+public: 
+  nsKeygenFormProcessor(); 
+  NS_IMETHOD ProcessValue(nsIDOMHTMLElement *aElement, 
+                          const nsString& aName, 
+                          nsString& aValue); 
+
+  NS_IMETHOD ProvideContent(const nsString& aFormType, 
+                            nsVoidArray& aContent, 
+                            nsString& aAttribute); 
+  NS_DECL_ISUPPORTS 
+protected:
+  nsresult GetPublicKey(nsString& value, nsString& challenge, 
+			nsString& keyType, nsString& outPublicKey,
+			nsString& pqg);
+  char * ChooseToken(PCMT_CONTROL control, CMKeyGenTagArg *psmarg,  
+		     CMKeyGenTagReq *reason);
+  char * SetUserPassword(PCMT_CONTROL control, CMKeyGenTagArg *psmarg,  
+		     CMKeyGenTagReq *reason);
+  nsIPSMComponent *mPSM;
+}; 
+
+#endif //_NSKEYGENHANDLER_H_

mozilla/extensions/psm-glue/src/nsPSMComponent.cpp

@@ -0,0 +1,935 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ *   Mitch Stoltz <mstoltz@netscape.com>
+*/
+
+#include "nsProxiedService.h"
+#include "nsPSMUICallbacks.h"
+#include "VerReg.h"
+
+#include "nspr.h"
+#include "nsPSMComponent.h"
+
+#include "nsCRT.h"
+
+#include "nsNetUtil.h"
+#include "nsIURI.h"
+#include "nsIChannel.h"
+#include "nsIInputStream.h"
+#include "nsIStreamListener.h"
+
+#include "nsIPref.h"
+#include "nsIProfile.h"
+#include "nsILocalFile.h"
+
+#include "nsDirectoryService.h"
+
+#include "rsrcids.h"
+
+#include "nsPSMMutex.h"
+#include "nsPSMShimLayer.h"
+#include "nsPSMUICallbacks.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsIDocumentLoaderObserver.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsICertificatePrincipal.h"
+
+#include "nsIProtocolProxyService.h"
+
+#define PSM_VERSION_REG_KEY "/Netscape/Personal Security Manager"
+
+#ifdef WIN32
+#define PSM_FILE_NAME "psm.exe"
+#elif XP_UNIX
+#define PSM_FILE_NAME "start-psm"
+#else
+#define PSM_FILE_NAME "psm"
+#endif
+
+
+static NS_DEFINE_CID(kCStringBundleServiceCID,  NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_CID(kProfileCID, NS_PROFILE_CID);
+static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
+static NS_DEFINE_CID(kProtocolProxyServiceCID, NS_PROTOCOLPROXYSERVICE_CID);
+
+nsPSMComponent* nsPSMComponent::mInstance = nsnull;
+
+nsPSMComponent::nsPSMComponent()
+{
+    NS_INIT_REFCNT();
+    mControl = nsnull;
+}
+
+nsPSMComponent::~nsPSMComponent()
+{
+    if (mControl)
+    {
+        CMT_CloseControlConnection(mControl);
+        mControl = nsnull;
+    }
+}
+
+
+NS_IMETHODIMP      
+nsPSMComponent::CreatePSMComponent(nsISupports* aOuter, REFNSIID aIID, void **aResult)
+{                                                                  
+    if (!aResult) {                                                
+        return NS_ERROR_INVALID_POINTER;                           
+    }                                                              
+    if (aOuter) {                                                  
+        *aResult = nsnull;                                         
+        return NS_ERROR_NO_AGGREGATION;                              
+    }                                                                
+    
+    if (mInstance == nsnull) 
+    {
+        mInstance = new nsPSMComponent();
+    }
+
+    if (mInstance == nsnull)
+        return NS_ERROR_OUT_OF_MEMORY;
+    
+    nsresult rv = mInstance->QueryInterface(aIID, aResult);                        
+    if (NS_FAILED(rv)) 
+    {                                             
+        *aResult = nsnull;                                           
+    }                                                                
+    return rv;                                                       
+}
+
+/* nsISupports Implementation for the class */
+NS_IMPL_THREADSAFE_ISUPPORTS3(nsPSMComponent, 
+                              nsIPSMComponent, 
+                              nsIContentHandler,
+                              nsISignatureVerifier);
+
+#define INIT_NUM_PREFS 100
+/* preference types */
+#define STRING_PREF 0
+#define BOOL_PREF 1
+#define INT_PREF 2
+
+
+/* resizable list struct that contains pref items */
+typedef struct CMSetPrefList {
+    int n; /* number of filled items */
+    int capacity; /* allocated memory */
+    CMTSetPrefElement* list; /* actual list */
+} CMSetPrefList;
+
+static void get_pack_bool_pref(nsIPref *prefManager, char* key, CMTSetPrefElement* list, int* n)
+{
+    PRBool boolpref;
+
+    list[*n].key = nsCRT::strdup(key);
+    list[*n].type = BOOL_PREF;
+
+    if ((prefManager->GetBoolPref(key, &boolpref) != 0) || boolpref) 
+    {
+        list[*n].value = nsCRT::strdup("true");
+    }
+    else 
+    {
+        list[*n].value = nsCRT::strdup("false");
+    }
+
+    (*n)++;    /* increment the counter after done packing */
+
+    return;
+}
+
+static void SaveAllPrefs(int number, CMTSetPrefElement* list)
+{
+    nsCOMPtr<nsIPref> prefManager;
+
+    nsresult res = nsServiceManager::GetService(kPrefCID, 
+                                                nsIPref::GetIID(), 
+                                                getter_AddRefs(prefManager));
+    
+    if (NS_FAILED(res)  || !prefManager)
+    {
+        return;
+    }
+
+
+    int i;
+    int intval;
+
+    for (i = 0; i < number; i++) 
+    {
+        if (list[i].key == nsnull) 
+        {
+            /* misconfigured item: next */
+            continue;
+        }
+
+        switch (list[i].type) 
+        {
+             case 0:    /* string type */
+                 prefManager->SetCharPref(list[i].key, list[i].value);
+                 break;
+             case 1:    /* boolean type */
+                 if (strcmp(list[i].value, "true") == 0) {
+                  prefManager->SetBoolPref(list[i].key, (PRBool)1);
+                 }
+                 else if (strcmp(list[i].value, "false") == 0) {
+                  prefManager->SetBoolPref(list[i].key, (PRBool)0);
+                 }
+                 break;
+             case 2:
+                 intval = atoi(list[i].value);
+                 prefManager->SetIntPref(list[i].key, intval);
+                 break;
+             default:
+                 break;
+         }
+    }
+
+    return;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::PassPrefs()
+{
+    // if we have not passed anything to psm yet, this function can just return.
+
+    if (!mControl)
+        return NS_OK;
+
+    int i;
+    nsresult rv = NS_ERROR_FAILURE;
+    char* strpref = NULL;
+    int intpref;
+    PRBool boolpref;
+    CMSetPrefList prefs = {0};
+    CMTSetPrefElement* list = NULL;
+
+    char* pickAuto = "Select Automatically";
+    char* alwaysAsk = "Ask Every Time";
+    
+    nsCOMPtr<nsIPref> prefManager;
+
+    nsresult res = nsServiceManager::GetService(kPrefCID, 
+                                                nsIPref::GetIID(), 
+                                                getter_AddRefs(prefManager));
+
+    if (NS_OK != res) 
+    {
+        return NS_ERROR_FAILURE;
+    }
+
+    /* allocate memory for list */
+    prefs.n = 0; /* counter */
+    prefs.capacity = INIT_NUM_PREFS;
+    prefs.list = (CMTSetPrefElement*) new char[(INIT_NUM_PREFS * sizeof(CMTSetPrefElement))];
+    
+    if (prefs.list == NULL) 
+    {
+         return rv;
+    }
+
+    /* shorthand */
+    list = prefs.list;
+
+    /* get preferences */
+    get_pack_bool_pref(prefManager, "security.enable_ssl2", (CMTSetPrefElement*)list, &(prefs.n));
+    get_pack_bool_pref(prefManager, "security.enable_ssl3", (CMTSetPrefElement*)list, &(prefs.n));
+
+    /* this pref is a boolean pref in nature but a string pref for 
+     * historical reason
+     */
+
+    list[prefs.n].key = nsCRT::strdup("security.default_personal_cert");
+    list[prefs.n].type = STRING_PREF;
+
+    if ((prefManager->CopyCharPref(list[prefs.n].key, &strpref) == 0) && (strcmp(strpref, pickAuto) == 0)) 
+    {
+         list[prefs.n].value = nsCRT::strdup(pickAuto);
+    }
+    else 
+    {
+         /* although one could choose a specific cert for client auth in
+          * Nova, that mode is deprecated with PSM and mapped to ASK
+          */
+         list[prefs.n].value = nsCRT::strdup(alwaysAsk);
+    }
+
+    prefs.n++;
+    if (strpref != NULL) 
+    {
+         nsCRT::free(strpref);
+    }
+
+    list[prefs.n].key = nsCRT::strdup("security.default_mail_cert");
+    list[prefs.n].type = STRING_PREF;
+    if (prefManager->CopyCharPref(list[prefs.n].key, &list[prefs.n].value) != 0) 
+    {
+         list[prefs.n].value = NULL;
+    }
+    prefs.n++;
+
+    list[prefs.n].key = nsCRT::strdup("security.ask_for_password");
+    list[prefs.n].type = INT_PREF;
+    if (prefManager->GetIntPref(list[prefs.n].key, &intpref) != 0) 
+    {
+         intpref = 0;    /* default */
+    }
+
+    list[prefs.n].value = PR_smprintf("%d", intpref);
+    prefs.n++;
+
+    list[prefs.n].key = nsCRT::strdup("security.password_lifetime");
+    list[prefs.n].type = INT_PREF;
+    if (prefManager->GetIntPref(list[prefs.n].key, &intpref) != 0) 
+    {
+         intpref = 30;    /* default */
+    }
+
+    list[prefs.n].value = PR_smprintf("%d", intpref);
+    prefs.n++;
+
+    /* OCSP preferences */
+    /* XXX since these are the new ones added by PSM, we will be more
+     *     error-tolerant in fetching them
+     */
+    if (prefManager->GetBoolPref("security.OCSP.enabled", &boolpref) == 0) 
+    {
+         if (boolpref) 
+        {
+             list[prefs.n].value = nsCRT::strdup("true");
+         }
+         else 
+        {
+             list[prefs.n].value = nsCRT::strdup("false");
+         }
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.enabled");
+         list[prefs.n].type = BOOL_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->GetBoolPref("security.OCSP.useDefaultResponder", &boolpref) == 0) 
+    {
+         if (boolpref) 
+        {
+             list[prefs.n].value = nsCRT::strdup("true");
+         }
+         else 
+        {
+             list[prefs.n].value = nsCRT::strdup("false");
+         }
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.useDefaultResponder");
+         list[prefs.n].type = BOOL_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->CopyCharPref("security.OCSP.URL", &strpref) == 0) 
+    {
+         list[prefs.n].value = strpref;
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.URL");
+         list[prefs.n].type = STRING_PREF;
+         prefs.n++;
+    }
+
+    if (prefManager->CopyCharPref("security.OCSP.signingCA", &strpref) == 0) 
+    {
+         list[prefs.n].value = strpref;
+         list[prefs.n].key = nsCRT::strdup("security.OCSP.signingCA");
+         list[prefs.n].type = STRING_PREF;
+         prefs.n++;
+    }
+
+    /* now application-specific preferences */
+    /* get navigator preferences */
+    get_pack_bool_pref(prefManager, "security.warn_entering_secure", (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_leaving_secure",  (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_viewing_mixed",   (CMTSetPrefElement*)list, &prefs.n);
+    get_pack_bool_pref(prefManager, "security.warn_submit_insecure", (CMTSetPrefElement*)list, &prefs.n);
+
+    // Add any other prefs here such as ldap or mail/news.
+     
+     CMT_SetSavePrefsCallback(mControl, (savePrefsCallback_fn)SaveAllPrefs);
+
+    if (CMT_PassAllPrefs(mControl, prefs.n, (CMTSetPrefElement*)prefs.list) !=  CMTSuccess) 
+    {
+         goto loser;
+    }
+
+    rv = NS_OK; /* success */
+loser:
+    /* clean out memory for prefs */
+    for (i = 0; i < prefs.n; i++) 
+    {
+         if (prefs.list[i].key != NULL) 
+        {
+             nsCRT::free(prefs.list[i].key);
+         }
+         
+        if (prefs.list[i].value != NULL) 
+        {
+             nsCRT::free(prefs.list[i].value);
+         }
+    }
+
+    if (prefs.list != NULL) 
+    {
+         delete(prefs.list);
+    }
+    return rv;
+}
+
+#ifdef XP_MAC
+extern "C" {
+    void RunMacPSM(void* arg);
+    PRThread* SSM_CreateAndRegisterThread(PRThreadType type, void (*start)(void *arg),
+                                          void *arg, PRThreadPriority priority,
+                                          PRThreadScope scope, PRThreadState state,
+                                          PRUint32 stackSize);
+    void SSM_KillAllThreads(void);
+}
+#endif
+            
+NS_IMETHODIMP
+nsPSMComponent::GetControlConnection( CMT_CONTROL * *_retval )
+{
+     nsresult rv;
+     *_retval = nsnull;
+    if (mControl) 
+    {
+        *_retval = mControl;
+        return NS_OK;
+    }
+    else      /* initialize mutex, sock table, etc. */
+    {
+            
+        if (nsPSMMutexInit() != PR_SUCCESS)
+            return NS_ERROR_FAILURE;
+
+#ifdef XP_MAC
+        /* FIXME:  Really need better error handling in PSM, which simply exits on error. */
+        /* use a cached monitor to rendezvous with the PSM thread. */
+        PRMonitor* monitor = PR_CEnterMonitor(this);
+        if (monitor != nsnull) {
+            /* create the Cartman thread, and let it run awhile to get things going. */
+            PRThread* cartmanThread = SSM_CreateAndRegisterThread(PR_USER_THREAD, RunMacPSM, 
+							                                      this, PR_PRIORITY_NORMAL,
+							                                      PR_LOCAL_THREAD, PR_UNJOINABLE_THREAD, 0);
+            if (cartmanThread != nsnull) {
+                /* need a good way to rendezvouz with the Cartman thread. */
+                PR_CWait(this, PR_INTERVAL_NO_TIMEOUT);
+            }
+            
+            PR_CExitMonitor(this);
+        }
+#endif
+
+        // Try to see if it is open already
+        mControl = CMT_ControlConnect(&nsPSMMutexTbl, &nsPSMShimTbl);
+        
+        // Find the one in the bin directory
+        if (mControl == nsnull)
+        {
+            nsCOMPtr<nsILocalFile> psmAppFile;
+            NS_WITH_SERVICE(nsIProperties, directoryService, NS_DIRECTORY_SERVICE_PROGID, &rv);
+            if (NS_FAILED(rv)) return rv;
+
+            directoryService->Get("system.OS_CurrentProcessDirectory", 
+                                   NS_GET_IID(nsIFile), 
+                                   getter_AddRefs(psmAppFile));
+
+        
+            psmAppFile->Append("psm");
+            psmAppFile->Append(PSM_FILE_NAME);
+        
+            PRBool isExecutable, exists;
+            psmAppFile->Exists(&exists);
+            psmAppFile->IsExecutable(&isExecutable);
+            if (exists && isExecutable)
+            {
+                nsXPIDLCString path;
+                psmAppFile->GetPath(getter_Copies(path));
+                // FIX THIS.  using a file path is totally wrong here.  
+                mControl = CMT_EstablishControlConnection((char*)(const char*)path, &nsPSMShimTbl, &nsPSMMutexTbl);
+            }
+        }
+
+        // Get the one in the version registry           
+        if (mControl == nsnull)
+        {
+            //Try to find it.
+            int err;
+            char filepath[MAXREGPATHLEN];
+
+            err = VR_GetPath(PSM_VERSION_REG_KEY, sizeof(filepath), filepath);
+            if ( err == REGERR_OK )
+            {
+                nsFileSpec psmSpec(filepath);
+                psmSpec += PSM_FILE_NAME;
+		
+                if (psmSpec.Exists())
+                {
+                    mControl = CMT_EstablishControlConnection((char *)psmSpec.GetNativePathCString(), &nsPSMShimTbl, &nsPSMMutexTbl);
+                }
+            }
+         }
+
+        
+        if (!mControl || InitPSMUICallbacks(mControl) != PR_SUCCESS)
+            goto failure;
+
+        nsFileSpec profileSpec;
+        PRUnichar*      profileName;
+        
+        NS_WITH_SERVICE(nsIProfile, profile, kProfileCID, &rv);
+        if (NS_FAILED(rv)) goto failure;
+        
+        rv = profile->GetCurrentProfileDir(&profileSpec);
+        if (NS_FAILED(rv)) goto failure;;
+        
+#ifdef XP_MAC
+        profileSpec += "Security";
+        // make sure the dir exists
+        profileSpec.CreateDirectory();
+#endif
+        
+        rv = profile->GetCurrentProfile(&profileName);
+        if (NS_FAILED(rv)) goto failure;
+          
+        CMTStatus psmStatus;
+        nsCAutoString profilenameC;
+        profilenameC.AssignWithConversion(profileName);
+
+        psmStatus = CMT_Hello( mControl, 
+                               PROTOCOL_VERSION, 
+                               profilenameC, 
+                               (char*)profileSpec.GetNativePathCString());        
+        
+        if (psmStatus == CMTFailure)
+        {  
+            PR_FREEIF(profileName);       
+            goto failure;
+        }
+        
+        if (InitPSMEventLoop(mControl) != PR_SUCCESS)
+        {
+            PR_FREEIF(profileName);       
+            goto failure;
+        }
+            
+        if (NS_FAILED(PassPrefs()))
+        {  
+            PR_FREEIF(profileName);       
+            goto failure;
+        }
+
+        PR_FREEIF(profileName);
+        
+        nsCOMPtr<nsIProtocolProxyService> proxySvc = do_GetService(kProtocolProxyServiceCID, &rv);
+        if (NS_FAILED(rv)) return rv;
+        proxySvc->AddNoProxyFor("127.0.0.1", mControl->port);
+        
+        *_retval = mControl;
+        return NS_OK;
+    }
+
+failure:
+#ifdef DEBUG
+    printf("*** Failure setting up Cartman! \n");
+#endif
+
+    if (mControl)
+    {
+        CMT_CloseControlConnection(mControl);
+        mControl = NULL;
+    }
+
+    // TODO we need to unregister our UI callback BEFORE destroying our mutex.
+    // nsPSMMutexDestroy();
+
+    return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::DisplaySecurityAdvisor(const char *pickledStatus, const char *hostName)
+{
+    CMT_CONTROL *controlConnection;
+    GetControlConnection( &controlConnection );
+    if (DisplayPSMUIDialog(controlConnection, pickledStatus, hostName) == PR_SUCCESS)
+        return NS_OK;
+    return NS_ERROR_FAILURE;
+}
+
+class CertDownloader : public nsIStreamListener
+{
+    public:
+        CertDownloader() {NS_ASSERTION(0, "don't use this constructor."); }
+        CertDownloader(PRInt32 type);
+        virtual ~CertDownloader();
+
+        NS_DECL_ISUPPORTS
+        NS_DECL_NSISTREAMOBSERVER
+        NS_DECL_NSISTREAMLISTENER
+    protected:
+        char* mByteData;
+        PRInt32 mBufferOffset;
+        PRInt32 mContentLength;
+        PRInt32 mType;
+};
+
+
+CertDownloader::CertDownloader(PRInt32 type)
+{
+    NS_INIT_REFCNT();
+    mByteData = nsnull;
+    mType = type;
+}
+
+CertDownloader::~CertDownloader()
+{
+    if (mByteData)
+        nsMemory::Free(mByteData);
+}
+
+NS_IMPL_ISUPPORTS(CertDownloader,NS_GET_IID(nsIStreamListener));
+
+
+NS_IMETHODIMP
+CertDownloader::OnStartRequest(nsIChannel* channel, nsISupports* context)
+{
+    channel->GetContentLength(&mContentLength);
+    if (mContentLength == -1)
+        return NS_ERROR_FAILURE;
+    
+    mBufferOffset = 0;
+    mByteData = (char*) nsMemory::Alloc(mContentLength);
+    if (!mByteData)
+        return NS_ERROR_OUT_OF_MEMORY;
+
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP
+CertDownloader::OnDataAvailable(nsIChannel* channel, 
+                                nsISupports* context,
+                                nsIInputStream *aIStream, 
+                                PRUint32 aSourceOffset,
+                                PRUint32 aLength)
+{
+    if (!mByteData)
+        return NS_ERROR_OUT_OF_MEMORY;
+
+    PRUint32 amt;
+    nsresult err;
+
+    do 
+    {
+        err = aIStream->Read(mByteData+mBufferOffset, mContentLength-mBufferOffset, &amt);
+        if (amt == 0) break;
+        if (NS_FAILED(err))  return err;
+        
+        aLength -= amt;
+        mBufferOffset += amt;
+
+    } while (aLength > 0);
+    
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP
+CertDownloader::OnStopRequest(nsIChannel* channel, 
+                              nsISupports* context,
+                              nsresult aStatus,
+                              const PRUnichar* aMsg)
+{
+
+    nsCOMPtr<nsIPSMComponent> psm = do_QueryInterface(context);
+
+    if (!psm) return NS_ERROR_FAILURE;
+
+    CMT_CONTROL *controlConnection;
+    psm->GetControlConnection( &controlConnection );
+    unsigned int certID;
+                    
+    certID = CMT_DecodeAndCreateTempCert(controlConnection, mByteData, mContentLength, mType);
+
+    if (certID)
+        CMT_DestroyResource(controlConnection, certID, SSM_RESTYPE_CERTIFICATE);
+
+  return NS_OK;
+}
+
+
+/* other mime types that we should handle sometime:
+
+application/x-pkcs7-crl
+application/x-pkcs7-mime
+application/pkcs7-signature
+application/pre-encrypted
+
+*/
+
+
+NS_IMETHODIMP 
+nsPSMComponent::HandleContent(const char * aContentType, 
+                              const char * aCommand, 
+                              const char * aWindowTarget, 
+                              nsISupports* aWindowContext, 
+                              nsIChannel * aChannel)
+{
+    // We were called via CI.  We better protect ourselves and addref.
+    NS_ADDREF_THIS();
+
+    nsresult rv = NS_OK;
+    if (!aChannel) return NS_ERROR_NULL_POINTER;
+    
+    CMUint32 type = -1;
+
+    if ( nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert") == 0)
+    {
+        type = 1;  //CA cert
+    }
+    else if (nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert") == 0)
+    {
+        type =  2; //Server cert
+    }
+    else if (nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert") == 0)
+    {
+        type =  3; //User cert
+    }
+    else if (nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert") == 0)
+    {
+        type =  4; //Someone else's email cert
+    }
+    
+    if (type != -1)
+    {
+        // I can't directly open the passed channel cause it fails :-(
+
+        nsCOMPtr<nsIURI> uri;
+        rv = aChannel->GetURI(getter_AddRefs(uri));
+        if (NS_FAILED(rv)) return rv;
+
+        nsCOMPtr<nsIChannel> channel;
+        rv = NS_OpenURI(getter_AddRefs(channel), uri);
+        if (NS_FAILED(rv)) return rv;
+
+        return channel->AsyncRead(new CertDownloader(type), NS_STATIC_CAST(nsIPSMComponent*,this));
+    }
+
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+
+//---------------------------------------------
+// Functions Implenenting NSISignatureVerifier
+//---------------------------------------------
+NS_IMETHODIMP
+nsPSMComponent::HashBegin(PRUint32 alg, PRUint32* id)
+{
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+
+  if(CMT_HashCreate(controlConnection, alg, (CMUint32*)id) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+  if(CMT_HASH_Begin(controlConnection, *id) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+
+  return NS_OK;  
+}
+
+NS_IMETHODIMP
+nsPSMComponent::HashUpdate(PRUint32 id, const char* buf, PRUint32 buflen)
+{
+  CMT_CONTROL *controlConnection;
+
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+  if (CMT_HASH_Update(controlConnection, id, 
+      (const unsigned char*)buf, buflen) != CMTSuccess)    
+    return NS_ERROR_FAILURE;
+    
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::HashEnd(PRUint32 id, unsigned char** hash, 
+                        PRUint32* hashLen, PRUint32 maxLen)
+{
+  if (!hash)
+    return NS_ERROR_ILLEGAL_VALUE;
+
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+ 
+  if(CMT_HASH_End(controlConnection, id, *hash,
+                        (CMUint32*)hashLen, maxLen) != CMTSuccess)
+    return NS_ERROR_FAILURE;
+  CMT_HASH_Destroy(controlConnection, id);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMComponent::CreatePrincipalFromSignature(const char* aRSABuf, PRUint32 aRSABufLen,
+                                             nsIPrincipal** aPrincipal)
+{
+  PRInt32 errorCode;
+  return VerifySignature(aRSABuf, aRSABufLen, nsnull, 0, &errorCode, aPrincipal);
+}
+
+PR_STATIC_CALLBACK(void)
+UselessPK7DataSink(void* arg, const char* buf, CMUint32 len)
+{
+}
+
+NS_IMETHODIMP
+nsPSMComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen, 
+                                const char* aPlaintext, PRUint32 aPlaintextLen,
+                                PRInt32* aErrorCode,
+                                nsIPrincipal** aPrincipal)
+{
+  if (!aPrincipal || !aErrorCode)
+    return NS_ERROR_NULL_POINTER;
+  *aErrorCode = 0;
+  *aPrincipal = nsnull;
+
+  CMT_CONTROL *controlConnection;
+  if (NS_FAILED(GetControlConnection( &controlConnection )))
+    return NS_ERROR_FAILURE;
+  
+  //-- Decode the signature stream
+  CMUint32 decoderID;
+  CMInt32* blah = nsnull;
+  CMTStatus result = CMT_PKCS7DecoderStart(controlConnection, nsnull,
+                                           &decoderID, blah,
+                                           UselessPK7DataSink, nsnull);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  result = CMT_PKCS7DecoderUpdate(controlConnection, decoderID, aRSABuf, aRSABufLen);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  CMUint32 contentInfo;
+  result = CMT_PKCS7DecoderFinish(controlConnection, 
+                                            decoderID, &contentInfo);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  CMTItem hashItem;
+  hashItem.data = 0;
+  hashItem.len = 0;
+  //-- If a plaintext was provided, hash it.
+  if (aPlaintext)
+  {
+    CMUint32 hashId;
+    CMT_HashCreate(controlConnection, nsISignatureVerifier::SHA1, &hashId);
+    CMT_HASH_Begin(controlConnection, hashId);
+    CMTStatus result = CMT_HASH_Update(controlConnection, hashId, 
+                                       (const unsigned char*)aPlaintext, aPlaintextLen);
+    if (result != CMTSuccess) return NS_ERROR_FAILURE;
+    
+    unsigned char* hash = (unsigned char*)PR_MALLOC(nsISignatureVerifier::SHA1_LENGTH);
+    if (!hash) return NS_ERROR_OUT_OF_MEMORY;
+    CMUint32 hashLen;
+    result = CMT_HASH_End(controlConnection, hashId, hash,
+                          &hashLen, nsISignatureVerifier::SHA1_LENGTH);
+    if (result != CMTSuccess)
+    {
+      PR_FREEIF(hash);
+      return NS_ERROR_FAILURE;
+    }
+    NS_ASSERTION(hashLen == nsISignatureVerifier::SHA1_LENGTH,
+                 "PSMComponent: Hash too short.");
+    CMT_HASH_Destroy(controlConnection, hashId);
+    hashItem.data = hash;
+    hashItem.len = hashLen;
+  }
+
+  //-- Verify signature
+  // We need to call this function even if we're only creating a principal, not
+  // verifying, because PSM won't give us certificate information unless this
+  // function has been called.
+  result = CMT_PKCS7VerifyDetachedSignature(controlConnection, contentInfo,
+                                            6 /* =Object Signing Cert */,
+                                            3 /* =SHA1 algorithm (MD5=2)*/,
+                                            1,/* Save Certificate */
+                                            &hashItem, (CMInt32*)aErrorCode);
+
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  if (aPlaintext && *aErrorCode != 0) return NS_OK; // Verification failed.
+
+  CMUint32 certID;
+  result = CMT_GetRIDAttribute(controlConnection, contentInfo,
+                               SSM_FID_P7CINFO_SIGNER_CERT, &certID);
+  if ((result != CMTSuccess) || !certID) return NS_OK; // No signature present
+  
+  CMTItem fingerprint;
+  result = CMT_GetStringAttribute(controlConnection, certID,
+                                  SSM_FID_CERT_FINGERPRINT, &fingerprint);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  //-- Get a principal
+  nsresult rv;
+  NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
+                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv)
+    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+  rv = secMan->GetCertificatePrincipal((char*)fingerprint.data,
+                                       aPrincipal);
+  if (NS_FAILED(rv)) return rv;
+
+  //-- Get common name and store it in the principal.
+  //   Using common name + organizational unit as the user-visible certificate name
+  nsCOMPtr<nsICertificatePrincipal> certificate = do_QueryInterface(*aPrincipal, &rv);
+  if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+
+  CMTItem common;
+  result = CMT_GetStringAttribute(controlConnection, certID,
+                                  SSM_FID_CERT_COMMON_NAME, &common);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+  CMTItem subject;
+  result = CMT_GetStringAttribute(controlConnection, certID,
+                                  SSM_FID_CERT_SUBJECT_NAME, &subject);
+  if (result != CMTSuccess) return NS_ERROR_FAILURE;
+
+  nsCAutoString commonName;
+  commonName = (char*)common.data;
+  static const char orgUnitTag[] = " OU=";
+  char* orgUnitPos = PL_strstr((char*)subject.data, orgUnitTag);
+  if (orgUnitPos)
+  {
+    orgUnitPos += sizeof(orgUnitTag)-1;
+    char* orgUnitEnd = PL_strchr(orgUnitPos, ',');
+    PRInt32 orgUnitLen;
+    if(orgUnitEnd)
+      orgUnitLen = orgUnitEnd - orgUnitPos;
+    else
+      orgUnitLen = PL_strlen(orgUnitPos);
+    commonName.Append(' ');
+    commonName.Append(orgUnitPos, orgUnitLen);
+  }
+  char* commonChar = commonName.ToNewCString();
+  if (!commonChar) return NS_ERROR_OUT_OF_MEMORY;
+  rv = certificate->SetCommonName(commonChar);
+  Recycle(commonChar);
+  return rv;
+}
+

mozilla/extensions/psm-glue/src/nsPSMComponent.h

@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nscore.h"
+#include "nsIPSMComponent.h"
+#include "nsISignatureVerifier.h"
+#include "nsIStringBundle.h"
+
+#include "nsIContentHandler.h"
+
+#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
+
+#define NS_PSMCOMPONENT_CID {0xddcae170, 0x5412, 0x11d3, {0xbb, 0xc8, 0x00, 0x00, 0x86, 0x1d, 0x12, 0x37}}
+
+// Implementation of the PSM component interface.
+class nsPSMComponent : public nsIPSMComponent, 
+                       public nsIContentHandler, 
+                       public nsISignatureVerifier
+{
+public:
+  NS_DEFINE_STATIC_CID_ACCESSOR( NS_PSMCOMPONENT_CID );
+
+  nsPSMComponent();
+  virtual ~nsPSMComponent();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPSMCOMPONENT
+  NS_DECL_NSICONTENTHANDLER
+  NS_DECL_NSISIGNATUREVERIFIER
+
+  static NS_METHOD CreatePSMComponent(nsISupports* aOuter, REFNSIID aIID, void **aResult);
+
+private:
+  
+  PCMT_CONTROL mControl;
+  
+  nsCOMPtr<nsISupports> mSecureBrowserIU;
+  static nsPSMComponent* mInstance;
+}; 

mozilla/extensions/psm-glue/src/nsPSMModule.cpp

@@ -0,0 +1,178 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsIModule.h"
+#include "nsIGenericFactory.h"
+
+#include "nsPSMUICallbacks.h"
+#include "nsPSMComponent.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsSecureBrowserUIImpl.h"
+
+#include "nsSSLSocketProvider.h"
+
+#include "nsSDR.h"
+#include "nsFSDR.h"
+#include "nsCrypto.h"
+#include "nsKeygenHandler.h"
+//For the NS_CRYPTO_PROGID define
+#include "nsDOMCID.h"
+
+#include "nsCURILoader.h"
+#include "nsISupportsUtils.h"
+
+// Define SDR object constructor
+static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
+static NS_DEFINE_IID(kFormProcessorCID,   NS_IFORMPROCESSOR_CID); 
+
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecretDecoderRing, init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFSecretDecoderRing, init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCrypto, init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsPkcs11, init)
+
+static nsModuleComponentInfo components[] =
+{
+    { 
+        PSM_COMPONENT_CLASSNAME,  
+        NS_PSMCOMPONENT_CID, 
+        PSM_COMPONENT_PROGID,   
+        nsPSMComponent::CreatePSMComponent
+    },
+    
+    { 
+        "PSM Content Handler - application/x-x509-ca-cert",  
+        NS_PSMCOMPONENT_CID, 
+        NS_CONTENT_HANDLER_PROGID_PREFIX"application/x-x509-ca-cert",   
+        nsPSMComponent::CreatePSMComponent
+    },
+    
+    { 
+        "PSM Content Handler - application/x-x509-server-cert",  
+        NS_PSMCOMPONENT_CID, 
+        NS_CONTENT_HANDLER_PROGID_PREFIX"application/x-x509-server-cert",   
+        nsPSMComponent::CreatePSMComponent
+    },
+
+    { 
+        "PSM Content Handler - application/x-x509-user-cert",  
+        NS_PSMCOMPONENT_CID, 
+        NS_CONTENT_HANDLER_PROGID_PREFIX"application/x-x509-user-cert",   
+        nsPSMComponent::CreatePSMComponent
+    },
+    
+    { 
+        "PSM Content Handler - application/x-x509-email-cert",  
+        NS_PSMCOMPONENT_CID, 
+        NS_CONTENT_HANDLER_PROGID_PREFIX"application/x-x509-email-cert",   
+        nsPSMComponent::CreatePSMComponent
+    },
+
+
+    { 
+        PSM_UI_HANLDER_CLASSNAME, 
+        NS_PSMUIHANDLER_CID, 
+        PSM_UI_HANLDER_PROGID,  
+        nsPSMUIHandlerImpl::CreatePSMUIHandler
+    },
+
+    { 
+        NS_SECURE_BROWSER_UI_CLASSNAME, 
+        NS_SECURE_BROWSER_UI_CID, 
+        NS_SECURE_BROWSER_UI_PROGID, 
+        nsSecureBrowserUIImpl::Create 
+    },
+
+    { 
+        NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME, 
+        NS_SECURE_BROWSER_DOCOBSERVER_CID, 
+        NS_SECURE_BROWSER_DOCOBSERVER_PROGID, 
+        nsSecureBrowserUIImpl::Create
+    },
+
+    { 
+        NS_ISSLSOCKETPROVIDER_CLASSNAME,
+        NS_SSLSOCKETPROVIDER_CID,
+        NS_ISSLSOCKETPROVIDER_PROGID,
+        nsSSLSocketProvider::Create 
+    },
+
+    {
+        NS_SDR_CLASSNAME,
+        NS_SDR_CID,
+        NS_SDR_PROGID,
+        nsSecretDecoderRingConstructor
+    },
+
+    {
+        NS_FSDR_CLASSNAME,
+        NS_FSDR_CID,
+        NS_FSDR_PROGID,
+        nsFSecretDecoderRingConstructor
+    },
+    
+    {
+        NS_CRYPTO_CLASSNAME,
+        NS_CRYPTO_CID,
+        NS_CRYPTO_PROGID,
+        nsCryptoConstructor
+    },
+    {
+        NS_PKCS11_CLASSNAME,
+        NS_PKCS11_CID,
+        NS_PKCS11_PROGID,
+        nsPkcs11Constructor
+    }
+
+};
+
+#if 0
+NS_IMPL_NSGETMODULE("PSMComponent", components);
+#endif
+
+extern "C" NS_EXPORT nsresult NSGetModule(nsIComponentManager *servMgr,
+                                          nsIFile* location,
+                                          nsIModule** result)
+{
+  nsresult rv;
+  // Put in code to register KEYGEN form input handler.
+  rv= NS_NewGenericModule("PSMComponent",
+                          sizeof(components) / sizeof(components[0]),
+                          components, nsnull, result);
+  // Register a form processor. The form processor has the opportunity to 
+  // modify the value's passed during form submission. 
+  nsKeygenFormProcessor* testFormProcessor = new nsKeygenFormProcessor(); 
+  nsCOMPtr<nsISupports> formProcessor; 
+  rv = testFormProcessor->QueryInterface(kISupportsIID, 
+                                         getter_AddRefs(formProcessor)); 
+  if (NS_SUCCEEDED(rv) && formProcessor) { 
+    rv = nsServiceManager::RegisterService(kFormProcessorCID, formProcessor); 
+  } 
+  return rv;
+}
+
+
+
+
+

mozilla/extensions/psm-glue/src/nsPSMMutex.c

@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "prmon.h"
+#include "prtypes.h"
+
+#include "nsPSMMutex.h"
+
+static PRMonitor *_nsPSMMutexVar;
+
+PRStatus
+nsPSMMutexInit()
+{
+  if (!_nsPSMMutexVar)
+      _nsPSMMutexVar = PR_NewMonitor();
+
+  return _nsPSMMutexVar ? PR_SUCCESS : PR_FAILURE;
+}
+
+PRStatus
+nsPSMMutexDestroy()
+{
+    if (!_nsPSMMutexVar)
+        return PR_FAILURE;
+    
+    PR_Wait(_nsPSMMutexVar, PR_INTERVAL_NO_TIMEOUT);
+
+    PR_DestroyMonitor(_nsPSMMutexVar);
+    return PR_SUCCESS;
+}
+
+static void
+nsPSMMutexLock(CMTMutexPointer *p)
+{
+  PR_EnterMonitor(*(PRMonitor **)p);
+  return;
+}
+
+static void
+nsPSMMutexUnlock(CMTMutexPointer *p)
+{
+  PR_ExitMonitor(*(PRMonitor **)p);
+  return;
+}
+
+CMT_MUTEX nsPSMMutexTbl = 
+{
+  &_nsPSMMutexVar,
+  (CMTMutexFunction)nsPSMMutexLock,
+  (CMTMutexFunction)nsPSMMutexUnlock
+};

mozilla/extensions/psm-glue/src/nsPSMMutex.h

@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMMUTEX_H
+#define _NSPSMMUTEX_H
+
+#include "cmtcmn.h"
+
+PR_BEGIN_EXTERN_C
+
+PR_EXTERN(CMT_MUTEX) nsPSMMutexTbl;
+
+PR_EXTERN(PRStatus) nsPSMMutexInit(void);
+PR_EXTERN(PRStatus) nsPSMMutexDestroy(void);
+
+PR_END_EXTERN_C
+
+#endif

mozilla/extensions/psm-glue/src/nsPSMShimLayer.c

@@ -0,0 +1,293 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nspr.h"
+#include "nsPSMShimLayer.h"
+
+#ifdef XP_UNIX
+#include <sys/stat.h>
+#include <unistd.h>
+#include "private/pprio.h"  /* for PR_Socket */
+#endif
+
+#define PSM_TIMEOUT_IN_SEC 300
+
+#define NSPSMSHIMMAXFD 50
+
+
+static PRIntervalTime gTimeout  = PR_INTERVAL_NO_TIMEOUT;
+
+CMT_SocketFuncs nsPSMShimTbl =
+{
+    nsPSMShimGetSocket,
+    nsPSMShimConnect,
+    nsPSMShimVerifyUnixSocket,
+    nsPSMShimSend,
+    nsPSMShimSelect,
+    nsPSMShimReceive,
+    nsPSMShimShutdown,
+    nsPSMShimClose
+};
+
+
+CMTSocket
+nsPSMShimGetSocket(int unixSock)
+{
+    PRStatus   rv;
+    PRFileDesc *fd;
+    CMSocket   *sock;
+    PRSocketOptionData sockopt;
+
+    /*
+    if (PR_INTERVAL_NO_WAIT == gTimeout) 
+    {
+        gTimeout  = PR_SecondsToInterval(PSM_TIMEOUT_IN_SEC);
+    }
+    */
+
+    if (unixSock)
+    {
+#ifndef XP_UNIX        
+        return NULL;
+#else
+        fd = PR_Socket(PR_AF_LOCAL, PR_SOCK_STREAM, 0);
+        PR_ASSERT(fd);
+#endif
+    }
+    else
+    {
+        fd = PR_NewTCPSocket();
+        PR_ASSERT(fd);
+
+        /* disable Nagle algorithm delay for control sockets */
+        sockopt.option = PR_SockOpt_NoDelay;
+        sockopt.value.no_delay = PR_TRUE;   
+        rv = PR_SetSocketOption(fd, &sockopt);
+        PR_ASSERT(PR_SUCCESS == rv);
+    }
+
+    sock = (CMSocket *)PR_Malloc(sizeof(CMSocket));
+
+    if (sock == NULL)
+      return sock;
+    
+    sock->fd     = fd;
+    sock->isUnix = unixSock;
+
+    memset(&sock->netAddr, 0, sizeof(PRNetAddr));
+    
+    return (CMTSocket)sock;
+}
+
+CMTStatus
+nsPSMShimConnect(CMTSocket sock, short port, char *path)
+{
+    CMTStatus   rv = CMTSuccess;
+    PRStatus    err;
+    PRErrorCode errcode;
+    PRSocketOptionData   sockopt;
+    PRBool      nonBlocking;
+    CMSocket    *cmSock = (CMSocket *)sock;
+    
+    if (!sock) return CMTFailure;
+
+    if (cmSock->isUnix)
+    {
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        int pathLen;
+        if (!path)
+        {
+            return CMTFailure;
+        }
+
+        /* check buffer overrun */
+        pathLen = strlen(path)+1;
+        
+        pathLen = pathLen < sizeof(cmSock->netAddr.local.path)
+                ? pathLen : sizeof(cmSock->netAddr.local.path);
+  
+        memcpy(&cmSock->netAddr.local.path, path, pathLen);
+        cmSock->netAddr.local.family = PR_AF_LOCAL;
+#endif
+    }
+    else  /* cmSock->isUnix */
+    {
+        cmSock->netAddr.inet.family = PR_AF_INET;
+        cmSock->netAddr.inet.port   = PR_htons(port);
+        cmSock->netAddr.inet.ip     = PR_htonl(PR_INADDR_LOOPBACK);
+    }
+
+    /* Save non-blocking status */
+    sockopt.option = PR_SockOpt_Nonblocking;
+    err = PR_GetSocketOption(cmSock->fd, &sockopt);
+    PR_ASSERT(PR_SUCCESS == err);
+
+    nonBlocking = sockopt.value.non_blocking;
+
+    /* make connect blocking for now */
+    sockopt.option = PR_SockOpt_Nonblocking;
+    sockopt.value.non_blocking = PR_FALSE;   
+    err = PR_SetSocketOption(cmSock->fd, &sockopt);
+    PR_ASSERT(PR_SUCCESS == err);
+
+    err = PR_Connect( cmSock->fd, &cmSock->netAddr, PR_INTERVAL_MAX );
+    
+    if (err == PR_FAILURE)    
+    {
+        errcode = PR_GetError();
+        
+        if (PR_IS_CONNECTED_ERROR != errcode)
+            rv = CMTFailure;
+    }    
+    
+    /* restore nonblock status */
+    if (nonBlocking) {
+      sockopt.option = PR_SockOpt_Nonblocking;
+      sockopt.value.non_blocking = nonBlocking;  
+      err = PR_SetSocketOption(cmSock->fd, &sockopt);
+      PR_ASSERT(PR_SUCCESS == err);
+    }
+
+    return rv;
+}
+
+CMTStatus
+nsPSMShimVerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+
+    int  rv;
+    CMSocket  *cmSock;
+    struct stat statbuf;
+
+    cmSock = (CMSocket *)sock;
+        
+    if (!cmSock || !cmSock->isUnix) 
+        return CMTFailure;
+ 
+    rv = stat(cmSock->netAddr.local.path, &statbuf);
+    if (rv < 0 || statbuf.st_uid != geteuid() )
+    {
+        PR_Close(cmSock->fd);
+        cmSock->fd = NULL;
+        PR_Free(cmSock);
+        return CMTFailure;
+    }
+    return CMTSuccess;   
+#endif
+}
+
+size_t
+nsPSMShimSend(CMTSocket sock, void *buffer, size_t length)
+{
+    CMSocket *cmSock = (CMSocket *)sock;
+
+    if (!sock) return CMTFailure;
+    
+   return PR_Send(cmSock->fd, buffer, length, 0, gTimeout);
+}
+
+size_t
+nsPSMShimReceive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    CMSocket *cmSock = (CMSocket *)sock;
+    
+    if (!sock) return CMTFailure;
+
+    return PR_Recv(cmSock->fd, buffer, bufSize, 0, gTimeout);
+}
+
+
+CMTSocket
+nsPSMShimSelect(CMTSocket *socks, int numsocks, int poll)
+{
+    CMSocket       **sockArr = (CMSocket **)socks;
+    PRPollDesc       readPDs[NSPSMSHIMMAXFD];
+    PRIntervalTime   timeout;
+    PRInt32          cnt;
+    int              i;
+
+    if (!socks) return NULL;
+
+    memset(readPDs, 0, sizeof(readPDs));
+
+    PR_ASSERT(NSPSMSHIMMAXFD >= numsocks);
+
+    for (i=0; i<numsocks; i++)
+    {
+        readPDs[i].fd       = sockArr[i]->fd;
+        readPDs[i].in_flags = PR_POLL_READ;
+    }
+
+    timeout = poll ? PR_INTERVAL_NO_WAIT : PR_INTERVAL_NO_TIMEOUT;
+
+    cnt = PR_Poll(readPDs, numsocks, timeout);
+
+    /* Figure out which socket was selected */
+    if (cnt > 0)
+    {
+        for (i=0; i<numsocks; i++)
+        {
+            if (readPDs[i].out_flags & PR_POLL_READ)
+            {
+            return (CMTSocket)sockArr[i];
+            }
+        }
+    }
+    return NULL;
+}
+
+
+CMTStatus
+nsPSMShimShutdown(CMTSocket sock)
+{
+    CMSocket *cmSock = (CMSocket*)sock;
+    PRStatus rv;
+
+    if (!sock) return CMTFailure;
+
+    rv = PR_Shutdown(cmSock->fd, PR_SHUTDOWN_SEND);
+    return (PR_SUCCESS == rv) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus
+nsPSMShimClose(CMTSocket sock)
+{
+    CMSocket *cmSock = (CMSocket*)sock;
+    PRStatus rv      = PR_SUCCESS;
+    PR_ASSERT(cmSock);
+
+    if (!sock) return CMTFailure;
+
+    rv = PR_Close(cmSock->fd);
+    cmSock->fd = NULL;
+
+    PR_Free(cmSock);
+
+    return (PR_SUCCESS == rv) ? CMTSuccess : CMTFailure;
+}

