Update NSS to NSS 3.14 pre-release snapshot 2012-06-26 01:00:00 PDT.

mozilla/security/nss/lib/pk11wrap/pk11slot.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Deal with PKCS #11 Slots.
  */
 #include "seccomon.h"
 #include "secmod.h"
 #include "nssilock.h"
 #include "secmodi.h"
 #include "secmodti.h"
 #include "pkcs11t.h"
 #include "pk11func.h"
 #include "secitem.h"
 #include "secerr.h"
 
 #include "dev.h" 
 #include "dev3hack.h" 
 #include "pkim.h"
 
 
 /*************************************************************
  * local static and global data
  *************************************************************/
 
 /*
  * This array helps parsing between names, mechanisms, and flags.
  * to make the config files understand more entries, add them
- * to this table. (NOTE: we need function to export this table and its size)
+ * to this table.
  */
 PK11DefaultArrayEntry PK11_DefaultArray[] = {
         { "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
         { "DSA", SECMOD_DSA_FLAG, CKM_DSA },
         { "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
         { "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
         { "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
         { "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
         { "AES", SECMOD_AES_FLAG, CKM_AES_CBC },
         { "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },
@@ skipping 1910 matching lines @@
         if (rv != SECSuccess) {
             PK11_DeleteSlotFromList(list,le);
             continue;
         }
     }
     return list;
 }
 
 
 /*
- * find the best slot which supports the given
- * Mechanism. In normal cases this should grab the first slot on the list
- * with no fuss.
+ * Find the best slot which supports the given set of mechanisms and key sizes.
+ * In normal cases this should grab the first slot on the list with no fuss.
+ * The size array is presumed to match one for one with the mechanism type 
+ * array, which allows you to specify the required key size for each
+ * mechanism in the list. Whether key size is in bits or bytes is mechanism
+ * dependent. Typically asymetric keys are in bits and symetric keys are in 
+ * bytes.
  */
 PK11SlotInfo *
-PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int mech_count, void *wincx)
+PK11_GetBestSlotMultipleWithKeySize(CK_MECHANISM_TYPE *type, 
+                    unsigned long *size, unsigned int mech_count, void *wincx)
 {
     PK11SlotList *list = NULL;
     PK11SlotListElement *le ;
     PK11SlotInfo *slot = NULL;
     PRBool freeit = PR_FALSE;
     PRBool listNeedLogin = PR_FALSE;
     int i;
     SECStatus rv;
 
     list = PK11_GetSlotList(type[0]);
@@ skipping 30 matching lines @@
 
     for (le = PK11_GetFirstSafe(list); le;
                                 le = PK11_GetNextSafe(list,le,PR_TRUE)) {
         if (PK11_IsPresent(le->slot)) {
             PRBool doExit = PR_FALSE;
             for (i=0; i < mech_count; i++) {
                 if (!PK11_DoesMechanism(le->slot,type[i])) {
                     doExit = PR_TRUE;
                     break;
                 }
+                if (size && size[i]) {
+                    CK_MECHANISM_INFO mechanism_info;
+                    CK_RV crv = PK11_GETTAB(le->slot)->C_GetMechanismInfo(
+                                slot->slotID, type[i], &mechanism_info);
+                    if (crv != CKR_OK 
+                        || (mechanism_info.ulMinKeySize > size[i])
+                        || (mechanism_info.ulMaxKeySize < size[i]) ) {
+                        /* Token can do mechanism, but not at the key size we
+                         * want */
+                        doExit = PR_TRUE;
+                        break;
+                    }
+                }
+                    
             }
             if (doExit) continue;
               
             if (listNeedLogin && le->slot->needLogin) {
                 rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);
                 if (rv != SECSuccess) continue;
             }
             slot = le->slot;
             PK11_ReferenceSlot(slot);
             PK11_FreeSlotListElement(list,le);
             if (freeit) { PK11_FreeSlotList(list); }
             return slot;
         }
     }
     if (freeit) { PK11_FreeSlotList(list); }
     if (PORT_GetError() == 0) {
         PORT_SetError(SEC_ERROR_NO_TOKEN);
     }
     return NULL;
 }
 
+PK11SlotInfo *
+PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, 
+                         unsigned int mech_count, void *wincx)
+{
+    return PK11_GetBestSlotMultipleWithKeySize(type, NULL, mech_count, wincx);
+}
+
 /* original get best slot now calls the multiple version with only one type */
 PK11SlotInfo *
 PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx)
 {
-    return PK11_GetBestSlotMultiple(&type, 1, wincx);
+    return PK11_GetBestSlotMultipleWithKeySize(&type, NULL, 1, wincx);
+}
+
+PK11SlotInfo *
+PK11_GetBestSlotWithKeySize(CK_MECHANISM_TYPE type, unsigned long keySize, 
+                        void *wincx)
+{
+    return PK11_GetBestSlotMultipleWithKeySize(&type, &keySize, 1, wincx);
 }
 
 int
 PK11_GetBestKeyLength(PK11SlotInfo *slot,CK_MECHANISM_TYPE mechanism)
 {
     CK_MECHANISM_INFO mechanism_info;
     CK_RV crv;
 
     if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
@@ skipping 236 matching lines @@
                 first_time_set = PR_TRUE;
             }
             if ((interval-first_time) > timeout) {
                 return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;
             }
         }
         PR_Sleep(latency);
    }
    return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent;
 }