[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )
Andrew Fan
Andrew.Fan at sun.com
Tue Jul 22 02:39:45 PDT 2003
Hi,
This xmlsec-nss patch is based on the XMLSEC_NSS_030714 branch. It add
two new files in order to support end-user designated PKCS#11 slot
instead of useing the default NSS built-in ones( PK11_GetBestSlot ).
Why I add the new interfaces:
1. NSS' function "PK11_GetBestSlot ", which will load all of the
internal built-in slots or all of the actived pkcs11 module's slots;
2. Some time, end user hopes that a certain crypto operation act in a
certain crypto device, especially in multi-crypto-devices environment.
3. Some time, a key generated from a certain slot, it only work in that
slot( such as RSA private key ). PK11_GetBestSlot can not ensure this.
In the case, end user can assign the specific slot with the new interface.
Here's the usage of the interfaces:
1. "xmlSecSetSlotList" is used to set the user designated slot list.
2. "xmlSecFreeSlot" is used to destroy the slot list repository.
3. When generate a new key, "xmlSecGetSlot" gives the user designated slot;
4. If end user want to maintain the slot list repository, he can access
the repository with "xmlSecGetSlotList".
Andrew
-------------- next part --------------
/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
* Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
*
* Contributor(s): _____________________________
*
*/
#ifndef __XMLSEC_NSS_TOKENS_H__
#define __XMLSEC_NSS_TOKENS_H__
#include "globals.h"
#include <string.h>
#include <nss.h>
#include <pk11func.h>
#include <xmlsec/xmlsec.h>
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/************************************************************************
* PKCS#11 crypto token interfaces
*
* A PKCS#11 slot repository will be defined internally. From the
* repository, a user can specify a particular slot for a certain crypto
* mechanism.
*
* In some situation, some cryptographic operation should act in a user
* designated devices. The interfaces defined here provide the way. If
* the user do not initialize the repository distinctly, the interfaces
* use the default functions provided by NSS itself.
*
************************************************************************/
/**
* Get PKCS#11 slot handler
* @type the mechanism that the slot must support.
*
* Returns a pointer to PKCS#11 slot or NULL if an error occurs.
*
* Notes: The returned handler should be destroied distinctly.
*/
XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecGetSlot( CK_MECHANISM_TYPE type ) ;
/**
* Free NSS crypto engine PKCS#11 slot repository
*/
XMLSEC_CRYPTO_EXPORT void xmlSecFreeSlot( void ) ;
/**
* Set NSS crypto engine PKCS11 slots
* @list the PKCS#11 slot list that the crypto engine should work with.
*
* Returns a pointer to PKCS#11 slot list or NULL if an error occurs.
*/
XMLSEC_CRYPTO_EXPORT PK11SlotList* xmlSecSetSlotList( PK11SlotList* list ) ;
/**
* Get NSS crypto engine PKCS#11 slot list
*
* Returns a pointer to PKCS#11 slot list or NULL if an error occurs.
*/
XMLSEC_CRYPTO_EXPORT PK11SlotList* xmlSecGetSlotList( void ) ;
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* __XMLSEC_NSS_TOKENS_H__ */
-------------- next part --------------
/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
* Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
*
* Contributor(s): _____________________________
*
*/
#include "globals.h"
#include <string.h>
#include <xmlsec/nss/tokens.h>
/*-
* Global PKCS#11 crypto token repository
*/
static PK11SlotList* _xmlSecSlotList = NULL ;
/**
* Get PKCS#11 slot handler
* @type the mechanism that the slot must support.
*
* Returns a pointer to PKCS#11 slot or NULL if an error occurs.
*
* Notes: The returned handler should be destroied distinctly.
*/
PK11SlotInfo*
xmlSecGetSlot(
CK_MECHANISM_TYPE type
) {
PK11SlotInfo* slot = NULL ;
if( _xmlSecSlotList == NULL ) {
slot = PK11_GetBestSlot( type , NULL ) ;
} else {
PK11SlotListElement* sle = NULL ;
for( sle = PK11_GetFirstSafe( _xmlSecSlotList ) ; sle != NULL ; PK11_GetNextSafe( _xmlSecSlotList , sle , PR_TRUE ) ) {
if( !PK11_IsPresent( sle->slot ) )
continue ;
if( !PK11_DoesMechanism( sle->slot , type ) )
continue ;
if( PK11_NeedLogin( sle->slot ) ) {
if( PK11_Authenticate( sle->slot , PR_TRUE , NULL ) != SECSuccess )
continue ;
}
slot = PK11_ReferenceSlot( sle->slot ) ;
break ;
}
//Shall I destroy the non-null PK11SlotListElement?
}
return slot ;
}
/**
* Free NSS crypto engine PKCS#11 slot repository
*/
void
xmlSecFreeSlot(
void
) {
if( _xmlSecSlotList != NULL ) {
PK11_FreeSlotList( _xmlSecSlotList ) ;
_xmlSecSlotList = NULL ;
}
}
/**
* Set NSS crypto engine PKCS11 slots
* @list the PKCS#11 slot list that the crypto engine should work with.
*
* Returns a pointer to PKCS#11 slot list or NULL if an error occurs.
*/
PK11SlotList*
xmlSecSetSlotList(
PK11SlotList* list
) {
if( _xmlSecSlotList != NULL ) {
PK11_FreeSlotList( _xmlSecSlotList ) ;
_xmlSecSlotList = NULL ;
}
_xmlSecSlotList = list ;
return _xmlSecSlotList ;
}
/**
* Get NSS crypto engine PKCS#11 slot list
*
* Returns a pointer to PKCS#11 slot list or NULL if an error occurs.
*/
PK11SlotList*
xmlSecGetSlotList(
void
) {
return _xmlSecSlotList ;
}
More information about the xmlsec
mailing list