mozilla/extensions/psm-glue/src/nsPSMShimLayer.h

@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMSHIMLAYER_H_
+#define _NSPSMSHIMLAYER_H_
+
+#include "cmtcmn.h"
+#include "prio.h"
+
+PR_BEGIN_EXTERN_C
+
+typedef struct CMSocket {
+    PRFileDesc *fd;
+    PRBool      isUnix;
+    PRNetAddr   netAddr;
+} CMSocket; 
+
+PR_EXTERN(CMT_SocketFuncs) nsPSMShimTbl;
+
+PR_EXTERN(CMTSocket)
+nsPSMShimGetSocket(int unixSock);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimConnect(CMTSocket sock, short port, char *path);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimVerifyUnixSocket(CMTSocket sock);
+
+PR_EXTERN(size_t)
+nsPSMShimSend(CMTSocket sock, void *buffer, size_t length);
+
+PR_EXTERN(CMTSocket)
+nsPSMShimSelect(CMTSocket *socks, int numsocks, int poll);
+
+PR_EXTERN(size_t)
+nsPSMShimReceive(CMTSocket sock, void *buffer, size_t bufSize);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimShutdown(CMTSocket sock);
+
+PR_EXTERN(CMTStatus)
+nsPSMShimClose(CMTSocket sock);
+
+PR_END_EXTERN_C
+
+#endif /* _NSPSMSHIMLAYER_H_ */

mozilla/extensions/psm-glue/src/nsPSMUICallbacks.cpp

@@ -0,0 +1,348 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#include "nsProxiedService.h"
+#include "nsIEventQueueService.h"
+#include "nsPSMUICallbacks.h"
+#include "nsINetSupportDialogService.h"
+#include "nsIFilePicker.h"
+
+#include "nsAppShellCIDs.h"
+#include "prprf.h"
+#include "prmem.h"
+
+#include "nsSSLIOLayer.h" // for SSMSTRING_PADDED_LENGTH
+#include "ssmdefs.h"
+#include "rsrcids.h"
+
+// Interfaces Needed
+#include "nsIAppShellService.h"
+#include "nsIDocShell.h"
+#include "nsIDOMWindow.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIPrompt.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsIURL.h"
+#include "nsIXULWindow.h"
+
+static NS_DEFINE_IID(kAppShellServiceCID, NS_APPSHELL_SERVICE_CID);
+static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
+
+
+// Happy callbacks
+static char * PromptUserCallback(void *arg, char *prompt, int isPasswd);
+static char * FilePathPromptCallback(void *arg, char *prompt, char *fileRegEx, CMUint32 shouldFileExist);
+static void   ApplicationFreeCallback(char *userInput);
+
+static void * CartmanUIHandler(uint32 resourceID, void* clientContext, uint32 width, uint32 height, 
+								CMBool isModal, char* urlStr, void *data);
+
+extern "C" void CARTMAN_UIEventLoop(void *data);
+
+
+/* nsISupports Implementation for the class */
+NS_IMPL_THREADSAFE_ISUPPORTS1(nsPSMUIHandlerImpl, nsIPSMUIHandler)
+
+NS_METHOD
+nsPSMUIHandlerImpl::DisplayURI(PRInt32 width, PRInt32 height, PRBool modal, const char *urlStr)
+{
+    nsresult rv;
+    nsCOMPtr<nsIDOMWindow> hiddenWindow;
+    JSContext *jsContext;
+
+    NS_WITH_SERVICE(nsIAppShellService, appShell, kAppShellServiceCID, &rv);
+	if (NS_SUCCEEDED(rv))
+	{
+		rv = appShell->GetHiddenWindowAndJSContext( getter_AddRefs( hiddenWindow ),
+                                                    &jsContext );
+
+	     if ( NS_SUCCEEDED( rv ) ) 
+         {
+            // Set up arguments for "window.open"
+            void *stackPtr;
+            char params[36];
+
+            if (modal)  // if you change this, remember to change the buffer size above.
+                strcpy(params, "menubar=no,height=%d,width=%d,modal");
+            else
+                strcpy(params, "menubar=no,height=%d,width=%d");
+
+            char buffer[256];
+            PR_snprintf(buffer,
+                        sizeof(buffer),
+                        params,
+                        height,
+                        width );
+
+            jsval	*argv = JS_PushArguments(jsContext, &stackPtr, "sss", urlStr, "_blank", buffer);
+            if (argv)
+            {
+	            // open the window
+	            nsIDOMWindow	*newWindow;
+	            hiddenWindow->Open(jsContext, argv, 3, &newWindow);
+                newWindow->ResizeTo(width, height);
+	            JS_PopArguments(jsContext, stackPtr);
+            }
+        }
+    }
+    return rv;
+}
+
+NS_IMETHODIMP
+nsPSMUIHandlerImpl::PromptForFile(const PRUnichar *prompt, const char *fileRegEx, PRBool shouldFileExist, char **outFile)
+{
+    NS_ENSURE_ARG_POINTER(outFile);
+    nsCOMPtr<nsIFilePicker> fp = do_CreateInstance("component://mozilla/filepicker");
+    
+    if (!fp)
+        return NS_ERROR_NULL_POINTER;
+
+
+    fp->Init(nsnull, prompt, nsIFilePicker::modeOpen);
+    fp->AppendFilter(NS_ConvertASCIItoUCS2(fileRegEx).GetUnicode(), NS_ConvertASCIItoUCS2(fileRegEx).GetUnicode());  
+    fp->AppendFilters(nsIFilePicker::filterAll);
+    PRInt16 mode;
+    nsresult rv = fp->Show(&mode);
+
+    if (NS_FAILED(rv) || (mode == nsIFilePicker::returnCancel))
+         return rv;
+
+    nsCOMPtr<nsILocalFile> file;
+    rv = fp->GetFile(getter_AddRefs(file));
+
+    if (file)
+      file->GetPath(outFile);
+
+    return rv;
+}
+
+NS_METHOD      
+nsPSMUIHandlerImpl::CreatePSMUIHandler(nsISupports* aOuter, REFNSIID aIID, void **aResult)
+{                                                                  
+    nsresult rv = NS_OK; 
+    if ( aResult ) 
+    { 
+        /* Allocate new find component object. */
+        nsPSMUIHandlerImpl *component = new nsPSMUIHandlerImpl(); 
+        if ( component ) 
+        { 
+            /* Allocated OK, do query interface to get proper */
+            /* pointer and increment refcount.                */
+            rv = component->QueryInterface( aIID, aResult ); 
+            if ( NS_FAILED( rv ) ) 
+            { 
+                /* refcount still at zero, delete it here. */
+                delete component; 
+            } 
+        } 
+        else 
+        { 
+            rv = NS_ERROR_OUT_OF_MEMORY; 
+        } 
+    } 
+    else 
+    { 
+        rv = NS_ERROR_NULL_POINTER; 
+    } 
+    return rv; 
+} 
+
+
+
+extern "C" void CARTMAN_UIEventLoop(void *data)
+{
+   CMT_EventLoop((PCMT_CONTROL)data);
+}
+
+PRStatus InitPSMEventLoop(PCMT_CONTROL control)
+{
+    PR_CreateThread(PR_USER_THREAD,
+                    CARTMAN_UIEventLoop,
+                    control, 
+                    PR_PRIORITY_NORMAL, 
+                    PR_GLOBAL_THREAD, 
+                    PR_UNJOINABLE_THREAD,
+                    0);  
+
+    return PR_SUCCESS;
+}
+
+PRStatus InitPSMUICallbacks(PCMT_CONTROL control)
+{
+    if (!control)
+        return PR_FAILURE;  
+    
+    CMT_SetPromptCallback(control, (promptCallback_fn)PromptUserCallback, nsnull);
+    CMT_SetAppFreeCallback(control, (applicationFreeCallback_fn) ApplicationFreeCallback);
+    CMT_SetFilePathPromptCallback(control, (filePathPromptCallback_fn) FilePathPromptCallback, nsnull);
+
+    if (CMT_SetUIHandlerCallback(control, (uiHandlerCallback_fn) CartmanUIHandler, NULL) != CMTSuccess) 
+            return PR_FAILURE;
+
+    return PR_SUCCESS;
+}
+
+PRStatus DisplayPSMUIDialog(PCMT_CONTROL control, const char *pickledStatus, const char *hostName)
+{
+    CMUint32 advRID = 0;
+    CMInt32 width = 0;
+    CMInt32 height = 0;
+    CMTItem urlItem = {0, NULL, 0};
+    CMTStatus rv = CMTSuccess;
+    CMTItem advisorContext = {0, NULL, 0};
+    void * pwin;
+
+    CMTSecurityAdvisorData data;
+    memset(&data, '\0', sizeof(CMTSecurityAdvisorData));
+    
+    if (hostName)
+    {
+        // if there is a hostName, than this request is about
+        // a webpage.  
+        data.hostname    = (char*) hostName;
+        data.infoContext = SSM_BROWSER;
+    
+        if (pickledStatus)
+        {
+            CMTItem pickledResource = {0, NULL, 0};
+            CMUint32 socketStatus = 0;
+    
+            pickledResource.len = *(int*)(pickledStatus);
+            pickledResource.data = (unsigned char*) PR_Malloc(SSMSTRING_PADDED_LENGTH(pickledResource.len));
+        
+            if (! pickledResource.data) return PR_FAILURE;
+
+            memcpy(pickledResource.data, pickledStatus+sizeof(int), pickledResource.len);
+        
+            /* Unpickle the SSL Socket Status */
+            if (CMT_UnpickleResource( control, 
+                                      SSM_RESTYPE_SSL_SOCKET_STATUS,
+                                      pickledResource, 
+                                      &socketStatus) == CMTSuccess)
+            {
+                data.infoContext = SSM_BROWSER;    
+                data.resID = socketStatus;
+            }
+
+            PR_FREEIF(pickledResource.data);
+        }
+    }
+
+    /* Create a Security Advisor context object. */
+    rv = CMT_SecurityAdvisor(control, &data, &advRID);
+
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    /* Get the URL, width, height, etc. from the advisor context. */
+    rv = CMT_GetStringAttribute(control, 
+                                advRID, 
+                                SSM_FID_SECADVISOR_URL,
+                                &urlItem);
+
+    if ((rv != CMTSuccess) || (!urlItem.data))
+        return PR_FAILURE;
+
+    rv = CMT_GetNumericAttribute(control, 
+                                 advRID, 
+                                 SSM_FID_SECADVISOR_WIDTH,
+                                 &width);
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    rv = CMT_GetNumericAttribute(control, 
+                                 advRID, 
+                                 SSM_FID_SECADVISOR_HEIGHT,
+                                 &height);
+    if (rv != CMTSuccess)
+        return PR_FAILURE;
+
+    /* Fire the URL up in a window of its own. */
+    pwin = CartmanUIHandler(advRID, nsnull, width, height, CM_FALSE, (char*)urlItem.data, NULL);
+    
+    //allocated by cmt, we can free with free:
+    free(urlItem.data);
+    
+    return PR_SUCCESS;
+}
+
+
+
+void* CartmanUIHandler(uint32 resourceID, void* clientContext, uint32 width, uint32 height, CMBool isModal, char* urlStr, void *data)
+{
+    nsresult rv = NS_OK;
+    
+    NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+    
+    if(NS_SUCCEEDED(rv))
+	    handler->DisplayURI(width, height, isModal, urlStr);
+
+    return nsnull;
+}
+
+    
+    
+char * PromptUserCallback(void *arg, char *prompt, int isPasswd)
+{
+
+    nsresult rv = NS_OK;
+    PRUnichar *password;
+    PRBool  value;
+
+    NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID, NS_UI_THREAD_EVENTQ, &rv);
+    
+    if (NS_SUCCEEDED(rv)) {
+	    rv = dialog->PromptPassword(nsnull, NS_ConvertASCIItoUCS2(prompt).GetUnicode(),
+                                  NS_ConvertASCIItoUCS2(" ").GetUnicode(),      // hostname
+                                  PR_TRUE, &password, &value);
+
+        if (NS_SUCCEEDED(rv) && value) {
+            nsString a(password);
+            char* str = a.ToNewCString();
+            Recycle(password);
+            return str;
+        }
+    }
+
+    return nsnull;
+}
+
+void ApplicationFreeCallback(char *userInput)
+{
+    nsMemory::Free(userInput);
+}
+
+char * FilePathPromptCallback(void *arg, char *prompt, char *fileRegEx, CMUint32 shouldFileExist)
+{
+    nsresult rv = NS_OK;
+    
+    char* filePath = nsnull;
+    
+    NS_WITH_PROXIED_SERVICE(nsIPSMUIHandler, handler, nsPSMUIHandlerImpl::GetCID(), NS_UI_THREAD_EVENTQ, &rv);
+    
+    if(NS_SUCCEEDED(rv))
+	    handler->PromptForFile(NS_ConvertASCIItoUCS2(prompt).GetUnicode(), fileRegEx, (PRBool)shouldFileExist, &filePath);
+
+    return filePath;
+}

mozilla/extensions/psm-glue/src/nsPSMUICallbacks.h

@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef _NSPSMUICALLBACKS_H
+#define _NSPSMUICALLBACKS_H
+
+#include "prtypes.h"
+#include "cmtcmn.h"
+
+#include "nsIPSMUIHandler.h"
+
+PRStatus InitPSMUICallbacks(PCMT_CONTROL gControl);
+PRStatus InitPSMEventLoop(PCMT_CONTROL gControl);
+PRStatus DisplayPSMUIDialog(PCMT_CONTROL control, const char* pickledStatus, const char *hostName);
+
+
+#define NS_PSMUIHANDLER_CID {0x15944e30, 0x601e, 0x11d3, {0x8c, 0x4a, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74}}
+
+class nsPSMUIHandlerImpl : public nsIPSMUIHandler 
+{
+    public:
+
+        NS_DEFINE_STATIC_CID_ACCESSOR( NS_PSMUIHANDLER_CID );
+    
+        /* ctor/dtor */
+        nsPSMUIHandlerImpl() { NS_INIT_REFCNT(); }
+        virtual ~nsPSMUIHandlerImpl() { }
+
+        NS_DECL_ISUPPORTS
+        NS_DECL_NSIPSMUIHANDLER
+
+        static NS_METHOD CreatePSMUIHandler(nsISupports* aOuter, REFNSIID aIID, void **aResult);
+};
+
+#endif

mozilla/extensions/psm-glue/src/nsSDR.cpp

@@ -0,0 +1,320 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Netscape Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/NPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s): 
+ *  thayes@netscape.com
+ */
+
+#include "stdlib.h"
+#include "plstr.h"
+#include "nsMemory.h"
+#include "nsIServiceManager.h"
+
+#include "plbase64.h"
+
+#include "nsISecretDecoderRing.h"
+
+#include "cmtcmn.h"
+#include "nsIPSMComponent.h"
+
+#include "nsSDR.h"
+
+NS_IMPL_ISUPPORTS1(nsSecretDecoderRing, nsISecretDecoderRing)
+
+nsSecretDecoderRing::nsSecretDecoderRing()
+{
+  NS_INIT_ISUPPORTS();
+
+  mPSM = NULL;
+}
+
+nsSecretDecoderRing::~nsSecretDecoderRing()
+{
+  if (mPSM) mPSM->Release();
+}
+
+/* Init the new instance */
+nsresult nsSecretDecoderRing::
+init()
+{
+  nsresult rv;
+  nsISupports *psm;
+
+  rv = nsServiceManager::GetService(kPSMComponentProgID, NS_GET_IID(nsIPSMComponent),
+                                    &psm);
+  if (rv != NS_OK) goto loser;  /* Should promote error */
+
+  mPSM = (nsIPSMComponent *)psm;
+
+loser:
+  return rv;
+}
+
+/* [noscript] long encrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+    nsresult rv = NS_OK;
+    unsigned char *r = 0;
+    CMT_CONTROL *control;
+    CMTStatus status;
+    CMUint32 cLen;
+
+    if (data == nsnull || result == nsnull || _retval == nsnull) {
+       rv = NS_ERROR_INVALID_POINTER;
+       goto loser;
+    }
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connect to use for the request */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+   
+    status = CMT_SDREncrypt(control, (void *)0, (const unsigned char *)0, 0, 
+               data, dataLen, result, &cLen);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* XXX */
+
+    /* Copy returned data to nsMemory buffer ? */
+    *_retval = cLen;
+
+loser:
+    return rv;
+}
+
+/* [noscript] long decrypt (in buffer data, in long dataLen, out buffer result); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
+{
+    nsresult rv = NS_OK;
+    CMTStatus status;
+    CMT_CONTROL *control;
+    CMUint32 len;
+
+    if (data == nsnull || result == nsnull || _retval == nsnull) {
+       rv = NS_ERROR_INVALID_POINTER;
+       goto loser;
+    }
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connection */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+    
+    /* Call PSM to decrypt the value */
+    status = CMT_SDRDecrypt(control, (void *)0, data, dataLen, result, &len);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* Promote? */
+
+    /* Copy returned data to nsMemory buffer ? */
+    *_retval = len;
+
+loser:
+    return rv;
+}
+
+/* string encryptString (in string text); */
+NS_IMETHODIMP nsSecretDecoderRing::
+EncryptString(const char *text, char **_retval)
+{
+    nsresult rv = NS_OK;
+    unsigned char *encrypted = 0;
+    PRInt32 eLen;
+
+    if (text == nsnull || _retval == nsnull) {
+        rv = NS_ERROR_INVALID_POINTER;
+        goto loser;
+    }
+
+    rv = Encrypt((unsigned char *)text, PL_strlen(text), &encrypted, &eLen);
+    if (rv != NS_OK) { goto loser; }
+
+    rv = encode(encrypted, eLen, _retval);
+
+loser:
+    if (encrypted) nsMemory::Free(encrypted);
+
+    return rv;
+}
+
+/* string decryptString (in string crypt); */
+NS_IMETHODIMP nsSecretDecoderRing::
+DecryptString(const char *crypt, char **_retval)
+{
+    nsresult rv = NS_OK;
+    char *r = 0;
+    unsigned char *decoded = 0;
+    PRInt32 decodedLen;
+    unsigned char *decrypted = 0;
+    PRInt32 decryptedLen;
+
+    if (crypt == nsnull || _retval == nsnull) {
+      rv = NS_ERROR_INVALID_POINTER;
+      goto loser;
+    }
+
+    rv = decode(crypt, &decoded, &decodedLen);
+    if (rv != NS_OK) goto loser;
+
+    rv = Decrypt(decoded, decodedLen, &decrypted, &decryptedLen);
+    if (rv != NS_OK) goto loser;
+
+    // Convert to NUL-terminated string
+    r = (char *)nsMemory::Alloc(decryptedLen+1);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, decrypted, decryptedLen);
+    r[decryptedLen] = 0;
+
+    *_retval = r;
+    r = 0;
+
+loser:
+    if (r) nsMemory::Free(r);
+    if (decrypted) nsMemory::Free(decrypted);
+    if (decoded) nsMemory::Free(decoded);
+ 
+    return rv;
+}
+
+/* void changePassword(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+ChangePassword()
+{
+  nsresult rv = NS_OK;
+  CMTStatus status;
+  CMT_CONTROL *control;
+
+  rv = mPSM->GetControlConnection(&control);
+  if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+  status = CMT_SDRChangePassword(control, (void*)0);
+
+loser:
+  return rv;
+}
+
+/* void logout(); */
+NS_IMETHODIMP nsSecretDecoderRing::
+Logout()
+{
+    nsresult rv = NS_OK;
+    CMTStatus status;
+    CMT_CONTROL *control;
+
+    /* Check object initialization */
+    NS_ASSERTION(mPSM != nsnull, "SDR object not initialized");
+    if (mPSM == nsnull) { rv = NS_ERROR_NOT_INITIALIZED; goto loser; }
+
+    /* Get the control connection */
+    rv = mPSM->GetControlConnection(&control);
+    if (rv != NS_OK) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+    
+    /* Call PSM to decrypt the value */
+    status = CMT_LogoutAllTokens(control);
+    if (status != CMTSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* Promote? */
+
+loser:
+    return rv;
+}
+
+
+// Support routines
+
+nsresult nsSecretDecoderRing::
+encode(const unsigned char *data, PRInt32 dataLen, char **_retval)
+{
+    nsresult rv = NS_OK;
+
+    *_retval = PL_Base64Encode((const char *)data, dataLen, NULL);
+    if (!*_retval) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+loser:
+    return rv;
+
+#if 0
+    nsresult rv = NS_OK;
+    char *r = 0;
+
+    // Allocate space for encoded string (with NUL)
+    r = (char *)nsMemory::Alloc(dataLen+1);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, data, dataLen);
+    r[dataLen] = 0;
+
+    *_retval = r;
+    r = 0;
+
+loser:
+    if (r) nsMemory::Free(r);
+
+    return rv;
+#endif
+}
+
+nsresult nsSecretDecoderRing::
+decode(const char *data, unsigned char **result, PRInt32 * _retval)
+{
+    nsresult rv = NS_OK;
+    PRUint32 len = PL_strlen(data);
+    int adjust = 0;
+
+    /* Compute length adjustment */
+    if (data[len-1] == '=') {
+      adjust++;
+      if (data[len-2] == '=') adjust++;
+    }
+
+    *result = (unsigned char *)PL_Base64Decode(data, len, NULL);
+    if (!*result) { rv = NS_ERROR_ILLEGAL_VALUE; goto loser; }
+
+    *_retval = (len*3)/4 - adjust;
+
+loser:
+    return rv;
+
+#if 0
+    nsresult rv = NS_OK;
+    unsigned char *r = 0;
+    PRInt32 rLen;
+
+    // Allocate space for decoded string (missing NUL)
+    rLen = PL_strlen(data);
+    r = (unsigned char *)nsMemory::Alloc(rLen);
+    if (!r) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
+
+    memcpy(r, data, rLen);
+
+    *result = r;
+    r = 0;
+    *_retval = rLen;
+
+loser:
+    if (r) nsMemory::Free(r);
+
+    return rv;
+#endif
+}
+
+const char * nsSecretDecoderRing::kPSMComponentProgID = PSM_COMPONENT_PROGID;

mozilla/extensions/psm-glue/src/nsSDR.h

@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Terry Hayes <thayes@netscape.com>
+ */
+
+#ifndef _NSSDR_H_
+#define _NSSDR_H_
+
+#include "nsISecretDecoderRing.h"
+
+// ===============================================
+// nsSecretDecoderRing - implementation of nsISecretDecoderRing
+// ===============================================
+
+#define NS_SDR_CLASSNAME "Secret Decoder Ring"
+#define NS_SDR_CID \
+  { 0xd9a0341, 0xce7, 0x11d4, { 0x9f, 0xdd, 0x0, 0x0, 0x64, 0x65, 0x73, 0x74 } }
+#define NS_SDR_PROGID "netscape.security.sdr"
+
+class nsSecretDecoderRing : public nsISecretDecoderRing
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  nsSecretDecoderRing();
+  virtual ~nsSecretDecoderRing();
+
+  nsresult init();
+
+private:
+  nsIPSMComponent *mPSM;
+
+  static const char *kPSMComponentProgID;
+
+  nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
+  nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval);
+};
+
+#endif /* _NSSDR_H_ */

mozilla/extensions/psm-glue/src/nsSSLIOLayer.cpp

@@ -0,0 +1,550 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#include "nspr.h"
+#include "nsString.h"
+#include "cmtcmn.h"
+
+#include "nsIPSMComponent.h"
+#include "nsIPSMSocketInfo.h"
+#include "nsIServiceManager.h"
+#include "nsPSMShimLayer.h"
+#include "nsSSLIOLayer.h"
+
+static PRDescIdentity  nsSSLIOLayerIdentity;
+static PRIOMethods     nsSSLIOLayerMethods;
+static nsIPSMComponent* gPSMService = nsnull;
+
+
+
+class nsPSMSocketInfo : public nsIPSMSocketInfo
+{
+public:
+    nsPSMSocketInfo();
+    virtual ~nsPSMSocketInfo();
+
+    NS_DECL_ISUPPORTS
+    NS_DECL_NSIPSMSOCKETINFO
+
+    // internal functions to psm-glue.
+    nsresult SetSocketPtr(CMSocket *socketPtr);
+    nsresult SetControlPtr(CMT_CONTROL *aControlPtr);
+    nsresult SetFileDescPtr(PRFileDesc *aControlPtr);
+    nsresult SetHostName(char *aHostName);
+    nsresult SetProxyName(char *aName);
+
+    nsresult SetHostPort(PRInt32 aPort);
+    nsresult SetProxyPort(PRInt32 aPort);
+    nsresult SetPickledStatus();
+
+protected:
+    CMT_CONTROL* mControl;
+    CMSocket*    mSocket;
+    PRFileDesc*  mFd;
+    
+    nsString     mHostName;
+    PRInt32      mHostPort;
+    
+    nsString     mProxyName;
+    PRInt32      mProxyPort;
+    
+    unsigned char* mPickledStatus;
+};
+
+
+static PRStatus PR_CALLBACK
+nsSSLIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout)
+{
+    nsresult                result;
+    PRStatus                rv = PR_SUCCESS;
+    CMTStatus               status = CMTFailure;
+    
+    /* Set the error in case of failure. */
+
+    PR_SetError(PR_UNKNOWN_ERROR, status);
+
+    if (!fd || !addr || !fd->secret || !gPSMService)
+        return PR_FAILURE;
+    
+    char ipBuffer[PR_NETDB_BUF_SIZE];
+    rv = PR_NetAddrToString(addr, (char*)&ipBuffer, PR_NETDB_BUF_SIZE);
+    if (rv != PR_SUCCESS)
+        return PR_FAILURE;
+    
+    if (addr->raw.family == PR_AF_INET6 && PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) 
+    {
+      /* Chop off the leading "::ffff:" */
+      strcpy(ipBuffer, ipBuffer + 7);
+    }
+
+    
+    CMT_CONTROL *control;
+    result = gPSMService->GetControlConnection(&control);
+    if (result != PR_SUCCESS)
+        return PR_FAILURE;
+    
+    CMSocket* cmsock = (CMSocket *)PR_Malloc(sizeof(CMSocket));
+    if (!cmsock)
+        return PR_FAILURE;
+    
+    memset(cmsock, 0, sizeof(CMSocket));
+    
+    cmsock->fd        = fd->lower;
+    cmsock->isUnix    = PR_FALSE;
+   
+    nsPSMSocketInfo *infoObject = (nsPSMSocketInfo *)fd->secret;
+    
+    infoObject->SetControlPtr(control);
+    infoObject->SetSocketPtr(cmsock);
+    
+    char* proxyName;
+    char* hostName;
+    infoObject->GetProxyName(&proxyName);
+    infoObject->GetHostName(&hostName);
+    
+    if (!proxyName)
+    {
+        // Direct connection
+        status = CMT_OpenSSLConnection(control,
+                                       cmsock,
+                                       SSM_REQUEST_SSL_DATA_SSL,
+                                       PR_ntohs(addr->inet.port),
+                                       ipBuffer,
+                                       (hostName ? hostName : ipBuffer),
+                                       CM_FALSE, 
+                                       nsnull);
+    
+    }
+    else
+    {
+        // not supported yet.
+
+        return PR_FAILURE;
+#if 0
+        PRInt32 destPort;
+        
+        infoObject->GetProxyPort(&destPort);
+
+        status = CMT_OpenSSLProxyConnection(control,
+                                            cmsock,
+                                            destPort, 
+                                            proxyName,  // wants IP
+                                            hostName);
+#endif
+    }
+
+    if (hostName)  Recycle(hostName);
+    if (proxyName) Recycle(proxyName);
+        
+    if (CMTSuccess == status)
+    {
+        // since our stuff can block, what we want to do is return PR_FAILURE,
+        // but set the nspr ERROR to BLOCK.  This will put us into a select
+        // q.
+        PR_SetError(PR_WOULD_BLOCK_ERROR, status);
+        return PR_FAILURE;
+    }
+
+    return PR_FAILURE;
+}
+
+  /* CMT_DestroyDataConnection(ctrl, sock); */
+  /*   need to strip our layer, pass result to DestroyDataConnection */
+  /*   which will clean up the CMT accounting of sock, then call our */
+  /*   shim layer to translate back to NSPR */
+
+static PRStatus PR_CALLBACK
+nsSSLIOLayerClose(PRFileDesc *fd)
+{
+  nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+  PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+   
+  if (infoObject && id == nsSSLIOLayerIdentity)
+  {
+    CMInt32 errorCode = PR_FAILURE;
+    CMT_CONTROL* control;
+    CMSocket*    socket;
+    
+    PR_Shutdown(fd, PR_SHUTDOWN_BOTH);
+
+    infoObject->GetControlPtr(&control);
+    infoObject->GetSocketPtr(&socket);
+    infoObject->SetPickledStatus();
+
+    CMT_GetSSLDataErrorCode(control, socket, &errorCode);
+    CMT_DestroyDataConnection(control, socket);
+    NS_RELEASE(infoObject);  // if someone is interested in us, the better have an addref.
+    fd->identity = PR_INVALID_IO_LAYER;
+    
+    return (PRStatus)errorCode;
+  }
+
+  return PR_FAILURE;
+}
+ 
+static PRInt32 PR_CALLBACK
+nsSSLIOLayerRead( PRFileDesc *fd, void *buf, PRInt32 amount)
+{
+    if (!fd)
+        return PR_FAILURE;
+
+    PRInt32 result = PR_Recv(fd, buf, amount, 0, PR_INTERVAL_MIN);
+    
+    if (result > 0)
+        return result;
+    
+    if (result == -1)
+    {
+        PRErrorCode code = PR_GetError();
+
+        if (code == PR_IO_TIMEOUT_ERROR )
+            PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+        return PR_FAILURE;
+    }
+    
+    if (result == 0)
+    {
+        nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+        PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+
+        if (infoObject && id == nsSSLIOLayerIdentity)
+        {
+            CMInt32 errorCode = PR_FAILURE;
+            
+            CMT_CONTROL* control;
+            CMSocket*    socket;
+    
+            infoObject->GetControlPtr(&control);
+            infoObject->GetSocketPtr(&socket);
+
+            CMT_GetSSLDataErrorCode(control, socket, &errorCode);
+
+			if (errorCode == PR_IO_TIMEOUT_ERROR)
+			{
+				PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+				return PR_FAILURE;
+			}
+
+            PR_SetError(0, 0);
+            return errorCode;
+        }
+    }
+
+    return result;
+}
+
+static PRInt32 PR_CALLBACK
+nsSSLIOLayerWrite( PRFileDesc *fd, const void *buf, PRInt32 amount)
+{
+    if (!fd)
+        return PR_FAILURE;
+
+    PRInt32 result = PR_Send(fd, buf, amount, 0, PR_INTERVAL_MIN);
+    
+    if (result > 0)
+        return result;
+
+    if (result == -1)
+    {
+        PRErrorCode code = PR_GetError();
+
+        if (code == PR_IO_TIMEOUT_ERROR )
+            PR_SetError(PR_WOULD_BLOCK_ERROR, PR_WOULD_BLOCK_ERROR);
+        return PR_FAILURE;
+    }
+
+    if (result == 0)
+    {
+        nsPSMSocketInfo *infoObject    = (nsPSMSocketInfo *)fd->secret;
+        PRDescIdentity          id     = PR_GetLayersIdentity(fd);
+
+        if (infoObject && id == nsSSLIOLayerIdentity)
+        {
+            CMInt32 errorCode = PR_FAILURE;
+            CMT_CONTROL* control;
+            CMSocket*    socket;
+    
+            infoObject->GetControlPtr(&control);
+            infoObject->GetSocketPtr(&socket);
+
+            CMT_GetSSLDataErrorCode(control, socket, &errorCode);
+            PR_SetError(0, 0);
+            return errorCode;
+        }
+    }
+    return result;
+}
+
+
+
+nsPSMSocketInfo::nsPSMSocketInfo()
+{ 
+    NS_INIT_REFCNT(); 
+    mControl = nsnull; 
+    mSocket = nsnull;
+    mPickledStatus = nsnull;
+}
+
+nsPSMSocketInfo::~nsPSMSocketInfo()
+{
+    PR_FREEIF(mPickledStatus);    
+}
+
+NS_IMPL_THREADSAFE_ISUPPORTS1(nsPSMSocketInfo, nsIPSMSocketInfo);
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetControlPtr(CMT_CONTROL * *aControlPtr)
+{
+    *aControlPtr = mControl;
+    return NS_OK;
+}
+
+nsresult
+nsPSMSocketInfo::SetControlPtr(CMT_CONTROL *aControlPtr)
+{
+    mControl = aControlPtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetSocketPtr(CMSocket * *socketPtr)
+{
+    *socketPtr = mSocket;
+    return NS_OK;
+}
+
+nsresult
+nsPSMSocketInfo::SetSocketPtr(CMSocket *socketPtr)
+{
+    mSocket = socketPtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetFileDescPtr(PRFileDesc * *aFilePtr)
+{
+    *aFilePtr = mFd;
+    return NS_OK;
+}
+
+
+nsresult
+nsPSMSocketInfo::SetFileDescPtr(PRFileDesc *aFilePtr)
+{
+    mFd = aFilePtr;
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsPSMSocketInfo::GetHostName(char * *aHostName)
+{
+    if (mHostName.IsEmpty())
+        *aHostName = nsnull;
+    else
+        *aHostName = mHostName.ToNewCString();
+    return NS_OK;
+}
+
+
+nsresult 
+nsPSMSocketInfo::SetHostName(char *aHostName)
+{
+    mHostName.AssignWithConversion(aHostName);
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsPSMSocketInfo::GetHostPort(PRInt32 *aPort)
+{
+    *aPort = mHostPort;
+    return NS_OK;
+}
+
+nsresult 
+nsPSMSocketInfo::SetHostPort(PRInt32 aPort)
+{
+    mHostPort = aPort;
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP 
+nsPSMSocketInfo::GetProxyName(char * *aName)
+{
+    if (mProxyName.IsEmpty())
+        *aName = nsnull;
+    else
+        *aName = mProxyName.ToNewCString();
+    return NS_OK;
+}
+
+
+nsresult 
+nsPSMSocketInfo::SetProxyName(char *aName)
+{
+    mProxyName.AssignWithConversion(aName);
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP 
+nsPSMSocketInfo::GetProxyPort(PRInt32 *aPort)
+{
+    *aPort = mProxyPort;
+    return NS_OK;
+}
+
+nsresult 
+nsPSMSocketInfo::SetProxyPort(PRInt32 aPort)
+{
+    mProxyPort = aPort;
+    return NS_OK;
+}
+
+
+
+nsresult
+nsPSMSocketInfo::SetPickledStatus()
+{
+    PR_FREEIF(mPickledStatus);
+
+    long level;
+    CMTItem pickledStatus = {0, nsnull, 0};
+    unsigned char* ret    = nsnull;
+
+    if (CMT_GetSSLSocketStatus(mControl, mSocket, &pickledStatus, &level) != PR_FAILURE)
+    {        
+        ret = (unsigned char*) PR_Malloc( (SSMSTRING_PADDED_LENGTH(pickledStatus.len) + sizeof(int)) );
+        if (ret) 
+        {
+            *(int*)ret = pickledStatus.len;
+            memcpy(ret+sizeof(int), pickledStatus.data, *(int*)ret);
+        }
+
+        PR_FREEIF(pickledStatus.data);
+        mPickledStatus = ret;
+    }
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsPSMSocketInfo::GetPickledStatus(char * *pickledStatusString)
+{
+    if (!mPickledStatus)
+        SetPickledStatus();
+
+    if (mPickledStatus)
+    {
+        PRInt32 len = *(int*)mPickledStatus;
+        char *out = (char *)nsMemory::Alloc(len);
+        memcpy(out, mPickledStatus, len);
+        *pickledStatusString = out;
+        return NS_OK;
+    }
+    *pickledStatusString = nsnull;
+    return NS_ERROR_FAILURE;
+}
+
+nsresult
+nsSSLIOLayerNewSocket( const char *host, 
+                       PRInt32 port, 
+                       const char *proxyHost, 
+                       PRInt32 proxyPort,
+                       PRFileDesc **fd, 
+                       nsISupports** info)
+{
+    static PRBool  firstTime = PR_TRUE;
+    if (firstTime)
+    {
+        nsSSLIOLayerIdentity        = PR_GetUniqueIdentity("Cartman layer");
+        nsSSLIOLayerMethods         = *PR_GetDefaultIOMethods();
+
+        nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
+        nsSSLIOLayerMethods.close   = nsSSLIOLayerClose;
+        nsSSLIOLayerMethods.read    = nsSSLIOLayerRead;
+        nsSSLIOLayerMethods.write   = nsSSLIOLayerWrite;
+        
+        
+        nsresult result = nsServiceManager::GetService( PSM_COMPONENT_PROGID,
+                                                        NS_GET_IID(nsIPSMComponent), 
+                                                        (nsISupports**)&gPSMService);  
+        if (NS_FAILED(result))
+            return PR_FAILURE;
+    
+        firstTime                   = PR_FALSE;
+
+    }
+    
+
+    PRFileDesc *   sock;
+    PRFileDesc *   layer;
+    PRStatus       rv;
+
+    /* Get a normal NSPR socket */
+    sock = PR_NewTCPSocket();  
+    if (! sock) return NS_ERROR_OUT_OF_MEMORY;
+    
+    /* disable Nagle algorithm delay for control sockets */
+    PRSocketOptionData sockopt;
+    sockopt.option = PR_SockOpt_NoDelay;
+    sockopt.value.no_delay = PR_TRUE;   
+    rv = PR_SetSocketOption(sock, &sockopt);
+    PR_ASSERT(PR_SUCCESS == rv);
+
+
+    layer = PR_CreateIOLayerStub(nsSSLIOLayerIdentity, &nsSSLIOLayerMethods);
+    if (! layer)
+    {
+        PR_Close(sock);
+        return NS_ERROR_FAILURE;
+    }
+        
+    nsPSMSocketInfo *infoObject = new nsPSMSocketInfo();
+    if (!infoObject)
+    {
+        PR_Close(sock);
+        // clean up IOLayerStub.
+        return NS_ERROR_FAILURE;
+    }
+    
+    NS_ADDREF(infoObject);
+    
+    infoObject->SetHostName((char*)host);
+    infoObject->SetHostPort(port);
+    infoObject->SetProxyName((char*)proxyHost);
+    infoObject->SetProxyPort(proxyPort);
+
+    layer->secret = (PRFilePrivate*) infoObject;
+    rv = PR_PushIOLayer(sock, PR_GetLayersIdentity(sock), layer);
+    
+    if (rv == PR_SUCCESS)
+    {
+        *fd   = sock;
+        *info = infoObject;
+        NS_ADDREF(*info);
+        return NS_OK;
+    }
+    
+    PR_Close(sock);
+    return NS_ERROR_FAILURE;
+}

mozilla/extensions/psm-glue/src/nsSSLIOLayer.h

@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#ifndef _NSSSLIOLAYER_H
+#define _NSSSLIOLAYER_H
+
+#include "prtypes.h"
+#include "prio.h"
+#include "nsIPSMSocketInfo.h"
+
+// define taken from 4.x cartman glue code.  
+#define SSMSTRING_PADDED_LENGTH(x) ((((x)+3)/4)*4)
+
+nsresult nsSSLIOLayerNewSocket(const char *host, 
+                               PRInt32 port, 
+                               const char *proxyHost, 
+                               PRInt32 proxyPort, 
+                               PRFileDesc **fd, 
+                               nsISupports **securityInfo);
+#endif /* _NSSSLIOLAYER_H */

mozilla/extensions/psm-glue/src/nsSSLSocketProvider.cpp

@@ -0,0 +1,94 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#include "nsIComponentManager.h"
+#include "nsIServiceManager.h"
+#include "nsSSLSocketProvider.h"
+#include "nsSSLIOLayer.h"
+
+////////////////////////////////////////////////////////////////////////////////
+
+nsSSLSocketProvider::nsSSLSocketProvider()
+{
+  NS_INIT_REFCNT();
+}
+
+nsresult
+nsSSLSocketProvider::Init()
+{
+  nsresult rv = NS_OK;
+  return rv;
+}
+
+nsSSLSocketProvider::~nsSSLSocketProvider()
+{
+}
+
+NS_IMPL_THREADSAFE_ISUPPORTS2(nsSSLSocketProvider, nsISocketProvider, nsISSLSocketProvider);
+
+NS_METHOD
+nsSSLSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
+{                                                                               
+    nsresult rv;                                                                
+                                                                                
+    nsSSLSocketProvider * inst;                                                      
+                                                                                
+    if (NULL == aResult) {                                                      
+        rv = NS_ERROR_NULL_POINTER;                                             
+        return rv;                                                              
+    }                                                                           
+    *aResult = NULL;                                                            
+    if (NULL != aOuter) {                                                       
+        rv = NS_ERROR_NO_AGGREGATION;                                           
+        return rv;                                                              
+    }                                                                           
+                                                                                
+    NS_NEWXPCOM(inst, nsSSLSocketProvider);                                          
+    if (NULL == inst) {                                                         
+        rv = NS_ERROR_OUT_OF_MEMORY;                                            
+        return rv;                                                              
+    }                                                                           
+    NS_ADDREF(inst);                                                            
+    rv = inst->QueryInterface(aIID, aResult);                                   
+    NS_RELEASE(inst);                                                           
+                                                                                
+    return rv;                                                                  
+}                                                                               
+
+
+NS_IMETHODIMP
+nsSSLSocketProvider::NewSocket(const char *host, 
+                               PRInt32 port, 
+                               const char *proxyHost, 
+                               PRInt32 proxyPort, 
+                               PRFileDesc **_result, 
+                               nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(host,
+                                      port,
+                                      proxyHost,
+                                      proxyPort,
+                                      _result, 
+                                      securityInfo);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}

mozilla/extensions/psm-glue/src/nsSSLSocketProvider.h

@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+*/
+
+#ifndef _NSSSLSOCKETPROVIDER_H_
+#define _NSSSLSOCKETPROVIDER_H_
+
+#include "nsISSLSocketProvider.h"
+
+
+/* 274418d0-5437-11d3-bbc8-0000861d1237 */         
+#define NS_SSLSOCKETPROVIDER_CID   { 0x274418d0, 0x5437, 0x11d3, {0xbb, 0xc8, 0x00, 0x00, 0x86, 0x1d, 0x12, 0x37}}
+
+
+class nsSSLSocketProvider : public nsISSLSocketProvider
+{
+public:
+  NS_DECL_ISUPPORTS
+
+  NS_DECL_NSISOCKETPROVIDER
+
+  NS_DECL_NSISSLSOCKETPROVIDER
+
+  // nsSSLSocketProvider methods:
+  nsSSLSocketProvider();
+  virtual ~nsSSLSocketProvider();
+
+  static NS_METHOD
+  Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
+
+  nsresult Init();
+
+protected:
+};
+
+#endif /* _NSSSLSOCKETPROVIDER_H_ */

mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp

@@ -0,0 +1,654 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998-2000 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+ *   Stuart Parmenter <pavlov@netscape.com>
+*/
+
+#include "nspr.h"
+#include "prlog.h"
+
+#include "nsISecureBrowserUI.h"
+#include "nsSecureBrowserUIImpl.h"
+#include "nsIPSMComponent.h"
+#include "nsPSMComponent.h"
+#include "nsCOMPtr.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIServiceManager.h"
+
+#include "nsIScriptGlobalObject.h"
+#include "nsIObserverService.h"
+#include "nsIDocumentLoader.h"
+#include "nsCURILoader.h"
+#include "nsIDocShell.h"
+#include "nsIDocumentViewer.h"
+#include "nsCURILoader.h"
+#include "nsIDocument.h"
+#include "nsIDOMHTMLDocument.h"
+#include "nsIDOMXULDocument.h"
+#include "nsIDOMElement.h"
+#include "nsIDOMWindow.h"
+#include "nsIContent.h"
+#include "nsIWebProgress.h"
+#include "nsIChannel.h"
+#include "nsIPSMSocketInfo.h"
+
+#include "nsIURI.h"
+
+#include "prmem.h"
+
+#include "nsINetSupportDialogService.h"
+#include "nsIPrompt.h"
+#include "nsICommonDialogs.h"
+#include "nsIPref.h"
+
+#include "nsIFormSubmitObserver.h"
+
+static NS_DEFINE_CID(kCStringBundleServiceCID,  NS_STRINGBUNDLESERVICE_CID);
+static NS_DEFINE_CID(kCommonDialogsCID,         NS_CommonDialog_CID );
+static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
+
+#define ENTER_SITE_PREF      "security.warn_entering_secure"
+#define LEAVE_SITE_PREF      "security.warn_leaving_secure"
+#define MIXEDCONTENT_PREF    "security.warn_viewing_mixed"
+#define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
+
+#if defined(PR_LOGGING)
+//
+// Log module for nsSecureBroswerUI logging...
+//
+// To enable logging (see prlog.h for full details):
+//
+//    set NSPR_LOG_MODULES=nsSecureBroswerUI:5
+//    set NSPR_LOG_FILE=nspr.log
+//
+// this enables PR_LOG_DEBUG level information and places all output in
+// the file nspr.log
+//
+PRLogModuleInfo* gSecureDocLog = nsnull;
+#endif /* PR_LOGGING */
+
+ 
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
+{
+    nsresult rv;
+
+    nsSecureBrowserUIImpl * inst;
+
+    if (NULL == aResult) {
+        rv = NS_ERROR_NULL_POINTER;
+        return rv;
+    }
+    *aResult = NULL;
+    if (NULL != aOuter) {
+        rv = NS_ERROR_NO_AGGREGATION;
+        return rv;
+    }
+
+    NS_NEWXPCOM(inst, nsSecureBrowserUIImpl);
+    if (NULL == inst) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+        return rv;
+    }
+    NS_ADDREF(inst);
+    rv = inst->QueryInterface(aIID, aResult);
+    NS_RELEASE(inst);
+
+    return rv;
+}
+
+nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
+{
+    NS_INIT_REFCNT();
+    
+#if defined(PR_LOGGING)
+    if (nsnull == gSecureDocLog) {
+        gSecureDocLog = PR_NewLogModule("nsSecureBroswerUI");
+    }
+#endif /* PR_LOGGING */
+
+
+    mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
+    mLastPSMStatus    = nsnull;
+    mCurrentURI       = nsnull;
+    mSecurityButton   = nsnull;
+}
+
+nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl()
+{
+    PR_FREEIF(mLastPSMStatus);
+}
+
+NS_IMPL_ISUPPORTS4(nsSecureBrowserUIImpl, 
+                   nsSecureBrowserUI, 
+                   nsIWebProgressListener, 
+                   nsIFormSubmitObserver,
+                   nsIObserver); 
+
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::Init(nsIDOMWindow *window, nsIDOMElement *button)
+{
+    mSecurityButton = button;
+    mWindow         = window;
+
+    nsresult rv = nsServiceManager::GetService( kPrefCID, 
+                                                NS_GET_IID(nsIPref), 
+                                                getter_AddRefs(mPref));  
+    if (NS_FAILED(rv)) return rv;
+
+    NS_WITH_SERVICE(nsIStringBundleService, service, kCStringBundleServiceCID, &rv);
+    if (NS_FAILED(rv)) return rv;
+
+    nsILocale* locale = nsnull;
+    rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, locale, getter_AddRefs(mStringBundle));
+    if (NS_FAILED(rv)) return rv;
+
+    // hook up to the form post notifications:
+    nsIObserverService *svc = 0;
+    rv = nsServiceManager::GetService(NS_OBSERVERSERVICE_PROGID, 
+                                      NS_GET_IID(nsIObserverService), 
+                                      (nsISupports**)&svc );
+    if (NS_SUCCEEDED(rv) && svc) {
+        nsString  topic; topic.AssignWithConversion(NS_FORMSUBMIT_SUBJECT);
+        rv = svc->AddObserver( this, topic.GetUnicode());
+        nsServiceManager::ReleaseService( NS_OBSERVERSERVICE_PROGID, svc );
+    }
+
+    // hook up to the webprogress notifications.
+    nsCOMPtr<nsIDocShell> docShell;
+
+    nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(window);
+    if (!sgo) return NS_ERROR_NULL_POINTER;
+
+    sgo->GetDocShell(getter_AddRefs(docShell));
+    if (!docShell) return NS_ERROR_NULL_POINTER;
+
+    nsCOMPtr<nsIWebProgress> wp = do_GetInterface(docShell);
+    if (!wp) return NS_ERROR_NULL_POINTER;
+
+    wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this));
+
+    mInitByLocationChange = PR_TRUE;
+
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::DisplayPageInfoUI()
+{
+    nsresult res;
+    NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+    if (NS_FAILED(res)) 
+        return res;
+    
+    nsXPIDLCString host;
+    if (mCurrentURI)
+        mCurrentURI->GetHost(getter_Copies(host));
+    
+    return psm->DisplaySecurityAdvisor(mLastPSMStatus, host);
+}
+
+
+
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::Observe(nsISupports*, const PRUnichar*, const PRUnichar*) 
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+
+static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child, PRBool* value)
+{
+    *value = PR_FALSE;
+
+    if (parent == child)
+    {
+        *value = PR_TRUE;
+        return NS_OK;
+    }
+
+    nsCOMPtr<nsIDOMWindow> childsParent;
+    child->GetParent(getter_AddRefs(childsParent));
+        
+    if (childsParent && childsParent.get() != child)
+        IsChildOfDomWindow(parent, childsParent, value);
+    
+    return NS_OK;
+}
+
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::Notify(nsIContent* formNode, nsIDOMWindow* window, nsIURI* actionURL)
+{
+    // Return NS_OK unless we want to prevent this form from submitting.
+
+    if (!window || !actionURL || !formNode) {
+        return NS_OK;
+    }
+    
+    nsCOMPtr<nsIDocument> document; 
+    formNode->GetDocument(*getter_AddRefs(document)); 
+    if (!document) return NS_OK; 
+
+    nsCOMPtr<nsIScriptGlobalObject> globalObject; 
+    document->GetScriptGlobalObject(getter_AddRefs(globalObject)); 
+    nsCOMPtr<nsIDOMWindow> postingWindow = do_QueryInterface(globalObject); 
+    
+    PRBool isChild;
+    IsChildOfDomWindow(mWindow, postingWindow, &isChild);
+
+    if (!isChild)
+        return NS_OK;
+
+    PRBool okayToPost;
+    nsresult res = CheckPost(actionURL, &okayToPost);
+
+    if (NS_SUCCEEDED(res) && okayToPost)
+        return NS_OK;
+    
+    return NS_ERROR_FAILURE;
+}
+
+//  nsIWebProgressListener
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest, 
+                                        PRInt32 aCurSelfProgress, 
+                                        PRInt32 aMaxSelfProgress, 
+                                        PRInt32 aCurTotalProgress, 
+                                        PRInt32 aMaxTotalProgress)
+{
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
+                                     nsIRequest* aRequest, 
+                                     PRInt32 aProgressStateFlags,
+                                     nsresult aStatus)
+{
+    nsresult res = NS_OK;
+
+    if (aRequest == nsnull || !mSecurityButton || !mPref)
+        return NS_ERROR_NULL_POINTER;
+
+    // Get the channel from the request...
+    // If the request is not network based, then ignore it.    
+    nsCOMPtr<nsIChannel> channel;
+    channel = do_QueryInterface(aRequest, &res);
+    if (NS_FAILED(res))
+        return NS_OK;
+
+    nsCOMPtr<nsIURI> loadingURI;
+    channel->GetURI(getter_AddRefs(loadingURI));
+    
+#if defined(DEBUG)
+    nsXPIDLCString temp;
+    loadingURI->GetSpec(getter_Copies(temp));
+    PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: OnStateChange: %x :%s\n", this, aProgressStateFlags,(const char*)temp));
+#endif
+
+    // A Document is starting to load...
+    if ((aProgressStateFlags & flag_start) && 
+        (aProgressStateFlags & flag_is_network))
+    {
+        // starting to load a webpage
+        PR_FREEIF(mLastPSMStatus); mLastPSMStatus = nsnull;
+
+        mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
+
+        res = CheckProtocolContextSwitch( loadingURI, mCurrentURI);    
+        return res;
+    } 
+
+    // A document has finished loading    
+    if ((aProgressStateFlags & flag_stop) &&
+        (aProgressStateFlags & flag_is_network) &&
+        mIsSecureDocument)
+    {
+        if (!mIsDocumentBroken) // and status is okay  FIX
+        {
+            // qi for the psm information about this channel load.
+            nsCOMPtr<nsISupports> info;
+            channel->GetSecurityInfo(getter_AddRefs(info));
+            nsCOMPtr<nsIPSMSocketInfo> psmInfo = do_QueryInterface(info);
+            if (psmInfo)
+            {
+                // Everything looks okay.  Lets stash the picked status.
+                PR_FREEIF(mLastPSMStatus);
+                res = psmInfo->GetPickledStatus(&mLastPSMStatus);
+
+                if (NS_SUCCEEDED(res)) {
+                    PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to lock\n", this));
+                    res = mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("high") );
+                    return res;
+                }
+            }
+        }
+
+        PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to broken\n", this));
+        mIsDocumentBroken = PR_TRUE;
+        res = mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken"));
+        return res;
+    }
+    
+    ///    if (aProgressStateFlags == nsIWebProgress::flag_net_redirecting)
+    ///    {
+    ///        // need to implmentent.
+    ///    }
+
+    // don't need to do anything more if the page is broken or not secure...
+
+    if (!mIsSecureDocument || mIsDocumentBroken)
+        return NS_OK;
+
+    // A URL is starting to load...
+    if ((aProgressStateFlags & flag_start) &&
+        (aProgressStateFlags & flag_is_request))
+    {   // check to see if we are going to mix content.
+        return CheckMixedContext(loadingURI);
+    }
+
+    // A URL has finished loading...    
+    if ((aProgressStateFlags & flag_stop) &&
+        (aProgressStateFlags & flag_is_request))
+    {
+        if (1)  // FIX status from the flag...
+        {
+            nsCOMPtr<nsISupports> info;
+            channel->GetSecurityInfo(getter_AddRefs(info));
+            nsCOMPtr<nsIPSMSocketInfo> psmInfo = do_QueryInterface(info, &res);
+
+                    // qi for the psm information about this channel load.
+            if (psmInfo) {
+                return NS_OK;    
+            }
+        }
+
+        PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: OnStateChange - Icon set to broken\n", this));
+        mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken") );
+        mIsDocumentBroken = PR_TRUE;
+    }    
+
+    return res;
+}
+
+
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnLocationChange(nsIURI* aLocation)
+{
+    mCurrentURI = aLocation;
+    
+    if (mInitByLocationChange)
+    {
+        IsURLHTTPS(mCurrentURI, &mIsSecureDocument);
+        mInitByLocationChange = PR_FALSE;
+    }
+
+    return NS_OK;
+}
+
+
+nsresult
+nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value)
+{
+	*value = PR_FALSE;
+
+	if (!aURL)
+		return NS_OK;
+
+    char* scheme;
+	aURL->GetScheme(&scheme);
+
+	if (scheme == nsnull)
+		return NS_ERROR_NULL_POINTER;
+
+    if ( PL_strncasecmp(scheme, "https",  5) == 0 )
+		*value = PR_TRUE;
+	
+	nsMemory::Free(scheme);
+	return NS_OK;
+}
+
+
+
+void nsSecureBrowserUIImpl::GetBundleString(const nsString& name, nsString &outString)
+{
+    if (mStringBundle && name.Length() > 0) {
+        PRUnichar *ptrv = nsnull;
+        if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name.GetUnicode(), &ptrv)))
+            outString = ptrv;
+        else
+            outString.SetLength(0);;
+
+        nsMemory::Free(ptrv);
+
+    } else {
+        outString.SetLength(0);;
+    }
+}
+
+nsresult 
+nsSecureBrowserUIImpl::CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldURI)
+{
+    nsresult res;
+    PRBool isNewSchemeSecure, isOldSchemeSecure, boolpref;
+
+    res = IsURLHTTPS(oldURI, &isOldSchemeSecure);
+    if (NS_FAILED(res)) 
+        return res;
+    res = IsURLHTTPS(newURI, &isNewSchemeSecure);
+    if (NS_FAILED(res)) 
+        return res;
+
+    // Check to see if we are going from a secure page to and insecure page
+    if ( !isNewSchemeSecure && isOldSchemeSecure)
+    {
+        mSecurityButton->RemoveAttribute( NS_ConvertASCIItoUCS2("level") );
+    
+        if ((mPref->GetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0))
+            boolpref = PR_TRUE;
+        
+        if (boolpref) 
+        {
+            NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &res);
+            if (NS_FAILED(res)) 
+                return res;
+
+            nsAutoString windowTitle, message, dontShowAgain;
+
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("LeaveSiteMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+            dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+
+            if (!outCheckValue) {
+                mPref->SetBoolPref(LEAVE_SITE_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+                if (NS_FAILED(res)) 
+                    return res;
+                psm->PassPrefs();
+            }
+        }
+    }
+    // check to see if we are going from an insecure page to a secure one.
+    else if (isNewSchemeSecure && !isOldSchemeSecure)
+    {
+        if ((mPref->GetBoolPref(ENTER_SITE_PREF, &boolpref) != 0))
+            boolpref = PR_TRUE;
+        
+        if (boolpref) 
+        {
+            NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &res);
+            if (NS_FAILED(res)) 
+                return res;
+
+            nsAutoString windowTitle, message, dontShowAgain;
+
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("EnterSiteMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+            dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+
+            if (!outCheckValue)
+            {
+                mPref->SetBoolPref(ENTER_SITE_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &res);
+                if (NS_FAILED(res)) 
+                    return res;
+                psm->PassPrefs();
+            }
+        }
+    }
+
+    mIsSecureDocument = isNewSchemeSecure;
+    return NS_OK;
+}
+
+
+nsresult
+nsSecureBrowserUIImpl::CheckMixedContext(nsIURI* nextURI)
+{
+    PRBool secure;
+
+    nsresult rv = IsURLHTTPS(nextURI, &secure);
+    if (NS_FAILED(rv))
+        return rv;
+
+    if (!secure  && mIsSecureDocument)
+    {
+        mIsDocumentBroken = PR_TRUE;
+        mSecurityButton->SetAttribute( NS_ConvertASCIItoUCS2("level"), NS_ConvertASCIItoUCS2("broken") );
+
+        if (!mPref) return NS_ERROR_NULL_POINTER;
+
+        PRBool boolpref;
+        if ((mPref->GetBoolPref(MIXEDCONTENT_PREF, &boolpref) != 0))
+            boolpref = PR_TRUE;
+
+        if (boolpref && !mMixContentAlertShown) 
+        {
+            NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &rv);
+            if (NS_FAILED(rv)) 
+                return rv;
+
+            nsAutoString windowTitle, message, dontShowAgain;
+
+            GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+            GetBundleString(NS_ConvertASCIItoUCS2("MixedContentMessage"), message);
+            GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+            PRBool outCheckValue = PR_TRUE;
+
+            dialog->AlertCheck(mWindow, 
+                               windowTitle.GetUnicode(), 
+                               message.GetUnicode(), 
+                               dontShowAgain.GetUnicode(), 
+                               &outCheckValue);
+
+            if (!outCheckValue) {
+                mPref->SetBoolPref(MIXEDCONTENT_PREF, PR_FALSE);
+                NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv);
+                if (NS_FAILED(rv)) 
+                    return rv;
+                psm->PassPrefs();
+            }
+
+            mMixContentAlertShown = PR_TRUE;
+        }
+    }
+
+  return NS_OK;
+}
+
+nsresult
+nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
+{
+    PRBool secure;
+
+    nsresult rv = IsURLHTTPS(actionURL, &secure);
+    if (NS_FAILED(rv))
+        return rv;
+    
+    // if we are posting to a secure link from a secure page, all is okay.
+    if (secure  && mIsSecureDocument)
+        return NS_OK;
+
+
+    PRBool boolpref;    
+
+    // posting to a non https URL.
+    if ((mPref->GetBoolPref(INSECURE_SUBMIT_PREF, &boolpref) != 0))
+        boolpref = PR_TRUE;
+    
+    if (boolpref) {
+        NS_WITH_SERVICE(nsICommonDialogs, dialog, kCommonDialogsCID, &rv);
+        if (NS_FAILED(rv)) 
+            return rv;
+
+        nsAutoString windowTitle, message, dontShowAgain;
+        
+        GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
+        GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
+
+        // posting to insecure webpage from a secure webpage.
+        if (!secure  && mIsSecureDocument && !mIsDocumentBroken) {
+            GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecure"), message);
+        } else { // anything else, post generic warning
+            GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecureFromInsecure"), message);
+        }
+
+        PRBool outCheckValue = PR_TRUE;
+        dialog->ConfirmCheck(mWindow, 
+                             windowTitle.GetUnicode(), 
+                             message.GetUnicode(), 
+                             dontShowAgain.GetUnicode(), 
+                             &outCheckValue, 
+                             okayToPost);
+
+        if (!outCheckValue) {
+            mPref->SetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE);
+            NS_WITH_SERVICE(nsIPSMComponent, psm, PSM_COMPONENT_PROGID, &rv);
+            if (NS_FAILED(rv)) 
+                return rv;
+            psm->PassPrefs();
+        }
+    } else {
+        *okayToPost = PR_TRUE;
+    }
+  
+    return NS_OK;
+}

mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.h

@@ -0,0 +1,108 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Hubbie Shaw
+ *   Doug Turner <dougt@netscape.com>
+*/
+
+#ifndef nsSecureBrowserUIImpl_h_
+#define nsSecureBrowserUIImpl_h_
+
+#include "nsCOMPtr.h"
+#include "nsXPIDLString.h"
+#include "nsString.h"
+#include "nsIObserver.h"
+#include "nsIDocumentLoaderObserver.h"
+#include "nsIDOMElement.h"
+#include "nsIDOMWindow.h"
+#include "nsIStringBundle.h"
+#include "nsISecureBrowserUI.h"
+#include "nsIDocShell.h"
+#include "nsIPref.h"
+#include "nsIWebProgressListener.h"
+#include "nsIFormSubmitObserver.h"
+#include "nsIURI.h"
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME "Mozilla Secure Browser Doc Observer"
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_CID \
+{0x97c06c30, 0xa145, 0x11d3, \
+{0x8c, 0x7c, 0x00, 0x60, 0x97, 0x92, 0x27, 0x8c}}
+
+#define NS_SECURE_BROWSER_DOCOBSERVER_PROGID "component://netscape/secure_browser_docobserver"
+
+
+class nsSecureBrowserUIImpl : public nsSecureBrowserUI, 
+                              public nsIWebProgressListener, 
+                              public nsIFormSubmitObserver,
+                              public nsIObserver
+{
+public:
+
+	nsSecureBrowserUIImpl();
+	virtual ~nsSecureBrowserUIImpl();
+    
+    static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
+
+	NS_DECL_ISUPPORTS    
+    NS_DECL_NSIWEBPROGRESSLISTENER
+    NS_DECL_NSSECUREBROWSERUI
+
+
+    // nsIObserver
+    NS_DECL_NSIOBSERVER
+    NS_IMETHOD Notify(nsIContent* formNode, nsIDOMWindow* window, nsIURI *actionURL);
+
+protected:
+
+	nsCOMPtr<nsIDOMWindow>              mWindow;
+    nsCOMPtr<nsIDOMElement>             mSecurityButton;
+	nsCOMPtr<nsIDocumentLoaderObserver> mOldWebShellObserver;
+    nsCOMPtr<nsIPref>                   mPref;
+    nsCOMPtr<nsIStringBundle>           mStringBundle;
+    
+    nsCOMPtr<nsIURI>                    mCurrentURI;
+
+	PRBool					mIsSecureDocument;  // is https loaded
+	PRBool					mIsDocumentBroken;  // 
+	PRBool					mMixContentAlertShown;
+    
+    PRBool                  mInitByLocationChange;
+
+    char*                   mLastPSMStatus;
+    
+
+    void GetBundleString(const nsString& name, nsString &outString);
+    nsresult LoadStringBundle();
+    
+    nsresult CheckProtocolContextSwitch( nsIURI* newURI, nsIURI* oldURI);
+    nsresult CheckMixedContext(nsIURI* nextURI);
+    nsresult CheckPost(nsIURI *actionURL, PRBool *okayToPost);
+    nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
+};
+
+
+#endif /* nsSecureBrowserUIImpl_h_ */
+
+
+
+
+
+

mozilla/security/nss/lib/rdb/Makefile

@@ -1,80 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-

mozilla/security/nss/lib/rdb/config.mk

@@ -1,82 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-ifdef NISCC_TEST
-DEFINES += -DNISCC_TEST
-endif
-
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-
-# don't want the 32 in the shared library name
-SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
-IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
-
-RES = $(OBJDIR)/$(LIBRARY_NAME).res
-RESNAME = $(LIBRARY_NAME).rc
-
-ifdef NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib \
-	-lsqlite3 \
-	$(NULL)
-else # ! NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/sqlite3.lib \
-	$(NULL)
-endif # NS_USE_GCC
-
-else
-
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lsqlite3 \
-	$(NULL)
-
-ifeq ($(OS_ARCH), BeOS)
-EXTRA_SHARED_LIBS += -lbe
-endif
-
-ifeq ($(OS_TARGET),SunOS)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-MKSHLIB += -R '$$ORIGIN'
-endif
-
-endif

mozilla/security/nss/lib/rdb/manifest.mn

@@ -1,49 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is Red Hat, Inc.
-#
-# The Initial Developer of the Original Code is
-# Red Hat, Inc.
-# Portions created by the Initial Developer are Copyright (C) 2005
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-MODULE = rdb
-MAPFILE = $(OBJDIR)/rdb.def
-
-CSRCS = \
-	rdb.c \
-	$(NULL)
-
-
-REQUIRES = dbm nss sqlite nspr
-
-LIBRARY_NAME = rdb

mozilla/security/nss/lib/rdb/rdb.c

@@ -1,807 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is Red Hat, Inc.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2005
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Robert Relyea (rrelyea@redhat.com)
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- *   This implementation has two slots:
- *	slot 1 is our generic crypto support. It does not require login.
- *   It supports Public Key ops, and all they bulk ciphers and hashes. 
- *   It can also support Private Key ops for imported Private keys. It does 
- *   not have any token storage.
- *	slot 2 is our private key support. It requires a login before use. It
- *   can store Private Keys and Certs as token objects. Currently only private
- *   keys and their associated Certificates are saved on the token.
- *
- *   In this implementation, session objects are only visible to the session
- *   that created or generated them.
- */
-#include "sqlite3.h"
-#include "mcom_db.h"
-#include "errno.h"
-#ifndef DARWIN
-#include "malloc.h"
-#endif
-#include "stdlib.h"
-#include "string.h"
-#include "sys/stat.h"
-#include "fcntl.h"
-#ifdef _WINDOWS
-#include "direct.h"
-#define usleep(x)
-#else
-#include "unistd.h"
-#endif
-
-/*
- * the following data structures should be moved to a 'rdb.h'.
- */
-#define STATIC_CMD_SIZE 2048
-struct RDBStr {
-    DB  db;
-    int (*xactstart)(DB *db);
-    int (*xactdone)(DB *db, PRBool abort);
-    int version;
-    int (*dbinitcomplete)(DB *db);
-    int flags;
-    int index;
-    unsigned char *dataPool;
-    int dataPoolSize;
-    unsigned char *keyPool;
-    int keyPoolSize;
-    sqlite3_stmt *delStmt;
-    sqlite3_stmt *getStmt;
-    sqlite3_stmt *seqStmt;
-    sqlite3_stmt *insertStmt;
-    sqlite3_stmt *replaceStmt;
-    sqlite3_stmt *beginStmt;
-    sqlite3_stmt *rollbackStmt;
-    sqlite3_stmt *commitStmt;
-};
-
-
-typedef struct RDBStr RDB;
-#define DB_RDB ((DBTYPE) 0xff)
-#define RDB_RDONLY      1
-#define RDB_RDWR        2
-#define RDB_CREATE      4
-
-#define DBM_OK 0
-#define DBM_ERROR -1
-#define DBM_END  1
-
-#define DEL_CMD      "DELETE FROM nssTable WHERE key=$KEY;"
-#define GET_CMD      "SELECT ALL * FROM nssTable WHERE key=$KEY;"
-#define SEQ_CMD      "SELECT ALL * FROM nssTable LIMIT 1 OFFSET $OFFSET;"
-#define INSERT_CMD   "INSERT INTO nssTable VALUES ( $KEY, $DATA );"
-#define REPLACE_CMD  "REPLACE INTO nssTable VALUES ( $KEY, $DATA );"
-#define BEGIN_CMD    "BEGIN EXCLUSIVE TRANSACTION;"
-#define ROLLBACK_CMD "ROLLBACK TRANSACTION;"
-#define COMMIT_CMD   "COMMIT TRANSACTION;"
-#define INIT_CMD  \
- "CREATE TABLE nssTable (Key PRIMARY KEY UNIQUE ON CONFLICT ABORT, Data);"
-#define IN_INIT_CMD   "CREATE TABLE nssInit (dummy);"
-#define DONE_INIT_CMD "DROP TABLE nssInit;"
-#define CHECK_TABLE_CMD "SELECT ALL * FROM %s LIMIT 0;"
-
-static int rdbupdateStmt(sqlite3 *db, sqlite3_stmt **stmt, const char *cmd)
-{
-    sqlite3_finalize(*stmt);
-    return sqlite3_prepare(db, cmd, -1, stmt, NULL);
-}
-
-#define MAX_RETRIES 10
-static int rdbdone(int err, int *count)
-{
-    /* allow as many rows as the database wants to give */
-    if (err == SQLITE_ROW) {
-	*count = 0;
-	return 0;
-    }
-    if (err != SQLITE_BUSY) {
-	return 1;
-    }
-    /* err == SQLITE_BUSY, Dont' retry forever in this case */
-    if (++(*count) >= MAX_RETRIES) {
-	return 1;
-    }
-    return 0;
-}
-
-static int rdbmapSQLError(sqlite3 *db, int sqlerr)
-{
-    if ((sqlerr == SQLITE_OK) ||
-	(sqlerr == SQLITE_DONE)) {
-	return DBM_OK;
-    } else {
-	return DBM_ERROR;
-    }
-}
-
-int rdbxactstart(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->beginStmt, BEGIN_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->beginStmt;
-
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-int rdbxactdone(DB *db, PRBool abort)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->rollbackStmt, ROLLBACK_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->commitStmt, COMMIT_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = abort ? rdb->rollbackStmt : rdb->commitStmt;
-
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-int rdbclose(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    int sqlerr = SQLITE_OK;
-
-    sqlite3_finalize(rdb->delStmt);
-    sqlite3_finalize(rdb->getStmt);
-    sqlite3_finalize(rdb->seqStmt);
-    sqlite3_finalize(rdb->insertStmt);
-    sqlite3_finalize(rdb->replaceStmt);
-    sqlite3_finalize(rdb->beginStmt);
-    sqlite3_finalize(rdb->rollbackStmt);
-    sqlite3_finalize(rdb->commitStmt);
-
-    sqlerr = sqlite3_close(psqlDB);
-    /* assert sqlerr == SQLITE_OK */
-    free(rdb);
-    return DBM_OK;
-}
-
-
-int rdbdel(const DB *db, const DBT *key, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->delStmt, DEL_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->delStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-
-void
-setData(DBT *dbt,const char *blobData, int blobSize, 
-	unsigned char **poolPtr, int *poolSizePtr) 
-{
-    int size = blobSize < 2048 ? blobSize : 2048;
-
-    if (size > *poolSizePtr) {
-	*poolPtr = realloc(*poolPtr,size);
-	*poolSizePtr = size;
-    }
-    memcpy(*poolPtr, blobData, blobSize);
-    dbt->data = *poolPtr;
-    dbt->size = blobSize;
-}
-
-
-int rdbget(const DB *db, const DBT *key, DBT *data, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int found = 0;
-    int sqlerr;
-    int ret;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->getStmt, GET_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->getStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-	if (sqlerr == SQLITE_ROW) {
-	    /* we only asked for 1, this will return the last one */
-	    int blobSize = sqlite3_column_bytes(stmt, 1);
-	    const char *blobData = sqlite3_column_blob(stmt, 1);
-	    setData(data,blobData,blobSize, &rdb->dataPool, &rdb->dataPoolSize);
-	    found = 1;
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    ret = rdbmapSQLError(psqlDB, sqlerr);
-    if ((ret == 0) && (!found)) {
-	ret = DBM_END;
-    }
-
-    return ret;
-}
-
-int rdbput(const DB *db, const DBT *key, const DBT *data, uint flag)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int sqlerr;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (rdb->flags == RDB_RDONLY) {
-	errno = EPERM;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->insertStmt, INSERT_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->replaceStmt, REPLACE_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = (flag == R_NOOVERWRITE) ? rdb->insertStmt : rdb->replaceStmt;
-
-    sqlite3_bind_blob(stmt, 1, key->data, key->size, SQLITE_STATIC);
-    sqlite3_bind_blob(stmt, 2, data->data, data->size, SQLITE_STATIC);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-    sqlite3_bind_null(stmt,0);
-
-    return rdbmapSQLError(psqlDB, sqlerr);
-}
-	
-int rdbseq(const DB *db, DBT *key, DBT *data, uint flags)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    RDB *rdb = (RDB *)db;
-    sqlite3_stmt *stmt;
-    int retry = 0;
-    int found = 0;
-    int sqlerr;
-    int ret;
-
-    if (psqlDB == NULL) {
-	return DBM_ERROR;
-    }
-    if (flags == R_FIRST) {
-	rdb->index = 0;
-    } else if (flags == R_NEXT) {
-	rdb->index++;
-    } else {
-	errno = EINVAL;
-	return DBM_ERROR;
-    }
-    sqlerr = rdbupdateStmt(psqlDB, &rdb->seqStmt, SEQ_CMD);
-    if (sqlerr != SQLITE_OK) {
-	return DBM_ERROR;
-    }
-    stmt = rdb->seqStmt;
-
-    sqlite3_bind_int(stmt, 1, rdb->index);
-    do {
-	sqlerr = sqlite3_step(stmt);
-	if (sqlerr == SQLITE_BUSY) {
-	    usleep(5);
-	}
-	if (sqlerr == SQLITE_ROW) {
-	    /* we only asked for 1, this will return the last one */
-	    int blobSize = sqlite3_column_bytes(stmt, 0);
-	    const char *blobData = sqlite3_column_blob(stmt, 0);
-	    setData(key,blobData,blobSize, &rdb->keyPool, &rdb->keyPoolSize);
-	    blobSize = sqlite3_column_bytes(stmt, 1);
-	    blobData = sqlite3_column_blob(stmt, 1);
-	    setData(data,blobData,blobSize, &rdb->dataPool, &rdb->dataPoolSize);
-	    found = 1;
-	}
-    } while (!rdbdone(sqlerr,&retry));
-
-    sqlite3_reset(stmt);
-    sqlite3_bind_null(stmt,1);
-
-    ret = rdbmapSQLError(psqlDB, sqlerr);
-    if ((ret == 0) && (!found)) {
-	ret = DBM_END;
-    }
-    return ret;
-}
-
-
-int rdbsync(const DB *db, uint flags)
-{
-   return DBM_OK;
-}
-
-
-int rdbfd(const DB *db)
-{
-    errno = EINVAL;
-    return DBM_ERROR;
-}
-
-int rdbinitcomplete(DB *db)
-{
-    sqlite3  *psqlDB = (sqlite3 *)db->internal;
-    int sqlerr;
-
-    sqlerr = sqlite3_exec(psqlDB, DONE_INIT_CMD, NULL, 0, NULL);
-    /* deal with the error! */
-    return DBM_OK;
-}
-
-
-static int grdbstatus = 0;
-int rdbstatus(void)
-{
-    return grdbstatus;
-}
-
-static int tableExists(sqlite3 *sqlDB, const char *tableName)
-{
-    int sqlerr;
-    char * cmd = sqlite3_mprintf(CHECK_TABLE_CMD, tableName);
-
-    if (cmd == NULL) {
-	return 0;
-    }
-
-    sqlerr = 
-	 sqlite3_exec(sqlDB, cmd, NULL, 0, 0);
-    sqlite3_free(cmd);
-
-    return (sqlerr == SQLITE_OK) ? 1 : 0;
-}
-
-
-static int rdbIsDirectory(const char *dir)
-{
-    struct stat sbuf;
-    int rc;
-
-    rc = stat(dir,&sbuf);
-    if (rc == 0) {
-	return ((sbuf.st_mode & S_IFDIR) == S_IFDIR);
-    }
-    return 0;
-}
-
-static int rdbRmFile(const char *fileName)
-{
-    int rc = unlink(fileName);
-    if ((rc < 0) && (errno == EPERM)) {
-	chmod(fileName,0644);
-	rc = unlink(fileName);
-    }
-    return rc;
-}
-
-#define MAX_RECURSE_LEVEL 15
-#define DIR_MODE 0755
-#ifdef _WINDOWS
-#define MKDIR(x,y) mkdir(x)
-#else
-#define MKDIR(x,y) mkdir(x,y)
-#endif
-
-/*
- * Create a directory. Create any missing or broken 
- * components we need along the way. If we already have a
- * directory, return success.
- */
-int rdbMakedir(const char *directory, int level, int mode)
-{
-   int rc;
-   char *buf, *cp;
-#ifdef _WINDOWS
-   char *cp1;
-#endif
-
-   /* prevent arbitrary stack overflow */
-   if (level > MAX_RECURSE_LEVEL) {
-	errno = ENAMETOOLONG;
-	return -1;
-   }
-   umask(0);
-
-   /* just try it first */
-   rc = MKDIR(directory, mode);
-   if (rc != 0) {
-	if (errno == EEXIST) {
-	    if (rdbIsDirectory(directory)) {
-		/* we have a directory, use it */
-		return 0;
-	    } else  { /* must be a file */
-		/* remove the file and try again */
-		rc = rdbRmFile(directory);
-		if (rc == 0) {
-			rc = MKDIR(directory, mode);
-		}
-		return rc;
-	    }
-	}
-	/* if we fail because on of the subdirectory entries was a
-	 * file, or one of the subdirectory entries didn't exist,
-	 * move back one component and try the whole thing again
-	 */
-	if ((errno != ENOENT) && (errno != ENOTDIR)) {
-	    return rc;
-	}
-	buf = (char *)malloc(strlen(directory)+1);
-	strcpy(buf,directory);
-	cp = strrchr(buf,'/');
-#ifdef _WINDOWS
-	cp1 = strrchr(buf,'\\');
-	if (cp1 > cp) {
-	   cp = cp1;
-	}
-#endif
-	if (cp) {
-	    *cp = 0;
-	    rc = rdbMakedir(buf,level+1, mode);
-	    if (rc == 0) {
-	     	rc = MKDIR(directory, mode);
-	     }
-	 }
-	free(buf);
-    }
-    return rc;
-}
-
-static char *rdbBuildFileName(const char *appName, const char *prefix,
-				 const char *type, int flags)
-{
-    const char *home = getenv("HOME");
-    char *dir, *dbname;
-    char *prefixDir = NULL;
-    const char *prefixName = NULL;
-
-     /*
-      * build up the name of our database file.
-      * if create is set, make sure the directory path exists.
-      */
-    if (prefix) {
-	/*
-	 * prefix may have directory elements in it. If it does, we need
-	 * to break out the directory versus the actual prefix portions
-	 * so we can make sure the directory is created before we try to
-	 * create the db file.
-	 */
-	const char *end = strrchr(prefix,'/');
-#ifdef WINDOWS
-	/* windows has two possible directory field separators. Make sure
-	 * we pick the one that is furthest down the string. (this code
-	 * will also pick the non-null value. */
-	const char *end2 = strrchr(prefix,'\\');
-	/* find the last directory path element */
-	if (end2 > end) {
-	    end = end2;
-	}
-#endif
-	/* if the directory path exists, split the components */
-	if (end) {
-	   prefixDir = strdup(prefix);
-	   if (prefixDir == NULL) return NULL;
-	   prefixDir[prefix-end] = 0;
-	   prefixName = end+1;
-	} else {
-	   prefixName = prefix;
-	}
-    }
-    /* build the directory portion */
-    if (prefixDir) {
-	dir = sqlite3_mprintf("%s/.nssdb/%s/%s",home,appName,prefixDir);
-	free(prefixDir);
-    } else {
-	dir = sqlite3_mprintf("%s/.nssdb/%s",home,appName);
-    }
-    if (dir == NULL) return NULL;
-    /* if we are creating, make sure the directory is created as well */
-    if (flags == RDB_CREATE) {
-	rdbMakedir(dir,0, DIR_MODE);
-    }
-    /* build the full dbname */
-    dbname = sqlite3_mprintf("%s/%s%sS.sqldb",dir,prefixName? prefixName:"",type);
-    sqlite3_free(dir);
-    return dbname;
-}
-
-
-
-/* rdbopen */
-DB * rdbopen(const char *appName, const char *prefix, const char *type,
-				 int flags)
-{
-    char *name = rdbBuildFileName(appName, prefix, type, flags);
-    sqlite3  *psqlDB = NULL;
-    RDB  *rdb = NULL;
-    int sqlerr = SQLITE_OK;
-    int inTransaction = 0;
-    int inInit = 0;
-
-    if (name == NULL) {
-	errno = EINVAL;
-	return NULL;
-    }
-
-    sqlerr = sqlite3_open(name,&psqlDB );
-    sqlite3_free(name);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-
-    sqlerr = sqlite3_busy_timeout(psqlDB, 1000);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    
-
-    sqlerr = sqlite3_exec(psqlDB, BEGIN_CMD, NULL, 0, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    inTransaction = 1;
-
-    if (!tableExists(psqlDB,"nssTable")) {
-	if (flags != RDB_CREATE) {
-	    goto cleanup;
-	}
-	sqlerr = sqlite3_exec(psqlDB, INIT_CMD, NULL, 0, NULL);
-	if (sqlerr != SQLITE_OK) {
-	    goto cleanup;
-	}
-	/* hack. don't create the init on secmod db files */
-	if (strcmp(type,"secmod") != 0) {
-	    sqlerr = sqlite3_exec(psqlDB, IN_INIT_CMD, NULL, 0, NULL);
-	    if (sqlerr != SQLITE_OK) {
-		goto cleanup;
-	    }
-	}
-    } else {
-	/* if the nssInit table exists, then someone else is initing the
-	 * nss database. We don't want to complete the open until the init 
-	 * is completed. */
-	if (tableExists(psqlDB,"nssInit")) {
-	   inInit = 1;
-	}
-    }
-    rdb = (RDB *) malloc(sizeof(RDB));
-    rdb->db.internal = psqlDB;
-    rdb->db.type = DB_RDB;
-    rdb->db.close = rdbclose;
-    rdb->db.del = rdbdel;
-    rdb->db.get = rdbget;
-    rdb->db.put = rdbput;
-    rdb->db.seq = rdbseq;
-    rdb->db.sync = rdbsync;
-    rdb->db.fd = rdbfd;
-    rdb->version = 1;
-    rdb->index = 0;
-    rdb->flags = flags;
-    rdb->xactstart = rdbxactstart;
-    rdb->xactdone = rdbxactdone;
-    rdb->dbinitcomplete = rdbinitcomplete;
-    rdb->dataPool = NULL;
-    rdb->dataPoolSize = 0;
-    rdb->keyPool = NULL;
-    rdb->keyPoolSize = 0;
-    sqlerr = sqlite3_prepare(psqlDB, DEL_CMD, sizeof(DEL_CMD), 
-		&rdb->delStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, GET_CMD, sizeof(GET_CMD), 
-		&rdb->getStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, SEQ_CMD, sizeof(SEQ_CMD), 
-		&rdb->seqStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, INSERT_CMD, sizeof(INSERT_CMD), 
-		&rdb->insertStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, REPLACE_CMD, sizeof(REPLACE_CMD), 
-		&rdb->replaceStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, BEGIN_CMD, sizeof(BEGIN_CMD), 
-		&rdb->beginStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, ROLLBACK_CMD, sizeof(ROLLBACK_CMD), 
-		&rdb->rollbackStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_prepare(psqlDB, COMMIT_CMD, sizeof(COMMIT_CMD), 
-		&rdb->commitStmt, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    sqlerr = sqlite3_exec(psqlDB, COMMIT_CMD, NULL, 0, NULL);
-    if (sqlerr != SQLITE_OK) {
-	goto cleanup;
-    }
-    inTransaction = 0;
-    if (inInit) {
-	while (tableExists(psqlDB,"nssInit")) {
-	    usleep(5);
-	}
-    }
-    return &rdb->db;
-
-cleanup:
-    /* lots of stuff to do */
-    if (inTransaction) {
-	sqlerr = sqlite3_exec(psqlDB, ROLLBACK_CMD, NULL, 0, NULL);
-	if (sqlerr != SQLITE_OK) {
-	    goto cleanup;
-	}
-    }
-    if (rdb) {
-	if (rdb->delStmt) {
-	    sqlite3_finalize(rdb->delStmt);
-	}
-	if (rdb->getStmt) {
-	    sqlite3_finalize(rdb->getStmt);
-	}
-	if (rdb->seqStmt) {
-	    sqlite3_finalize(rdb->seqStmt);
-	}
-	if (rdb->insertStmt) {
-	    sqlite3_finalize(rdb->insertStmt);
-	}
-	if (rdb->replaceStmt) {
-	    sqlite3_finalize(rdb->replaceStmt);
-	}
-	if (rdb->beginStmt) {
-	    sqlite3_finalize(rdb->beginStmt);
-	}
-	if (rdb->rollbackStmt) {
-	    sqlite3_finalize(rdb->rollbackStmt);
-	}
-	if (rdb->commitStmt) {
-	    sqlite3_finalize(rdb->commitStmt);
-	}
-	free(rdb);
-    }
-    if (psqlDB) {
-	sqlite3_close(psqlDB);
-    }
-    return NULL;
-
-};

mozilla/security/nss/lib/rdb/rdb.def

@@ -1,59 +0,0 @@
-;+#
-;+# ***** BEGIN LICENSE BLOCK *****
-;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-;+#
-;+# The contents of this file are subject to the Mozilla Public License Version
-;+# 1.1 (the "License"); you may not use this file except in compliance with
-;+# the License. You may obtain a copy of the License at
-;+# http://www.mozilla.org/MPL/
-;+#
-;+# Software distributed under the License is distributed on an "AS IS" basis,
-;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-;+# for the specific language governing rights and limitations under the
-;+# License.
-;+#
-;+# The Original Code is Red Hat, Inc.
-;+#
-;+# The Initial Developer of the Original Code is
-;+# Red Hat, Inc.
-;+# Portions created by the Initial Developer are Copyright (C) 2005
-;+# the Initial Developer. All Rights Reserved.
-;+#
-;+# Contributor(s):
-;+#
-;+# Alternatively, the contents of this file may be used under the terms of
-;+# either the GNU General Public License Version 2 or later (the "GPL"), or
-;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-;+# in which case the provisions of the GPL or the LGPL are applicable instead
-;+# of those above. If you wish to allow use of your version of this file only
-;+# under the terms of either the GPL or the LGPL, and not to allow others to
-;+# use your version of this file under the terms of the MPL, indicate your
-;+# decision by deleting the provisions above and replace them with the notice
-;+# and other provisions required by the GPL or the LGPL. If you do not delete
-;+# the provisions above, a recipient may use your version of this file under
-;+# the terms of any one of the MPL, the GPL or the LGPL.
-;+#
-;+# ***** END LICENSE BLOCK *****
-;+#
-;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
-;+#   1. For all unix platforms, the string ";-"  means "remove this line"
-;+#   2. For all unix platforms, the string " DATA " will be removed from any 
-;+#     line on which it occurs.
-;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
-;+#      On AIX, lines containing ";+" will be removed.
-;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
-;+#   5. For all unix platforms, after the above processing has taken place,
-;+#    all characters after the first ";" on the line will be removed.
-;+#    And for AIX, the first ";" will also be removed.
-;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
-;+#   directives are hidden behind ";", ";+", and ";-"
-;+
-;+RDB_1.0 {       # RDB 1.0
-;+    global:
-LIBRARY rdb ;-
-EXPORTS ;-
-rdbopen;
-rdbstatus;
-;+    local:
-;+*;
-;+};

mozilla/security/nss/lib/rdb/rdb.rc

@@ -1,102 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Robert Relyea (rrelyea@redhat.com)
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nss.h"
-#include <winver.h>
-
-#define MY_LIBNAME "rdb"
-#define MY_FILEDESCRIPTION "NSS Multiaccess Database Library"
-
-#define STRINGIZE(x) #x
-#define STRINGIZE2(x) STRINGIZE(x)
-#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
-
-#ifdef _DEBUG
-#define MY_DEBUG_STR " (debug)"
-#define MY_FILEFLAGS_1 VS_FF_DEBUG
-#else
-#define MY_DEBUG_STR ""
-#define MY_FILEFLAGS_1 0x0L
-#endif
-#if NSS_BETA
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
-#else
-#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
-#endif
-
-#ifdef WINNT
-#define MY_FILEOS VOS_NT_WINDOWS32
-#else
-#define MY_FILEOS VOS__WINDOWS32
-#endif
-
-#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version-information resource
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0
- FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
- FILEFLAGS MY_FILEFLAGS_2
- FILEOS MY_FILEOS
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L // not used
-
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
-        BEGIN
-            VALUE "CompanyName", "Mozilla\0"
-            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
-            VALUE "FileVersion", NSS_VERSION "\0"
-            VALUE "InternalName", MY_INTERNAL_NAME "\0"
-            VALUE "LegalCopyright", "Copyright \251 2005 Red Hat, Inc.\0"
-            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
-            VALUE "ProductName", "Network Security Services\0"
-            VALUE "ProductVersion", NSS_VERSION "\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END

mozilla/security/nss/lib/softoken/Makefile

@@ -1,95 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-
-# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
-# pkcs11c.c in 64-bit mode for unknown reasons.  A workaround is
-# to compile it with optimizations turned on.  (Bugzilla bug #63815)
-ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
-ifeq ($(USE_64),1)
-ifndef BUILD_OPT
-$(OBJDIR)/pkcs11.o: pkcs11.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-$(OBJDIR)/pkcs11c.o: pkcs11c.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-endif
-endif
-endif

mozilla/security/nss/lib/softoken/alghmac.c

@@ -1,166 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "sechash.h"
-#include "secport.h"
-#include "alghmac.h"
-#include "secerr.h"
-
-#define HMAC_PAD_SIZE 64
-
-struct HMACContextStr {
-    void *hash;
-    const SECHashObject *hashobj;
-    unsigned char ipad[HMAC_PAD_SIZE];
-    unsigned char opad[HMAC_PAD_SIZE];
-};
-
-void
-HMAC_Destroy(HMACContext *cx)
-{
-    if (cx == NULL)
-	return;
-
-    if (cx->hash != NULL)
-	cx->hashobj->destroy(cx->hash, PR_TRUE);
-    PORT_ZFree(cx, sizeof(HMACContext));
-}
-
-HMACContext *
-HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, 
-            unsigned int secret_len, PRBool isFIPS)
-{
-    HMACContext *cx;
-    unsigned int i;
-    unsigned char hashed_secret[HASH_LENGTH_MAX];
-
-    /* required by FIPS 198 Section 3 */
-    if (isFIPS && secret_len < hash_obj->length/2) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return NULL;
-    }
-    cx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
-    if (cx == NULL)
-	return NULL;
-    cx->hashobj = hash_obj;
-
-    cx->hash = cx->hashobj->create();
-    if (cx->hash == NULL)
-	goto loser;
-
-    if (secret_len > HMAC_PAD_SIZE) {
-	cx->hashobj->begin( cx->hash);
-	cx->hashobj->update(cx->hash, secret, secret_len);
-	PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
-	cx->hashobj->end(   cx->hash, hashed_secret, &secret_len, 
-	                 sizeof hashed_secret);
-	if (secret_len != cx->hashobj->length)
-	    goto loser;
-	secret = (const unsigned char *)&hashed_secret[0];
-    }
-
-    PORT_Memset(cx->ipad, 0x36, sizeof cx->ipad);
-    PORT_Memset(cx->opad, 0x5c, sizeof cx->opad);
-
-    /* fold secret into padding */
-    for (i = 0; i < secret_len; i++) {
-	cx->ipad[i] ^= secret[i];
-	cx->opad[i] ^= secret[i];
-    }
-    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
-    return cx;
-
-loser:
-    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
-    HMAC_Destroy(cx);
-    return NULL;
-}
-
-void
-HMAC_Begin(HMACContext *cx)
-{
-    /* start inner hash */
-    cx->hashobj->begin(cx->hash);
-    cx->hashobj->update(cx->hash, cx->ipad, sizeof(cx->ipad));
-}
-
-void
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
-{
-    cx->hashobj->update(cx->hash, data, data_len);
-}
-
-SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
-	    unsigned int max_result_len)
-{
-    if (max_result_len < cx->hashobj->length) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
-    if (*result_len != cx->hashobj->length)
-	return SECFailure;
-
-    cx->hashobj->begin(cx->hash);
-    cx->hashobj->update(cx->hash, cx->opad, sizeof(cx->opad));
-    cx->hashobj->update(cx->hash, result, *result_len);
-    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
-    return SECSuccess;
-}
-
-HMACContext *
-HMAC_Clone(HMACContext *cx)
-{
-    HMACContext *newcx;
-
-    newcx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
-    if (newcx == NULL)
-	goto loser;
-
-    newcx->hashobj = cx->hashobj;
-    newcx->hash = cx->hashobj->clone(cx->hash);
-    if (newcx->hash == NULL)
-	goto loser;
-    PORT_Memcpy(newcx->ipad, cx->ipad, sizeof(cx->ipad));
-    PORT_Memcpy(newcx->opad, cx->opad, sizeof(cx->opad));
-    return newcx;
-
-loser:
-    HMAC_Destroy(newcx);
-    return NULL;
-}

mozilla/security/nss/lib/softoken/alghmac.h

@@ -1,91 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _ALGHMAC_H_
-#define _ALGHMAC_H_
-
-typedef struct HMACContextStr HMACContext;
-
-SEC_BEGIN_PROTOS
-
-/* destroy HMAC context */
-extern void
-HMAC_Destroy(HMACContext *cx);
-
-/* create HMAC context
- *  hashObj     hash object from SECRawHashObjects[]
- *  secret	the secret with which the HMAC is performed.
- *  secret_len	the length of the secret.
- *  isFIPS	true if conforming to FIPS 198.
- *
- * NULL is returned if an error occurs.
- */
-extern HMACContext *
-HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret, 
-	    unsigned int secret_len, PRBool isFIPS);
-
-/* reset HMAC for a fresh round */
-extern void
-HMAC_Begin(HMACContext *cx);
-
-/* update HMAC 
- *  cx		HMAC Context
- *  data	the data to perform HMAC on
- *  data_len	the length of the data to process
- */
-extern void 
-HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
-
-/* Finish HMAC -- place the results within result
- *  cx		HMAC context
- *  result	buffer for resulting hmac'd data
- *  result_len	where the resultant hmac length is stored
- *  max_result_len  maximum possible length that can be stored in result
- */
-extern SECStatus
-HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
-	    unsigned int max_result_len);
-
-/* clone a copy of the HMAC state.  this is usefult when you would
- * need to keep a running hmac but also need to extract portions 
- * partway through the process.
- */
-extern HMACContext *
-HMAC_Clone(HMACContext *cx);
-
-SEC_END_PROTOS
-
-#endif

mozilla/security/nss/lib/softoken/cdbhdl.h

@@ -1,85 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * cdbhdl.h - certificate database handle
- *   private to the certdb module
- *
- * $Id: cdbhdl.h,v 1.9 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-#ifndef _CDBHDL_H_
-#define _CDBHDL_H_
-
-#include "nspr.h"
-#include "mcom_db.h"
-#include "pcertt.h"
-
-/*
- * Handle structure for open certificate databases
- */
-struct NSSLOWCERTCertDBHandleStr {
-    DB *permCertDB;
-    PZMonitor *dbMon;
-    PRBool dbVerify;
-};
-
-#ifdef DBM_USING_NSPR
-#define NO_RDONLY	PR_RDONLY
-#define NO_RDWR		PR_RDWR
-#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
-#else
-#define NO_RDONLY	O_RDONLY
-#define NO_RDWR		O_RDWR
-#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
-#endif
-
-typedef DB * (*rdbfunc)(const char *appName, const char *prefix, 
-				const char *type, int flags);
-typedef int (*rdbstatusfunc)(void);
-
-#define RDB_FAIL 1
-#define RDB_RETRY 2
-
-DB * rdbopen(const char *appName, const char *prefix, 
-				const char *type, int flags, int *status);
-
-DB *dbsopen (const char *dbname , int flags, int mode, DBTYPE type, 
-						const void * appData);
-SECStatus db_Copy(DB *dest,DB *src);
-int db_BeginTransaction(DB *db);
-int db_FinishTransaction(DB *db, PRBool abort);
-int db_InitComplete(DB *db);
-
-#endif

mozilla/security/nss/lib/softoken/config.mk

@@ -1,98 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
-CRYPTODIR=../freebl
-ifdef MOZILLA_SECURITY_BUILD
-	CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)crypto.$(LIB_SUFFIX)
-	CRYPTODIR=../crypto
-endif
-
-EXTRA_LIBS += \
-	$(CRYPTOLIB) \
-	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
-	$(NULL)
-
-# can't do this in manifest.mn because OS_TARGET isn't defined there.
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-
-# don't want the 32 in the shared library name
-SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
-IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
-
-RES = $(OBJDIR)/$(LIBRARY_NAME).res
-RESNAME = $(LIBRARY_NAME).rc
-
-ifdef NS_USE_GCC
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	$(NULL)
-else # ! NS_USE_GCC
-
-EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
-	$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
-	$(NULL)
-endif # NS_USE_GCC
-
-else
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	$(NULL)
-endif
-
-ifeq ($(OS_TARGET),SunOS)
-# The -R '$ORIGIN' linker option instructs this library to search for its
-# dependencies in the same directory where it resides.
-MKSHLIB += -R '$$ORIGIN'
-endif
-
-ifeq ($(OS_TARGET),WINCE)
-DEFINES += -DDBM_USING_NSPR
-endif

mozilla/security/nss/lib/softoken/dbinit.c

@@ -1,420 +0,0 @@
-/*
- * NSS utility functions
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: dbinit.c,v 1.25.8.1 2005-06-20 23:17:12 relyea%netscape.com Exp $ */
-
-#include <ctype.h>
-#include "seccomon.h"
-#include "prinit.h"
-#include "prprf.h"
-#include "prmem.h"
-#include "pcertt.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "cdbhdl.h"
-#include "pkcs11i.h"
-
-#define ALWAYS_MULTIACCESS "CommonClient"
-
-static char *
-sftk_certdb_name_cb(void *arg, int dbVersion)
-{
-    const char *configdir = (const char *)arg;
-    const char *dbver;
-    char *smpname = NULL;
-    char *dbname = NULL;
-
-    switch (dbVersion) {
-      case 8:
-	dbver = "8";
-	break;
-      case 7:
-	dbver = "7";
-	break;
-      case 6:
-	dbver = "6";
-	break;
-      case 5:
-	dbver = "5";
-	break;
-      case 4:
-      default:
-	dbver = "";
-	break;
-    }
-
-    /* make sure we return something allocated with PORT_ so we have properly
-     * matched frees at the end */
-    smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver);
-    if (smpname) {
-	dbname = PORT_Strdup(smpname);
-	PR_smprintf_free(smpname);
-    }
-    return dbname;
-}
-    
-static char *
-sftk_keydb_name_cb(void *arg, int dbVersion)
-{
-    const char *configdir = (const char *)arg;
-    const char *dbver;
-    char *smpname = NULL;
-    char *dbname = NULL;
-    
-    switch (dbVersion) {
-      case 4:
-	dbver = "4";
-	break;
-      case 3:
-	dbver = "3";
-	break;
-      case 1:
-	dbver = "1";
-	break;
-      case 2:
-      default:
-	dbver = "";
-	break;
-    }
-
-    smpname = PR_smprintf(KEY_DB_FMT, configdir, dbver);
-    if (smpname) {
-	dbname = PORT_Strdup(smpname);
-	PR_smprintf_free(smpname);
-    }
-    return dbname;
-}
-
-const char *
-sftk_EvaluateConfigDir(const char *configdir,char **appName)
-{
-#ifdef ALWAYS_MULTIACCESS
-    *appName = PORT_Strdup(ALWAYS_MULTIACCESS);
-#else
-    if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
-	char *cdir;
-
-	*appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
-	if (*appName == NULL) {
-	    return configdir;
-	}
-	cdir = *appName;
-	while (*cdir && *cdir != ':') {
-	    cdir++;
-	}
-	if (*cdir == ':') {
-	   *cdir = 0;
-	   cdir++;
-	}
-	configdir = cdir;
-    }
-#endif
-    return configdir;
-}
-
-static CK_RV
-sftk_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
-    					    NSSLOWCERTCertDBHandle **certdbPtr)
-{
-    NSSLOWCERTCertDBHandle *certdb = NULL;
-    CK_RV        crv = CKR_NETSCAPE_CERTDB_FAILED;
-    SECStatus    rv;
-    char * name = NULL;
-    char * appName = NULL;
-
-    if (prefix == NULL) {
-	prefix = "";
-    }
-
-    configdir = sftk_EvaluateConfigDir(configdir, &appName);
-
-    name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
-    if (name == NULL) goto loser;
-
-    certdb = (NSSLOWCERTCertDBHandle*)PORT_ZAlloc(sizeof(NSSLOWCERTCertDBHandle));
-    if (certdb == NULL) 
-    	goto loser;
-
-/* fix when we get the DB in */
-    rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
-				sftk_certdb_name_cb, (void *)name, PR_FALSE);
-    if (rv == SECSuccess) {
-	crv = CKR_OK;
-	*certdbPtr = certdb;
-	certdb = NULL;
-    }
-loser: 
-    if (certdb) PR_Free(certdb);
-    if (name) PR_smprintf_free(name);
-    if (appName) PORT_Free(appName);
-    return crv;
-}
-
-static CK_RV
-sftk_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
-    						NSSLOWKEYDBHandle **keydbPtr)
-{
-    NSSLOWKEYDBHandle *keydb;
-    char * name = NULL;
-    char * appName = NULL;
-
-    if (prefix == NULL) {
-	prefix = "";
-    }
-    configdir = sftk_EvaluateConfigDir(configdir, &appName);
-
-    name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);	
-    if (name == NULL) 
-	return CKR_HOST_MEMORY;
-    keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix, 
-					sftk_keydb_name_cb, (void *)name);
-    PR_smprintf_free(name);
-    if (appName) PORT_Free(appName);
-    if (keydb == NULL)
-	return CKR_NETSCAPE_KEYDB_FAILED;
-    *keydbPtr = keydb;
-
-    return CKR_OK;
-}
-
-
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- * 			"https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- * 			"https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * readOnly - Boolean: true if the databases are to be openned read only.
- * nocertdb - Don't open the cert DB and key DB's, just initialize the 
- *			Volatile certdb.
- * nomoddb - Don't open the security module DB, just initialize the 
- *			PKCS #11 module.
- * forceOpen - Continue to force initializations even if the databases cannot
- * 			be opened.
- */
-CK_RV
-sftk_DBInit(const char *configdir, const char *certPrefix, 
-	    const char *keyPrefix, PRBool readOnly, 
-	    PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen,
-	    NSSLOWCERTCertDBHandle **certdbPtr, NSSLOWKEYDBHandle **keydbPtr)
-{
-    CK_RV crv = CKR_OK;
-
-
-    if (!noCertDB) {
-	crv = sftk_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr);
-	if (crv != CKR_OK) {
-	    if (!forceOpen) goto loser;
-	    crv = CKR_OK;
-	}
-    }
-    if (!noKeyDB) {
-
-	crv = sftk_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr);
-	if (crv != CKR_OK) {
-	    if (!forceOpen) goto loser;
-	    crv = CKR_OK;
-	}
-    }
-
-
-loser:
-    return crv;
-}
-
-
-void
-sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, 
-		NSSLOWKEYDBHandle *keyHandle)
-{
-    if (certHandle) {
-    	nsslowcert_ClosePermCertDB(certHandle);
-	PORT_Free(certHandle);
-    }
-
-    if (keyHandle) {
-    	nsslowkey_CloseKeyDB(keyHandle);
-    }
-}
-
-static int rdbmapflags(int flags);
-static rdbfunc sftk_rdbfunc = NULL;
-static rdbstatusfunc sftk_rdbstatusfunc = NULL;
-
-/* NOTE: SHLIB_SUFFIX is defined on the command line */
-#define RDBLIB SHLIB_PREFIX"rdb."SHLIB_SUFFIX
-
-DB * rdbopen(const char *appName, const char *prefix, 
-			const char *type, int flags, int *status)
-{
-    PRLibrary *lib;
-    DB *db;
-
-    if (sftk_rdbfunc) {
-	db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
-	if (!db && status && sftk_rdbstatusfunc) {
-	    *status = (*sftk_rdbstatusfunc)();
-	}
-	return db;
-    }
-
-    /*
-     * try to open the library.
-     */
-    lib = PR_LoadLibrary(RDBLIB);
-
-    if (!lib) {
-	return NULL;
-    }
-
-    /* get the entry points */
-    sftk_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus");
-    sftk_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
-    if (sftk_rdbfunc) {
-	db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
-	if (!db && status && sftk_rdbstatusfunc) {
-	    *status = (*sftk_rdbstatusfunc)();
-	}
-	return db;
-    }
-
-    /* couldn't find the entry point, unload the library and fail */
-    PR_UnloadLibrary(lib);
-    return NULL;
-}
-
-/*
- * the following data structures are from rdb.h.
- */
-struct RDBStr {
-    DB	db;
-    int (*xactstart)(DB *db);
-    int (*xactdone)(DB *db, PRBool abort);
-    int version;
-    int (*dbinitcomplete)(DB *db);
-};
-
-#define DB_RDB ((DBTYPE) 0xff)
-#define RDB_RDONLY	1
-#define RDB_RDWR 	2
-#define RDB_CREATE      4
-
-static int
-rdbmapflags(int flags) {
-   switch (flags) {
-   case NO_RDONLY:
-	return RDB_RDONLY;
-   case NO_RDWR:
-	return RDB_RDWR;
-   case NO_CREATE:
-	return RDB_CREATE;
-   default:
-	break;
-   }
-   return 0;
-}
-
-
-PRBool
-db_IsRDB(DB *db)
-{
-    return (PRBool) db->type == DB_RDB;
-}
-
-int
-db_BeginTransaction(DB *db)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-
-    return rdb->xactstart(db);
-}
-
-int
-db_FinishTransaction(DB *db, PRBool abort)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-
-    return rdb->xactdone(db, abort);
-}
-
-int
-db_InitComplete(DB *db)
-{
-    struct RDBStr *rdb = (struct RDBStr *)db;
-    if (db->type != DB_RDB) {
-	return 0;
-    }
-    /* we should have addes a version number to the RDBS structure. Since we
-     * didn't, we detect that we have and 'extended' structure if the rdbstatus
-     * func exists */
-    if (!sftk_rdbstatusfunc) {
-	return 0;
-    }
-
-    return rdb->dbinitcomplete(db);
-}
-
-
-
-SECStatus
-db_Copy(DB *dest,DB *src)
-{
-    int ret;
-    DBT key,data;
-    ret = (*src->seq)(src, &key, &data, R_FIRST);
-    if (ret)  {
-	return SECSuccess;
-    }
-
-    do {
-	(void)(*dest->put)(dest,&key,&data, R_NOOVERWRITE);
-    } while ( (*src->seq)(src, &key, &data, R_NEXT) == 0);
-    (void)(*dest->sync)(dest,0);
-
-    return SECSuccess;
-}
-

mozilla/security/nss/lib/softoken/dbmshim.c

@@ -1,664 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * Berkeley DB 1.85 Shim code to handle blobs.
- *
- * $Id: dbmshim.c,v 1.11 2005-03-29 18:21:18 nelsonb%netscape.com Exp $
- */
-#include "mcom_db.h"
-#include "secitem.h"
-#include "secder.h"
-#include "prprf.h"
-#include "cdbhdl.h"
-
-/* Call to SFTK_FreeSlot below */
-
-#include "pcertt.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "nssb64.h"
-#include "blapi.h"
-#include "sechash.h"
-
-#include "pkcs11i.h"
-
-/*
- *   Blob block:
- *   Byte 0   CERTDB Version           -+                       -+
- *   Byte 1   certDBEntryTypeBlob       |  BLOB_HEAD_LEN         |
- *   Byte 2   flags (always '0');       |                        |
- *   Byte 3   reserved (always '0');   -+                        |
- *   Byte 4   LSB length                | <--BLOB_LENGTH_START   | BLOB_BUF_LEN
- *   Byte 5       .                     |                        |
- *   Byte 6       .                     | BLOB_LENGTH_LEN        |
- *   Byte 7   MSB length                |                        |
- *   Byte 8   blob_filename   -+       -+  <-- BLOB_NAME_START   |
- *   Byte 9       .            | BLOB_NAME_LEN                   |
- *     .          .            |                                 |
- *   Byte 37      .           -+                                -+
- */
-#define DBS_BLOCK_SIZE (16*1024) /* 16 k */
-#define DBS_MAX_ENTRY_SIZE (DBS_BLOCK_SIZE - (2048)) /* 14 k */
-#define DBS_CACHE_SIZE	DBS_BLOCK_SIZE*8
-#define ROUNDDIV(x,y) (x+(y-1))/y
-#define BLOB_HEAD_LEN 4
-#define BLOB_LENGTH_START BLOB_HEAD_LEN
-#define BLOB_LENGTH_LEN 4
-#define BLOB_NAME_START BLOB_LENGTH_START+BLOB_LENGTH_LEN
-#define BLOB_NAME_LEN 1+ROUNDDIV(SHA1_LENGTH,3)*4+1
-#define BLOB_BUF_LEN BLOB_HEAD_LEN+BLOB_LENGTH_LEN+BLOB_NAME_LEN
-
-/* a Shim data structure. This data structure has a db built into it. */
-typedef struct DBSStr DBS;
-
-struct DBSStr {
-    DB db;
-    char *blobdir;
-    int mode;
-    PRBool readOnly;
-    PRFileMap *dbs_mapfile;
-    unsigned char *dbs_addr;
-    PRUint32 dbs_len;
-    char staticBlobArea[BLOB_BUF_LEN];
-};
-    
-    
-
-/*
- * return true if the Datablock contains a blobtype
- */
-static PRBool
-dbs_IsBlob(DBT *blobData)
-{
-    unsigned char *addr = (unsigned char *)blobData->data;
-    if (blobData->size < BLOB_BUF_LEN) {
-	return PR_FALSE;
-    }
-    return addr && ((certDBEntryType) addr[1] == certDBEntryTypeBlob);
-}
-
-/*
- * extract the filename in the blob of the real data set.
- * This value is not malloced (does not need to be freed by the caller.
- */
-static const char *
-dbs_getBlobFileName(DBT *blobData)
-{
-    char *addr = (char *)blobData->data;
-
-    return &addr[BLOB_NAME_START];
-}
-
-/*
- * extract the size of the actual blob from the blob record
- */
-static PRUint32
-dbs_getBlobSize(DBT *blobData)
-{
-    unsigned char *addr = (unsigned char *)blobData->data;
-
-    return (PRUint32)(addr[BLOB_LENGTH_START+3] << 24) | 
-			(addr[BLOB_LENGTH_START+2] << 16) | 
-			(addr[BLOB_LENGTH_START+1] << 8) | 
-			addr[BLOB_LENGTH_START];
-}
-
-
-/* We are using base64 data for the filename, but base64 data can include a
- * '/' which is interpreted as a path separator on  many platforms. Replace it
- * with an inocuous '-'. We don't need to convert back because we never actual
- * decode the filename.
- */
-
-static void
-dbs_replaceSlash(char *cp, int len)
-{
-   while (len--) {
-	if (*cp == '/') *cp = '-';
-	cp++;
-   }
-}
-
-/*
- * create a blob record from a key, data and return it in blobData.
- * NOTE: The data element is static data (keeping with the dbm model).
- */
-static void
-dbs_mkBlob(DBS *dbsp,const DBT *key, const DBT *data, DBT *blobData)
-{
-   unsigned char sha1_data[SHA1_LENGTH];
-   char *b = dbsp->staticBlobArea;
-   PRUint32 length = data->size;
-   SECItem sha1Item;
-
-   b[0] = CERT_DB_FILE_VERSION; /* certdb version number */
-   b[1] = (char) certDBEntryTypeBlob; /* type */
-   b[2] = 0; /* flags */
-   b[3] = 0; /* reserved */
-   b[BLOB_LENGTH_START] = length & 0xff;
-   b[BLOB_LENGTH_START+1] = (length >> 8) & 0xff;
-   b[BLOB_LENGTH_START+2] = (length >> 16) & 0xff;
-   b[BLOB_LENGTH_START+3] = (length >> 24) & 0xff;
-   sha1Item.data = sha1_data;
-   sha1Item.len = SHA1_LENGTH;
-   SHA1_HashBuf(sha1_data,key->data,key->size);
-   b[BLOB_NAME_START]='b'; /* Make sure we start with a alpha */
-   NSSBase64_EncodeItem(NULL,&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1,&sha1Item);
-   b[BLOB_BUF_LEN-1] = 0;
-   dbs_replaceSlash(&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1);
-   blobData->data = b;
-   blobData->size = BLOB_BUF_LEN;
-   return;
-}
-   
-
-/*
- * construct a path to the actual blob. The string returned must be
- * freed by the caller with PR_smprintf_free.
- *
- * Note: this file does lots of consistancy checks on the DBT. The
- * routines that call this depend on these checks, so they don't worry
- * about them (success of this routine implies a good blobdata record).
- */ 
-static char *
-dbs_getBlobFilePath(char *blobdir,DBT *blobData)
-{
-    const char *name;
-
-    if (blobdir == NULL) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    if (!dbs_IsBlob(blobData)) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    name = dbs_getBlobFileName(blobData);
-    if (!name || *name == 0) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
-    }
-    return  PR_smprintf("%s" PATH_SEPARATOR "%s", blobdir, name);
-}
-
-/*
- * Delete a blob file pointed to by the blob record.
- */
-static void
-dbs_removeBlob(DBS *dbsp, DBT *blobData)
-{
-    char *file;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
-    if (!file) {
-	return;
-    }
-    PR_Delete(file);
-    PR_smprintf_free(file);
-}
-
-/*
- * Directory modes are slightly different, the 'x' bit needs to be on to
- * access them. Copy all the read bits to 'x' bits
- */
-static int
-dbs_DirMode(int mode)
-{
-  int x_bits = (mode >> 2) &  0111;
-  return mode | x_bits;
-}
-
-/*
- * write a data blob to it's file. blobdData is the blob record that will be
- * stored in the database. data is the actual data to go out on disk.
- */
-static int
-dbs_writeBlob(DBS *dbsp, int mode, DBT *blobData, const DBT *data)
-{
-    char *file = NULL;
-    PRFileDesc *filed;
-    PRStatus status;
-    int len;
-    int error = 0;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
-    if (!file) {
-	goto loser;
-    }
-    if (PR_Access(dbsp->blobdir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
-	status = PR_MkDir(dbsp->blobdir,dbs_DirMode(mode));
-	if (status != PR_SUCCESS) {
-	    goto loser;
-	}
-    }
-    filed = PR_OpenFile(file,PR_CREATE_FILE|PR_TRUNCATE|PR_WRONLY, mode);
-    if (filed == NULL) {
-	error = PR_GetError();
-	goto loser;
-    }
-    len = PR_Write(filed,data->data,data->size);
-    error = PR_GetError();
-    PR_Close(filed);
-    if (len < (int)data->size) {
-	goto loser;
-    }
-    PR_smprintf_free(file);
-    return 0;
-
-loser:
-    if (file) {
-	PR_Delete(file);
-	PR_smprintf_free(file);
-    }
-    /* don't let close or delete reset the error */
-    PR_SetError(error,0);
-    return -1;
-}
-
-
-/*
- * we need to keep a address map in memory between calls to DBM.
- * remember what we have mapped can close it when we get another dbm
- * call. 
- *
- * NOTE: Not all platforms support mapped files. This code is designed to
- * detect this at runtime. If map files aren't supported the OS will indicate
- * this by failing the PR_Memmap call. In this case we emulate mapped files
- * by just reading in the file into regular memory. We signal this state by
- * making dbs_mapfile NULL and dbs_addr non-NULL.
- */
-
-static void
-dbs_freemap(DBS *dbsp)
-{
-    if (dbsp->dbs_mapfile) {
-	PR_MemUnmap(dbsp->dbs_addr,dbsp->dbs_len);
-	PR_CloseFileMap(dbsp->dbs_mapfile);
-	dbsp->dbs_mapfile = NULL;
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
-    } else if (dbsp->dbs_addr) {
-	PORT_Free(dbsp->dbs_addr);
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
-    }
-    return;
-}
-
-static void
-dbs_setmap(DBS *dbsp, PRFileMap *mapfile, unsigned char *addr, PRUint32 len)
-{
-    dbsp->dbs_mapfile = mapfile;
-    dbsp->dbs_addr = addr;
-    dbsp->dbs_len = len;
-}
-
-/*
- * platforms that cannot map the file need to read it into a temp buffer.
- */
-static unsigned char *
-dbs_EmulateMap(PRFileDesc *filed, int len)
-{
-    unsigned char *addr;
-    PRInt32 dataRead;
-
-    addr = PORT_Alloc(len);
-    if (addr == NULL) {
-	return NULL;
-    }
-
-    dataRead = PR_Read(filed,addr,len);
-    if (dataRead != len) {
-	PORT_Free(addr);
-	if (dataRead > 0) {
-	    /* PR_Read didn't set an error, we need to */
-	    PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	}
-	return NULL;
-    }
-
-    return addr;
-}
-
-
-/*
- * pull a database record off the disk
- * data points to the blob record on input and the real record (if we could
- * read it) on output. if there is an error data is not modified.
- */
-static int
-dbs_readBlob(DBS *dbsp, DBT *data)
-{
-    char *file = NULL;
-    PRFileDesc *filed = NULL;
-    PRFileMap *mapfile = NULL;
-    unsigned char *addr = NULL;
-    int error;
-    int len = -1;
-
-    file = dbs_getBlobFilePath(dbsp->blobdir, data);
-    if (!file) {
-	goto loser;
-    }
-    filed = PR_OpenFile(file,PR_RDONLY,0);
-    PR_smprintf_free(file); file = NULL;
-    if (filed == NULL) {
-	goto loser;
-    }
-
-    len = dbs_getBlobSize(data);
-    mapfile = PR_CreateFileMap(filed, len, PR_PROT_READONLY);
-    if (mapfile == NULL) {
-	 /* USE PR_GetError instead of PORT_GetError here
-	  * because we are getting the error from PR_xxx
-	  * function */
-	if (PR_GetError() != PR_NOT_IMPLEMENTED_ERROR) {
-	    goto loser;
-	}
-	addr = dbs_EmulateMap(filed, len);
-    } else {
-	addr = PR_MemMap(mapfile, 0, len);
-    }
-    if (addr == NULL) {
-	goto loser;
-    }
-    PR_Close(filed);
-    dbs_setmap(dbsp,mapfile,addr,len);
-
-    data->data = addr;
-    data->size = len;
-    return 0;
-
-loser:
-    /* preserve the error code */
-    error = PR_GetError();
-    if (addr) {
-	if (mapfile) {
-	    PORT_Assert(len != -1);
-	    PR_MemUnmap(addr,len);
-	} else {
-	    PORT_Free(addr);
-	}
-    }
-    if (mapfile) {
-	PR_CloseFileMap(mapfile);
-    }
-    if (filed) {
-	PR_Close(filed);
-    }
-    PR_SetError(error,0);
-    return -1;
-}
-
-/*
- * actual DBM shims
- */
-static int
-dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    
-
-    dbs_freemap(dbsp);
-    
-    ret = (* db->get)(db, key, data, flags);
-    if ((ret == 0) && dbs_IsBlob(data)) {
-	ret = dbs_readBlob(dbsp,data);
-    }
-
-    return(ret);
-}
-
-static int
-dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags)
-{
-    DBT blob;
-    int ret = 0;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-
-    dbs_freemap(dbsp);
-
-    /* If the db is readonly, just pass the data down to rdb and let it fail */
-    if (!dbsp->readOnly) {
-	DBT oldData;
-	int ret1;
-
-	/* make sure the current record is deleted if it's a blob */
-	ret1 = (*db->get)(db,key,&oldData,0);
-        if ((ret1 == 0) && flags == R_NOOVERWRITE) {
-	    /* let DBM return the error to maintain consistancy */
-	    return (* db->put)(db, key, data, flags);
-	}
-	if ((ret1 == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp, &oldData);
-	}
-
-	if (data->size > DBS_MAX_ENTRY_SIZE) {
-	    dbs_mkBlob(dbsp,key,data,&blob);
-	    ret = dbs_writeBlob(dbsp, dbsp->mode, &blob, data);
-	    data = &blob;
-	}
-    }
-
-    if (ret == 0) {
-	ret = (* db->put)(db, key, data, flags);
-    }
-    return(ret);
-}
-
-static int
-dbs_sync(const DB *dbs, unsigned int flags)
-{
-    DB *db = (DB *)dbs->internal;
-    DBS *dbsp = (DBS *)dbs;
-
-    dbs_freemap(dbsp);
-
-    return (* db->sync)(db, flags);
-}
-
-static int
-dbs_del(const DB *dbs, const DBT *key, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-
-    dbs_freemap(dbsp);
-
-    if (!dbsp->readOnly) {
-	DBT oldData;
-	ret = (*db->get)(db,key,&oldData,0);
-	if ((ret == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp,&oldData);
-	}
-    }
-
-    return (* db->del)(db, key, flags);
-}
-
-static int
-dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags)
-{
-    int ret;
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    
-    dbs_freemap(dbsp);
-    
-    ret = (* db->seq)(db, key, data, flags);
-    if ((ret == 0) && dbs_IsBlob(data)) {
-	/* don't return a blob read as an error so traversals keep going */
-	(void) dbs_readBlob(dbsp,data);
-    }
-
-    return(ret);
-}
-
-static int
-dbs_close(DB *dbs)
-{
-    DBS *dbsp = (DBS *)dbs;
-    DB *db = (DB *)dbs->internal;
-    int ret;
-
-    dbs_freemap(dbsp);
-    ret = (* db->close)(db);
-    PORT_Free(dbsp->blobdir);
-    PORT_Free(dbsp);
-    return ret;
-}
-
-static int
-dbs_fd(const DB *dbs)
-{
-    DB *db = (DB *)dbs->internal;
-
-    return (* db->fd)(db);
-}
-
-/*
- * the naming convention we use is
- * change the .xxx into .dir. (for nss it's always .db);
- * if no .extension exists or is equal to .dir, add a .dir 
- * the returned data must be freed.
- */
-#define DIRSUFFIX ".dir"
-static char *
-dbs_mkBlobDirName(const char *dbname)
-{
-    int dbname_len = PORT_Strlen(dbname);
-    int dbname_end = dbname_len;
-    const char *cp;
-    char *blobDir = NULL;
-
-    /* scan back from the end looking for either a directory separator, a '.',
-     * or the end of the string. NOTE: Windows should check for both separators
-     * here. For now this is safe because we know NSS always uses a '.'
-     */
-    for (cp = &dbname[dbname_len]; 
-		(cp > dbname) && (*cp != '.') && (*cp != *PATH_SEPARATOR) ;
-			cp--)
-	/* Empty */ ;
-    if (*cp == '.') {
-	dbname_end = cp - dbname;
-	if (PORT_Strcmp(cp,DIRSUFFIX) == 0) {
-	    dbname_end = dbname_len;
-	}
-    }
-    blobDir = PORT_ZAlloc(dbname_end+sizeof(DIRSUFFIX));
-    if (blobDir == NULL) {
-	return NULL;
-    }
-    PORT_Memcpy(blobDir,dbname,dbname_end);
-    PORT_Memcpy(&blobDir[dbname_end],DIRSUFFIX,sizeof(DIRSUFFIX));
-    return blobDir;
-}
-
-#define DBM_DEFAULT 0
-static const HASHINFO dbs_hashInfo = {
-	DBS_BLOCK_SIZE,		/* bucket size, must be greater than = to
-				 * or maximum entry size (+ header)
-				 * we allow before blobing */
-	DBM_DEFAULT,		/* Fill Factor */
-	DBM_DEFAULT,		/* number of elements */
-	DBS_CACHE_SIZE,		/* cache size */
-	DBM_DEFAULT,		/* hash function */
-	DBM_DEFAULT,		/* byte order */
-};
-
-/*
- * the open function. NOTE: this is the only exposed function in this file.
- * everything else is called through the function table pointer.
- */
-DB *
-dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
-							 const void *userData)
-{
-    DB *db = NULL,*dbs = NULL;
-    DBS *dbsp = NULL;
-
-    /* NOTE: we are overriding userData with dbs_hashInfo. since all known
-     * callers pass 0, this is ok, otherwise we should merge the two */
-
-    dbsp = (DBS *)PORT_ZAlloc(sizeof(DBS));
-    if (!dbsp) {
-	return NULL;
-    }
-    dbs = &dbsp->db;
-
-    dbsp->blobdir=dbs_mkBlobDirName(dbname);
-    if (dbsp->blobdir == NULL) {
-	goto loser;
-    }
-    dbsp->mode = mode;
-    dbsp->readOnly = (PRBool)(flags == NO_RDONLY);
-    dbsp->dbs_mapfile = NULL;
-    dbsp->dbs_addr = NULL;
-    dbsp->dbs_len = 0;
-
-    /* the real dbm call */
-    db = dbopen(dbname, flags, mode, type, &dbs_hashInfo);
-    if (db == NULL) {
-	goto loser;
-    }
-    dbs->internal = (void *) db;
-    dbs->type = type;
-    dbs->close = dbs_close;
-    dbs->get = dbs_get;
-    dbs->del = dbs_del;
-    dbs->put = dbs_put;
-    dbs->seq = dbs_seq;
-    dbs->sync = dbs_sync;
-    dbs->fd = dbs_fd;
-
-    return dbs;
-loser:
-    if (db) {
-	(*db->close)(db);
-    }
-    if (dbsp && dbsp->blobdir) {
-	PORT_Free(dbsp->blobdir);
-    }
-    if (dbsp) {
-	PORT_Free(dbsp);
-    }
-    return NULL;
-}

mozilla/security/nss/lib/softoken/ecdecode.c

@@ -1,687 +0,0 @@
-/*
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Elliptic Curve Cryptography library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are Copyright (C) 2003
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com> and
- *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifdef NSS_ENABLE_ECC
-
-#include "blapi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secerr.h"
-#include "ec.h"
-#include "ecl-curve.h"
-
-#define CHECK_OK(func) if (func == NULL) goto cleanup
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
-
-/* Initializes a SECItem from a hexadecimal string */
-static SECItem *
-hexString2SECItem(PRArenaPool *arena, SECItem *item, const char *str)
-{
-    int i = 0;
-    int byteval = 0;
-    int tmp = PORT_Strlen(str);
-
-    if ((tmp % 2) != 0) return NULL;
-    
-    item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
-    if (item->data == NULL) return NULL;
-    item->len = tmp/2;
-
-    while (str[i]) {
-        if ((str[i] >= '0') && (str[i] <= '9'))
-	    tmp = str[i] - '0';
-	else if ((str[i] >= 'a') && (str[i] <= 'f'))
-	    tmp = str[i] - 'a' + 10;
-	else if ((str[i] >= 'A') && (str[i] <= 'F'))
-	    tmp = str[i] - 'A' + 10;
-	else
-	    return NULL;
-
-	byteval = byteval * 16 + tmp;
-	if ((i % 2) != 0) {
-	    item->data[i/2] = byteval;
-	    byteval = 0;
-	}
-	i++;
-    }
-
-    return item;
-}
-
-/* Copy all of the fields from srcParams into dstParams
- */
-SECStatus
-EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
-	      const ECParams *srcParams)
-{
-    SECStatus rv = SECFailure;
-
-    dstParams->arena = arena;
-    dstParams->type = srcParams->type;
-    dstParams->fieldID.size = srcParams->fieldID.size;
-    dstParams->fieldID.type = srcParams->fieldID.type;
-    if (srcParams->fieldID.type == ec_field_GFp) {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
-	    &srcParams->fieldID.u.prime));
-    } else {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
-	    &srcParams->fieldID.u.poly));
-    }
-    dstParams->fieldID.k1 = srcParams->fieldID.k1;
-    dstParams->fieldID.k2 = srcParams->fieldID.k2;
-    dstParams->fieldID.k3 = srcParams->fieldID.k3;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
-	&srcParams->curve.a));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
-	&srcParams->curve.b));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
-	&srcParams->curve.seed));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
-	&srcParams->base));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
-	&srcParams->order));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
-	&srcParams->DEREncoding));
-	dstParams->name = srcParams->name;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
- 	&srcParams->curveOID));
-    dstParams->cofactor = srcParams->cofactor;
-
-    return SECSuccess;
-
-cleanup:
-    return SECFailure;
-}
-
-SECStatus
-EC_FillParams(PRArenaPool *arena, const SECItem *encodedParams, 
-    ECParams *params)
-{
-    SECOidTag tag;
-    SECItem oid = { siBuffer, NULL, 0};
-    const ECCurveParams *curveParams;
-    char genenc[2 + 2 * 2 * MAX_ECKEY_LEN];
-
-#if EC_DEBUG
-    int i;
-
-    printf("Encoded params in EC_DecodeParams: ");
-    for (i = 0; i < encodedParams->len; i++) {
-	    printf("%02x:", encodedParams->data[i]);
-    }
-    printf("\n");
-#endif
-
-    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
-	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    };
-
-    oid.len = encodedParams->len - 2;
-    oid.data = encodedParams->data + 2;
-    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
-	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { 
-	    PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	    return SECFailure;
-    }
-
-    params->arena = arena;
-    params->cofactor = 0;
-    params->type = ec_params_named;
-    params->name = ECCurve_noName;
-
-    /* For named curves, fill out curveOID */
-    params->curveOID.len = oid.len;
-    params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
-    if (params->curveOID.data == NULL) goto cleanup;
-    memcpy(params->curveOID.data, oid.data, oid.len);
-
-#if EC_DEBUG
-    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
-#endif
-
-    switch (tag) {
-
-#define GF2M_POPULATE \
-	if ((params->name < ECCurve_noName) || \
-	    (params->name > ECCurve_pastLastCurve)) goto cleanup; \
-	CHECK_OK(curveParams); \
-	params->fieldID.size = curveParams->size; \
-	params->fieldID.type = ec_field_GF2m; \
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, \
-	    curveParams->irr)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, \
-	    curveParams->curvea)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, \
-	    curveParams->curveb)); \
-	genenc[0] = '0'; \
-	genenc[1] = '4'; \
-	genenc[2] = '\0'; \
-	CHECK_OK(strcat(genenc, curveParams->genx)); \
-	CHECK_OK(strcat(genenc, curveParams->geny)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->base, \
-	    genenc)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->order, \
-	    curveParams->order)); \
-	params->cofactor = curveParams->cofactor;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V1:
-	/* Populate params for c2pnb163v1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V2:
-	/* Populate params for c2pnb163v2 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB163V3:
-	/* Populate params for c2pnb163v3 */
-	params->name = ECCurve_X9_62_CHAR2_PNB163V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB176V1:
-	/* Populate params for c2pnb176v1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB176V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V1:
-	/* Populate params for c2tnb191v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V2:
-	/* Populate params for c2tnb191v2 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB191V3:
-	/* Populate params for c2tnb191v3 */
-	params->name = ECCurve_X9_62_CHAR2_TNB191V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB208W1:
-	/* Populate params for c2pnb208w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB208W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V1:
-	/* Populate params for c2tnb239v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V2:
-	/* Populate params for c2tnb239v2 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB239V3:
-	/* Populate params for c2tnb239v3 */
-	params->name = ECCurve_X9_62_CHAR2_TNB239V3;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB272W1:
-	/* Populate params for c2pnb272w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB272W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB304W1:
-	/* Populate params for c2pnb304w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB304W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB359V1:
-	/* Populate params for c2tnb359v1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB359V1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2PNB368W1:
-	/* Populate params for c2pnb368w1 */
-	params->name = ECCurve_X9_62_CHAR2_PNB368W1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_C2TNB431R1:
-	/* Populate params for c2tnb431r1 */
-	params->name = ECCurve_X9_62_CHAR2_TNB431R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-	
-    case SEC_OID_SECG_EC_SECT113R1:
-	/* Populate params for sect113r1 */
-	params->name = ECCurve_SECG_CHAR2_113R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT113R2:
-	/* Populate params for sect113r2 */
-	params->name = ECCurve_SECG_CHAR2_113R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R1:
-	/* Populate params for sect131r1 */
-	params->name = ECCurve_SECG_CHAR2_131R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT131R2:
-	/* Populate params for sect131r2 */
-	params->name = ECCurve_SECG_CHAR2_131R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163K1:
-	/* Populate params for sect163k1
-	 * (the NIST K-163 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_163K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R1:
-	/* Populate params for sect163r1 */
-	params->name = ECCurve_SECG_CHAR2_163R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT163R2:
-	/* Populate params for sect163r2
-	 * (the NIST B-163 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_163R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R1:
-	/* Populate params for sect193r1 */
-	params->name = ECCurve_SECG_CHAR2_193R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT193R2:
-	/* Populate params for sect193r2 */
-	params->name = ECCurve_SECG_CHAR2_193R2;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT233K1:
-	/* Populate params for sect233k1
-	 * (the NIST K-233 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_233K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT233R1:
-	/* Populate params for sect233r1
-	 * (the NIST B-233 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_233R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT239K1:
-	/* Populate params for sect239k1 */
-	params->name = ECCurve_SECG_CHAR2_239K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT283K1:
-        /* Populate params for sect283k1
-	 * (the NIST K-283 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_283K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT283R1:
-	/* Populate params for sect283r1
-	 * (the NIST B-283 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_283R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT409K1:
-	/* Populate params for sect409k1
-	 * (the NIST K-409 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_409K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT409R1:
-	/* Populate params for sect409r1
-	 * (the NIST B-409 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_409R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT571K1:
-	/* Populate params for sect571k1
-	 * (the NIST K-571 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_571K1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECT571R1:
-	/* Populate params for sect571r1
-	 * (the NIST B-571 curve)
-	 */
-	params->name = ECCurve_SECG_CHAR2_571R1;
-	curveParams = ecCurve_map[params->name];
-	GF2M_POPULATE
-	break;
-
-#define GFP_POPULATE \
-	if ((params->name < ECCurve_noName) || \
-	    (params->name > ECCurve_pastLastCurve)) goto cleanup; \
-	CHECK_OK(curveParams); \
-	params->fieldID.size = curveParams->size; \
-	params->fieldID.type = ec_field_GFp; \
-	CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, \
-	    curveParams->irr)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, \
-	    curveParams->curvea)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, \
-	    curveParams->curveb)); \
-	genenc[0] = '0'; \
-	genenc[1] = '4'; \
-	genenc[2] = '\0'; \
-	CHECK_OK(strcat(genenc, curveParams->genx)); \
-	CHECK_OK(strcat(genenc, curveParams->geny)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->base, \
-	    genenc)); \
-	CHECK_OK(hexString2SECItem(params->arena, &params->order, \
-	    curveParams->order)); \
-	params->cofactor = curveParams->cofactor;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V1:
-	/* Populate params for prime192v1 aka secp192r1 
-	 * (the NIST P-192 curve)
-	 */
-	params->name = ECCurve_X9_62_PRIME_192V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V2:
-	/* Populate params for prime192v2 */
-	params->name = ECCurve_X9_62_PRIME_192V2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME192V3:
-	/* Populate params for prime192v3 */
-	params->name = ECCurve_X9_62_PRIME_192V3;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-	
-    case SEC_OID_ANSIX962_EC_PRIME239V1:
-	/* Populate params for prime239v1 */
-	params->name = ECCurve_X9_62_PRIME_239V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V2:
-	/* Populate params for prime239v2 */
-	params->name = ECCurve_X9_62_PRIME_239V2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME239V3:
-	/* Populate params for prime239v3 */
-	params->name = ECCurve_X9_62_PRIME_239V3;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_ANSIX962_EC_PRIME256V1:
-	/* Populate params for prime256v1 aka secp256r1
-	 * (the NIST P-256 curve)
-	 */
-	params->name = ECCurve_X9_62_PRIME_256V1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R1:
-        /* Populate params for secp112r1 */
-	params->name = ECCurve_SECG_PRIME_112R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP112R2:
-        /* Populate params for secp112r2 */
-	params->name = ECCurve_SECG_PRIME_112R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R1:
-        /* Populate params for secp128r1 */
-	params->name = ECCurve_SECG_PRIME_128R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP128R2:
-        /* Populate params for secp128r2 */
-	params->name = ECCurve_SECG_PRIME_128R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-	
-    case SEC_OID_SECG_EC_SECP160K1:
-        /* Populate params for secp160k1 */
-	params->name = ECCurve_SECG_PRIME_160K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R1:
-        /* Populate params for secp160r1 */
-	params->name = ECCurve_SECG_PRIME_160R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP160R2:
-	/* Populate params for secp160r1 */
-	params->name = ECCurve_SECG_PRIME_160R2;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP192K1:
-	/* Populate params for secp192k1 */
-	params->name = ECCurve_SECG_PRIME_192K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP224K1:
-	/* Populate params for secp224k1 */
-	params->name = ECCurve_SECG_PRIME_224K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP224R1:
-	/* Populate params for secp224r1 
-	 * (the NIST P-224 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_224R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP256K1:
-	/* Populate params for secp256k1 */
-	params->name = ECCurve_SECG_PRIME_256K1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP384R1:
-	/* Populate params for secp384r1
-	 * (the NIST P-384 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_384R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    case SEC_OID_SECG_EC_SECP521R1:
-	/* Populate params for secp521r1 
-	 * (the NIST P-521 curve)
-	 */
-	params->name = ECCurve_SECG_PRIME_521R1;
-	curveParams = ecCurve_map[params->name];
-	GFP_POPULATE
-	break;
-
-    default:
-	break;
-    };
-
-cleanup:
-    if (!params->cofactor) {
-	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-#if EC_DEBUG
-	printf("Unrecognized curve, returning NULL params\n");
-#endif
-	return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-SECStatus
-EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
-{
-    PRArenaPool *arena;
-    ECParams *params;
-    SECStatus rv = SECFailure;
-
-    /* Initialize an arena for the ECParams structure */
-    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
-	return SECFailure;
-
-    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
-    if (!params) {
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-
-    /* Copy the encoded params */
-    SECITEM_AllocItem(arena, &(params->DEREncoding),
-	encodedParams->len);
-    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
-
-    /* Fill out the rest of the ECParams structure based on 
-     * the encoded params 
-     */
-    rv = EC_FillParams(arena, encodedParams, params);
-    if (rv == SECFailure) {
-	PORT_FreeArena(arena, PR_TRUE);	
-	return SECFailure;
-    } else {
-	*ecparams = params;;
-	return SECSuccess;
-    }
-}
-
-#endif /* NSS_ENABLE_ECC */

mozilla/security/nss/lib/softoken/fipstokn.c

@@ -1,996 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- *   This implementation has two slots:
- *	slot 1 is our generic crypto support. It does not require login
- *   (unless you've enabled FIPS). It supports Public Key ops, and all they
- *   bulk ciphers and hashes. It can also support Private Key ops for imported
- *   Private keys. It does not have any token storage.
- *	slot 2 is our private key support. It requires a login before use. It
- *   can store Private Keys and Certs as token objects. Currently only private
- *   keys and their associated Certificates are saved on the token.
- *
- *   In this implementation, session objects are only visible to the session
- *   that created or generated them.
- */
-#include "seccomon.h"
-#include "softoken.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-
-
-/*
- * ******************** Password Utilities *******************************
- */
-static PRBool isLoggedIn = PR_FALSE;
-static PRBool fatalError = PR_FALSE;
-
-/* Fips required checks before any useful crypto graphic services */
-static CK_RV sftk_fipsCheck(void) {
-    if (isLoggedIn != PR_TRUE) 
-	return CKR_USER_NOT_LOGGED_IN;
-    if (fatalError) 
-	return CKR_DEVICE_ERROR;
-    return CKR_OK;
-}
-
-
-#define SFTK_FIPSCHECK() \
-    CK_RV rv; \
-    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-
-#define SFTK_FIPSFATALCHECK() \
-    if (fatalError) return CKR_DEVICE_ERROR;
-
-
-/* grab an attribute out of a raw template */
-void *
-fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate, 
-				CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
-{
-    int i;
-
-    for (i=0; i < (int) ulCount; i++) {
-	if (pTemplate[i].type == type) {
-	    return pTemplate[i].pValue;
-	}
-    }
-    return NULL;
-}
-
-
-#define __PASTE(x,y)	x##y
-
-/* ------------- forward declare all the NSC_ functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- forward declare all the FIPS functions ------------- */
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F,name)
-#define CK_NEED_ARG_LIST 1
-
-#include "pkcs11f.h"
-
-/* ------------- build the CK_CRYPTO_TABLE ------------------------- */
-static CK_FUNCTION_LIST sftk_fipsTable = {
-    { 1, 10 },
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-#define CK_PKCS11_FUNCTION_INFO(name) __PASTE(F,name),
-
-
-#include "pkcs11f.h"
-
-};
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-static CK_RV
-fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
-{
-    CK_RV rv;
-    CK_OBJECT_CLASS objClass;
-    CK_ATTRIBUTE class; 
-    class.type = CKA_CLASS;
-    class.pValue = &objClass;
-    class.ulValueLen = sizeof(objClass);
-    rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
-    if (rv == CKR_OK) {
-	if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) {
-	    rv = sftk_fipsCheck();
-	}
-    }
-    return rv;
-}
-
-
-/**********************************************************************
- *
- *     Start of PKCS 11 functions 
- *
- **********************************************************************/
-/* return the function list */
-CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
-    *pFunctionList = &sftk_fipsTable;
-    return CKR_OK;
-}
-
-/* sigh global so pkcs11 can read it */
-PRBool nsf_init = PR_FALSE;
-
-/* FC_Initialize initializes the PKCS #11 library. */
-CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
-    CK_RV crv;
-
-    if (nsf_init) {
-	return CKR_CRYPTOKI_ALREADY_INITIALIZED;
-    }
-
-    crv = nsc_CommonInitialize(pReserved, PR_TRUE);
-
-    /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-	return crv;
-    }
-
-    fatalError = PR_FALSE; /* any error has been reset */
-
-    crv = sftk_fipsPowerUpSelfTest();
-    if (crv != CKR_OK) {
-        nsc_CommonFinalize(NULL, PR_TRUE);
-	fatalError = PR_TRUE;
-	return crv;
-    }
-    nsf_init = PR_TRUE;
-
-    return CKR_OK;
-}
-
-/*FC_Finalize indicates that an application is done with the PKCS #11 library.*/
-CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
-   CK_RV crv;
-   if (!nsf_init) {
-      return CKR_OK;
-   }
-   crv = nsc_CommonFinalize (pReserved, PR_TRUE);
-   nsf_init = (PRBool) !(crv == CKR_OK);
-   return crv;
-}
-
-
-/* FC_GetInfo returns general information about PKCS #11. */
-CK_RV  FC_GetInfo(CK_INFO_PTR pInfo) {
-    return NSC_GetInfo(pInfo);
-}
-
-/* FC_GetSlotList obtains a list of slots in the system. */
-CK_RV FC_GetSlotList(CK_BBOOL tokenPresent,
-	 		CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
-    return nsc_CommonGetSlotList(tokenPresent,pSlotList,pulCount,
-							 NSC_FIPS_MODULE);
-}
-	
-/* FC_GetSlotInfo obtains information about a particular slot in the system. */
-CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
-
-    CK_RV crv;
-
-    crv = NSC_GetSlotInfo(slotID,pInfo);
-    if (crv != CKR_OK) {
-	return crv;
-    }
-
-    return CKR_OK;
-}
-
-
-/*FC_GetTokenInfo obtains information about a particular token in the system.*/
- CK_RV FC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) {
-    CK_RV crv;
-
-    crv = NSC_GetTokenInfo(slotID,pInfo);
-    pInfo->flags |= CKF_RNG | CKF_LOGIN_REQUIRED;
-    return crv;
-
-}
-
-
-
-/*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
- CK_RV FC_GetMechanismList(CK_SLOT_ID slotID,
-	CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) {
-    SFTK_FIPSFATALCHECK();
-    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
-    /* FIPS Slot supports all functions */
-    return NSC_GetMechanismList(slotID,pMechanismList,pusCount);
-}
-
-
-/* FC_GetMechanismInfo obtains information about a particular mechanism 
- * possibly supported by a token. */
- CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
-    					CK_MECHANISM_INFO_PTR pInfo) {
-    SFTK_FIPSFATALCHECK();
-    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
-    /* FIPS Slot supports all functions */
-    return NSC_GetMechanismInfo(slotID,type,pInfo);
-}
-
-
-/* FC_InitToken initializes a token. */
- CK_RV FC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
- 				CK_ULONG usPinLen,CK_CHAR_PTR pLabel) {
-    return CKR_HOST_MEMORY; /*is this the right function for not implemented*/
-}
-
-
-/* FC_InitPIN initializes the normal user's PIN. */
- CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession,
-    					CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
-    return NSC_InitPIN(hSession,pPin,ulPinLen);
-}
-
-
-/* FC_SetPIN modifies the PIN of user that is currently logged in. */
-/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
- CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
-    CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) {
-    CK_RV rv;
-    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-    return NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
-}
-
-/* FC_OpenSession opens a session between an application and a token. */
- CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
-   CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
-}
-
-
-/* FC_CloseSession closes a session between an application and a token. */
- CK_RV FC_CloseSession(CK_SESSION_HANDLE hSession) {
-    return NSC_CloseSession(hSession);
-}
-
-
-/* FC_CloseAllSessions closes all sessions with a token. */
- CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID) {
-    return NSC_CloseAllSessions (slotID);
-}
-
-
-/* FC_GetSessionInfo obtains information about the session. */
- CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
-						CK_SESSION_INFO_PTR pInfo) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-
-    rv = NSC_GetSessionInfo(hSession,pInfo);
-    if (rv == CKR_OK) {
-	if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RO_USER_FUNCTIONS;
-	}
-	if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RW_USER_FUNCTIONS;
-	}
-    }
-    return rv;
-}
-
-/* FC_Login logs a user into a token. */
- CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
-				    CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = NSC_Login(hSession,userType,pPin,usPinLen);
-    if (rv == CKR_OK)
-	isLoggedIn = PR_TRUE;
-    else if (rv == CKR_USER_ALREADY_LOGGED_IN)
-    {
-	isLoggedIn = PR_TRUE;
-
-	/* Provide FIPS PUB 140-1 power-up self-tests on demand. */
-	rv = sftk_fipsPowerUpSelfTest();
-	if (rv == CKR_OK)
-		return CKR_USER_ALREADY_LOGGED_IN;
-	else
-		fatalError = PR_TRUE;
-    }
-    return rv;
-}
-
-/* FC_Logout logs a user out from a token. */
- CK_RV FC_Logout(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
- 
-    rv = NSC_Logout(hSession);
-    isLoggedIn = PR_FALSE;
-    return rv;
-}
-
-
-/* FC_CreateObject creates a new object. */
- CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession,
-		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 
-					CK_OBJECT_HANDLE_PTR phObject) {
-    CK_OBJECT_CLASS * classptr;
-    SFTK_FIPSCHECK();
-    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
-    if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
-
-    /* FIPS can't create keys from raw key material */
-    if ((*classptr == CKO_SECRET_KEY) || (*classptr == CKO_PRIVATE_KEY)) {
-	return CKR_ATTRIBUTE_VALUE_INVALID;
-    }
-    return NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
-}
-
-
-
-
-
-/* FC_CopyObject copies an object, creating a new object for the copy. */
- CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession,
-       CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
-					CK_OBJECT_HANDLE_PTR phNewObject) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_CopyObject(hSession,hObject,pTemplate,usCount,phNewObject);
-}
-
-
-/* FC_DestroyObject destroys an object. */
- CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
-		 				CK_OBJECT_HANDLE hObject) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_DestroyObject(hSession,hObject);
-}
-
-
-/* FC_GetObjectSize gets the size of an object in bytes. */
- CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
-    			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_GetObjectSize(hSession, hObject, pusSize);
-}
-
-
-/* FC_GetAttributeValue obtains the value of one or more object attributes. */
- CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_GetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-/* FC_SetAttributeValue modifies the value of one or more object attributes */
- CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    CK_RV rv;
-    SFTK_FIPSFATALCHECK();
-    rv = fips_login_if_key_object(hSession, hObject);
-    if (rv != CKR_OK) {
-	return rv;
-    }
-    return NSC_SetAttributeValue(hSession,hObject,pTemplate,usCount);
-}
-
-
-
-/* FC_FindObjectsInit initializes a search for token and session objects 
- * that match a template. */
- CK_RV FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
-    			CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
-    /* let publically readable object be found */
-    int i;
-    CK_RV rv;
-    PRBool needLogin = PR_FALSE;
-
-    SFTK_FIPSFATALCHECK();
-
-    for (i=0; i < usCount; i++) {
-	CK_OBJECT_CLASS class;
-	if (pTemplate[i].type != CKA_CLASS) {
-	    continue;
-	}
-	if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
-	    continue;
-	}
-	if (pTemplate[i].pValue == NULL) {
-	    continue;
-	}
-	class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
-	if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
-	    needLogin = PR_TRUE;
-	    break;
-	}
-    }
-    if (needLogin) {
-	if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
-    }
-    return NSC_FindObjectsInit(hSession,pTemplate,usCount);
-}
-
-
-/* FC_FindObjects continues a search for token and session objects 
- * that match a template, obtaining additional object handles. */
- CK_RV FC_FindObjects(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount,
-    					CK_ULONG_PTR pusObjectCount) {
-    /* let publically readable object be found */
-    SFTK_FIPSFATALCHECK();
-    return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
-    							pusObjectCount);
-}
-
-
-/*
- ************** Crypto Functions:     Encrypt ************************
- */
-
-/* FC_EncryptInit initializes an encryption operation. */
- CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_EncryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Encrypt encrypts single-part data. */
- CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    		CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
-					 CK_ULONG_PTR pusEncryptedDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
-							pusEncryptedDataLen);
-}
-
-
-/* FC_EncryptUpdate continues a multiple-part encryption operation. */
- CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,	
-					CK_ULONG_PTR pusEncryptedPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
-						pusEncryptedPartLen);
-}
-
-
-/* FC_EncryptFinal finishes a multiple-part encryption operation. */
- CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_EncryptFinal(hSession,pLastEncryptedPart,
-						pusLastEncryptedPartLen);
-}
-
-/*
- ************** Crypto Functions:     Decrypt ************************
- */
-
-
-/* FC_DecryptInit initializes a decryption operation. */
- CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptInit(hSession,pMechanism,hKey);
-}
-
-/* FC_Decrypt decrypts encrypted data in a single part. */
- CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData,
-    						CK_ULONG_PTR pusDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
-    								pusDataLen);
-}
-
-
-/* FC_DecryptUpdate continues a multiple-part decryption operation. */
- CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
-    				CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
-    							pPart,pusPartLen);
-}
-
-
-/* FC_DecryptFinal finishes a multiple-part decryption operation. */
- CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
-}
-
-
-/*
- ************** Crypto Functions:     Digest (HASH)  ************************
- */
-
-/* FC_DigestInit initializes a message-digesting operation. */
- CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession,
-    					CK_MECHANISM_PTR pMechanism) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestInit(hSession, pMechanism);
-}
-
-
-/* FC_Digest digests data in a single part. */
- CK_RV FC_Digest(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
-}
-
-
-/* FC_DigestUpdate continues a multiple-part message-digesting operation. */
- CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-					    CK_ULONG usPartLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_DigestFinal finishes a multiple-part message-digesting operation. */
- CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
-}
-
-
-/*
- ************** Crypto Functions:     Sign  ************************
- */
-
-/* FC_SignInit initializes a signature (private key encryption) operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_SignInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Sign(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature,
-    					CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-
-/* FC_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-    							CK_ULONG usPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_SignFinal finishes a multiple-part signature operation, 
- * returning the signature. */
- CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
-					    CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     Sign Recover  ************************
- */
-/* FC_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature. 
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_SignRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature. 
- * E.g. encryption with the user's private key */
- CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-  CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     verify  ************************
- */
-
-/* FC_VerifyInit initializes a verification operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature (e.g. DSA) */
- CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
-			   CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_Verify verifies a signature in a single-part operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) {
-    /* make sure we're legal */
-    SFTK_FIPSCHECK();
-    return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
-}
-
-
-/* FC_VerifyUpdate continues a multiple-part verification operation, 
- * where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature */
- CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
-						CK_ULONG usPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyUpdate(hSession,pPart,usPartLen);
-}
-
-
-/* FC_VerifyFinal finishes a multiple-part verification operation, 
- * checking the signature. */
- CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession,
-			CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
-}
-
-/*
- ************** Crypto Functions:     Verify  Recover ************************
- */
-
-/* FC_VerifyRecoverInit initializes a signature verification operation, 
- * where the data is recovered from the signature. 
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
-			CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
-}
-
-
-/* FC_VerifyRecover verifies a signature in a single-part operation, 
- * where the data is recovered from the signature. 
- * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession,
-		 CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen,
-    				CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) {
-    SFTK_FIPSCHECK();
-    return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
-								pusDataLen);
-}
-
-/*
- **************************** Key Functions:  ************************
- */
-
-/* FC_GenerateKey generates a secret key, creating a new key object. */
- CK_RV FC_GenerateKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
-    						CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-
-    return NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
-}
-
-
-/* FC_GenerateKeyPair generates a public-key/private-key pair, 
- * creating new key objects. */
- CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-    CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-    CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
-					CK_OBJECT_HANDLE_PTR phPrivateKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all private keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate, 
-				usPrivateKeyAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate,
-    		usPublicKeyAttributeCount,pPrivateKeyTemplate,
-		usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
-}
-
-
-/* FC_WrapKey wraps (i.e., encrypts) a key. */
- CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
-    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
-					 CK_ULONG_PTR pusWrappedKeyLen) {
-    SFTK_FIPSCHECK();
-    return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
-							pusWrappedKeyLen);
-}
-
-
-/* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
- CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
-    CK_BYTE_PTR pWrappedKey, CK_ULONG usWrappedKeyLen,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount,
-						 CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
-			usWrappedKeyLen,pTemplate,usAttributeCount,phKey);
-}
-
-
-/* FC_DeriveKey derives a key from a base key, creating a new key object. */
- CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession,
-	 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
-	 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usAttributeCount, 
-						CK_OBJECT_HANDLE_PTR phKey) {
-    CK_BBOOL *boolptr;
-
-    SFTK_FIPSCHECK();
-
-    /* all secret keys must be sensitive, if the upper level code tries to say
-     * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					usAttributeCount, CKA_SENSITIVE);
-    if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-    }
-    return NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
-			usAttributeCount, phKey);
-}
-
-/*
- **************************** Radom Functions:  ************************
- */
-
-/* FC_SeedRandom mixes additional seed material into the token's random number 
- * generator. */
- CK_RV FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
-    CK_ULONG usSeedLen) {
-    CK_RV crv;
-
-    SFTK_FIPSFATALCHECK();
-    crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-    }
-    return crv;
-}
-
-
-/* FC_GenerateRandom generates random data. */
- CK_RV FC_GenerateRandom(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR	pRandomData, CK_ULONG usRandomLen) {
-    CK_RV crv;
-
-    SFTK_FIPSFATALCHECK();
-    crv = NSC_GenerateRandom(hSession,pRandomData,usRandomLen);
-    if (crv != CKR_OK) {
-	fatalError = PR_TRUE;
-    }
-    return crv;
-}
-
-
-/* FC_GetFunctionStatus obtains an updated status of a function running 
- * in parallel with an application. */
- CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
-    return NSC_GetFunctionStatus(hSession);
-}
-
-
-/* FC_CancelFunction cancels a function running in parallel */
- CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) {
-    SFTK_FIPSCHECK();
-    return NSC_CancelFunction(hSession);
-}
-
-/*
- ****************************  Version 1.1 Functions:  ************************
- */
-
-/* FC_GetOperationState saves the state of the cryptographic 
- *operation in a session. */
-CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG_PTR pulOperationStateLen) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
-}
-
-
-/* FC_SetOperationState restores the state of the cryptographic operation 
- * in a session. */
-CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG  ulOperationStateLen,
-        CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) {
-    SFTK_FIPSFATALCHECK();
-    return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
-        				hEncryptionKey,hAuthenticationKey);
-}
-
-/* FC_FindObjectsFinal finishes a search for token and session objects. */
-CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
-    /* let publically readable object be found */
-    SFTK_FIPSFATALCHECK();
-    return NSC_FindObjectsFinal(hSession);
-}
-
-
-/* Dual-function cryptographic operations */
-
-/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption 
- * operation. */
-CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-    CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
-    SFTK_FIPSCHECK();
-    return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
-}
-
-
-/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting 
- * operation. */
-CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
-     CK_BYTE_PTR  pEncryptedPart, CK_ULONG  ulEncryptedPartLen,
-    				CK_BYTE_PTR  pPart, CK_ULONG_PTR pulPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
-    				pPart,pulPartLen);
-}
-
-/* FC_SignEncryptUpdate continues a multiple-part signing and encryption 
- * operation. */
-CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-	 CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
-}
-
-/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify 
- * operation. */
-CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pEncryptedData, CK_ULONG  ulEncryptedDataLen, 
-				CK_BYTE_PTR  pData, CK_ULONG_PTR pulDataLen) {
-
-    SFTK_FIPSCHECK();
-    return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, 
-				pData,pulDataLen);
-}
-
-
-/* FC_DigestKey continues a multi-part message-digesting operation,
- * by digesting the value of a secret key as part of the data already digested.
- */
-CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
-    SFTK_FIPSCHECK();
-    return NSC_DigestKey(hSession,hKey);
-}
-
-
-CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
-							 CK_VOID_PTR pReserved)
-{
-    return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
-}

mozilla/security/nss/lib/softoken/keydbi.h

@@ -1,84 +0,0 @@
-/*
- * private.h - Private data structures for the software token library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: keydbi.h,v 1.6 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
-
-#ifndef _KEYDBI_H_
-#define _KEYDBI_H_
-
-#include "nspr.h"
-#include "seccomon.h"
-#include "mcom_db.h"
-
-/*
- * Handle structure for open key databases
- */
-struct NSSLOWKEYDBHandleStr {
-    DB *db;
-    DB *updatedb;		/* used when updating an old version */
-    SECItem *global_salt;	/* password hashing salt for this db */
-    int version;		/* version of the database */
-    char *appname;		/* multiaccess app name */
-    char *dbname;		/* name of the openned DB */
-    PRBool readOnly;		/* is the DB read only */
-};
-
-/*
-** Typedef for callback for traversing key database.
-**      "key" is the key used to index the data in the database (nickname)
-**      "data" is the key data
-**      "pdata" is the user's data 
-*/
-typedef SECStatus (* NSSLOWKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
-
-
-SEC_BEGIN_PROTOS
-
-/*
-** Traverse the entire key database, and pass the nicknames and keys to a 
-** user supplied function.
-**      "f" is the user function to call for each key
-**      "udata" is the user's data, which is passed through to "f"
-*/
-extern SECStatus nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle, 
-				NSSLOWKEYTraverseKeysFunc f,
-				void *udata);
-
-SEC_END_PROTOS
-
-#endif /* _KEYDBI_H_ */

mozilla/security/nss/lib/softoken/lowcert.c

@@ -1,625 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * Certificate handling code
- *
- * $Id: lowcert.c,v 1.18 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-
-#include "seccomon.h"
-#include "secder.h"
-#include "nssilock.h"
-#include "prmon.h"
-#include "prtime.h"
-#include "lowkeyi.h"
-#include "pcert.h"
-#include "secasn1.h"
-#include "secoid.h"
-
-#ifdef NSS_ENABLE_ECC
-extern SECStatus EC_FillParams(PRArenaPool *arena, 
-			       const SECItem *encodedParams,
-			       ECParams *params);
-#endif
-
-static const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWCERTSubjectPublicKeyInfo) },
-    { SEC_ASN1_INLINE, offsetof(NSSLOWCERTSubjectPublicKeyInfo,algorithm),
-          SECOID_AlgorithmIDTemplate },
-    { SEC_ASN1_BIT_STRING,
-          offsetof(NSSLOWCERTSubjectPublicKeyInfo,subjectPublicKey), },
-    { 0, }
-};
-
-static const SEC_ASN1Template nsslowcert_RSAPublicKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPublicKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.modulus), },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.publicExponent), },
-    { 0, }
-};
-static const SEC_ASN1Template nsslowcert_DSAPublicKeyTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dsa.publicValue), },
-    { 0, }
-};
-static const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dh.publicValue), },
-    { 0, }
-};
-
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-
-static void
-prepare_low_rsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.rsa.modulus.type = siUnsignedInteger;
-    pubk->u.rsa.publicExponent.type = siUnsignedInteger;
-}
-
-static void
-prepare_low_dsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.dsa.publicValue.type = siUnsignedInteger;
-    pubk->u.dsa.params.prime.type = siUnsignedInteger;
-    pubk->u.dsa.params.subPrime.type = siUnsignedInteger;
-    pubk->u.dsa.params.base.type = siUnsignedInteger;
-}
-
-static void
-prepare_low_dh_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
-{
-    pubk->u.dh.prime.type = siUnsignedInteger;
-    pubk->u.dh.base.type = siUnsignedInteger;
-    pubk->u.dh.publicValue.type = siUnsignedInteger;
-}
-
-/*
- * Allow use of default cert database, so that apps(such as mozilla) don't
- * have to pass the handle all over the place.
- */
-static NSSLOWCERTCertDBHandle *default_pcert_db_handle = 0;
-
-void
-nsslowcert_SetDefaultCertDB(NSSLOWCERTCertDBHandle *handle)
-{
-    default_pcert_db_handle = handle;
-    
-    return;
-}
-
-NSSLOWCERTCertDBHandle *
-nsslowcert_GetDefaultCertDB(void)
-{
-    return(default_pcert_db_handle);
-}
-
-/*
- * simple cert decoder to avoid the cost of asn1 engine
- */ 
-static unsigned char *
-nsslowcert_dataStart(unsigned char *buf, unsigned int length, 
-			unsigned int *data_length, PRBool includeTag,
-                        unsigned char* rettag) {
-    unsigned char tag;
-    unsigned int used_length= 0;
-
-    tag = buf[used_length++];
-
-    if (rettag) {
-        *rettag = tag;
-    }
-
-    /* blow out when we come to the end */
-    if (tag == 0) {
-	return NULL;
-    }
-
-    *data_length = buf[used_length++];
-
-    if (*data_length&0x80) {
-	int  len_count = *data_length & 0x7f;
-
-	*data_length = 0;
-
-	while (len_count-- > 0) {
-	    *data_length = (*data_length << 8) | buf[used_length++];
-	} 
-    }
-
-    if (*data_length > (length-used_length) ) {
-	*data_length = length-used_length;
-	return NULL;
-    }
-    if (includeTag) *data_length += used_length;
-
-    return (buf + (includeTag ? 0 : used_length));	
-}
-
-static void SetTimeType(SECItem* item, unsigned char tagtype)
-{
-    switch (tagtype) {
-        case SEC_ASN1_UTC_TIME:
-            item->type = siUTCTime;
-            break;
-
-        case SEC_ASN1_GENERALIZED_TIME:
-            item->type = siGeneralizedTime;
-            break;
-
-        default:
-            PORT_Assert(0);
-            break;
-    }
-}
-
-static int
-nsslowcert_GetValidityFields(unsigned char *buf,int buf_length,
-	SECItem *notBefore, SECItem *notAfter)
-{
-    unsigned char tagtype;
-    notBefore->data = nsslowcert_dataStart(buf,buf_length,
-						&notBefore->len,PR_FALSE, &tagtype);
-    if (notBefore->data == NULL) return SECFailure;
-    SetTimeType(notBefore, tagtype);
-    buf_length -= (notBefore->data-buf) + notBefore->len;
-    buf = notBefore->data + notBefore->len;
-    notAfter->data = nsslowcert_dataStart(buf,buf_length,
-						&notAfter->len,PR_FALSE, &tagtype);
-    if (notAfter->data == NULL) return SECFailure;
-    SetTimeType(notAfter, tagtype);
-    return SECSuccess;
-}
-
-static int
-nsslowcert_GetCertFields(unsigned char *cert,int cert_length,
-	SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
-	SECItem *valid, SECItem *subjkey)
-{
-    unsigned char *buf;
-    unsigned int buf_length;
-    unsigned char *dummy;
-    unsigned int dummylen;
-
-    /* get past the signature wrap */
-    buf = nsslowcert_dataStart(cert,cert_length,&buf_length,PR_FALSE, NULL);
-    if (buf == NULL) return SECFailure;
-    /* get into the raw cert data */
-    buf = nsslowcert_dataStart(buf,buf_length,&buf_length,PR_FALSE, NULL);
-    if (buf == NULL) return SECFailure;
-    /* skip past any optional version number */
-    if ((buf[0] & 0xa0) == 0xa0) {
-	dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
-	if (dummy == NULL) return SECFailure;
-	buf_length -= (dummy-buf) + dummylen;
-	buf = dummy + dummylen;
-    }
-    /* serial number */
-    if (derSN) {
-	derSN->data=nsslowcert_dataStart(buf,buf_length,&derSN->len,PR_TRUE, NULL);
-    }
-    serial->data = nsslowcert_dataStart(buf,buf_length,&serial->len,PR_FALSE, NULL);
-    if (serial->data == NULL) return SECFailure;
-    buf_length -= (serial->data-buf) + serial->len;
-    buf = serial->data + serial->len;
-    /* skip the OID */
-    dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
-    if (dummy == NULL) return SECFailure;
-    buf_length -= (dummy-buf) + dummylen;
-    buf = dummy + dummylen;
-    /* issuer */
-    issuer->data = nsslowcert_dataStart(buf,buf_length,&issuer->len,PR_TRUE, NULL);
-    if (issuer->data == NULL) return SECFailure;
-    buf_length -= (issuer->data-buf) + issuer->len;
-    buf = issuer->data + issuer->len;
-
-    /* only wanted issuer/SN */
-    if (valid == NULL) {
-	return SECSuccess;
-    }
-    /* validity */
-    valid->data = nsslowcert_dataStart(buf,buf_length,&valid->len,PR_FALSE, NULL);
-    if (valid->data == NULL) return SECFailure;
-    buf_length -= (valid->data-buf) + valid->len;
-    buf = valid->data + valid->len;
-    /*subject */
-    subject->data=nsslowcert_dataStart(buf,buf_length,&subject->len,PR_TRUE, NULL);
-    if (subject->data == NULL) return SECFailure;
-    buf_length -= (subject->data-buf) + subject->len;
-    buf = subject->data + subject->len;
-    /* subject  key info */
-    subjkey->data=nsslowcert_dataStart(buf,buf_length,&subjkey->len,PR_TRUE, NULL);
-    if (subjkey->data == NULL) return SECFailure;
-    buf_length -= (subjkey->data-buf) + subjkey->len;
-    buf = subjkey->data + subjkey->len;
-    return SECSuccess;
-}
-
-SECStatus
-nsslowcert_GetCertTimes(NSSLOWCERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
-{
-    int rv;
-    NSSLOWCERTValidity validity;
-
-    rv = nsslowcert_GetValidityFields(c->validity.data,c->validity.len,
-				&validity.notBefore,&validity.notAfter);
-    if (rv != SECSuccess) {
-	return rv;
-    }
-    
-    /* convert DER not-before time */
-    rv = DER_DecodeTimeChoice(notBefore, &validity.notBefore);
-    if (rv) {
-        return(SECFailure);
-    }
-    
-    /* convert DER not-after time */
-    rv = DER_DecodeTimeChoice(notAfter, &validity.notAfter);
-    if (rv) {
-        return(SECFailure);
-    }
-
-    return(SECSuccess);
-}
-
-/*
- * is certa newer than certb?  If one is expired, pick the other one.
- */
-PRBool
-nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb)
-{
-    PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
-    SECStatus rv;
-    PRBool newerbefore, newerafter;
-    
-    rv = nsslowcert_GetCertTimes(certa, &notBeforeA, &notAfterA);
-    if ( rv != SECSuccess ) {
-	return(PR_FALSE);
-    }
-    
-    rv = nsslowcert_GetCertTimes(certb, &notBeforeB, &notAfterB);
-    if ( rv != SECSuccess ) {
-	return(PR_TRUE);
-    }
-
-    newerbefore = PR_FALSE;
-    if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
-	newerbefore = PR_TRUE;
-    }
-
-    newerafter = PR_FALSE;
-    if ( LL_CMP(notAfterA, >, notAfterB) ) {
-	newerafter = PR_TRUE;
-    }
-    
-    if ( newerbefore && newerafter ) {
-	return(PR_TRUE);
-    }
-    
-    if ( ( !newerbefore ) && ( !newerafter ) ) {
-	return(PR_FALSE);
-    }
-
-    /* get current time */
-    now = PR_Now();
-
-    if ( newerbefore ) {
-	/* cert A was issued after cert B, but expires sooner */
-	/* if A is expired, then pick B */
-	if ( LL_CMP(notAfterA, <, now ) ) {
-	    return(PR_FALSE);
-	}
-	return(PR_TRUE);
-    } else {
-	/* cert B was issued after cert A, but expires sooner */
-	/* if B is expired, then pick A */
-	if ( LL_CMP(notAfterB, <, now ) ) {
-	    return(PR_TRUE);
-	}
-	return(PR_FALSE);
-    }
-}
-
-#define SOFT_DEFAULT_CHUNKSIZE 2048
-
-
-static SECStatus
-nsslowcert_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
-			SECItem *key)
-{
-    unsigned int len = sn->len + issuer->len;
-
-
-    if (arena) {
-	key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-    } else {
-	if (len > key->len) {
-	    key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-	}
-    }
-    if ( !key->data ) {
-	goto loser;
-    }
-
-    key->len = len;
-    /* copy the serialNumber */
-    PORT_Memcpy(key->data, sn->data, sn->len);
-
-    /* copy the issuer */
-    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
-
-    return(SECSuccess);
-
-loser:
-    return(SECFailure);
-}
-
-
-
-/*
- * take a DER certificate and decode it into a certificate structure
- */
-NSSLOWCERTCertificate *
-nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname)
-{
-    NSSLOWCERTCertificate *cert;
-    int rv;
-
-    /* allocate the certificate structure */
-    cert = nsslowcert_CreateCert();
-    
-    if ( !cert ) {
-	goto loser;
-    }
-    
-	/* point to passed in DER data */
-    cert->derCert = *derSignedCert;
-    cert->nickname = NULL;
-    cert->certKey.data = NULL;
-    cert->referenceCount = 1;
-
-    /* decode the certificate info */
-    rv = nsslowcert_GetCertFields(cert->derCert.data, cert->derCert.len,
-	&cert->derIssuer, &cert->serialNumber, &cert->derSN, &cert->derSubject,
-	&cert->validity, &cert->derSubjKeyInfo);
-
-    /* cert->subjectKeyID;	 x509v3 subject key identifier */
-    cert->subjectKeyID.data = NULL;
-    cert->subjectKeyID.len = 0;
-    cert->dbEntry = NULL;
-    cert ->trust = NULL;
-
-    /* generate and save the database key for the cert */
-    cert->certKey.data = cert->certKeySpace;
-    cert->certKey.len = sizeof(cert->certKeySpace);
-    rv = nsslowcert_KeyFromIssuerAndSN(NULL, &cert->derIssuer, 
-					&cert->serialNumber, &cert->certKey);
-    if ( rv ) {
-	goto loser;
-    }
-
-    /* set the nickname */
-    if ( nickname == NULL ) {
-	cert->nickname = NULL;
-    } else {
-	/* copy and install the nickname */
-	cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace,
-				sizeof(cert->nicknameSpace));
-    }
-
-#ifdef FIXME
-    /* initialize the subjectKeyID */
-    rv = cert_GetKeyID(cert);
-    if ( rv != SECSuccess ) {
-	goto loser;
-    }
-
-    /* set the email address */
-    cert->emailAddr = CERT_GetCertificateEmailAddress(cert);
-    
-#endif
-    
-    cert->referenceCount = 1;
-    
-    return(cert);
-    
-loser:
-    if (cert) {
-	nsslowcert_DestroyCertificate(cert);
-    }
-    
-    return(0);
-}
-
-char *
-nsslowcert_FixupEmailAddr(char *emailAddr)
-{
-    char *retaddr;
-    char *str;
-
-    if ( emailAddr == NULL ) {
-	return(NULL);
-    }
-    
-    /* copy the string */
-    str = retaddr = PORT_Strdup(emailAddr);
-    if ( str == NULL ) {
-	return(NULL);
-    }
-    
-    /* make it lower case */
-    while ( *str ) {
-	*str = tolower( *str );
-	str++;
-    }
-    
-    return(retaddr);
-}
-
-
-/*
- * Generate a database key, based on serial number and issuer, from a
- * DER certificate.
- */
-SECStatus
-nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key)
-{
-    int rv;
-    NSSLOWCERTCertKey certkey;
-
-    PORT_Memset(&certkey, 0, sizeof(NSSLOWCERTCertKey));    
-
-    rv = nsslowcert_GetCertFields(derCert->data, derCert->len,
-	&certkey.derIssuer, &certkey.serialNumber, NULL, NULL, NULL, NULL);
-
-    if ( rv ) {
-	goto loser;
-    }
-
-    return(nsslowcert_KeyFromIssuerAndSN(arena, &certkey.derIssuer,
-				   &certkey.serialNumber, key));
-loser:
-    return(SECFailure);
-}
-
-NSSLOWKEYPublicKey *
-nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
-{
-    NSSLOWCERTSubjectPublicKeyInfo spki;
-    NSSLOWKEYPublicKey *pubk;
-    SECItem os;
-    SECStatus rv;
-    PRArenaPool *arena;
-    SECOidTag tag;
-    SECItem newDerSubjKeyInfo;
-
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL)
-        return NULL;
-
-    pubk = (NSSLOWKEYPublicKey *) 
-		PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey));
-    if (pubk == NULL) {
-        PORT_FreeArena (arena, PR_FALSE);
-        return NULL;
-    }
-
-    pubk->arena = arena;
-    PORT_Memset(&spki,0,sizeof(spki));
-
-    /* copy the DER into the arena, since Quick DER returns data that points
-       into the DER input, which may get freed by the caller */
-    rv = SECITEM_CopyItem(arena, &newDerSubjKeyInfo, &cert->derSubjKeyInfo);
-    if ( rv != SECSuccess ) {
-        PORT_FreeArena (arena, PR_FALSE);
-        return NULL;
-    }
-
-    /* we haven't bothered decoding the spki struct yet, do it now */
-    rv = SEC_QuickDERDecodeItem(arena, &spki, 
-		nsslowcert_SubjectPublicKeyInfoTemplate, &newDerSubjKeyInfo);
-    if (rv != SECSuccess) {
- 	PORT_FreeArena (arena, PR_FALSE);
- 	return NULL;
-    }
-
-    /* Convert bit string length from bits to bytes */
-    os = spki.subjectPublicKey;
-    DER_ConvertBitString (&os);
-
-    tag = SECOID_GetAlgorithmTag(&spki.algorithm);
-    switch ( tag ) {
-      case SEC_OID_X500_RSA_ENCRYPTION:
-      case SEC_OID_PKCS1_RSA_ENCRYPTION:
-        pubk->keyType = NSSLOWKEYRSAKey;
-        prepare_low_rsa_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk, 
-				nsslowcert_RSAPublicKeyTemplate, &os);
-        if (rv == SECSuccess)
-            return pubk;
-        break;
-      case SEC_OID_ANSIX9_DSA_SIGNATURE:
-        pubk->keyType = NSSLOWKEYDSAKey;
-        prepare_low_dsa_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk,
-				 nsslowcert_DSAPublicKeyTemplate, &os);
-        if (rv == SECSuccess) return pubk;
-        break;
-      case SEC_OID_X942_DIFFIE_HELMAN_KEY:
-        pubk->keyType = NSSLOWKEYDHKey;
-        prepare_low_dh_pub_key_for_asn1(pubk);
-        rv = SEC_QuickDERDecodeItem(arena, pubk,
-				 nsslowcert_DHPublicKeyTemplate, &os);
-        if (rv == SECSuccess) return pubk;
-        break;
-#ifdef NSS_ENABLE_ECC
-      case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
-        pubk->keyType = NSSLOWKEYECKey;
-	/* Since PKCS#11 directly takes the DER encoding of EC params
-	 * and public value, we don't need any decoding here.
-	 */
-        rv = SECITEM_CopyItem(arena, &pubk->u.ec.ecParams.DEREncoding, 
-	    &spki.algorithm.parameters);
-        if ( rv != SECSuccess )
-            break;	
-
-	/* Fill out the rest of the ecParams structure 
-	 * based on the encoded params
-	 */
-	if (EC_FillParams(arena, &pubk->u.ec.ecParams.DEREncoding,
-	    &pubk->u.ec.ecParams) != SECSuccess) 
-	    break;
-
-        rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
-	if (rv == SECSuccess) return pubk;
-        break;
-#endif /* NSS_ENABLE_ECC */
-      default:
-        rv = SECFailure;
-        break;
-    }
-
-    nsslowkey_DestroyPublicKey (pubk);
-    return NULL;
-}
-

mozilla/security/nss/lib/softoken/lowkey.c

@@ -1,492 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "lowkeyi.h"
-#include "secoid.h"
-#include "secitem.h"
-#include "secder.h"
-#include "base64.h"
-#include "secasn1.h"
-#include "pcert.h"
-#include "secerr.h"
-
-#ifdef NSS_ENABLE_ECC
-extern SECStatus EC_CopyParams(PRArenaPool *arena, 
-			       ECParams *dstParams,
-			       const ECParams *srcParams);
-#endif
-
-const SEC_ASN1Template nsslowkey_PQGParamsTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
-    { 0, }
-};
-
-const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.version) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.modulus) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.publicExponent) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.privateExponent) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime1) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.prime2) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent1) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.exponent2) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.rsa.coefficient) },
-    { 0 }                                                                     
-};                                                                            
-
-
-const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.publicValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
-    { 0, }
-};
-
-const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dsa.privateValue) },
-};
-
-const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.publicValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.privateValue) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.base) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.dh.prime) },
-    { 0, }
-};
-
-#ifdef NSS_ENABLE_ECC
-
-/* XXX This is just a placeholder for later when we support
- * generic curves and need full-blown support for parsing EC
- * parameters. For now, we only support named curves in which
- * EC params are simply encoded as an object ID and we don't
- * use nsslowkey_ECParamsTemplate.
- */
-const SEC_ASN1Template nsslowkey_ECParamsTemplate[] = {
-    { SEC_ASN1_CHOICE, offsetof(ECParams,type), NULL, sizeof(ECParams) },
-    { SEC_ASN1_OBJECT_ID, offsetof(ECParams,curveOID), NULL, ec_params_named },
-    { 0, }
-};
-
-
-/* NOTE: The SECG specification allows the private key structure
- * to contain curve parameters but recommends that they be stored
- * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
- * instead.
- */
-const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
-    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey,u.ec.version) },
-    { SEC_ASN1_OCTET_STRING, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.privateValue) },
-    /* XXX The following template works for now since we only
-     * support named curves for which the parameters are
-     * encoded as an object ID. When we support generic curves,
-     * we'll need to define nsslowkey_ECParamsTemplate
-     */
-#if 1
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams.curveOID), 
-      SEC_ObjectIDTemplate }, 
-#else
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.ecParams), 
-      nsslowkey_ECParamsTemplate }, 
-#endif
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 1, 
-      offsetof(NSSLOWKEYPrivateKey,u.ec.publicValue),
-      SEC_BitStringTemplate }, 
-    { 0, }
-};
-#endif /* NSS_ENABLE_ECC */
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-
-void
-prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.rsa.modulus.type = siUnsignedInteger;
-    key->u.rsa.publicExponent.type = siUnsignedInteger;
-    key->u.rsa.privateExponent.type = siUnsignedInteger;
-    key->u.rsa.prime1.type = siUnsignedInteger;
-    key->u.rsa.prime2.type = siUnsignedInteger;
-    key->u.rsa.exponent1.type = siUnsignedInteger;
-    key->u.rsa.exponent2.type = siUnsignedInteger;
-    key->u.rsa.coefficient.type = siUnsignedInteger;
-}
-
-void
-prepare_low_pqg_params_for_asn1(PQGParams *params)
-{
-    params->prime.type = siUnsignedInteger;
-    params->subPrime.type = siUnsignedInteger;
-    params->base.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dsa.publicValue.type = siUnsignedInteger;
-    key->u.dsa.privateValue.type = siUnsignedInteger;
-    key->u.dsa.params.prime.type = siUnsignedInteger;
-    key->u.dsa.params.subPrime.type = siUnsignedInteger;
-    key->u.dsa.params.base.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dsa.privateValue.type = siUnsignedInteger;
-}
-
-void
-prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.dh.prime.type = siUnsignedInteger;
-    key->u.dh.base.type = siUnsignedInteger;
-    key->u.dh.publicValue.type = siUnsignedInteger;
-    key->u.dh.privateValue.type = siUnsignedInteger;
-}
-
-#ifdef NSS_ENABLE_ECC
-void
-prepare_low_ecparams_for_asn1(ECParams *params)
-{
-    params->DEREncoding.type = siUnsignedInteger;
-    params->curveOID.type = siUnsignedInteger;
-}
-
-void
-prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
-{
-    key->u.ec.version.type = siUnsignedInteger;
-    key->u.ec.ecParams.DEREncoding.type = siUnsignedInteger;
-    key->u.ec.ecParams.curveOID.type = siUnsignedInteger;
-    key->u.ec.privateValue.type = siUnsignedInteger;
-    key->u.ec.publicValue.type = siUnsignedInteger;
-}
-#endif /* NSS_ENABLE_ECC */
-
-void
-nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
-{
-    if (privk && privk->arena) {
-	PORT_FreeArena(privk->arena, PR_TRUE);
-    }
-}
-
-void
-nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *pubk)
-{
-    if (pubk && pubk->arena) {
-	PORT_FreeArena(pubk->arena, PR_FALSE);
-    }
-}
-unsigned
-nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
-{
-    unsigned char b0;
-
-    /* interpret modulus length as key strength... in
-     * fortezza that's the public key length */
-
-    switch (pubk->keyType) {
-    case NSSLOWKEYRSAKey:
-    	b0 = pubk->u.rsa.modulus.data[0];
-    	return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
-    default:
-	break;
-    }
-    return 0;
-}
-
-unsigned
-nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privk)
-{
-
-    unsigned char b0;
-
-    switch (privk->keyType) {
-    case NSSLOWKEYRSAKey:
-	b0 = privk->u.rsa.modulus.data[0];
-	return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
-    default:
-	break;
-    }
-    return 0;
-}
-
-NSSLOWKEYPublicKey *
-nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
-{
-    NSSLOWKEYPublicKey *pubk;
-    PLArenaPool *arena;
-
-
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) {
-        PORT_SetError (SEC_ERROR_NO_MEMORY);
-        return NULL;
-    }
-
-    switch(privk->keyType) {
-      case NSSLOWKEYRSAKey:
-      case NSSLOWKEYNullKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						sizeof (NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    if (privk->keyType == NSSLOWKEYNullKey) return pubk;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
-				  &privk->u.rsa.modulus);
-	    if (rv == SECSuccess) {
-		rv = SECITEM_CopyItem (arena, &pubk->u.rsa.publicExponent,
-				       &privk->u.rsa.publicExponent);
-		if (rv == SECSuccess)
-		    return pubk;
-	    }
-	    nsslowkey_DestroyPublicKey (pubk);
-	} else {
-	    PORT_SetError (SEC_ERROR_NO_MEMORY);
-	}
-	break;
-      case NSSLOWKEYDSAKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
-				  &privk->u.dsa.publicValue);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
-				  &privk->u.dsa.params.prime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
-				  &privk->u.dsa.params.subPrime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
-				  &privk->u.dsa.params.base);
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-      case NSSLOWKEYDHKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
-				  &privk->u.dh.publicValue);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
-				  &privk->u.dh.prime);
-	    if (rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
-				  &privk->u.dh.base);
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-#ifdef NSS_ENABLE_ECC
-      case NSSLOWKEYECKey:
-	pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
-						    sizeof(NSSLOWKEYPublicKey));
-	if (pubk != NULL) {
-	    SECStatus rv;
-
-	    pubk->arena = arena;
-	    pubk->keyType = privk->keyType;
-	    rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
-				  &privk->u.ec.publicValue);
-	    if (rv != SECSuccess) break;
-	    pubk->u.ec.ecParams.arena = arena;
-	    /* Copy the rest of the params */
-	    rv = EC_CopyParams(arena, &(pubk->u.ec.ecParams),
-			       &(privk->u.ec.ecParams));
-	    if (rv == SECSuccess) return pubk;
-	}
-	break;
-#endif /* NSS_ENABLE_ECC */
-	/* No Fortezza in Low Key implementations (Fortezza keys aren't
-	 * stored in our data base */
-    default:
-	break;
-    }
-
-    PORT_FreeArena (arena, PR_FALSE);
-    return NULL;
-}
-
-NSSLOWKEYPrivateKey *
-nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
-{
-    NSSLOWKEYPrivateKey *returnKey = NULL;
-    SECStatus rv = SECFailure;
-    PLArenaPool *poolp;
-
-    if(!privKey) {
-	return NULL;
-    }
-
-    poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if(!poolp) {
-	return NULL;
-    }
-
-    returnKey = (NSSLOWKEYPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(NSSLOWKEYPrivateKey));
-    if(!returnKey) {
-	rv = SECFailure;
-	goto loser;
-    }
-
-    returnKey->keyType = privKey->keyType;
-    returnKey->arena = poolp;
-
-    switch(privKey->keyType) {
-	case NSSLOWKEYRSAKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus), 
-	    				&(privKey->u.rsa.modulus));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version), 
-	    				&(privKey->u.rsa.version));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent), 
-	    				&(privKey->u.rsa.publicExponent));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent), 
-	    				&(privKey->u.rsa.privateExponent));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1), 
-	    				&(privKey->u.rsa.prime1));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2), 
-	    				&(privKey->u.rsa.prime2));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1), 
-	    				&(privKey->u.rsa.exponent1));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2), 
-	    				&(privKey->u.rsa.exponent2));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient), 
-	    				&(privKey->u.rsa.coefficient));
-	    if(rv != SECSuccess) break;
-	    break;
-	case NSSLOWKEYDSAKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
-	    				&(privKey->u.dsa.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
-	    				&(privKey->u.dsa.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.dsa.params.arena = poolp;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
-					&(privKey->u.dsa.params.prime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
-					&(privKey->u.dsa.params.subPrime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
-					&(privKey->u.dsa.params.base));
-	    if(rv != SECSuccess) break;
-	    break;
-	case NSSLOWKEYDHKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
-	    				&(privKey->u.dh.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
-	    				&(privKey->u.dh.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.dsa.params.arena = poolp;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
-					&(privKey->u.dh.prime));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
-					&(privKey->u.dh.base));
-	    if(rv != SECSuccess) break;
-	    break;
-#ifdef NSS_ENABLE_ECC
-	case NSSLOWKEYECKey:
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
-	    				&(privKey->u.ec.version));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.publicValue),
-	    				&(privKey->u.ec.publicValue));
-	    if(rv != SECSuccess) break;
-	    rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.privateValue),
-	    				&(privKey->u.ec.privateValue));
-	    if(rv != SECSuccess) break;
-	    returnKey->u.ec.ecParams.arena = poolp;
-	    /* Copy the rest of the params */
-	    rv = EC_CopyParams(poolp, &(returnKey->u.ec.ecParams),
-			       &(privKey->u.ec.ecParams));
-	    if (rv != SECSuccess) break;
-	    break;
-#endif /* NSS_ENABLE_ECC */
-	default:
-	    rv = SECFailure;
-    }
-
-loser:
-
-    if(rv != SECSuccess) {
-	PORT_FreeArena(poolp, PR_TRUE);
-	returnKey = NULL;
-    }
-
-    return returnKey;
-}

mozilla/security/nss/lib/softoken/lowkeyi.h

@@ -1,274 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: lowkeyi.h,v 1.10 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
-
-#ifndef _LOWKEYI_H_
-#define _LOWKEYI_H_
-
-#include "prtypes.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "pcertt.h"
-#include "lowkeyti.h"
-
-SEC_BEGIN_PROTOS
-
-/*
- * See bugzilla bug 125359
- * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
- * all of the templates above that en/decode into integers must be converted
- * from ASN.1's signed integer type.  This is done by marking either the
- * source or destination (encoding or decoding, respectively) type as
- * siUnsignedInteger.
- */
-extern void prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
-extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-#ifdef NSS_ENABLE_ECC
-extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-extern void prepare_low_ecparams_for_asn1(ECParams *params);
-#endif /* NSS_ENABLE_ECC */
-
-typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
-    
-/*
-** Open a key database.
-*/
-extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
-					   const char *domain,
-					   const char *prefix,
-					   NSSLOWKEYDBNameFunc namecb,
-					   void *cbarg);
-
-
-/*
- * Clear out all the keys in the existing database
- */
-extern SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle);
-
-/*
-** Close the specified key database.
-*/
-extern void nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle);
-
-/*
- * Get the version number of the database
- */
-extern int nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle);
-
-/*
-** Support a default key database.
-*/
-extern void nsslowkey_SetDefaultKeyDB(NSSLOWKEYDBHandle *handle);
-extern NSSLOWKEYDBHandle *nsslowkey_GetDefaultKeyDB(void);
-
-/* set the alg id of the key encryption algorithm */
-extern void nsslowkey_SetDefaultKeyDBAlg(SECOidTag alg);
-
-/*
- * given a password and salt, produce a hash of the password
- */
-extern SECItem *nsslowkey_HashPassword(char *pw, SECItem *salt);
-
-/*
- * Derive the actual password value for a key database from the
- * password string value.  The derivation uses global salt value
- * stored in the key database.
- */
-extern SECItem *
-nsslowkey_DeriveKeyDBPassword(NSSLOWKEYDBHandle *handle, char *pw);
-
-/*
-** Delete a key from the database
-*/
-extern SECStatus nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle, 
-				  SECItem *pubkey);
-
-/*
-** Store a key in the database, indexed by its public key modulus.
-**	"pk" is the private key to store
-**	"f" is a the callback function for getting the password
-**	"arg" is the argument for the callback
-*/
-extern SECStatus nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle, 
-					    NSSLOWKEYPrivateKey *pk,
-					    SECItem *pubKeyData,
-					    char *nickname,
-					    SECItem *arg);
-
-/* does the key for this cert exist in the database filed by modulus */
-extern PRBool nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle,
-					 NSSLOWCERTCertificate *cert);
-/* does a key with this ID already exist? */
-extern PRBool nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id);
-
-
-extern SECStatus nsslowkey_HasKeyDBPassword(NSSLOWKEYDBHandle *handle);
-extern SECStatus nsslowkey_SetKeyDBPassword(NSSLOWKEYDBHandle *handle,
-				     SECItem *pwitem);
-extern SECStatus nsslowkey_CheckKeyDBPassword(NSSLOWKEYDBHandle *handle,
-					   SECItem *pwitem);
-extern SECStatus nsslowkey_ChangeKeyDBPassword(NSSLOWKEYDBHandle *handle,
-					    SECItem *oldpwitem,
-					    SECItem *newpwitem);
-
-/*
-** Destroy a private key object.
-**	"key" the object
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
-
-/*
-** Destroy a public key object.
-**	"key" the object
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
-
-/*
-** Return the modulus length of "pubKey".
-*/
-extern unsigned int nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubKey);
-
-
-/*
-** Return the modulus length of "privKey".
-*/
-extern unsigned int nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privKey);
-
-
-/*
-** Convert a low private key "privateKey" into a public low key
-*/
-extern NSSLOWKEYPublicKey 
-		*nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
-
-/*
- * Set the Key Database password.
- *   handle is a handle to the key database
- *   pwitem is the new password
- *   algorithm is the algorithm by which the key database 
- *   	password is to be encrypted.
- * On failure, SECFailure is returned, otherwise SECSuccess is 
- * returned.
- */
-extern SECStatus 
-nsslowkey_SetKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-			SECItem *pwitem, 
-			SECOidTag algorithm);
-
-/* Check the key database password.
- *   handle is a handle to the key database
- *   pwitem is the suspect password
- *   algorithm is the algorithm by which the key database 
- *   	password is to be encrypted.
- * The password is checked against plaintext to see if it is the
- * actual password.  If it is not, SECFailure is returned.
- */
-extern SECStatus 
-nsslowkey_CheckKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-				SECItem *pwitem, 
-				SECOidTag algorithm);
-
-/* Change the key database password and/or algorithm by which
- * the password is stored with.  
- *   handle is a handle to the key database
- *   old_pwitem is the current password
- *   new_pwitem is the new password
- *   old_algorithm is the algorithm by which the key database 
- *   	password is currently encrypted.
- *   new_algorithm is the algorithm with which the new password
- *      is to be encrypted.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus 
-nsslowkey_ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
-			      SECItem *oldpwitem, SECItem *newpwitem,
-			      SECOidTag old_algorithm);
-
-SECStatus
-nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
-                           NSSLOWKEYPrivateKey *privkey,
-                           SECItem *pubKeyData,
-                           char *nickname,
-                           SECItem *arg);
-
-/* Store key by modulus and specify an encryption algorithm to use.
- *   handle is the pointer to the key database,
- *   privkey is the private key to be stored,
- *   f and arg are the function and arguments to the callback
- *       to get a password,
- *   algorithm is the algorithm which the privKey is to be stored.
- * A return of anything but SECSuccess indicates failure.
- */
-extern SECStatus 
-nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle, 
-			      NSSLOWKEYPrivateKey *privkey, 
-			      SECItem *pubKeyData,
-			      char *nickname,
-			      SECItem *arg,
-			      SECOidTag algorithm,
-                              PRBool update); 
-
-/* Find key by modulus.  This function is the inverse of store key
- * by modulus.  An attempt to locate the key with "modulus" is 
- * performed.  If the key is found, the private key is returned,
- * else NULL is returned.
- *   modulus is the modulus to locate
- */
-extern NSSLOWKEYPrivateKey *
-nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, 
-			  SECItem *arg);
-
-extern char *
-nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
-                                        SECItem *modulus, SECItem *pwitem);
-
-
-/* Make a copy of a low private key in it's own arena.
- * a return of NULL indicates an error.
- */
-extern NSSLOWKEYPrivateKey *
-nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey);
-
-
-SEC_END_PROTOS
-
-#endif /* _LOWKEYI_H_ */

mozilla/security/nss/lib/softoken/lowkeyti.h

@@ -1,163 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef _LOWKEYTI_H_
-#define _LOWKEYTI_H_ 1
-
-#include "blapit.h"
-#include "prtypes.h"
-#include "plarena.h"
-#include "secitem.h"
-#include "secasn1t.h"
-#include "secoidt.h"
-/*#include "secmodt.h"
-#include "pkcs11t.h" */
-
-
-/*
- * a key in/for the data base
- */
-struct NSSLOWKEYDBKeyStr {
-    PLArenaPool *arena;
-    int version;
-    char *nickname;
-    SECItem salt;
-    SECItem derPK;
-};
-typedef struct NSSLOWKEYDBKeyStr NSSLOWKEYDBKey;
-
-typedef struct NSSLOWKEYDBHandleStr NSSLOWKEYDBHandle;
-
-#ifdef NSS_USE_KEY4_DB
-#define NSSLOWKEY_DB_FILE_VERSION 4
-#else
-#define NSSLOWKEY_DB_FILE_VERSION 3
-#endif
-
-#define NSSLOWKEY_VERSION	    0	/* what we *create* */
-
-/*
-** Typedef for callback to get a password "key".
-*/
-extern const SEC_ASN1Template nsslowkey_PQGParamsTemplate[];
-extern const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
-extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
-extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
-#ifdef NSS_ENABLE_ECC
-#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION   1  /* as per SECG 1 C.4 */
-extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[];
-extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
-#endif /* NSS_ENABLE_ECC */
-
-extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
-extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
-
-/*
- * PKCS #8 attributes
- */
-struct NSSLOWKEYAttributeStr {
-    SECItem attrType;
-    SECItem *attrValue;
-};
-typedef struct NSSLOWKEYAttributeStr NSSLOWKEYAttribute;
-
-/*
-** A PKCS#8 private key info object
-*/
-struct NSSLOWKEYPrivateKeyInfoStr {
-    PLArenaPool *arena;
-    SECItem version;
-    SECAlgorithmID algorithm;
-    SECItem privateKey;
-    NSSLOWKEYAttribute **attributes;
-};
-typedef struct NSSLOWKEYPrivateKeyInfoStr NSSLOWKEYPrivateKeyInfo;
-#define NSSLOWKEY_PRIVATE_KEY_INFO_VERSION	0	/* what we *create* */
-
-/*
-** A PKCS#8 private key info object
-*/
-struct NSSLOWKEYEncryptedPrivateKeyInfoStr {
-    PLArenaPool *arena;
-    SECAlgorithmID algorithm;
-    SECItem encryptedData;
-};
-typedef struct NSSLOWKEYEncryptedPrivateKeyInfoStr NSSLOWKEYEncryptedPrivateKeyInfo;
-
-
-typedef enum { 
-    NSSLOWKEYNullKey = 0, 
-    NSSLOWKEYRSAKey = 1, 
-    NSSLOWKEYDSAKey = 2, 
-    NSSLOWKEYDHKey = 4,
-    NSSLOWKEYECKey = 5
-} NSSLOWKEYType;
-
-/*
-** An RSA public key object.
-*/
-struct NSSLOWKEYPublicKeyStr {
-    PLArenaPool *arena;
-    NSSLOWKEYType keyType ;
-    union {
-        RSAPublicKey rsa;
-	DSAPublicKey dsa;
-	DHPublicKey  dh;
-	ECPublicKey  ec;
-    } u;
-};
-typedef struct NSSLOWKEYPublicKeyStr NSSLOWKEYPublicKey;
-
-/*
-** Low Level private key object
-** This is only used by the raw Crypto engines (crypto), keydb (keydb),
-** and PKCS #11. Everyone else uses the high level key structure.
-*/
-struct NSSLOWKEYPrivateKeyStr {
-    PLArenaPool *arena;
-    NSSLOWKEYType keyType;
-    union {
-        RSAPrivateKey rsa;
-	DSAPrivateKey dsa;
-	DHPrivateKey  dh;
-	ECPrivateKey  ec;
-    } u;
-};
-typedef struct NSSLOWKEYPrivateKeyStr NSSLOWKEYPrivateKey;
-
-#endif	/* _LOWKEYTI_H_ */

mozilla/security/nss/lib/softoken/lowpbe.h

@@ -1,135 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _SECPKCS5_H_
-#define _SECPKCS5_H_
-
-#include "plarena.h"
-#include "secitem.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "hasht.h"
-
-typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
-
-/* used for V2 PKCS 12 Draft Spec */ 
-typedef enum {
-    pbeBitGenIDNull = 0,
-    pbeBitGenCipherKey = 0x01,
-    pbeBitGenCipherIV = 0x02,
-    pbeBitGenIntegrityKey = 0x03
-} PBEBitGenID;
-
-typedef enum {
-    NSSPKCS5_PBKDF1 = 0,
-    NSSPKCS5_PBKDF2 = 1,
-    NSSPKCS5_PKCS12_V2 = 2
-} NSSPKCS5PBEType;
-
-typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
-
-struct NSSPKCS5PBEParameterStr {
-    PRArenaPool *poolp;
-    SECItem	salt;		/* octet string */
-    SECItem	iteration;	/* integer */
-
-    /* used locally */
-    int		iter;
-    int 	keyLen;
-    int		ivLen;
-    HASH_HashType hashType;
-    NSSPKCS5PBEType pbeType;
-    PBEBitGenID	keyID;
-    SECOidTag	encAlg;
-    PRBool	is2KeyDES;
-};
-
-
-SEC_BEGIN_PROTOS
-/* Create a PKCS5 Algorithm ID
- * The algorithm ID is set up using the PKCS #5 parameter structure
- *  algorithm is the PBE algorithm ID for the desired algorithm
- *  pbe is a pbe param block with all the info needed to create the 
- *   algorithm id.
- * If an error occurs or the algorithm specified is not supported 
- * or is not a password based encryption algorithm, NULL is returned.
- * Otherwise, a pointer to the algorithm id is returned.
- */
-extern SECAlgorithmID *
-nsspkcs5_CreateAlgorithmID(PRArenaPool *arena, SECOidTag algorithm, 
-						NSSPKCS5PBEParameter *pbe);
-
-/*
- * Convert an Algorithm ID to a PBE Param.
- * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
- * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
- */
-NSSPKCS5PBEParameter *
-nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
-
-/*
- * Convert an Algorithm ID to a PBE Param.
- * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
- * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
- */
-NSSPKCS5PBEParameter *
-nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator);
-
-
-/* Encrypt/Decrypt data using password based encryption.  
- *  algid is the PBE algorithm identifier,
- *  pwitem is the password,
- *  src is the source for encryption/decryption,
- *  encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
- * The key and iv are generated based upon PKCS #5 then the src
- * is either encrypted or decrypted.  If an error occurs, NULL
- * is returned, otherwise the ciphered contents is returned.
- */
-extern SECItem *
-nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
-		    SECItem *src, PRBool encrypt, PRBool *update);
-
-extern SECItem *
-nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
-		    			SECItem *iv, PRBool faulty3DES);
-
-/* Destroys PBE parameter */
-extern void
-nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
-
-SEC_END_PROTOS
-
-#endif

mozilla/security/nss/lib/softoken/manifest.mn

@@ -1,89 +0,0 @@
-# 
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-MODULE = nss
-
-REQUIRES = dbm
-
-LIBRARY_NAME = softokn
-LIBRARY_VERSION = 3
-MAPFILE = $(OBJDIR)/softokn.def
-
-DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
-
-
-EXPORTS = \
-	pkcs11.h \
-	pkcs11f.h \
-	pkcs11p.h \
-	pkcs11t.h \
-	pkcs11n.h \
-	pkcs11u.h \
-	$(NULL)
-
-PRIVATE_EXPORTS = \
-	pk11pars.h \
-	$(NULL)
-
-CSRCS = \
-	alghmac.c \
-	dbinit.c \
-	dbmshim.c \
-	ecdecode.c \
-	fipstest.c \
-	fipstokn.c \
-	keydb.c    \
-	lowcert.c  \
-	lowkey.c   \
-	lowpbe.c   \
-	padbuf.c   \
-	pcertdb.c \
-	pk11db.c \
-	pkcs11.c   \
-	pkcs11c.c  \
-	pkcs11u.c  \
-	rawhash.c \
-	rsawrapr.c  \
-	softkver.c  \
-	tlsprf.c   \
-	$(NULL)
-
-ifdef NSS_ENABLE_ECC
-DEFINES += -DNSS_ENABLE_ECC
-endif
-

mozilla/security/nss/lib/softoken/padbuf.c

@@ -1,80 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "blapit.h"
-#include "secport.h"
-#include "secerr.h"
-
-/*
- * Prepare a buffer for DES encryption, growing to the appropriate boundary,
- * filling with the appropriate padding.
- *
- * NOTE: If arena is non-NULL, we re-allocate from there, otherwise
- * we assume (and use) XP memory (re)allocation.
- */
-unsigned char *
-DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, unsigned int inlen,
-	      unsigned int *outlen)
-{
-    unsigned char *outbuf;
-    unsigned int   des_len;
-    unsigned int   i;
-    unsigned char  des_pad_len;
-
-    /*
-     * We need from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
-     * The extra bytes contain the value of the length of the padding:
-     * if we have 2 bytes of padding, then the padding is "0x02, 0x02".
-     */
-    des_len = (inlen + DES_KEY_LENGTH) & ~(DES_KEY_LENGTH - 1);
-
-    if (arena != NULL) {
-	outbuf = (unsigned char*)PORT_ArenaGrow (arena, inbuf, inlen, des_len);
-    } else {
-	outbuf = (unsigned char*)PORT_Realloc (inbuf, des_len);
-    }
-
-    if (outbuf == NULL) {
-	PORT_SetError (SEC_ERROR_NO_MEMORY);
-	return NULL;
-    }
-
-    des_pad_len = des_len - inlen;
-    for (i = inlen; i < des_len; i++)
-	outbuf[i] = des_pad_len;
-
-    *outlen = des_len;
-    return outbuf;
-}

mozilla/security/nss/lib/softoken/pcert.h

@@ -1,246 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _PCERTDB_H_
-#define _PCERTDB_H_
-
-#include "plarena.h"
-#include "prlong.h"
-#include "pcertt.h"
-
-SEC_BEGIN_PROTOS
-
-/*
-** Add a DER encoded certificate to the permanent database.
-**	"derCert" is the DER encoded certificate.
-**	"nickname" is the nickname to use for the cert
-**	"trust" is the trust parameters for the cert
-*/
-SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, 
-			NSSLOWCERTCertificate *cert,
-				char *nickname, NSSLOWCERTCertTrust *trust);
-SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
-				NSSLOWCERTCertificate *cert, char *nickname);
-
-SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
-
-typedef SECStatus (PR_CALLBACK * PermCertCallback)(NSSLOWCERTCertificate *cert,
-                                                   SECItem *k, void *pdata);
-/*
-** Traverse the entire permanent database, and pass the certs off to a
-** user supplied function.
-**	"certfunc" is the user function to call for each certificate
-**	"udata" is the user's data, which is passed through to "certfunc"
-*/
-SECStatus
-nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
-		      PermCertCallback certfunc,
-		      void *udata );
-
-PRBool
-nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
-
-certDBEntryRevocation *
-nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
-					 SECItem *crlKey, PRBool isKRL);
-
-SECStatus
-nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
-								PRBool isKRL);
-SECStatus
-nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl ,
-				SECItem *derKey, char *url, PRBool isKRL);
-
-NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
-NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
-
-NSSLOWCERTCertificate *
-nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
-                        char *nickname, PRBool isperm, PRBool copyDER);
-NSSLOWCERTCertificate *
-nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
-void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
-void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
-
-/*
- * Lookup a certificate in the databases without locking
- *	"certKey" is the database key to look for
- *
- * XXX - this should be internal, but pkcs 11 needs to call it during a
- * traversal.
- */
-NSSLOWCERTCertificate *
-nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
-
-/*
- * Lookup trust for a certificate in the databases without locking
- *	"certKey" is the database key to look for
- *
- * XXX - this should be internal, but pkcs 11 needs to call it during a
- * traversal.
- */
-NSSLOWCERTTrust *
-nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey);
-
-/*
-** Generate a certificate key from the issuer and serialnumber, then look it
-** up in the database.  Return the cert if found.
-**	"issuerAndSN" is the issuer and serial number to look for
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
-
-/*
-** Generate a certificate key from the issuer and serialnumber, then look it
-** up in the database.  Return the cert if found.
-**	"issuerAndSN" is the issuer and serial number to look for
-*/
-extern NSSLOWCERTTrust *
-nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
-
-/*
-** Find a certificate in the database by a DER encoded certificate
-**	"derCert" is the DER encoded certificate
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
-
-/* convert an email address to lower case */
-char *nsslowcert_FixupEmailAddr(char *emailAddr);
-
-/*
-** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
-**      "derSignedCert" is the DER encoded signed certificate
-**      "copyDER" is true if the DER should be copied, false if the
-**              existing copy should be referenced
-**      "nickname" is the nickname to use in the database.  If it is NULL
-**              then a temporary nickname is generated.
-*/
-extern NSSLOWCERTCertificate *
-nsslowcert_DecodeDERCertificate (SECItem *derSignedCert, char *nickname);
-
-SECStatus
-nsslowcert_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key);
-
-certDBEntrySMime *
-nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
-							 char *emailAddr);
-void
-nsslowcert_DestroyDBEntry(certDBEntry *entry);
-
-SECStatus
-nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
-		const char *domain, const char *prefix,
-                NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
-
-void
-nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
-
-/*
- * is certa newer than certb?  If one is expired, pick the other one.
- */
-PRBool
-nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
-
-
-SECStatus
-nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
-		      certDBEntryType type,
-		      SECStatus (* callback)(SECItem *data, SECItem *key,
-					    certDBEntryType type, void *pdata),
-		      void *udata );
-SECStatus
-nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
-				 SECItem *derSubject,
-				 NSSLOWCERTCertCallback cb, void *cbarg);
-int
-nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
-							 SECItem *derSubject);
-SECStatus
-nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
-	 	char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
-
-int
-nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle, 
-							char *nickname);
-SECStatus
-nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
-					 NSSLOWCERTCertTrust *trust);
-
-SECStatus
-nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, 
-	SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
-
-/*
- * Change the trust attributes of a certificate and make them permanent
- * in the database.
- */
-SECStatus
-nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, 
-	  	NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
-
-PRBool
-nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
-
-void
-nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
-
-PRBool
-nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
-
-void
-nsslowcert_DestroyFreeLists(void);
-
-void
-nsslowcert_DestroyGlobalLocks(void);
-
-void
-pkcs11_freeNickname(char *nickname, char *space);
-
-char *
-pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
-
-void
-pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
-
-unsigned char *
-pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
-						int spaceLen);
-NSSLOWCERTCertificate *
-nsslowcert_CreateCert(void);
-SEC_END_PROTOS
-
- #endif /* _PCERTDB_H_ */

mozilla/security/nss/lib/softoken/pcertt.h

@@ -1,446 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * certt.h - public data structures for the certificate library
- *
- * $Id: pcertt.h,v 1.13 2004-04-25 15:03:16 gerv%gerv.net Exp $
- */
-#ifndef _PCERTT_H_
-#define _PCERTT_H_
-
-#include "prclist.h"
-#include "pkcs11t.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "plarena.h"
-#include "prcvar.h"
-#include "nssilock.h"
-#include "prio.h"
-#include "prmon.h"
-
-/* Non-opaque objects */
-typedef struct NSSLOWCERTCertDBHandleStr               NSSLOWCERTCertDBHandle;
-typedef struct NSSLOWCERTCertKeyStr                    NSSLOWCERTCertKey;
-
-typedef struct NSSLOWCERTTrustStr                      NSSLOWCERTTrust;
-typedef struct NSSLOWCERTCertTrustStr                  NSSLOWCERTCertTrust;
-typedef struct NSSLOWCERTCertificateStr                NSSLOWCERTCertificate;
-typedef struct NSSLOWCERTCertificateListStr            NSSLOWCERTCertificateList;
-typedef struct NSSLOWCERTIssuerAndSNStr                NSSLOWCERTIssuerAndSN;
-typedef struct NSSLOWCERTSignedDataStr                 NSSLOWCERTSignedData;
-typedef struct NSSLOWCERTSubjectPublicKeyInfoStr       NSSLOWCERTSubjectPublicKeyInfo;
-typedef struct NSSLOWCERTValidityStr                   NSSLOWCERTValidity;
-
-/*
-** An X.509 validity object
-*/
-struct NSSLOWCERTValidityStr {
-    PRArenaPool *arena;
-    SECItem notBefore;
-    SECItem notAfter;
-};
-
-/*
- * A serial number and issuer name, which is used as a database key
- */
-struct NSSLOWCERTCertKeyStr {
-    SECItem serialNumber;
-    SECItem derIssuer;
-};
-
-/*
-** A signed data object. Used to implement the "signed" macro used
-** in the X.500 specs.
-*/
-struct NSSLOWCERTSignedDataStr {
-    SECItem data;
-    SECAlgorithmID signatureAlgorithm;
-    SECItem signature;
-};
-
-/*
-** An X.509 subject-public-key-info object
-*/
-struct NSSLOWCERTSubjectPublicKeyInfoStr {
-    PRArenaPool *arena;
-    SECAlgorithmID algorithm;
-    SECItem subjectPublicKey;
-};
-
-typedef struct _certDBEntryCert certDBEntryCert;
-typedef struct _certDBEntryRevocation certDBEntryRevocation;
-
-struct NSSLOWCERTCertTrustStr {
-    unsigned int sslFlags;
-    unsigned int emailFlags;
-    unsigned int objectSigningFlags;
-};
-
-/*
-** PKCS11 Trust representation
-*/
-struct NSSLOWCERTTrustStr {
-    NSSLOWCERTTrust *next;
-    NSSLOWCERTCertDBHandle *dbhandle;
-    SECItem dbKey;			/* database key for this cert */
-    certDBEntryCert *dbEntry;		/* database entry struct */
-    NSSLOWCERTCertTrust *trust;
-    SECItem *derCert;			/* original DER for the cert */
-    unsigned char dbKeySpace[512];
-};
-
-/*
-** An X.509 certificate object (the unsigned form)
-*/
-struct NSSLOWCERTCertificateStr {
-    /* the arena is used to allocate any data structures that have the same
-     * lifetime as the cert.  This is all stuff that hangs off of the cert
-     * structure, and is all freed at the same time.  I is used when the
-     * cert is decoded, destroyed, and at some times when it changes
-     * state
-     */
-    NSSLOWCERTCertificate *next;
-    NSSLOWCERTCertDBHandle *dbhandle;
-
-    SECItem derCert;			/* original DER for the cert */
-    SECItem derIssuer;			/* DER for issuer name */
-    SECItem derSN;
-    SECItem serialNumber;
-    SECItem derSubject;			/* DER for subject name */
-    SECItem derSubjKeyInfo;
-    NSSLOWCERTSubjectPublicKeyInfo *subjectPublicKeyInfo;
-    SECItem certKey;			/* database key for this cert */
-    SECItem validity;
-    certDBEntryCert *dbEntry;		/* database entry struct */
-    SECItem subjectKeyID;	/* x509v3 subject key identifier */
-    char *nickname;
-    char *emailAddr;
-    NSSLOWCERTCertTrust *trust;
-
-    /* the reference count is modified whenever someone looks up, dups
-     * or destroys a certificate
-     */
-    int referenceCount;
-
-    char nicknameSpace[200];
-    unsigned char certKeySpace[512];
-};
-
-#define SEC_CERTIFICATE_VERSION_1		0	/* default created */
-#define SEC_CERTIFICATE_VERSION_2		1	/* v2 */
-#define SEC_CERTIFICATE_VERSION_3		2	/* v3 extensions */
-
-#define SEC_CRL_VERSION_1		0	/* default */
-#define SEC_CRL_VERSION_2		1	/* v2 extensions */
-
-struct NSSLOWCERTIssuerAndSNStr {
-    SECItem derIssuer;
-    SECItem serialNumber;
-};
-
-typedef SECStatus (* NSSLOWCERTCertCallback)(NSSLOWCERTCertificate *cert, void *arg);
-
-/* This is the typedef for the callback passed to nsslowcert_OpenCertDB() */
-/* callback to return database name based on version number */
-typedef char * (*NSSLOWCERTDBNameFunc)(void *arg, int dbVersion);
-
-/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
-
-#include "secasn1t.h"	/* way down here because I expect template stuff to
-			 * move out of here anyway */
-
-/*
- * Certificate Database related definitions and data structures
- */
-
-/* version number of certificate database */
-#define CERT_DB_FILE_VERSION		8
-#define CERT_DB_V7_FILE_VERSION		7
-#define CERT_DB_CONTENT_VERSION		2
-
-#define SEC_DB_ENTRY_HEADER_LEN		3
-#define SEC_DB_KEY_HEADER_LEN		1
-
-/* All database entries have this form:
- * 	
- *	byte offset	field
- *	-----------	-----
- *	0		version
- *	1		type
- *	2		flags
- */
-
-/* database entry types */
-typedef enum {
-    certDBEntryTypeVersion = 0,
-    certDBEntryTypeCert = 1,
-    certDBEntryTypeNickname = 2,
-    certDBEntryTypeSubject = 3,
-    certDBEntryTypeRevocation = 4,
-    certDBEntryTypeKeyRevocation = 5,
-    certDBEntryTypeSMimeProfile = 6,
-    certDBEntryTypeContentVersion = 7,
-    certDBEntryTypeBlob = 8
-} certDBEntryType;
-
-typedef struct {
-    certDBEntryType type;
-    unsigned int version;
-    unsigned int flags;
-    PRArenaPool *arena;
-} certDBEntryCommon;
-
-/*
- * Certificate entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		sslFlags-msb
- *	1		sslFlags-lsb
- *	2		emailFlags-msb
- *	3		emailFlags-lsb
- *	4		objectSigningFlags-msb
- *	5		objectSigningFlags-lsb
- *	6		derCert-len-msb
- *	7		derCert-len-lsb
- *	8		nickname-len-msb
- *	9		nickname-len-lsb
- *	...		derCert
- *	...		nickname
- *
- * NOTE: the nickname string as stored in the database is null terminated,
- *		in other words, the last byte of the db entry is always 0
- *		if a nickname is present.
- * NOTE: if nickname is not present, then nickname-len-msb and
- *		nickname-len-lsb will both be zero.
- */
-struct _certDBEntryCert {
-    certDBEntryCommon common;
-    certDBEntryCert *next;
-    NSSLOWCERTCertTrust trust;
-    SECItem derCert;
-    char *nickname;
-    char nicknameSpace[200];
-    unsigned char derCertSpace[2048];
-};
-
-/*
- * Certificate Nickname entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		subjectname-len-msb
- *	1	        subjectname-len-lsb
- *	2...		subjectname
- *
- * The database key for this type of entry is a nickname string
- * The "subjectname" value is the DER encoded DN of the identity
- *   that matches this nickname.
- */
-typedef struct {
-    certDBEntryCommon common;
-    char *nickname;
-    SECItem subjectName;
-} certDBEntryNickname;
-
-#define DB_NICKNAME_ENTRY_HEADER_LEN 2
-
-/*
- * Certificate Subject entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		ncerts-msb
- *	1		ncerts-lsb
- *	2		nickname-msb
- *	3		nickname-lsb
- *	4		emailAddr-msb
- *	5		emailAddr-lsb
- *	...		nickname
- *	...		emailAddr
- *	...+2*i		certkey-len-msb
- *	...+1+2*i       certkey-len-lsb
- *	...+2*ncerts+2*i keyid-len-msb
- *	...+1+2*ncerts+2*i keyid-len-lsb
- *	...		certkeys
- *	...		keyids
- *
- * The database key for this type of entry is the DER encoded subject name
- * The "certkey" value is an array of  certificate database lookup keys that
- *   points to the database entries for the certificates that matche
- *   this subject.
- *
- */
-typedef struct _certDBEntrySubject {
-    certDBEntryCommon common;
-    SECItem derSubject;
-    unsigned int ncerts;
-    char *nickname;
-    SECItem *certKeys;
-    SECItem *keyIDs;
-    char **emailAddrs;
-    unsigned int nemailAddrs;
-} certDBEntrySubject;
-
-#define DB_SUBJECT_ENTRY_HEADER_LEN 6
-
-/*
- * Certificate SMIME profile entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		subjectname-len-msb
- *	1	        subjectname-len-lsb
- *	2		smimeoptions-len-msb
- *	3		smimeoptions-len-lsb
- *	4		options-date-len-msb
- *	5		options-date-len-lsb
- *	6...		subjectname
- *	...		smimeoptions
- *	...		options-date
- *
- * The database key for this type of entry is the email address string
- * The "subjectname" value is the DER encoded DN of the identity
- *   that matches this nickname.
- * The "smimeoptions" value is a string that represents the algorithm
- *   capabilities on the remote user.
- * The "options-date" is the date that the smime options value was created.
- *   This is generally the signing time of the signed message that contained
- *   the options.  It is a UTCTime value.
- */
-typedef struct {
-    certDBEntryCommon common;
-    char *emailAddr;
-    SECItem subjectName;
-    SECItem smimeOptions;
-    SECItem optionsDate;
-} certDBEntrySMime;
-
-#define DB_SMIME_ENTRY_HEADER_LEN 6
-
-/*
- * Crl/krl entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		derCert-len-msb
- *	1		derCert-len-lsb
- *	2		url-len-msb
- *	3		url-len-lsb
- *	...		derCert
- *	...		url
- *
- * NOTE: the url string as stored in the database is null terminated,
- *		in other words, the last byte of the db entry is always 0
- *		if a nickname is present. 
- * NOTE: if url is not present, then url-len-msb and
- *		url-len-lsb will both be zero.
- */
-#define DB_CRL_ENTRY_HEADER_LEN	4
-struct _certDBEntryRevocation {
-    certDBEntryCommon common;
-    SECItem	derCrl;
-    char	*url;	/* where to load the crl from */
-};
-
-/*
- * Database Version Entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	only the low level header...
- *
- * The database key for this type of entry is the string "Version"
- */
-typedef struct {
-    certDBEntryCommon common;
-} certDBEntryVersion;
-
-#define SEC_DB_VERSION_KEY "Version"
-#define SEC_DB_VERSION_KEY_LEN sizeof(SEC_DB_VERSION_KEY)
-
-/*
- * Database Content Version Entry:
- *
- *	byte offset	field
- *	-----------	-----
- *	0		contentVersion
- *
- * The database key for this type of entry is the string "ContentVersion"
- */
-typedef struct {
-    certDBEntryCommon common;
-    char contentVersion;
-} certDBEntryContentVersion;
-
-#define SEC_DB_CONTENT_VERSION_KEY "ContentVersion"
-#define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
-
-typedef union {
-    certDBEntryCommon common;
-    certDBEntryVersion version;
-    certDBEntryCert cert;
-    certDBEntryNickname nickname;
-    certDBEntrySubject subject;
-    certDBEntryRevocation revocation;
-} certDBEntry;
-
-/* length of the fixed part of a database entry */
-#define DBCERT_V4_HEADER_LEN	7
-#define DB_CERT_V5_ENTRY_HEADER_LEN	7
-#define DB_CERT_V6_ENTRY_HEADER_LEN	7
-#define DB_CERT_ENTRY_HEADER_LEN	10
-
-/* common flags for all types of certificates */
-#define CERTDB_VALID_PEER	(1<<0)
-#define CERTDB_TRUSTED		(1<<1)
-#define CERTDB_SEND_WARN	(1<<2)
-#define CERTDB_VALID_CA		(1<<3)
-#define CERTDB_TRUSTED_CA	(1<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA	(1<<5)
-#define CERTDB_USER		(1<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA	(1<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA	(1<<9) /* can do strong crypto in export ver */
-#define CERTDB_NOT_TRUSTED	(1<<10) /* explicitly don't trust this cert */
-#define CERTDB_TRUSTED_UNKNOWN	(1<<11) /* accept trust from another source */
-
-/* bits not affected by the CKO_NETSCAPE_TRUST object */
-#define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | CERTDB_VALID_PEER | \
-        CERTDB_NS_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_INVISIBLE_CA | \
-                                        CERTDB_GOVT_APPROVED_CA)
-
-#endif /* _PCERTT_H_ */

mozilla/security/nss/lib/softoken/pk11pars.h

@@ -1,862 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2001
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * The following handles the loading, unloading and management of
- * various PCKS #11 modules
- */
-
-
-/*
- * this header file contains routines for parsing PKCS #11 module spec
- * strings. It contains 'C' code and should only be included in one module.
- * Currently it is included in both softoken and the wrapper.
- */
-#include <ctype.h>
-#include "pkcs11.h"
-#include "seccomon.h"
-#include "prprf.h"
-#include "secmodt.h"
-#include "pk11init.h"
-
-#define SECMOD_ARG_LIBRARY_PARAMETER "library="
-#define SECMOD_ARG_NAME_PARAMETER "name="
-#define SECMOD_ARG_MODULE_PARAMETER "parameters="
-#define SECMOD_ARG_NSS_PARAMETER "NSS="
-#define SECMOD_ARG_FORTEZZA_FLAG "FORTEZZA"
-#define SECMOD_ARG_ESCAPE '\\'
-
-struct secmodargSlotFlagTable {
-    char *name;
-    int len;
-    unsigned long value;
-};
-
-#define SFTK_DEFAULT_CIPHER_ORDER 0
-#define SFTK_DEFAULT_TRUST_ORDER 50
-
-
-#define SECMOD_ARG_ENTRY(arg,flag) \
-{ #arg , sizeof(#arg)-1, flag }
-static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = {
-	SECMOD_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
-	SECMOD_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
-	SECMOD_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
-	SECMOD_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
-	SECMOD_ARG_ENTRY(DES,SECMOD_DES_FLAG),
-	SECMOD_ARG_ENTRY(DH,SECMOD_DH_FLAG),
-	SECMOD_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
-	SECMOD_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
-	SECMOD_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
-	SECMOD_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
-	SECMOD_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
-	SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
-	SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
-	SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG),
-	SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
-	SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
-};
-
-#define SECMOD_HANDLE_STRING_ARG(param,target,value,command) \
-    if (PORT_Strncasecmp(param,value,sizeof(value)-1) == 0) { \
-	param += sizeof(value)-1; \
-	target = secmod_argFetchValue(param,&next); \
-	param += next; \
-	command ;\
-    } else  
-
-#define SECMOD_HANDLE_FINAL_ARG(param) \
-    { param = secmod_argSkipParameter(param); } param = secmod_argStrip(param);
-	
-
-static int secmod_argSlotFlagTableSize = 
-	sizeof(secmod_argSlotFlagTable)/sizeof(secmod_argSlotFlagTable[0]);
-
-
-static PRBool secmod_argGetPair(char c) {
-    switch (c) {
-    case '\'': return c;
-    case '\"': return c;
-    case '<': return '>';
-    case '{': return '}';
-    case '[': return ']';
-    case '(': return ')';
-    default: break;
-    }
-    return ' ';
-}
-
-static PRBool secmod_argIsBlank(char c) {
-   return isspace(c);
-}
-
-static PRBool secmod_argIsEscape(char c) {
-    return c == '\\';
-}
-
-static PRBool secmod_argIsQuote(char c) {
-    switch (c) {
-    case '\'':
-    case '\"':
-    case '<':
-    case '{': /* } end curly to keep vi bracket matching working */
-    case '(': /* ) */
-    case '[': /* ] */ return PR_TRUE;
-    default: break;
-    }
-    return PR_FALSE;
-}
-
-static PRBool secmod_argHasChar(char *v, char c)
-{
-   for ( ;*v; v++) {
-	if (*v == c) return PR_TRUE;
-   }
-   return PR_FALSE;
-}
-
-static PRBool secmod_argHasBlanks(char *v)
-{
-   for ( ;*v; v++) {
-	if (secmod_argIsBlank(*v)) return PR_TRUE;
-   }
-   return PR_FALSE;
-}
-
-static char *secmod_argStrip(char *c) {
-   while (*c && secmod_argIsBlank(*c)) c++;
-   return c;
-}
-
-static char *
-secmod_argFindEnd(char *string) {
-    char endChar = ' ';
-    PRBool lastEscape = PR_FALSE;
-
-    if (secmod_argIsQuote(*string)) {
-	endChar = secmod_argGetPair(*string);
-	string++;
-    }
-
-    for (;*string; string++) {
-	if (lastEscape) {
-	    lastEscape = PR_FALSE;
-	    continue;
-	}
-	if (secmod_argIsEscape(*string) && !lastEscape) {
-	    lastEscape = PR_TRUE;
-	    continue;
-	} 
-	if ((endChar == ' ') && secmod_argIsBlank(*string)) break;
-	if (*string == endChar) {
-	    break;
-	}
-    }
-
-    return string;
-}
-
-static char *
-secmod_argFetchValue(char *string, int *pcount)
-{
-    char *end = secmod_argFindEnd(string);
-    char *retString, *copyString;
-    PRBool lastEscape = PR_FALSE;
-
-    *pcount = (end - string)+1;
-
-    if (*pcount == 0) return NULL;
-
-    copyString = retString = (char *)PORT_Alloc(*pcount);
-    if (retString == NULL) return NULL;
-
-    if (secmod_argIsQuote(*string)) string++;
-    for (; string < end; string++) {
-	if (secmod_argIsEscape(*string) && !lastEscape) {
-	    lastEscape = PR_TRUE;
-	    continue;
-	}
-	lastEscape = PR_FALSE;
-	*copyString++ = *string;
-    }
-    *copyString = 0;
-    return retString;
-}
-
-static char *
-secmod_argSkipParameter(char *string) 
-{
-     char *end;
-     /* look for the end of the <name>= */
-     for (;*string; string++) {
-	if (*string == '=') { string++; break; }
-	if (secmod_argIsBlank(*string)) return(string); 
-     }
-
-     end = secmod_argFindEnd(string);
-     if (*end) end++;
-     return end;
-}
-
-
-static SECStatus
-secmod_argParseModuleSpec(char *modulespec, char **lib, char **mod, 
-					char **parameters, char **nss)
-{
-    int next;
-    modulespec = secmod_argStrip(modulespec);
-
-    *lib = *mod = *parameters = *nss = 0;
-
-    while (*modulespec) {
-	SECMOD_HANDLE_STRING_ARG(modulespec,*lib,SECMOD_ARG_LIBRARY_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*mod,SECMOD_ARG_NAME_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*parameters,
-						SECMOD_ARG_MODULE_PARAMETER,;)
-	SECMOD_HANDLE_STRING_ARG(modulespec,*nss,SECMOD_ARG_NSS_PARAMETER,;)
-	SECMOD_HANDLE_FINAL_ARG(modulespec)
-   }
-   return SECSuccess;
-}
-
-
-static char *
-secmod_argGetParamValue(char *paramName,char *parameters)
-{
-    char searchValue[256];
-    int paramLen = strlen(paramName);
-    char *returnValue = NULL;
-    int next;
-
-    if ((parameters == NULL) || (*parameters == 0)) return NULL;
-
-    PORT_Assert(paramLen+2 < sizeof(searchValue));
-
-    PORT_Strcpy(searchValue,paramName);
-    PORT_Strcat(searchValue,"=");
-    while (*parameters) {
-	if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) {
-	    parameters += paramLen+1;
-	    returnValue = secmod_argFetchValue(parameters,&next);
-	    break;
-	} else {
-	    parameters = secmod_argSkipParameter(parameters);
-	}
-	parameters = secmod_argStrip(parameters);
-   }
-   return returnValue;
-}
-    
-
-static char *
-secmod_argNextFlag(char *flags)
-{
-    for (; *flags ; flags++) {
-	if (*flags == ',') {
-	    flags++;
-	    break;
-	}
-    }
-    return flags;
-}
-
-static PRBool
-secmod_argHasFlag(char *label, char *flag, char *parameters)
-{
-    char *flags,*index;
-    int len = strlen(flag);
-    PRBool found = PR_FALSE;
-
-    flags = secmod_argGetParamValue(label,parameters);
-    if (flags == NULL) return PR_FALSE;
-
-    for (index=flags; *index; index=secmod_argNextFlag(index)) {
-	if (PORT_Strncasecmp(index,flag,len) == 0) {
-	    found=PR_TRUE;
-	    break;
-	}
-    }
-    PORT_Free(flags);
-    return found;
-}
-
-static void
-secmod_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
-{
-    newCiphers[0] = newCiphers[1] = 0;
-    if ((cipherList == NULL) || (*cipherList == 0)) return;
-
-    for (;*cipherList; cipherList=secmod_argNextFlag(cipherList)) {
-	if (PORT_Strncasecmp(cipherList,SECMOD_ARG_FORTEZZA_FLAG,
-				sizeof(SECMOD_ARG_FORTEZZA_FLAG)-1) == 0) {
-	    newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
-	} 
-
-	/* add additional flags here as necessary */
-	/* direct bit mapping escape */
-	if (*cipherList == 0) {
-	   if (cipherList[1] == 'l') {
-		newCiphers[1] |= atoi(&cipherList[2]);
-	   } else {
-		newCiphers[0] |= atoi(&cipherList[2]);
-	   }
-	}
-    }
-}
-
-
-/*
- * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
- */
-static long
-secmod_argDecodeNumber(char *num)
-{
-    int	radix = 10;
-    unsigned long value = 0;
-    long retValue = 0;
-    int sign = 1;
-    int digit;
-
-    if (num == NULL) return retValue;
-
-    num = secmod_argStrip(num);
-
-    if (*num == '-') {
-	sign = -1;
-	num++;
-    }
-
-    if (*num == '0') {
-	radix = 8;
-	num++;
-	if ((*num == 'x') || (*num == 'X')) {
-	    radix = 16;
-	    num++;
-	}
-    }
-
-   
-    for ( ;*num; num++ ) {
-	if (isdigit(*num)) {
-	    digit = *num - '0';
-	} else if ((*num >= 'a') && (*num <= 'f'))  {
-	    digit = *num - 'a' + 10;
-	} else if ((*num >= 'A') && (*num <= 'F'))  {
-	    digit = *num - 'A' + 10;
-	} else {
-	    break;
-	}
-	if (digit >= radix) break;
-	value = value*radix + digit;
-    }
-
-    retValue = ((int) value) * sign;
-    return retValue;
-}
-
-static long
-secmod_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
-{
-    char *value;
-    long retValue;
-    if (isdefault) *isdefault = PR_FALSE; 
-
-    value = secmod_argGetParamValue(label,params);
-    if (value == NULL) {
-	if (isdefault) *isdefault = PR_TRUE;
-	return defValue;
-    }
-    retValue = secmod_argDecodeNumber(value);
-    if (value) PORT_Free(value);
-
-    return retValue;
-}
-
-
-static unsigned long
-secmod_argSlotFlags(char *label,char *params)
-{
-    char *flags,*index;
-    unsigned long retValue = 0;
-    int i;
-    PRBool all = PR_FALSE;
-
-    flags = secmod_argGetParamValue(label,params);
-    if (flags == NULL) return 0;
-
-    if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE;
-
-    for (index=flags; *index; index=secmod_argNextFlag(index)) {
-	for (i=0; i < secmod_argSlotFlagTableSize; i++) {
-	    if (all || (PORT_Strncasecmp(index, secmod_argSlotFlagTable[i].name,
-				secmod_argSlotFlagTable[i].len) == 0)) {
-		retValue |= secmod_argSlotFlagTable[i].value;
-	    }
-	}
-    }
-    PORT_Free(flags);
-    return retValue;
-}
-
-
-static void
-secmod_argDecodeSingleSlotInfo(char *name, char *params, 
-                               PK11PreSlotInfo *slotInfo)
-{
-    char *askpw;
-
-    slotInfo->slotID=secmod_argDecodeNumber(name);
-    slotInfo->defaultFlags=secmod_argSlotFlags("slotFlags",params);
-    slotInfo->timeout=secmod_argReadLong("timeout",params, 0, NULL);
-
-    askpw = secmod_argGetParamValue("askpw",params);
-    slotInfo->askpw = 0;
-
-    if (askpw) {
-	if (PORT_Strcasecmp(askpw,"every") == 0) {
-    	    slotInfo->askpw = -1;
-	} else if (PORT_Strcasecmp(askpw,"timeout") == 0) {
-    	    slotInfo->askpw = 1;
-	} 
-	PORT_Free(askpw);
-	slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
-    }
-    slotInfo->hasRootCerts = secmod_argHasFlag("rootFlags", "hasRootCerts", 
-                                               params);
-    slotInfo->hasRootTrust = secmod_argHasFlag("rootFlags", "hasRootTrust", 
-                                               params);
-}
-
-static char *
-secmod_argGetName(char *inString, int *next) 
-{
-    char *name=NULL;
-    char *string;
-    int len;
-
-    /* look for the end of the <name>= */
-    for (string = inString;*string; string++) {
-	if (*string == '=') { break; }
-	if (secmod_argIsBlank(*string)) break;
-    }
-
-    len = string - inString;
-
-    *next = len; 
-    if (*string == '=') (*next) += 1;
-    if (len > 0) {
-	name = PORT_Alloc(len+1);
-	PORT_Strncpy(name,inString,len);
-	name[len] = 0;
-    }
-    return name;
-}
-
-static PK11PreSlotInfo *
-secmod_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
-{
-    char *slotIndex;
-    PK11PreSlotInfo *slotInfo = NULL;
-    int i=0,count = 0,next;
-
-    *retCount = 0;
-    if ((slotParams == NULL) || (*slotParams == 0))  return NULL;
-
-    /* first count the number of slots */
-    for (slotIndex = secmod_argStrip(slotParams); *slotIndex; 
-	 slotIndex = secmod_argStrip(secmod_argSkipParameter(slotIndex))) {
-	count++;
-    }
-
-    /* get the data structures */
-    if (arena) {
-	slotInfo = (PK11PreSlotInfo *) 
-			PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
-	PORT_Memset(slotInfo,0,count*sizeof(PK11PreSlotInfo));
-    } else {
-	slotInfo = (PK11PreSlotInfo *) 
-			PORT_ZAlloc(count*sizeof(PK11PreSlotInfo));
-    }
-    if (slotInfo == NULL) return NULL;
-
-    for (slotIndex = secmod_argStrip(slotParams), i = 0; 
-					*slotIndex && i < count ; ) {
-	char *name;
-	name = secmod_argGetName(slotIndex,&next);
-	slotIndex += next;
-
-	if (!secmod_argIsBlank(*slotIndex)) {
-	    char *args = secmod_argFetchValue(slotIndex,&next);
-	    slotIndex += next;
-	    if (args) {
-		secmod_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
-		i++;
-		PORT_Free(args);
-	    }
-	}
-	if (name) PORT_Free(name);
-	slotIndex = secmod_argStrip(slotIndex);
-    }
-    *retCount = i;
-    return slotInfo;
-}
-
-static char *secmod_nullString = "";
-
-static char *
-secmod_formatValue(PRArenaPool *arena, char *value, char quote)
-{
-    char *vp,*vp2,*retval;
-    int size = 0, escapes = 0;
-
-    for (vp=value; *vp ;vp++) {
-	if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE)) escapes++;
-	size++;
-    }
-    if (arena) {
-	retval = PORT_ArenaZAlloc(arena,size+escapes+1);
-    } else {
-	retval = PORT_ZAlloc(size+escapes+1);
-    }
-    if (retval == NULL) return NULL;
-    vp2 = retval;
-    for (vp=value; *vp; vp++) {
-	if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE)) 
-				*vp2++ = SECMOD_ARG_ESCAPE;
-	*vp2++ = *vp;
-    }
-    return retval;
-}
-    
-static char *secmod_formatPair(char *name,char *value, char quote)
-{
-    char openQuote = quote;
-    char closeQuote = secmod_argGetPair(quote);
-    char *newValue = NULL;
-    char *returnValue;
-    PRBool need_quote = PR_FALSE;
-
-    if (!value || (*value == 0)) return secmod_nullString;
-
-    if (secmod_argHasBlanks(value) || secmod_argIsQuote(value[0]))
-							 need_quote=PR_TRUE;
-
-    if ((need_quote && secmod_argHasChar(value,closeQuote))
-				 || secmod_argHasChar(value,SECMOD_ARG_ESCAPE)) {
-	value = newValue = secmod_formatValue(NULL, value,quote);
-	if (newValue == NULL) return secmod_nullString;
-    }
-    if (need_quote) {
-    	returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote);
-    } else {
-    	returnValue = PR_smprintf("%s=%s",name,value);
-    }
-    if (returnValue == NULL) returnValue = secmod_nullString;
-
-    if (newValue) PORT_Free(newValue);
-
-    return returnValue;
-}
-
-static char *secmod_formatIntPair(char *name, unsigned long value, 
-                                  unsigned long def)
-{
-    char *returnValue;
-
-    if (value == def) return secmod_nullString;
-
-    returnValue = PR_smprintf("%s=%d",name,value);
-
-    return returnValue;
-}
-
-static void
-secmod_freePair(char *pair)
-{
-    if (pair && pair != secmod_nullString) {
-	PR_smprintf_free(pair);
-    }
-}
-
-#define MAX_FLAG_SIZE  sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
-				sizeof("moduleDBOnly")+sizeof("critical")
-static char *
-secmod_mkNSSFlags(PRBool internal, PRBool isFIPS,
-		PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
-{
-    char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
-    PRBool first = PR_TRUE;
-
-    PORT_Memset(flags,0,MAX_FLAG_SIZE);
-    if (internal) {
-	PORT_Strcat(flags,"internal");
-	first = PR_FALSE;
-    }
-    if (isFIPS) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"FIPS");
-	first = PR_FALSE;
-    }
-    if (isModuleDB) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"moduleDB");
-	first = PR_FALSE;
-    }
-    if (isModuleDBOnly) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"moduleDBOnly");
-	first = PR_FALSE;
-    }
-    if (isCritical) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"critical");
-	first = PR_FALSE;
-    }
-    return flags;
-}
-
-static char *
-secmod_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
-{
-    char *cipher = NULL;
-    int i;
-
-    for (i=0; i < sizeof(ssl0)*8; i++) {
-	if (ssl0 & (1<<i)) {
-	    char *string;
-	    if ((1<<i) == SECMOD_FORTEZZA_FLAG) {
-		string = PR_smprintf("%s","FORTEZZA");
-	    } else {
-		string = PR_smprintf("0h0x%08x",1<<i);
-	    }
-	    if (cipher) {
-		char *tmp;
-		tmp = PR_smprintf("%s,%s",cipher,string);
-		PR_smprintf_free(cipher);
-		PR_smprintf_free(string);
-		cipher = tmp;
-	    } else {
-		cipher = string;
-	    }
-	}
-    }
-    for (i=0; i < sizeof(ssl0)*8; i++) {
-	if (ssl1 & (1<<i)) {
-	    if (cipher) {
-		char *tmp;
-		tmp = PR_smprintf("%s,0l0x%08x",cipher,1<<i);
-		PR_smprintf_free(cipher);
-		cipher = tmp;
-	    } else {
-		cipher = PR_smprintf("0l0x%08x",1<<i);
-	    }
-	}
-    }
-
-    return cipher;
-}
-
-static char *
-secmod_mkSlotFlags(unsigned long defaultFlags)
-{
-    char *flags=NULL;
-    int i,j;
-
-    for (i=0; i < sizeof(defaultFlags)*8; i++) {
-	if (defaultFlags & (1<<i)) {
-	    char *string = NULL;
-
-	    for (j=0; j < secmod_argSlotFlagTableSize; j++) {
-		if (secmod_argSlotFlagTable[j].value == ( 1UL << i )) {
-		    string = secmod_argSlotFlagTable[j].name;
-		    break;
-		}
-	    }
-	    if (string) {
-		if (flags) {
-		    char *tmp;
-		    tmp = PR_smprintf("%s,%s",flags,string);
-		    PR_smprintf_free(flags);
-		    flags = tmp;
-		} else {
-		    flags = PR_smprintf("%s",string);
-		}
-	    }
-	}
-    }
-
-    return flags;
-}
-
-#define SECMOD_MAX_ROOT_FLAG_SIZE  sizeof("hasRootCerts")+sizeof("hasRootTrust")
-
-static char *
-secmod_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
-{
-    char *flags= (char *)PORT_ZAlloc(SECMOD_MAX_ROOT_FLAG_SIZE);
-    PRBool first = PR_TRUE;
-
-    PORT_Memset(flags,0,SECMOD_MAX_ROOT_FLAG_SIZE);
-    if (hasRootCerts) {
-	PORT_Strcat(flags,"hasRootCerts");
-	first = PR_FALSE;
-    }
-    if (hasRootTrust) {
-	if (!first) PORT_Strcat(flags,",");
-	PORT_Strcat(flags,"hasRootTrust");
-	first = PR_FALSE;
-    }
-    return flags;
-}
-
-static char *
-secmod_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
-		  unsigned long timeout, unsigned char askpw_in,
-		  PRBool hasRootCerts, PRBool hasRootTrust) {
-    char *askpw,*flags,*rootFlags,*slotString;
-    char *flagPair,*rootFlagsPair;
-	
-    switch (askpw_in) {
-    case 0xff:
-	askpw = "every";
-	break;
-    case 1:
-	askpw = "timeout";
-	break;
-    default:
-	askpw = "any";
-	break;
-    }
-    flags = secmod_mkSlotFlags(defaultFlags);
-    rootFlags = secmod_mkRootFlags(hasRootCerts,hasRootTrust);
-    flagPair=secmod_formatPair("slotFlags",flags,'\'');
-    rootFlagsPair=secmod_formatPair("rootFlags",rootFlags,'\'');
-    if (flags) PR_smprintf_free(flags);
-    if (rootFlags) PORT_Free(rootFlags);
-    if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
-    	slotString = PR_smprintf("0x%08lx=[%s askpw=%s timeout=%d %s]",
-				(PRUint32)slotID,flagPair,askpw,timeout,
-				rootFlagsPair);
-    } else {
-    	slotString = PR_smprintf("0x%08lx=[%s %s]",
-				(PRUint32)slotID,flagPair,rootFlagsPair);
-    }
-    secmod_freePair(flagPair);
-    secmod_freePair(rootFlagsPair);
-    return slotString;
-}
-
-static char *
-secmod_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
-	  PRBool isModuleDB,  PRBool isModuleDBOnly, PRBool isCritical, 
-	  unsigned long trustOrder, unsigned long cipherOrder,
-				unsigned long ssl0, unsigned long ssl1) {
-    int slotLen, i;
-    char *slotParams, *ciphers, *nss, *nssFlags, *tmp;
-    char *trustOrderPair,*cipherOrderPair,*slotPair,*cipherPair,*flagPair;
-
-
-    /* now let's build up the string
-     * first the slot infos
-     */
-    slotLen=0;
-    for (i=0; i < (int)slotCount; i++) {
-	slotLen += PORT_Strlen(slotStrings[i])+1;
-    }
-    slotLen += 1; /* space for the final NULL */
-
-    slotParams = (char *)PORT_ZAlloc(slotLen);
-    PORT_Memset(slotParams,0,slotLen);
-    for (i=0; i < (int)slotCount; i++) {
-	PORT_Strcat(slotParams,slotStrings[i]);
-	PORT_Strcat(slotParams," ");
-	PR_smprintf_free(slotStrings[i]);
-	slotStrings[i]=NULL;
-    }
-    
-    /*
-     * now the NSS structure
-     */
-    nssFlags = secmod_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
-							isCritical); 
-	/* for now only the internal module is critical */
-    ciphers = secmod_mkCipherFlags(ssl0, ssl1);
-
-    trustOrderPair=secmod_formatIntPair("trustOrder",trustOrder,
-					SFTK_DEFAULT_TRUST_ORDER);
-    cipherOrderPair=secmod_formatIntPair("cipherOrder",cipherOrder,
-					SFTK_DEFAULT_CIPHER_ORDER);
-    slotPair=secmod_formatPair("slotParams",slotParams,'{'); /* } */
-    if (slotParams) PORT_Free(slotParams);
-    cipherPair=secmod_formatPair("ciphers",ciphers,'\'');
-    if (ciphers) PR_smprintf_free(ciphers);
-    flagPair=secmod_formatPair("Flags",nssFlags,'\'');
-    if (nssFlags) PORT_Free(nssFlags);
-    nss = PR_smprintf("%s %s %s %s %s",trustOrderPair,
-			cipherOrderPair,slotPair,cipherPair,flagPair);
-    secmod_freePair(trustOrderPair);
-    secmod_freePair(cipherOrderPair);
-    secmod_freePair(slotPair);
-    secmod_freePair(cipherPair);
-    secmod_freePair(flagPair);
-    tmp = secmod_argStrip(nss);
-    if (*tmp == '\0') {
-	PR_smprintf_free(nss);
-	nss = NULL;
-    }
-    return nss;
-}
-
-static char *
-secmod_mkNewModuleSpec(char *dllName, char *commonName, char *parameters, 
-								char *NSS) {
-    char *moduleSpec;
-    char *lib,*name,*param,*nss;
-
-    /*
-     * now the final spec
-     */
-    lib = secmod_formatPair("library",dllName,'\"');
-    name = secmod_formatPair("name",commonName,'\"');
-    param = secmod_formatPair("parameters",parameters,'\"');
-    nss = secmod_formatPair("NSS",NSS,'\"');
-    moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
-    secmod_freePair(lib);
-    secmod_freePair(name);
-    secmod_freePair(param);
-    secmod_freePair(nss);
-    return (moduleSpec);
-}
-

mozilla/security/nss/lib/softoken/pkcs11.h

@@ -1,323 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   RSA Labs
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- *
- * The latest version of this header can be found at:
- *    http://www.rsalabs.com/pkcs/pkcs-11/index.html
- */
-#ifndef _PKCS11_H_
-#define _PKCS11_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Before including this file (pkcs11.h) (or pkcs11t.h by
- * itself), 6 platform-specific macros must be defined.  These
- * macros are described below, and typical definitions for them
- * are also given.  Be advised that these definitions can depend
- * on both the platform and the compiler used (and possibly also
- * on whether a PKCS #11 library is linked statically or
- * dynamically).
- *
- * In addition to defining these 6 macros, the packing convention
- * for PKCS #11 structures should be set.  The PKCS #11
- * convention on packing is that structures should be 1-byte
- * aligned.
- *
- * In a Win32 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(push, cryptoki, 1)
- *
- * and using the following preprocessor directive after including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(pop, cryptoki)
- *
- * In a Win16 environment, this might be done by using the
- * following preprocessor directive before including pkcs11.h
- * or pkcs11t.h:
- *
- * #pragma pack(1)
- *
- * In a UNIX environment, you're on your own here.  You might
- * not need to do anything.
- *
- *
- * Now for the macros:
- *
- *
- * 1. CK_PTR: The indirection string for making a pointer to an
- * object.  It can be used like this:
- *
- * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_PTR *
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_PTR far *
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_PTR *
- *
- *
- * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
- * an exportable PKCS #11 library function definition out of a
- * return type and a function name.  It should be used in the
- * following fashion to define the exposed PKCS #11 functions in
- * a PKCS #11 library:
- *
- * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * )
- * {
- *   ...
- * }
- *
- * For defining a function in a Win32 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllexport) name
- *
- * For defining a function in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DEFINE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
- * an importable PKCS #11 library function declaration out of a
- * return type and a function name.  It should be used in the
- * following fashion:
- *
- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * );
- *
- * For declaring a function in a Win32 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllimport) name
- *
- * For declaring a function in a Win16 PKCS #11 .dll, it might
- * be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
- * which makes a PKCS #11 API function pointer declaration or
- * function pointer type declaration out of a return type and a
- * function name.  It should be used in the following fashion:
- *
- * // Define funcPtr to be a pointer to a PKCS #11 API function
- * // taking arguments args and returning CK_RV.
- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
- *
- * or
- *
- * // Define funcPtrType to be the type of a pointer to a
- * // PKCS #11 API function taking arguments args and returning
- * // CK_RV, and then define funcPtr to be a variable of type
- * // funcPtrType.
- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
- * funcPtrType funcPtr;
- *
- * For accessing functions in a Win32 PKCS #11 .dll, in might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __declspec(dllimport) (* name)
- *
- * For accessing functions in a Win16 PKCS #11 .dll, it might be
- * defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __export _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType (* name)
- *
- *
- * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
- * a function pointer type for an application callback out of
- * a return type for the callback and a name for the callback.
- * It should be used in the following fashion:
- *
- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
- *
- * to declare a function pointer, myCallback, to a callback
- * which takes arguments args and returns a CK_RV.  It can also
- * be used like this:
- *
- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
- * myCallbackType myCallback;
- *
- * In a Win32 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- * In a Win16 environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- *
- * 6. NULL_PTR: This macro is the value of a NULL pointer.
- *
- * In any ANSI/ISO C environment (and in many others as well),
- * this should be defined by
- *
- * #ifndef NULL_PTR
- * #define NULL_PTR 0
- * #endif
- */
-
-
-/* All the various PKCS #11 types and #define'd values are in the
- * file pkcs11t.h. */
-#include "pkcs11t.h"
-
-#define __PASTE(x,y)      x##y
-
-
-/* packing defines */
-#include "pkcs11p.h"
-/* ==============================================================
- * Define the "extern" form of all the entry points.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  CK_DECLARE_FUNCTION(CK_RV, name)
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define the typedef form of all the entry points.  That is, for
- * each PKCS #11 function C_XXX, define a type CK_C_XXX which is
- * a pointer to that kind of function.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define structed vector of entry points.  A CK_FUNCTION_LIST
- * contains a CK_VERSION indicating a library's PKCS #11 version
- * and then a whole slew of function pointers to the routines in
- * the library.  This type was declared, but not defined, in
- * pkcs11t.h.
- * ==============================================================
- */
-
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  __PASTE(CK_,name) name;
-  
-struct CK_FUNCTION_LIST {
-
-  CK_VERSION    version;  /* PKCS #11 version */
-
-/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-/* pkcs11f.h has all the information about the PKCS #11
- * function prototypes. */
-#include "pkcs11f.h" 
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-/* unpack */
-#include "pkcs11u.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

mozilla/security/nss/lib/softoken/pkcs11f.h

@@ -1,937 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security In.c Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* This function contains pretty much everything about all the */
-/* PKCS #11  function prototypes.  Because this information is */
-/* used for more than just declaring function prototypes, the */
-/* order of the functions appearing herein is important, and */
-/* should not be altered. */
-
-
-
-/* General-purpose */
-
-/* C_Initialize initializes the PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pInitArgs  /* if this is not NULL_PTR, it gets
-                            * cast to CK_C_INITIALIZE_ARGS_PTR
-                            * and dereferenced */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the
- * PKCS #11 library. */
-CK_PKCS11_FUNCTION_INFO(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pReserved  /* reserved.  Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about PKCS #11. */
-CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_INFO_PTR   pInfo  /* location that receives information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FUNCTION_LIST_PTR_PTR ppFunctionList  /* receives pointer to
-                                            * function list */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_BBOOL       tokenPresent,  /* only slots with tokens? */
-  CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
-  CK_ULONG_PTR   pulCount       /* receives number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in
- * the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID       slotID,  /* the ID of the slot */
-  CK_SLOT_INFO_PTR pInfo    /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token
- * in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID        slotID,  /* ID of the token's slot */
-  CK_TOKEN_INFO_PTR pInfo    /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types
- * supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,          /* ID of token's slot */
-  CK_MECHANISM_TYPE_PTR pMechanismList,  /* gets mech. array */
-  CK_ULONG_PTR          pulCount         /* gets # of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular
- * mechanism possibly supported by a token. */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,  /* ID of the token's slot */
-  CK_MECHANISM_TYPE     type,    /* type of mechanism */
-  CK_MECHANISM_INFO_PTR pInfo    /* receives mechanism info */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_PKCS11_FUNCTION_INFO(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
-/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
-  CK_SLOT_ID         slotID,    /* ID of the token's slot */
-  CK_CHAR_PTR        pPin,      /* the SO's initial PIN */
-  CK_ULONG           ulPinLen,  /* length in bytes of the PIN */
-  CK_UTF8CHAR_PTR    pLabel     /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pPin,      /* the normal user's PIN */
-  CK_ULONG          ulPinLen   /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of the user who is logged in. */
-CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pOldPin,   /* the old PIN */
-  CK_ULONG          ulOldLen,  /* length of the old PIN */
-  CK_CHAR_PTR       pNewPin,   /* the new PIN */
-  CK_ULONG          ulNewLen   /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,        /* the slot's ID */
-  CK_FLAGS              flags,         /* from CK_SESSION_INFO */
-  CK_VOID_PTR           pApplication,  /* passed to callback */
-  CK_NOTIFY             Notify,        /* callback function */
-  CK_SESSION_HANDLE_PTR phSession      /* gets session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a
- * token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID     slotID  /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE   hSession,  /* the session's handle */
-  CK_SESSION_INFO_PTR pInfo      /* receives session info */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session. */
-CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,             /* session's handle */
-  CK_BYTE_PTR       pOperationState,      /* gets state */
-  CK_ULONG_PTR      pulOperationStateLen  /* gets state length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic
- * operation in a session. */
-CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR      pOperationState,      /* holds state */
-  CK_ULONG         ulOperationStateLen,  /* holds state length */
-  CK_OBJECT_HANDLE hEncryptionKey,       /* en/decryption key */
-  CK_OBJECT_HANDLE hAuthenticationKey    /* sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_PKCS11_FUNCTION_INFO(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_USER_TYPE      userType,  /* the user type */
-  CK_CHAR_PTR       pPin,      /* the user's PIN */
-  CK_ULONG          ulPinLen   /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_PKCS11_FUNCTION_INFO(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */
-  CK_ULONG          ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phObject  /* gets new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the
- * copy. */
-CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_OBJECT_HANDLE     hObject,     /* the object's handle */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */
-  CK_ULONG             ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phNewObject  /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject    /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,   /* the object's handle */
-  CK_ULONG_PTR      pulSize    /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
- * attributes. */
-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs; gets vals */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
- * attributes */
-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs and values */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session
- * objects that match a template. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */
-  CK_ULONG          ulCount     /* attrs in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session
- * objects that match a template, obtaining additional object
- * handles. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE    hSession,          /* session's handle */
- CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
- CK_ULONG             ulMaxObjectCount,  /* max handles to get */
- CK_ULONG_PTR         pulObjectCount     /* actual # returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session
- * objects. */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the encryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pData,               /* the plaintext data */
-  CK_ULONG          ulDataLen,           /* bytes of plaintext */
-  CK_BYTE_PTR       pEncryptedData,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedDataLen  /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pPart,              /* the plaintext data */
-  CK_ULONG          ulPartLen,          /* plaintext data len */
-  CK_BYTE_PTR       pEncryptedPart,     /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,                /* session handle */
-  CK_BYTE_PTR       pLastEncryptedPart,      /* last c-text */
-  CK_ULONG_PTR      pulLastEncryptedPartLen  /* gets last size */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the decryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pEncryptedData,     /* ciphertext */
-  CK_ULONG          ulEncryptedDataLen, /* ciphertext length */
-  CK_BYTE_PTR       pData,              /* gets plaintext */
-  CK_ULONG_PTR      pulDataLen          /* gets p-text size */
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* encrypted data */
-  CK_ULONG          ulEncryptedPartLen,  /* input length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* p-text size */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pLastPart,      /* gets plaintext */
-  CK_ULONG_PTR      pulLastPartLen  /* p-text size */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism  /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pData,        /* data to be digested */
-  CK_ULONG          ulDataLen,    /* bytes of data to digest */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets digest length */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* data to be digested */
-  CK_ULONG          ulPartLen  /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting
- * operation, by digesting the value of a secret key as part of
- * the data already digested. */
-CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hKey       /* secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting
- * operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
- * operation, where the signature is (will be) an appendix to
- * the data, and plaintext cannot be recovered from the
- *signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single
- * part, where the signature is (will be) an appendix to the
- * data, and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* the data to sign */
-  CK_ULONG          ulPartLen  /* count of bytes to sign */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation, 
- * returning the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation, where
- * the data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism, /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey        /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation, where the
- * data can be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation, where the
- * signature is an appendix to the data, and plaintext cannot
- *  cannot be recovered from the signature (e.g. DSA). */
-CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */ 
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation, 
- * where the signature is an appendix to the data, and plaintext
- * cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pData,          /* signed data */
-  CK_ULONG          ulDataLen,      /* length of signed data */
-  CK_BYTE_PTR       pSignature,     /* signature */
-  CK_ULONG          ulSignatureLen  /* signature length*/
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data, 
- * and plaintext cannot be recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* signed data */
-  CK_ULONG          ulPartLen  /* length of signed data */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification
- * operation, checking the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pSignature,     /* signature to verify */
-  CK_ULONG          ulSignatureLen  /* signature length */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part
- * operation, where the data is recovered from the signature. */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* signature to verify */
-  CK_ULONG          ulSignatureLen,  /* signature length */
-  CK_BYTE_PTR       pData,           /* gets signed data */
-  CK_ULONG_PTR      pulDataLen       /* gets signed data len */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting
- * and encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets plaintext len */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets p-text length */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_MECHANISM_PTR     pMechanism,  /* key generation mech. */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new key */
-  CK_ULONG             ulCount,     /* # of attrs in template */
-  CK_OBJECT_HANDLE_PTR phKey        /* gets handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair, 
- * creating new key objects. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,                    /* session
-                                                     * handle */
-  CK_MECHANISM_PTR     pMechanism,                  /* key-gen
-                                                     * mech. */
-  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,          /* template
-                                                     * for pub.
-                                                     * key */
-  CK_ULONG             ulPublicKeyAttributeCount,   /* # pub.
-                                                     * attrs. */
-  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,         /* template
-                                                     * for priv.
-                                                     * key */
-  CK_ULONG             ulPrivateKeyAttributeCount,  /* # priv.
-                                                     * attrs. */
-  CK_OBJECT_HANDLE_PTR phPublicKey,                 /* gets pub.
-                                                     * key
-                                                     * handle */
-  CK_OBJECT_HANDLE_PTR phPrivateKey                 /* gets
-                                                     * priv. key
-                                                     * handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,      /* the wrapping mechanism */
-  CK_OBJECT_HANDLE  hWrappingKey,    /* wrapping key */
-  CK_OBJECT_HANDLE  hKey,            /* key to be wrapped */
-  CK_BYTE_PTR       pWrappedKey,     /* gets wrapped key */
-  CK_ULONG_PTR      pulWrappedKeyLen /* gets wrapped key size */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
- * key object. */
-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* unwrapping mech. */
-  CK_OBJECT_HANDLE     hUnwrappingKey,    /* unwrapping key */
-  CK_BYTE_PTR          pWrappedKey,       /* the wrapped key */
-  CK_ULONG             ulWrappedKeyLen,   /* wrapped key len */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key
- * object. */
-CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* key deriv. mech. */
-  CK_OBJECT_HANDLE     hBaseKey,          /* base key */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's
- * random number generator. */
-CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pSeed,     /* the seed material */
-  CK_ULONG          ulSeedLen  /* length of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_BYTE_PTR       RandomData,  /* receives the random data */
-  CK_ULONG          ulRandomLen  /* # of bytes to generate */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus is a legacy function; it obtains an
- * updated status of a function running in parallel with an
- * application. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction is a legacy function; it cancels a function
- * running in parallel. */
-CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Functions added in for PKCS #11 Version 2.01 or later */
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur. */
-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FLAGS flags,        /* blocking/nonblocking flag */
-  CK_SLOT_ID_PTR pSlot,  /* location that receives the slot ID */
-  CK_VOID_PTR pRserved   /* reserved.  Should be NULL_PTR */
-);
-#endif

mozilla/security/nss/lib/softoken/pkcs11i.h

@@ -1,697 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Internal data structures and functions used by pkcs11.c
- */
-#ifndef _PKCS11I_H_
-#define _PKCS11I_H_ 1
-
-#include "nssilock.h"
-#include "seccomon.h"
-#include "secoidt.h"
-#include "lowkeyti.h"
-#include "pkcs11t.h"
-#include "pcertt.h"
-
-
-/* 
- * Configuration Defines 
- *
- * The following defines affect the space verse speed trade offs of
- * the PKCS #11 module. For the most part the current settings are optimized
- * for web servers, where we want faster speed and lower lock contention at
- * the expense of space.
- */
-
-/* 
- * The attribute allocation strategy is static allocation:
- *   Attributes are pre-allocated as part of the session object and used from
- *   the object array.
- */
-#define MAX_OBJS_ATTRS 45	/* number of attributes to preallocate in
-				 * the object (must me the absolute max) */
-#define ATTR_SPACE 50  		/* Maximum size of attribute data before extra
-				 * data needs to be allocated. This is set to
-				 * enough space to hold an SSL MASTER secret */
-
-#define NSC_STRICT      PR_FALSE  /* forces the code to do strict template
-				   * matching when doing C_FindObject on token
-				   * objects. This will slow down search in
-				   * NSS. */
-/* default search block allocations and increments */
-#define NSC_CERT_BLOCK_SIZE     50
-#define NSC_SEARCH_BLOCK_SIZE   5 
-#define NSC_SLOT_LIST_BLOCK_SIZE 10
-
-#define NSC_FIPS_MODULE 1
-#define NSC_NON_FIPS_MODULE 0
-
-/* these are data base storage hashes, not cryptographic hashes.. The define
- * the effective size of the various object hash tables */
-/* clients care more about memory usage than lookup performance on
- * cyrptographic objects. Clients also have less objects around to play with 
- *
- * we eventually should make this configurable at runtime! Especially now that
- * NSS is a shared library.
- */
-#define SPACE_ATTRIBUTE_HASH_SIZE 32 
-#define SPACE_TOKEN_OBJECT_HASH_SIZE 32
-#define SPACE_SESSION_HASH_SIZE 32
-#define TIME_ATTRIBUTE_HASH_SIZE 32
-#define TIME_TOKEN_OBJECT_HASH_SIZE 1024
-#define TIME_SESSION_HASH_SIZE 1024
-#define MAX_OBJECT_LIST_SIZE 800  
-				  /* how many objects to keep on the free list
-				   * before we start freeing them */
-#define MAX_KEY_LEN 256
-
-#define MULTIACCESS "multiaccess:"
-
-/*
- * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
- * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
- * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
- *
- * HASH_SIZE   LOG2_BUCKETS_PER   BUCKETS_PER_LOCK  NUMBER_OF_BUCKETS
- * 1024        9                  512               2
- * 1024        5                  32                32
- * 1024        1                  2                 512
- * 1024        0                  1                 1024
- * 4096        11                 2048              2
- * 4096        9                  512               8
- * 4096        5                  32                128
- * 4096        1                  2                 2048
- * 4096        0                  1                 4096
- */
-#define LOG2_BUCKETS_PER_SESSION_LOCK 1
-#define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
-/* NOSPREAD sessionID to hash table index macro has been slower. */
-
-/* define typedefs, double as forward declarations as well */
-typedef struct SFTKAttributeStr SFTKAttribute;
-typedef struct SFTKObjectListStr SFTKObjectList;
-typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
-typedef struct SFTKObjectListElementStr SFTKObjectListElement;
-typedef struct SFTKObjectStr SFTKObject;
-typedef struct SFTKSessionObjectStr SFTKSessionObject;
-typedef struct SFTKTokenObjectStr SFTKTokenObject;
-typedef struct SFTKSessionStr SFTKSession;
-typedef struct SFTKSlotStr SFTKSlot;
-typedef struct SFTKSessionContextStr SFTKSessionContext;
-typedef struct SFTKSearchResultsStr SFTKSearchResults;
-typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
-typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
-typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
-
-/* define function pointer typdefs for pointer tables */
-typedef void (*SFTKDestroy)(void *, PRBool);
-typedef void (*SFTKBegin)(void *);
-typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
-					void *, unsigned int);
-typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
-typedef void (*SFTKHash)(void *,void *,unsigned int);
-typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
-typedef void (*SFTKFree)(void *);
-
-/* Value to tell if an attribute is modifiable or not.
- *    NEVER: attribute is only set on creation.
- *    ONCOPY: attribute is set on creation and can only be changed on copy.
- *    SENSITIVE: attribute can only be changed to TRUE.
- *    ALWAYS: attribute can always be changed.
- */
-typedef enum {
-	SFTK_NEVER = 0,
-	SFTK_ONCOPY = 1,
-	SFTK_SENSITIVE = 2,
-	SFTK_ALWAYS = 3
-} SFTKModifyType;
-
-/*
- * Free Status Enum... tell us more information when we think we're
- * deleting an object.
- */
-typedef enum {
-	SFTK_DestroyFailure,
-	SFTK_Destroyed,
-	SFTK_Busy
-} SFTKFreeStatus;
-
-/*
- * attribute values of an object.
- */
-struct SFTKAttributeStr {
-    SFTKAttribute  	*next;
-    SFTKAttribute  	*prev;
-    PRBool		freeAttr;
-    PRBool		freeData;
-    /*must be called handle to make sftkqueue_find work */
-    CK_ATTRIBUTE_TYPE	handle;
-    CK_ATTRIBUTE 	attrib;
-    unsigned char space[ATTR_SPACE];
-};
-
-
-/*
- * doubly link list of objects
- */
-struct SFTKObjectListStr {
-    SFTKObjectList *next;
-    SFTKObjectList *prev;
-    SFTKObject	   *parent;
-};
-
-struct SFTKObjectFreeListStr {
-    SFTKObject	*head;
-    PZLock	*lock;
-    int		count;
-};
-
-/*
- * PKCS 11 crypto object structure
- */
-struct SFTKObjectStr {
-    SFTKObject *next;
-    SFTKObject	*prev;
-    CK_OBJECT_CLASS 	objclass;
-    CK_OBJECT_HANDLE	handle;
-    int 		refCount;
-    PZLock 		*refLock;
-    SFTKSlot	   	*slot;
-    void 		*objectInfo;
-    SFTKFree 		infoFree;
-};
-
-struct SFTKTokenObjectStr {
-    SFTKObject  obj;
-    SECItem	dbKey;
-};
-
-struct SFTKSessionObjectStr {
-    SFTKObject	   obj;
-    SFTKObjectList sessionList;
-    PZLock		*attributeLock;
-    SFTKSession   	*session;
-    PRBool		wasDerived;
-    int nextAttr;
-    SFTKAttribute	attrList[MAX_OBJS_ATTRS];
-    PRBool		optimizeSpace;
-    unsigned int	hashSize;
-    SFTKAttribute 	*head[1];
-};
-
-/*
- * struct to deal with a temparary list of objects
- */
-struct SFTKObjectListElementStr {
-    SFTKObjectListElement	*next;
-    SFTKObject 			*object;
-};
-
-/*
- * Area to hold Search results
- */
-struct SFTKSearchResultsStr {
-    CK_OBJECT_HANDLE	*handles;
-    int			size;
-    int			index;
-    int			array_size;
-};
-
-
-/* 
- * the universal crypto/hash/sign/verify context structure
- */
-typedef enum {
-    SFTK_ENCRYPT,
-    SFTK_DECRYPT,
-    SFTK_HASH,
-    SFTK_SIGN,
-    SFTK_SIGN_RECOVER,
-    SFTK_VERIFY,
-    SFTK_VERIFY_RECOVER
-} SFTKContextType;
-
-
-#define SFTK_MAX_BLOCK_SIZE 16
-/* currently SHA512 is the biggest hash length */
-#define SFTK_MAX_MAC_LENGTH 64
-#define SFTK_INVALID_MAC_SIZE 0xffffffff
-
-struct SFTKSessionContextStr {
-    SFTKContextType	type;
-    PRBool		multi; 		/* is multipart */
-    PRBool		doPad; 		/* use PKCS padding for block ciphers */
-    unsigned int	blockSize; 	/* blocksize for padding */
-    unsigned int	padDataLength; 	/* length of the valid data in padbuf */
-    unsigned char	padBuf[SFTK_MAX_BLOCK_SIZE];
-    unsigned char	macBuf[SFTK_MAX_BLOCK_SIZE];
-    CK_ULONG		macSize;	/* size of a general block cipher mac*/
-    void		*cipherInfo;
-    void		*hashInfo;
-    unsigned int	cipherInfoLen;
-    CK_MECHANISM_TYPE	currentMech;
-    SFTKCipher		update;
-    SFTKHash		hashUpdate;
-    SFTKEnd		end;
-    SFTKDestroy		destroy;
-    SFTKDestroy		hashdestroy;
-    SFTKVerify		verify;
-    unsigned int	maxLen;
-    SFTKObject		*key;
-};
-
-/*
- * Sessions (have objects)
- */
-struct SFTKSessionStr {
-    SFTKSession        *next;
-    SFTKSession        *prev;
-    CK_SESSION_HANDLE	handle;
-    int			refCount;
-    PZLock		*objectLock;
-    int			objectIDCount;
-    CK_SESSION_INFO	info;
-    CK_NOTIFY		notify;
-    CK_VOID_PTR		appData;
-    SFTKSlot		*slot;
-    SFTKSearchResults	*search;
-    SFTKSessionContext	*enc_context;
-    SFTKSessionContext	*hash_context;
-    SFTKSessionContext	*sign_context;
-    SFTKObjectList	*objects[1];
-};
-
-/*
- * slots (have sessions and objects)
- *
- * The array of sessionLock's protect the session hash table (head[])
- * as well as the reference count of session objects in that bucket
- * (head[]->refCount),  objectLock protects all elements of the token
- * object hash table (tokObjects[], tokenIDCount, and tokenHashTable),
- * and slotLock protects the remaining protected elements:
- * password, isLoggedIn, ssoLoggedIn, and sessionCount
- */
-struct SFTKSlotStr {
-    CK_SLOT_ID		slotID;
-    PZLock		*slotLock;
-    PZLock		**sessionLock;
-    unsigned int	numSessionLocks;
-    unsigned long	sessionLockMask;
-    PZLock		*objectLock;
-    SECItem		*password;
-    PRBool		hasTokens;
-    PRBool		isLoggedIn;
-    PRBool		ssoLoggedIn;
-    PRBool		needLogin;
-    PRBool		DB_loaded;
-    PRBool		readOnly;
-    PRBool		optimizeSpace;
-    NSSLOWCERTCertDBHandle *certDB;
-    NSSLOWKEYDBHandle	*keyDB;
-    int			minimumPinLen;
-    PRInt32		sessionIDCount;  /* atomically incremented */
-    int			sessionIDConflict;  /* not protected by a lock */
-    int			sessionCount;
-    PRInt32             rwSessionCount; /* set by atomic operations */
-    int			tokenIDCount;
-    int			index;
-    PLHashTable		*tokenHashTable;
-    SFTKObject		**tokObjects;
-    unsigned int	tokObjHashSize;
-    SFTKSession		**head;
-    unsigned int	sessHashSize;
-    char		tokDescription[33];
-    char		slotDescription[64];
-};
-
-/*
- * special joint operations Contexts
- */
-struct SFTKHashVerifyInfoStr {
-    SECOidTag   	hashOid;
-    NSSLOWKEYPublicKey	*key;
-};
-
-struct SFTKHashSignInfoStr {
-    SECOidTag   	hashOid;
-    NSSLOWKEYPrivateKey	*key;
-};
-
-/* context for the Final SSLMAC message */
-struct SFTKSSLMACInfoStr {
-    void 		*hashContext;
-    SFTKBegin		begin;
-    SFTKHash		update;
-    SFTKEnd		end;
-    CK_ULONG		macSize;
-    int			padSize;
-    unsigned char	key[MAX_KEY_LEN];
-    unsigned int	keySize;
-};
-
-/*
- * session handle modifiers
- */
-#define SFTK_SESSION_SLOT_MASK	0xff000000L
-
-/*
- * object handle modifiers
- */
-#define SFTK_TOKEN_MASK		0x80000000L
-#define SFTK_TOKEN_MAGIC	0x80000000L
-#define SFTK_TOKEN_TYPE_MASK	0x70000000L
-/* keydb (high bit == 0) */
-#define SFTK_TOKEN_TYPE_PRIV	0x10000000L
-#define SFTK_TOKEN_TYPE_PUB	0x20000000L
-#define SFTK_TOKEN_TYPE_KEY	0x30000000L
-/* certdb (high bit == 1) */
-#define SFTK_TOKEN_TYPE_TRUST	0x40000000L
-#define SFTK_TOKEN_TYPE_CRL	0x50000000L
-#define SFTK_TOKEN_TYPE_SMIME	0x60000000L
-#define SFTK_TOKEN_TYPE_CERT	0x70000000L
-
-#define SFTK_TOKEN_KRL_HANDLE	(SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
-/* how big a password/pin we can deal with */
-#define SFTK_MAX_PIN	255
-
-/* slot ID's */
-#define NETSCAPE_SLOT_ID 1
-#define PRIVATE_KEY_SLOT_ID 2
-#define FIPS_SLOT_ID 3
-
-/* slot helper macros */
-#define sftk_SlotFromSession(sp) ((sp)->slot)
-#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
-
-/* the session hash multiplier (see bug 201081) */
-#define SHMULTIPLIER 1791398085
-
-/* queueing helper macros */
-#define sftk_hash(value,size) \
-	((PRUint32)((value) * SHMULTIPLIER) & (size-1))
-#define sftkqueue_add(element,id,head,hash_size) \
-	{ int tmp = sftk_hash(id,hash_size); \
-	(element)->next = (head)[tmp]; \
-	(element)->prev = NULL; \
-	if ((head)[tmp]) (head)[tmp]->prev = (element); \
-	(head)[tmp] = (element); }
-#define sftkqueue_find(element,id,head,hash_size) \
-	for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
-					 (element) = (element)->next) { \
-	    if ((element)->handle == (id)) { break; } }
-#define sftkqueue_is_queued(element,id,head,hash_size) \
-	( ((element)->next) || ((element)->prev) || \
-	 ((head)[sftk_hash(id,hash_size)] == (element)) )
-#define sftkqueue_delete(element,id,head,hash_size) \
-	if ((element)->next) (element)->next->prev = (element)->prev; \
-	if ((element)->prev) (element)->prev->next = (element)->next; \
-	   else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
-	(element)->next = NULL; \
-	(element)->prev = NULL; \
-
-#define sftkqueue_init_element(element) \
-    (element)->prev = NULL;
-
-#define sftkqueue_add2(element, id, index, head) \
-    {                                            \
-	(element)->next = (head)[index];         \
-	if ((head)[index])                       \
-	    (head)[index]->prev = (element);     \
-	(head)[index] = (element);               \
-    }
-
-#define sftkqueue_find2(element, id, index, head) \
-    for ( (element) = (head)[index];              \
-          (element) != NULL;                      \
-          (element) = (element)->next) {          \
-	if ((element)->handle == (id)) { break; } \
-    }
-
-#define sftkqueue_delete2(element, id, index, head) \
-	if ((element)->next) (element)->next->prev = (element)->prev; \
-	if ((element)->prev) (element)->prev->next = (element)->next; \
-	   else (head)[index] = ((element)->next);
-
-#define sftkqueue_clear_deleted_element(element) \
-	(element)->next = NULL; \
-	(element)->prev = NULL; \
-
-
-/* sessionID (handle) is used to determine session lock bucket */
-#ifdef NOSPREAD
-/* NOSPREAD:	(ID>>L2LPB) & (perbucket-1) */
-#define SFTK_SESSION_LOCK(slot,handle) \
-    ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
-        & (slot)->sessionLockMask])
-#else
-/* SPREAD:	ID & (perbucket-1) */
-#define SFTK_SESSION_LOCK(slot,handle) \
-    ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
-#endif
-
-/* expand an attribute & secitem structures out */
-#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
-#define sftk_item_expand(ip) (ip)->data,(ip)->len
-
-typedef struct sftk_token_parametersStr {
-    CK_SLOT_ID slotID;
-    char *configdir;
-    char *certPrefix;
-    char *keyPrefix;
-    char *tokdes;
-    char *slotdes;
-    int minPW; 
-    PRBool readOnly;
-    PRBool noCertDB;
-    PRBool noKeyDB;
-    PRBool forceOpen;
-    PRBool pwRequired;
-    PRBool optimizeSpace;
-} sftk_token_parameters;
-
-typedef struct sftk_parametersStr {
-    char *configdir;
-    char *secmodName;
-    char *man;
-    char *libdes; 
-    PRBool readOnly;
-    PRBool noModDB;
-    PRBool noCertDB;
-    PRBool forceOpen;
-    PRBool pwRequired;
-    PRBool optimizeSpace;
-    sftk_token_parameters *tokens;
-    int token_count;
-} sftk_parameters;
-
-
-/* machine dependent path stuff used by dbinit.c and pk11db.c */
-#ifdef macintosh
-#define PATH_SEPARATOR ":"
-#define SECMOD_DB "Security Modules"
-#define CERT_DB_FMT "%sCertificates%s"
-#define KEY_DB_FMT "%sKey Database%s"
-#else
-#define PATH_SEPARATOR "/"
-#define SECMOD_DB "secmod.db"
-#define CERT_DB_FMT "%scert%s.db"
-#define KEY_DB_FMT "%skey%s.db"
-#endif
-
-SEC_BEGIN_PROTOS
-
-extern int nsf_init;
-extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
-extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
-extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, 
-	CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
-/* shared functions between PKCS11.c and SFTKFIPS.c */
-extern CK_RV SFTK_SlotInit(char *configdir,sftk_token_parameters *params, 
-							int moduleIndex);
-
-/* internal utility functions used by pkcs11.c */
-extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
-					 CK_ATTRIBUTE_TYPE type);
-extern void sftk_FreeAttribute(SFTKAttribute *attribute);
-extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				   void *valPtr,
-				  CK_ULONG length);
-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
-				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
-							 unsigned int bufLen);
-extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, 
-	CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
-extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern void sftk_DeleteAttributeType(SFTKObject *object,
-				     CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
-				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
-				     SFTKObject *object,
-				     CK_ATTRIBUTE_TYPE type);
-extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
-				      CK_OBJECT_CLASS inClass);
-extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
-extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
-extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
-extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-                                                         CK_ULONG *longData);
-extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				 void *value, unsigned int len);
-extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
-				   void *value, unsigned int len);
-extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
-
-extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
-extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
-extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
-extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
-extern void sftk_ReferenceObject(SFTKObject *object);
-extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
-					 SFTKSession *session);
-extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
-extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
-
-extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
-				   SFTKObject **head, unsigned int size,
-				   PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
-				   int count, PRBool isLoggedIn);
-extern SFTKObjectListElement *sftk_FreeObjectListElement(
-					     SFTKObjectListElement *objectList);
-extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
-extern void sftk_FreeSearch(SFTKSearchResults *search);
-extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
-
-extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID);
-extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
-extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
-extern void sftk_FreeSession(SFTKSession *session);
-extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
-				    CK_VOID_PTR pApplication, CK_FLAGS flags);
-extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
-extern void sftk_update_all_states(SFTKSlot *slot);
-extern void sftk_FreeContext(SFTKSessionContext *context);
-extern void sftk_InitFreeLists(void);
-extern void sftk_CleanupFreeLists(void);
-
-extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
-					  CK_KEY_TYPE key_type, CK_RV *crvp);
-extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
-					    CK_KEY_TYPE key_type, CK_RV *crvp);
-extern void sftk_FormatDESKey(unsigned char *key, int length);
-extern PRBool sftk_CheckDESKey(unsigned char *key);
-extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
-
-extern CK_RV secmod_parseParameters(char *param, sftk_parameters *parsed,
-								PRBool isFIPS);
-extern void secmod_freeParams(sftk_parameters *params);
-extern char *secmod_getSecmodName(char *params, char **domain, 
-						char **filename, PRBool *rw);
-extern char ** secmod_ReadPermDB(const char *domain, const char *filename, 
-			const char *dbname, char *params, PRBool rw);
-extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename,
-			const char *dbname, char *args, PRBool rw);
-extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
-			const char *dbname, char *module, PRBool rw);
-extern SECStatus secmod_ReleasePermDBData(const char *domain, 
-	const char *filename, const char *dbname, char **specList, PRBool rw);
-/* mechanism allows this operation */
-extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- *                      "https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- *                      "https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * readOnly - Boolean: true if the databases are to be openned read only.
- * nocertdb - Don't open the cert DB and key DB's, just initialize the
- *                      Volatile certdb.
- * nomoddb - Don't open the security module DB, just initialize the
- *                      PKCS #11 module.
- * forceOpen - Continue to force initializations even if the databases cannot
- *                      be opened.
- */
-CK_RV sftk_DBInit(const char *configdir, const char *certPrefix,
-	 	const char *keyPrefix, PRBool readOnly, PRBool noCertDB, 
-		PRBool noKeyDB, PRBool forceOpen, 
-		NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB);
-
-void sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, 
-		     NSSLOWKEYDBHandle *keyHandle);
-
-const char *sftk_EvaluateConfigDir(const char *configdir, char **domain);
-
-/*
- * narrow objects
- */
-SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
-SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
-
-/*
- * token object utilities
- */
-void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
-PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, 
-						CK_OBJECT_HANDLE handle);
-PRBool sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
-                                        CK_ATTRIBUTE_PTR theTemplate,int count);
-CK_OBJECT_HANDLE sftk_mkHandle(SFTKSlot *slot, 
-					SECItem *dbKey, CK_OBJECT_HANDLE class);
-SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, 
-						CK_OBJECT_HANDLE handle);
-SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
-
-/****************************************
- * implement TLS Pseudo Random Function (PRF)
- */
-
-extern SECStatus
-sftk_PRF(const SECItem *secret, const char *label, SECItem *seed, 
-         SECItem *result, PRBool isFIPS);
-
-extern CK_RV
-sftk_TLSPRFInit(SFTKSessionContext *context, 
-		  SFTKObject *        key, 
-		  CK_KEY_TYPE         key_type);
-
-SEC_END_PROTOS
-
-#endif /* _PKCS11I_H_ */

mozilla/security/nss/lib/softoken/pkcs11n.h

@@ -1,236 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Stephen Henson <stephen.henson@gemplus.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _PKCS11N_H_
-#define _PKCS11N_H_
-
-#ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.12 $ $Date: 2005-01-20 02:25:50 $";
-#endif /* DEBUG */
-
-/*
- * pkcs11n.h
- *
- * This file contains the NSS-specific type definitions for Cryptoki
- * (PKCS#11).
- */
-
-/*
- * NSSCK_VENDOR_NETSCAPE
- *
- * Cryptoki reserves the high half of all the number spaces for
- * vendor-defined use.  I'd like to keep all of our Netscape-
- * specific values together, but not in the oh-so-obvious
- * 0x80000001, 0x80000002, etc. area.  So I've picked an offset,
- * and constructed values for the beginnings of our spaces.
- *
- * Note that some "historical" Netscape values don't fall within
- * this range.
- */
-#define NSSCK_VENDOR_NETSCAPE 0x4E534350 /* NSCP */
-
-/*
- * Netscape-defined object classes
- * 
- */
-#define CKO_NETSCAPE (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKO_NETSCAPE_CRL                (CKO_NETSCAPE + 1)
-#define CKO_NETSCAPE_SMIME              (CKO_NETSCAPE + 2)
-#define CKO_NETSCAPE_TRUST              (CKO_NETSCAPE + 3)
-#define CKO_NETSCAPE_BUILTIN_ROOT_LIST  (CKO_NETSCAPE + 4)
-
-/*
- * Netscape-defined key types
- *
- */
-#define CKK_NETSCAPE (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKK_NETSCAPE_PKCS8              (CKK_NETSCAPE + 1)
-/*
- * Netscape-defined certificate types
- *
- */
-#define CKC_NETSCAPE (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/*
- * Netscape-defined object attributes
- *
- */
-#define CKA_NETSCAPE (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKA_NETSCAPE_URL                (CKA_NETSCAPE +  1)
-#define CKA_NETSCAPE_EMAIL              (CKA_NETSCAPE +  2)
-#define CKA_NETSCAPE_SMIME_INFO         (CKA_NETSCAPE +  3)
-#define CKA_NETSCAPE_SMIME_TIMESTAMP    (CKA_NETSCAPE +  4)
-#define CKA_NETSCAPE_PKCS8_SALT         (CKA_NETSCAPE +  5)
-#define CKA_NETSCAPE_PASSWORD_CHECK     (CKA_NETSCAPE +  6)
-#define CKA_NETSCAPE_EXPIRES            (CKA_NETSCAPE +  7)
-#define CKA_NETSCAPE_KRL                (CKA_NETSCAPE +  8)
-
-#define CKA_NETSCAPE_PQG_COUNTER        (CKA_NETSCAPE +  20)
-#define CKA_NETSCAPE_PQG_SEED           (CKA_NETSCAPE +  21)
-#define CKA_NETSCAPE_PQG_H              (CKA_NETSCAPE +  22)
-#define CKA_NETSCAPE_PQG_SEED_BITS      (CKA_NETSCAPE +  23)
-
-/*
- * Trust attributes:
- *
- * If trust goes standard, these probably will too.  So I'll
- * put them all in one place.
- */
-
-#define CKA_TRUST (CKA_NETSCAPE + 0x2000)
-
-/* "Usage" key information */
-#define CKA_TRUST_DIGITAL_SIGNATURE     (CKA_TRUST +  1)
-#define CKA_TRUST_NON_REPUDIATION       (CKA_TRUST +  2)
-#define CKA_TRUST_KEY_ENCIPHERMENT      (CKA_TRUST +  3)
-#define CKA_TRUST_DATA_ENCIPHERMENT     (CKA_TRUST +  4)
-#define CKA_TRUST_KEY_AGREEMENT         (CKA_TRUST +  5)
-#define CKA_TRUST_KEY_CERT_SIGN         (CKA_TRUST +  6)
-#define CKA_TRUST_CRL_SIGN              (CKA_TRUST +  7)
-
-/* "Purpose" trust information */
-#define CKA_TRUST_SERVER_AUTH           (CKA_TRUST +  8)
-#define CKA_TRUST_CLIENT_AUTH           (CKA_TRUST +  9)
-#define CKA_TRUST_CODE_SIGNING          (CKA_TRUST + 10)
-#define CKA_TRUST_EMAIL_PROTECTION      (CKA_TRUST + 11)
-#define CKA_TRUST_IPSEC_END_SYSTEM      (CKA_TRUST + 12)
-#define CKA_TRUST_IPSEC_TUNNEL          (CKA_TRUST + 13)
-#define CKA_TRUST_IPSEC_USER            (CKA_TRUST + 14)
-#define CKA_TRUST_TIME_STAMPING         (CKA_TRUST + 15)
-#define CKA_TRUST_STEP_UP_APPROVED      (CKA_TRUST + 16)
-
-#define CKA_CERT_SHA1_HASH	        (CKA_TRUST + 100)
-#define CKA_CERT_MD5_HASH		(CKA_TRUST + 101)
-
-/* Netscape trust stuff */
-/* XXX fgmr new ones here-- step-up, etc. */
-
-/* HISTORICAL: define used to pass in the database key for DSA private keys */
-#define CKA_NETSCAPE_DB                 0xD5A0DB00L
-#define CKA_NETSCAPE_TRUST              0x80000001L
-
-/*
- * Netscape-defined crypto mechanisms
- *
- */
-#define CKM_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKM_NETSCAPE_AES_KEY_WRAP      (CKM_NETSCAPE + 1)
-#define CKM_NETSCAPE_AES_KEY_WRAP_PAD  (CKM_NETSCAPE + 2)
-
-/*
- * HISTORICAL:
- * Do not attempt to use these. They are only used by NETSCAPE's internal
- * PKCS #11 interface. Most of these are place holders for other mechanism
- * and will change in the future.
- */
-#define CKM_NETSCAPE_PBE_SHA1_DES_CBC           0x80000002L
-#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC    0x80000003L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC    0x80000004L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC   0x80000005L
-#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4        0x80000006L
-#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4       0x80000007L
-#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC   0x80000008L
-#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN      0x80000009L
-#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN       0x8000000aL
-#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN       0x8000000bL
-
-#define CKM_TLS_PRF_GENERAL                     0x80000373L
-
-/*
- * Netscape-defined return values
- *
- */
-#define CKR_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-#define CKR_NETSCAPE_CERTDB_FAILED      (CKR_NETSCAPE + 1)
-#define CKR_NETSCAPE_KEYDB_FAILED       (CKR_NETSCAPE + 2)
-
-/*
- * Trust info
- *
- * This isn't part of the Cryptoki standard (yet), so I'm putting
- * all the definitions here.  Some of this would move to nssckt.h
- * if trust info were made part of the standard.  In view of this
- * possibility, I'm putting my (Netscape) values in the netscape
- * vendor space, like everything else.
- */
-
-typedef CK_ULONG          CK_TRUST;
-
-/* The following trust types are defined: */
-#define CKT_VENDOR_DEFINED     0x80000000
-
-#define CKT_NETSCAPE (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
-
-/* If trust goes standard, these'll probably drop out of vendor space. */
-#define CKT_NETSCAPE_TRUSTED            (CKT_NETSCAPE + 1)
-#define CKT_NETSCAPE_TRUSTED_DELEGATOR  (CKT_NETSCAPE + 2)
-#define CKT_NETSCAPE_UNTRUSTED          (CKT_NETSCAPE + 3)
-#define CKT_NETSCAPE_MUST_VERIFY        (CKT_NETSCAPE + 4)
-#define CKT_NETSCAPE_TRUST_UNKNOWN      (CKT_NETSCAPE + 5) /* default */
-
-/* 
- * These may well remain Netscape-specific; I'm only using them
- * to cache resolution data.
- */
-#define CKT_NETSCAPE_VALID              (CKT_NETSCAPE + 10)
-#define CKT_NETSCAPE_VALID_DELEGATOR    (CKT_NETSCAPE + 11)
-
-
-/*
- * These are not really PKCS #11 values specifically. They are the 'loadable'
- * module spec NSS uses. The are available for others to use as well, but not
- * part of the formal PKCS #11 spec.
- *
- * The function 'FIND' returns an array of PKCS #11 initialization strings
- * The function 'ADD' takes a PKCS #11 initialization string and stores it.
- * The function 'DEL' takes a 'name= library=' value and deletes the associated
- *  string.
- * The function 'RELEASE' frees the array returned by 'FIND'
- */
-#define SECMOD_MODULE_DB_FUNCTION_FIND  0
-#define SECMOD_MODULE_DB_FUNCTION_ADD   1
-#define SECMOD_MODULE_DB_FUNCTION_DEL   2
-#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
-typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
-                                        char *parameters, void *moduleSpec);
-
-#endif /* _PKCS11N_H_ */

mozilla/security/nss/lib/softoken/pkcs11p.h

@@ -1,54 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc. Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/* these data types are platform/implementation dependent. */
-/*
- * Packing was removed from the shipped RSA header files, even
- * though it's still needed. put in a central file to help merging..
- */
-
-#if defined(_WIN32)
-#ifdef _MSC_VER
-#pragma warning(disable:4103)
-#endif
-#pragma pack(push, cryptoki, 1)
-#endif
-

mozilla/security/nss/lib/softoken/pkcs11u.h

@@ -1,52 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
- * is granted provided that it is identified as "RSA Security Inc. Public-Key
- * Cryptography Standards (PKCS)" in all material mentioning or referencing
- * this document.
- */
-/*
- * reset any packing set by pkcs11p.h
- */
-
-#if defined (_WIN32)
-#ifdef _MSC_VER
-#pragma warning(disable:4103)
-#endif
-#pragma pack(pop, cryptoki)
-#endif
-

mozilla/security/nss/lib/softoken/rawhash.c

@@ -1,138 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nspr.h"
-#include "sechash.h"
-#include "blapi.h"	/* below the line */
-
-
-static void *
-null_hash_new_context(void)
-{
-    return NULL;
-}
-
-static void *
-null_hash_clone_context(void *v)
-{
-    PORT_Assert(v == NULL);
-    return NULL;
-}
-
-static void
-null_hash_begin(void *v)
-{
-}
-
-static void
-null_hash_update(void *v, const unsigned char *input, unsigned int length)
-{
-}
-
-static void
-null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
-	      unsigned int maxOut)
-{
-    *outLen = 0;
-}
-
-static void
-null_hash_destroy_context(void *v, PRBool b)
-{
-    PORT_Assert(v == NULL);
-}
-
-
-const SECHashObject SECRawHashObjects[] = {
-  { 0,
-    (void * (*)(void)) null_hash_new_context,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) null_hash_destroy_context,
-    (void (*)(void *)) null_hash_begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
-    (void (*)(void *, unsigned char *, unsigned int *,
-	      unsigned int)) null_hash_end
-  },
-  { MD2_LENGTH,
-    (void * (*)(void)) MD2_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) MD2_DestroyContext,
-    (void (*)(void *)) MD2_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End
-  },
-  { MD5_LENGTH,
-    (void * (*)(void)) MD5_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) MD5_DestroyContext,
-    (void (*)(void *)) MD5_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End
-  },
-  { SHA1_LENGTH,
-    (void * (*)(void)) SHA1_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA1_DestroyContext,
-    (void (*)(void *)) SHA1_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End
-  },
-  { SHA256_LENGTH,
-    (void * (*)(void)) SHA256_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA256_DestroyContext,
-    (void (*)(void *)) SHA256_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA256_End
-  },
-  { SHA384_LENGTH,
-    (void * (*)(void)) SHA384_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA384_DestroyContext,
-    (void (*)(void *)) SHA384_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA384_End
-  },
-  { SHA512_LENGTH,
-    (void * (*)(void)) SHA512_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA512_DestroyContext,
-    (void (*)(void *)) SHA512_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA512_End
-  },
-};
-

mozilla/security/nss/lib/softoken/rsawrapr.c

@@ -1,879 +0,0 @@
-/*
- * PKCS#1 encoding and decoding functions.
- * This file is believed to contain no code licensed from other parties.
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: rsawrapr.c,v 1.8 2005-04-04 09:27:42 julien.pierre.bugs%sun.com Exp $ */
-
-#include "blapi.h"
-#include "softoken.h"
-#include "sechash.h"
-
-#include "lowkeyi.h"
-#include "secerr.h"
-
-#define RSA_BLOCK_MIN_PAD_LEN		8
-#define RSA_BLOCK_FIRST_OCTET		0x00
-#define RSA_BLOCK_PRIVATE0_PAD_OCTET	0x00
-#define RSA_BLOCK_PRIVATE_PAD_OCTET	0xff
-#define RSA_BLOCK_AFTER_PAD_OCTET	0x00
-
-#define OAEP_SALT_LEN		8
-#define OAEP_PAD_LEN		8
-#define OAEP_PAD_OCTET		0x00
-
-#define FLAT_BUFSIZE 512	/* bytes to hold flattened SHA1Context. */
-
-static SHA1Context *
-SHA1_CloneContext(SHA1Context *original)
-{
-    SHA1Context *  clone	= NULL;
-    unsigned char *pBuf;
-    int            sha1ContextSize = SHA1_FlattenSize(original);
-    SECStatus      frv;
-    unsigned char  buf[FLAT_BUFSIZE];
-
-    PORT_Assert(sizeof buf >= sha1ContextSize);
-    if (sizeof buf >= sha1ContextSize) {
-    	pBuf = buf;
-    } else {
-        pBuf = PORT_Alloc(sha1ContextSize);
-	if (!pBuf)
-	    goto done;
-    }
-
-    frv = SHA1_Flatten(original, pBuf);
-    if (frv == SECSuccess) {
-	clone = SHA1_Resurrect(pBuf, NULL);
-	memset(pBuf, 0, sha1ContextSize);
-    }
-done:
-    if (pBuf != buf)
-    	PORT_Free(pBuf);
-    return clone;
-}
-
-/*
- * Modify data by XORing it with a special hash of salt.
- */
-static SECStatus
-oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
-		 unsigned char *salt, unsigned int saltlen)
-{
-    SHA1Context *sha1cx;
-    unsigned char *dp, *dataend;
-    unsigned char end_octet;
-
-    sha1cx = SHA1_NewContext();
-    if (sha1cx == NULL) {
-	return SECFailure;
-    }
-
-    /*
-     * Get a hash of salt started; we will use it several times,
-     * adding in a different end octet (x00, x01, x02, ...).
-     */
-    SHA1_Begin (sha1cx);
-    SHA1_Update (sha1cx, salt, saltlen);
-    end_octet = 0;
-
-    dp = data;
-    dataend = data + datalen;
-
-    while (dp < dataend) {
-	SHA1Context *sha1cx_h1;
-	unsigned int sha1len, sha1off;
-	unsigned char sha1[SHA1_LENGTH];
-
-	/*
-	 * Create hash of (salt || end_octet)
-	 */
-	sha1cx_h1 = SHA1_CloneContext (sha1cx);
-	SHA1_Update (sha1cx_h1, &end_octet, 1);
-	SHA1_End (sha1cx_h1, sha1, &sha1len, sizeof(sha1));
-	SHA1_DestroyContext (sha1cx_h1, PR_TRUE);
-	PORT_Assert (sha1len == SHA1_LENGTH);
-
-	/*
-	 * XOR that hash with the data.
-	 * When we have fewer than SHA1_LENGTH octets of data
-	 * left to xor, use just the low-order ones of the hash.
-	 */
-	sha1off = 0;
-	if ((dataend - dp) < SHA1_LENGTH)
-	    sha1off = SHA1_LENGTH - (dataend - dp);
-	while (sha1off < SHA1_LENGTH)
-	    *dp++ ^= sha1[sha1off++];
-
-	/*
-	 * Bump for next hash chunk.
-	 */
-	end_octet++;
-    }
-
-    return SECSuccess;
-}
-
-/*
- * Modify salt by XORing it with a special hash of data.
- */
-static SECStatus
-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
-		 unsigned char *data, unsigned int datalen)
-{
-    unsigned char sha1[SHA1_LENGTH];
-    unsigned char *psalt, *psha1, *saltend;
-    SECStatus rv;
-
-    /*
-     * Create a hash of data.
-     */
-    rv = SHA1_HashBuf (sha1, data, datalen);
-    if (rv != SECSuccess) {
-	return rv;
-    }
-
-    /*
-     * XOR the low-order octets of that hash with salt.
-     */
-    PORT_Assert (saltlen <= SHA1_LENGTH);
-    saltend = salt + saltlen;
-    psalt = salt;
-    psha1 = sha1 + SHA1_LENGTH - saltlen;
-    while (psalt < saltend) {
-	*psalt++ ^= *psha1++;
-    }
-
-    return SECSuccess;
-}
-
-/*
- * Format one block of data for public/private key encryption using
- * the rules defined in PKCS #1.
- */
-static unsigned char *
-rsa_FormatOneBlock(unsigned modulusLen, RSA_BlockType blockType,
-		   SECItem *data)
-{
-    unsigned char *block;
-    unsigned char *bp;
-    int padLen;
-    int i;
-
-    block = (unsigned char *) PORT_Alloc(modulusLen);
-    if (block == NULL)
-	return NULL;
-
-    bp = block;
-
-    /*
-     * All RSA blocks start with two octets:
-     *	0x00 || BlockType
-     */
-    *bp++ = RSA_BLOCK_FIRST_OCTET;
-    *bp++ = (unsigned char) blockType;
-
-    switch (blockType) {
-
-      /*
-       * Blocks intended for private-key operation.
-       */
-      case RSA_BlockPrivate0: /* essentially unused */
-      case RSA_BlockPrivate:	 /* preferred method */
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *   1      1   padLen    1      data->len
-	 * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
-	 */
-	padLen = modulusLen - data->len - 3;
-	PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
-	if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-	PORT_Memset (bp,
-		   blockType == RSA_BlockPrivate0
-			? RSA_BLOCK_PRIVATE0_PAD_OCTET
-			: RSA_BLOCK_PRIVATE_PAD_OCTET,
-		   padLen);
-	bp += padLen;
-	*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-	PORT_Memcpy (bp, data->data, data->len);
-	break;
-
-      /*
-       * Blocks intended for public-key operation.
-       */
-      case RSA_BlockPublic:
-
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *   1      1   padLen    1      data->len
-	 * Pad is all non-zero random bytes.
-	 */
-	padLen = modulusLen - data->len - 3;
-	PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
-	if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-	for (i = 0; i < padLen; i++) {
-	    /* Pad with non-zero random data. */
-	    do {
-		RNG_GenerateGlobalRandomBytes(bp + i, 1);
-	    } while (bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
-	}
-	bp += padLen;
-	*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-	PORT_Memcpy (bp, data->data, data->len);
-
-	break;
-
-      /*
-       * Blocks intended for public-key operation, using
-       * Optimal Asymmetric Encryption Padding (OAEP).
-       */
-      case RSA_BlockOAEP:
-	/*
-	 * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
-	 *   1      1     OAEP_SALT_LEN     OAEP_PAD_LEN + data->len [+ N]
-	 *
-	 * where:
-	 *   PaddedData is "Pad1 || ActualData [|| Pad2]"
-	 *   Salt is random data.
-	 *   Pad1 is all zeros.
-	 *   Pad2, if present, is random data.
-	 *   (The "modified" fields are all the same length as the original
-	 * unmodified values; they are just xor'd with other values.)
-	 *
-	 *   Modified1 is an XOR of PaddedData with a special octet
-	 * string constructed of iterated hashing of Salt (see below).
-	 *   Modified2 is an XOR of Salt with the low-order octets of
-	 * the hash of Modified1 (see farther below ;-).
-	 *
-	 * Whew!
-	 */
-
-
-	/*
-	 * Salt
-	 */
-	RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
-	bp += OAEP_SALT_LEN;
-
-	/*
-	 * Pad1
-	 */
-	PORT_Memset (bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
-	bp += OAEP_PAD_LEN;
-
-	/*
-	 * Data
-	 */
-	PORT_Memcpy (bp, data->data, data->len);
-	bp += data->len;
-
-	/*
-	 * Pad2
-	 */
-	if (bp < (block + modulusLen))
-	    RNG_GenerateGlobalRandomBytes(bp, block - bp + modulusLen);
-
-	/*
-	 * Now we have the following:
-	 * 0x00 || BT || Salt || PaddedData
-	 * (From this point on, "Pad1 || Data [|| Pad2]" is treated
-	 * as the one entity PaddedData.)
-	 *
-	 * We need to turn PaddedData into Modified1.
-	 */
-	if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
-			     modulusLen - 2 - OAEP_SALT_LEN,
-			     block + 2, OAEP_SALT_LEN) != SECSuccess) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-
-	/*
-	 * Now we have:
-	 * 0x00 || BT || Salt || Modified1(PaddedData)
-	 *
-	 * The remaining task is to turn Salt into Modified2.
-	 */
-	if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
-			     block + 2 + OAEP_SALT_LEN,
-			     modulusLen - 2 - OAEP_SALT_LEN) != SECSuccess) {
-	    PORT_Free (block);
-	    return NULL;
-	}
-
-	break;
-
-      default:
-	PORT_Assert (0);
-	PORT_Free (block);
-	return NULL;
-    }
-
-    return block;
-}
-
-static SECStatus
-rsa_FormatBlock(SECItem *result, unsigned modulusLen,
-		RSA_BlockType blockType, SECItem *data)
-{
-    /*
-     * XXX For now assume that the data length fits in a single
-     * XXX encryption block; the ASSERTs below force this.
-     * XXX To fix it, each case will have to loop over chunks whose
-     * XXX lengths satisfy the assertions, until all data is handled.
-     * XXX (Unless RSA has more to say about how to handle data
-     * XXX which does not fit in a single encryption block?)
-     * XXX And I do not know what the result is supposed to be,
-     * XXX so the interface to this function may need to change
-     * XXX to allow for returning multiple blocks, if they are
-     * XXX not wanted simply concatenated one after the other.
-     */
-
-    switch (blockType) {
-      case RSA_BlockPrivate0:
-      case RSA_BlockPrivate:
-      case RSA_BlockPublic:
-	/*
-	 * 0x00 || BT || Pad || 0x00 || ActualData
-	 *
-	 * The "3" below is the first octet + the second octet + the 0x00
-	 * octet that always comes just before the ActualData.
-	 */
-	PORT_Assert (data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
-
-	result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
-	if (result->data == NULL) {
-	    result->len = 0;
-	    return SECFailure;
-	}
-	result->len = modulusLen;
-
-	break;
-
-      case RSA_BlockOAEP:
-	/*
-	 * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
-	 *
-	 * The "2" below is the first octet + the second octet.
-	 * (The other fields do not contain the clear values, but are
-	 * the same length as the clear values.)
-	 */
-	PORT_Assert (data->len <= (modulusLen - (2 + OAEP_SALT_LEN
-						 + OAEP_PAD_LEN)));
-
-	result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
-	if (result->data == NULL) {
-	    result->len = 0;
-	    return SECFailure;
-	}
-	result->len = modulusLen;
-
-	break;
-
-      case RSA_BlockRaw:
-	/*
-	 * Pad || ActualData
-	 * Pad is zeros. The application is responsible for recovering
-	 * the actual data.
-	 */
-	if (data->len > modulusLen ) {
-	    return SECFailure;
-	}
-	result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
-	result->len = modulusLen;
-	PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);
-	break;
-
-      default:
-	PORT_Assert (0);
-	result->data = NULL;
-	result->len = 0;
-	return SECFailure;
-    }
-
-    return SECSuccess;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_Sign(NSSLOWKEYPrivateKey *key, 
-         unsigned char *      output, 
-	 unsigned int *       output_len,
-         unsigned int         maxOutputLen, 
-	 unsigned char *      input, 
-	 unsigned int         input_len)
-{
-    SECStatus     rv          = SECSuccess;
-    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    if (maxOutputLen < modulus_len) 
-    	return SECFailure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	return SECFailure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate,
-			 &unformatted);
-    if (rv != SECSuccess) 
-    	goto done;
-
-    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
-    *output_len = modulus_len;
-
-    goto done;
-
-done:
-    if (formatted.data != NULL) 
-    	PORT_ZFree(formatted.data, modulus_len);
-    return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSign(NSSLOWKEYPublicKey *key,
-              unsigned char *     sign, 
-	      unsigned int        sign_len, 
-	      unsigned char *     hash, 
-	      unsigned int        hash_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    modulus_len = nsslowkey_PublicModulusLen(key);
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (hash_len > modulus_len - 8) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-	goto loser;
-
-    /*
-     * check the padding that was used
-     */
-    if (buffer[0] != 0 || buffer[1] != 1) 
-    	goto loser;
-    for (i = 2; i < modulus_len - hash_len - 1; i++) {
-	if (buffer[i] == 0) 
-	    break;
-	if (buffer[i] != 0xff) 
-	    goto loser;
-    }
-
-    /*
-     * make sure we get the same results
-     */
-    if (PORT_Memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0)
-	goto loser;
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecover(NSSLOWKEYPublicKey *key,
-                     unsigned char *     data,
-                     unsigned int *      data_len, 
-		     unsigned int        max_output_len, 
-		     unsigned char *     sign,
-		     unsigned int        sign_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-    	goto loser;
-    *data_len = 0;
-
-    /*
-     * check the padding that was used
-     */
-    if (buffer[0] != 0 || buffer[1] != 1) 
-    	goto loser;
-    for (i = 2; i < modulus_len; i++) {
-	if (buffer[i] == 0) {
-	    *data_len = modulus_len - i - 1;
-	    break;
-	}
-	if (buffer[i] != 0xff) 
-	    goto loser;
-    }
-    if (*data_len == 0) 
-    	goto loser;
-    if (*data_len > max_output_len) 
-    	goto loser;
-
-    /*
-     * make sure we get the same results
-     */
-    PORT_Memcpy(data,buffer + modulus_len - *data_len, *data_len);
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptBlock(NSSLOWKEYPublicKey *key, 
-                 unsigned char *     output, 
-		 unsigned int *      output_len,
-                 unsigned int        max_output_len, 
-		 unsigned char *     input, 
-		 unsigned int        input_len)
-{
-    SECStatus     rv;
-    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    formatted.data = NULL;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPublic,
-			 &unformatted);
-    if (rv != SECSuccess) 
-	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
-    if (rv != SECSuccess) 
-    	goto failure;
-
-    PORT_ZFree(formatted.data, modulus_len);
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    if (formatted.data != NULL) 
-	PORT_ZFree(formatted.data, modulus_len);
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptBlock(NSSLOWKEYPrivateKey *key, 
-                 unsigned char *      output, 
-		 unsigned int *       output_len,
-                 unsigned int         max_output_len, 
-		 unsigned char *      input, 
-		 unsigned int         input_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PrivateModulusLen(key);
-    unsigned int    i;
-    unsigned char * buffer;
-
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-    if (input_len != modulus_len)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PrivateKeyOp(&key->u.rsa, buffer, input);
-    if (rv != SECSuccess) 
-    	goto loser;
-
-    if (buffer[0] != 0 || buffer[1] != 2) 
-    	goto loser;
-    *output_len = 0;
-    for (i = 2; i < modulus_len; i++) {
-	if (buffer[i] == 0) {
-	    *output_len = modulus_len - i - 1;
-	    break;
-	}
-    }
-    if (*output_len == 0) 
-    	goto loser;
-    if (*output_len > max_output_len) 
-    	goto loser;
-
-    PORT_Memcpy(output, buffer + modulus_len - *output_len, *output_len);
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-/*
- * added to make pkcs #11 happy
- *   RAW is RSA_X_509
- */
-SECStatus
-RSA_SignRaw(NSSLOWKEYPrivateKey *key, 
-            unsigned char *      output, 
-	    unsigned int *       output_len,
-            unsigned int         maxOutputLen, 
-	    unsigned char *      input, 
-	    unsigned int         input_len)
-{
-    SECStatus    rv          = SECSuccess;
-    unsigned int modulus_len = nsslowkey_PrivateModulusLen(key);
-    SECItem      formatted;
-    SECItem      unformatted;
-
-    if (maxOutputLen < modulus_len) 
-    	return SECFailure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	return SECFailure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
-    if (rv != SECSuccess) 
-    	goto done;
-
-    rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, formatted.data);
-    *output_len = modulus_len;
-
-done:
-    if (formatted.data != NULL) 
-    	PORT_ZFree(formatted.data, modulus_len);
-    return rv;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRaw(NSSLOWKEYPublicKey *key,
-                 unsigned char *     sign, 
-		 unsigned int        sign_len, 
-		 unsigned char *     hash, 
-		 unsigned int        hash_len)
-{
-    SECStatus       rv;
-    unsigned int    modulus_len = nsslowkey_PublicModulusLen(key);
-    unsigned char * buffer;
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (hash_len > modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
-    if (!buffer)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
-    if (rv != SECSuccess)
-	goto loser;
-
-    /*
-     * make sure we get the same results
-     */
-    /* NOTE: should we verify the leading zeros? */
-    if (PORT_Memcmp(buffer + (modulus_len-hash_len), hash, hash_len) != 0)
-	goto loser;
-
-    PORT_Free(buffer);
-    return SECSuccess;
-
-loser:
-    PORT_Free(buffer);
-failure:
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_CheckSignRecoverRaw(NSSLOWKEYPublicKey *key,
-                        unsigned char *     data,
-                        unsigned int *      data_len, 
-			unsigned int        max_output_len, 
-			unsigned char *     sign,
-			unsigned int        sign_len)
-{
-    SECStatus      rv;
-    unsigned int   modulus_len = nsslowkey_PublicModulusLen(key);
-
-    if (sign_len != modulus_len) 
-    	goto failure;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
-    if (rv != SECSuccess)
-	goto failure;
-
-    *data_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    return SECFailure;
-}
-
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_EncryptRaw(NSSLOWKEYPublicKey *key, 
-	       unsigned char *     output, 
-	       unsigned int *      output_len,
-               unsigned int        max_output_len, 
-	       unsigned char *     input, 
-	       unsigned int        input_len)
-{
-    SECStatus rv;
-    unsigned int  modulus_len = nsslowkey_PublicModulusLen(key);
-    SECItem       formatted;
-    SECItem       unformatted;
-
-    formatted.data = NULL;
-    if (max_output_len < modulus_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-
-    unformatted.len  = input_len;
-    unformatted.data = input;
-    formatted.data   = NULL;
-    rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, &unformatted);
-    if (rv != SECSuccess)
-	goto failure;
-
-    rv = RSA_PublicKeyOp(&key->u.rsa, output, formatted.data);
-    if (rv != SECSuccess) 
-    	goto failure;
-
-    PORT_ZFree(formatted.data, modulus_len);
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    if (formatted.data != NULL) 
-	PORT_ZFree(formatted.data, modulus_len);
-    return SECFailure;
-}
-
-/* XXX Doesn't set error code */
-SECStatus
-RSA_DecryptRaw(NSSLOWKEYPrivateKey *key, 
-               unsigned char *      output, 
-	       unsigned int *       output_len,
-               unsigned int         max_output_len, 
-	       unsigned char *      input, 
-	       unsigned int         input_len)
-{
-    SECStatus     rv;
-    unsigned int  modulus_len = nsslowkey_PrivateModulusLen(key);
-
-    if (modulus_len <= 0) 
-    	goto failure;
-    if (modulus_len > max_output_len) 
-    	goto failure;
-    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
-    if (key->keyType != NSSLOWKEYRSAKey)
-    	goto failure;
-    if (input_len != modulus_len) 
-    	goto failure;
-
-    rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
-    if (rv != SECSuccess)
-    	goto failure;
-
-    *output_len = modulus_len;
-    return SECSuccess;
-
-failure:
-    return SECFailure;
-}

mozilla/security/nss/lib/softoken/softkver.c

@@ -1,56 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* Library identity and versioning */
-
-#include "nss.h"
-
-#if defined(DEBUG)
-#define _DEBUG_STRING " (debug)"
-#else
-#define _DEBUG_STRING ""
-#endif
-
-/*
- * Version information for the 'ident' and 'what commands
- *
- * NOTE: the first component of the concatenated rcsid string
- * must not end in a '$' to prevent rcs keyword substitution.
- */
-const char __nss_softokn_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING
-        "  " __DATE__ " " __TIME__ " $";
-const char __nss_softokn_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING
-        "  " __DATE__ " " __TIME__;

mozilla/security/nss/lib/softoken/softoken.h

@@ -1,164 +0,0 @@
-/*
- * softoken.h - private data structures and prototypes for the softoken lib
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: softoken.h,v 1.7 2005-03-29 18:21:18 nelsonb%netscape.com Exp $ */
-
-#ifndef _SOFTOKEN_H_
-#define _SOFTOKEN_H_
-
-#include "blapi.h"
-#include "lowkeyti.h"
-#include "softoknt.h"
-#include "secoidt.h"
-
-#include "pkcs11t.h"     /* CK_RV Required for sftk_fipsPowerUpSelfTest(). */
-
-SEC_BEGIN_PROTOS
-
-/*
-** RSA encryption/decryption. When encrypting/decrypting the output
-** buffer must be at least the size of the public key modulus.
-*/
-
-/*
-** Format some data into a PKCS#1 encryption block, preparing the
-** data for RSA encryption.
-**	"result" where the formatted block is stored (memory is allocated)
-**	"modulusLen" the size of the formatted block
-**	"blockType" what block type to use (SEC_RSABlock*)
-**	"data" the data to format
-*/
-extern SECStatus RSA_FormatBlock(SECItem *result,
-				 unsigned int modulusLen,
-				 RSA_BlockType blockType,
-				 SECItem *data);
-/*
-** Similar, but just returns a pointer to the allocated memory, *and*
-** will *only* format one block, even if we (in the future) modify
-** RSA_FormatBlock() to loop over multiples of modulusLen.
-*/
-extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen,
-					 RSA_BlockType blockType,
-					 SECItem *data);
-
-
-
-/*
- * convenience wrappers for doing single RSA operations. They create the
- * RSA context internally and take care of the formatting
- * requirements. Blinding happens automagically within RSA_SignHash and
- * RSA_DecryptBlock.
- */
-extern
-SECStatus RSA_Sign(NSSLOWKEYPrivateKey *key, unsigned char *output,
-		       unsigned int *outputLen, unsigned int maxOutputLen,
-		       unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_CheckSign(NSSLOWKEYPublicKey *key, unsigned char *sign,
-			    unsigned int signLength, unsigned char *hash,
-			    unsigned int hashLength);
-extern
-SECStatus RSA_CheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data,
-    			    unsigned int *data_len,unsigned int max_output_len, 
-			    unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptBlock(NSSLOWKEYPublicKey *key, unsigned char *output,
-			   unsigned int *outputLen, unsigned int maxOutputLen,
-			   unsigned char *input, unsigned int inputLen);
-extern
-SECStatus RSA_DecryptBlock(NSSLOWKEYPrivateKey *key, unsigned char *output,
-			   unsigned int *outputLen, unsigned int maxOutputLen,
-			   unsigned char *input, unsigned int inputLen);
-
-/*
- * added to make pkcs #11 happy
- *   RAW is RSA_X_509
- */
-extern
-SECStatus RSA_SignRaw( NSSLOWKEYPrivateKey *key, unsigned char *output,
-			 unsigned int *output_len, unsigned int maxOutputLen,
-			 unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_CheckSignRaw( NSSLOWKEYPublicKey *key, unsigned char *sign, 
-			    unsigned int sign_len, unsigned char *hash, 
-			    unsigned int hash_len);
-extern
-SECStatus RSA_CheckSignRecoverRaw( NSSLOWKEYPublicKey *key, unsigned char *data,
-			    unsigned int *data_len, unsigned int max_output_len,
-			    unsigned char *sign, unsigned int sign_len);
-extern
-SECStatus RSA_EncryptRaw( NSSLOWKEYPublicKey *key, unsigned char *output,
-			    unsigned int *output_len,
-			    unsigned int max_output_len, 
-			    unsigned char *input, unsigned int input_len);
-extern
-SECStatus RSA_DecryptRaw(NSSLOWKEYPrivateKey *key, unsigned char *output,
-			     unsigned int *output_len,
-    			     unsigned int max_output_len,
-			     unsigned char *input, unsigned int input_len);
-
-/*
-** Prepare a buffer for DES encryption, growing to the appropriate boundary,
-** filling with the appropriate padding.
-** We add from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
-** The extra bytes contain the value of the length of the padding:
-** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
-**
-** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
-** we assume (and use) PR memory (re)allocation.
-** Maybe this belongs in util?
-*/
-extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, 
-                                     unsigned int inlen, unsigned int *outlen);
-
-
-/****************************************/
-/*
-** Power-Up selftests required for FIPS and invoked only
-** under PKCS #11 FIPS mode.
-*/
-extern CK_RV sftk_fipsPowerUpSelfTest( void ); 
-
-/*
-** make known fixed PKCS #11 key types to their sizes in bytes
-*/	
-unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
-
-SEC_END_PROTOS
-
-#endif /* _SOFTOKEN_H_ */