Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mozilla/security/nss/lib/ckfw/wrap.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mozilla/security/nss/lib/ckfw/token.c ('k') | mozilla/security/nss/lib/cryptohi/cryptohi.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mozilla/security/nss/lib/ckfw/wrap.c
===================================================================
--- mozilla/security/nss/lib/ckfw/wrap.c (revision 191424)
+++ mozilla/security/nss/lib/ckfw/wrap.c (working copy)
@@ -1,5676 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.21 $ $Date: 2012/04/25 14:49:28 $";
-#endif /* DEBUG */
-
-/*
- * wrap.c
- *
- * This file contains the routines that actually implement the cryptoki
- * API, using the internal APIs of the NSS Cryptoki Framework. There is
- * one routine here for every cryptoki routine. For linking reasons
- * the actual entry points passed back with C_GetFunctionList have to
- * exist in one of the Module's source files; however, those are merely
- * simple wrappers that call these routines. The intelligence of the
- * implementations is here.
- */
-
-#ifndef CK_T
-#include "ck.h"
-#endif /* CK_T */
-
-/*
- * NSSCKFWC_Initialize
- * NSSCKFWC_Finalize
- * NSSCKFWC_GetInfo
- * -- NSSCKFWC_GetFunctionList -- see the API insert file
- * NSSCKFWC_GetSlotList
- * NSSCKFWC_GetSlotInfo
- * NSSCKFWC_GetTokenInfo
- * NSSCKFWC_WaitForSlotEvent
- * NSSCKFWC_GetMechanismList
- * NSSCKFWC_GetMechanismInfo
- * NSSCKFWC_InitToken
- * NSSCKFWC_InitPIN
- * NSSCKFWC_SetPIN
- * NSSCKFWC_OpenSession
- * NSSCKFWC_CloseSession
- * NSSCKFWC_CloseAllSessions
- * NSSCKFWC_GetSessionInfo
- * NSSCKFWC_GetOperationState
- * NSSCKFWC_SetOperationState
- * NSSCKFWC_Login
- * NSSCKFWC_Logout
- * NSSCKFWC_CreateObject
- * NSSCKFWC_CopyObject
- * NSSCKFWC_DestroyObject
- * NSSCKFWC_GetObjectSize
- * NSSCKFWC_GetAttributeValue
- * NSSCKFWC_SetAttributeValue
- * NSSCKFWC_FindObjectsInit
- * NSSCKFWC_FindObjects
- * NSSCKFWC_FindObjectsFinal
- * NSSCKFWC_EncryptInit
- * NSSCKFWC_Encrypt
- * NSSCKFWC_EncryptUpdate
- * NSSCKFWC_EncryptFinal
- * NSSCKFWC_DecryptInit
- * NSSCKFWC_Decrypt
- * NSSCKFWC_DecryptUpdate
- * NSSCKFWC_DecryptFinal
- * NSSCKFWC_DigestInit
- * NSSCKFWC_Digest
- * NSSCKFWC_DigestUpdate
- * NSSCKFWC_DigestKey
- * NSSCKFWC_DigestFinal
- * NSSCKFWC_SignInit
- * NSSCKFWC_Sign
- * NSSCKFWC_SignUpdate
- * NSSCKFWC_SignFinal
- * NSSCKFWC_SignRecoverInit
- * NSSCKFWC_SignRecover
- * NSSCKFWC_VerifyInit
- * NSSCKFWC_Verify
- * NSSCKFWC_VerifyUpdate
- * NSSCKFWC_VerifyFinal
- * NSSCKFWC_VerifyRecoverInit
- * NSSCKFWC_VerifyRecover
- * NSSCKFWC_DigestEncryptUpdate
- * NSSCKFWC_DecryptDigestUpdate
- * NSSCKFWC_SignEncryptUpdate
- * NSSCKFWC_DecryptVerifyUpdate
- * NSSCKFWC_GenerateKey
- * NSSCKFWC_GenerateKeyPair
- * NSSCKFWC_WrapKey
- * NSSCKFWC_UnwrapKey
- * NSSCKFWC_DeriveKey
- * NSSCKFWC_SeedRandom
- * NSSCKFWC_GenerateRandom
- * NSSCKFWC_GetFunctionStatus
- * NSSCKFWC_CancelFunction
- */
-
-/* figure out out locking semantics */
-static CK_RV
-nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState *pLocking_state) {
- int functionCount = 0;
-
- /* parsed according to (PKCS #11 Section 11.4) */
- /* no args, the degenerate version of case 1 */
- if (!pInitArgs) {
- *pLocking_state = SingleThreaded;
- return CKR_OK;
- }
-
- /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
- if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
- *pLocking_state = MultiThreaded;
- return CKR_OK;
- }
- if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++;
- if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++;
- if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++;
- if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++;
-
- /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
- * explicit case 1 */
- if (0 == functionCount) {
- *pLocking_state = SingleThreaded;
- return CKR_OK;
- }
-
- /* OS_LOCKING_OK is not set and functions have been supplied. Since
- * ckfw uses nssbase library which explicitly calls NSPR, and since
- * there is no way to reliably override these explicit calls to NSPR,
- * therefore we can't support applications which have their own threading
- * module. Return CKR_CANT_LOCK if they supplied the correct number of
- * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
- * fail the initialize */
- return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
-}
-
-static PRInt32 liveInstances;
-
-/*
- * NSSCKFWC_Initialize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Initialize
-(
- NSSCKFWInstance **pFwInstance,
- NSSCKMDInstance *mdInstance,
- CK_VOID_PTR pInitArgs
-)
-{
- CK_RV error = CKR_OK;
- CryptokiLockingState locking_state;
-
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- if (*pFwInstance) {
- error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
- goto loser;
- }
-
- if (!mdInstance) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
- if (!*pFwInstance) {
- goto loser;
- }
- PR_ATOMIC_INCREMENT(&liveInstances);
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CANT_LOCK:
- case CKR_CRYPTOKI_ALREADY_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NEED_TO_CREATE_THREADS:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Finalize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Finalize
-(
- NSSCKFWInstance **pFwInstance
-)
-{
- CK_RV error = CKR_OK;
-
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- if (!*pFwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- error = nssCKFWInstance_Destroy(*pFwInstance);
-
- /* In any case */
- *pFwInstance = (NSSCKFWInstance *)NULL;
-
- loser:
- switch( error ) {
- PRInt32 remainingInstances;
- case CKR_OK:
- remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
- if (!remainingInstances) {
- nssArena_Shutdown();
- }
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- /*
- * A thread's error stack is automatically destroyed when the thread
- * terminates or, for the primordial thread, by PR_Cleanup. On
- * Windows with MinGW, the thread private data destructor PR_Free
- * registered by this module is actually a thunk for PR_Free defined
- * in this module. When the thread that unloads this module terminates
- * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
- * module. Therefore we need to destroy the error stack before the
- * module is unloaded.
- */
- nss_DestroyErrorStack();
- return error;
-}
-
-/*
- * NSSCKFWC_GetInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
-
- if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here means a caller error
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
-
- pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
-
- error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
-
- error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * C_GetFunctionList is implemented entirely in the Module's file which
- * includes the Framework API insert file. It requires no "actual"
- * NSSCKFW routine.
- */
-
-/*
- * NSSCKFWC_GetSlotList
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotList
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- switch( tokenPresent ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
- *pulCount = nSlots;
- return CKR_OK;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
-
- if( *pulCount < nSlots ) {
- *pulCount = nSlots;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- } else {
- CK_ULONG i;
- *pulCount = nSlots;
-
- /*
- * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
- * just index one when we need it.
- */
-
- for( i = 0; i < nSlots; i++ ) {
- pSlotList[i] = i+1;
- }
-
- return CKR_OK;
- }
-
- loser:
- switch( error ) {
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetSlotInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- pInfo->flags |= CKF_TOKEN_PRESENT;
- }
-
- if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
- pInfo->flags |= CKF_REMOVABLE_DEVICE;
- }
-
- if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
- pInfo->flags |= CKF_HW_SLOT;
- }
-
- pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
- pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetTokenInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetTokenInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetModel(fwToken, pInfo->model);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- if( nssCKFWToken_GetHasRNG(fwToken) ) {
- pInfo->flags |= CKF_RNG;
- }
-
- if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
- pInfo->flags |= CKF_WRITE_PROTECTED;
- }
-
- if( nssCKFWToken_GetLoginRequired(fwToken) ) {
- pInfo->flags |= CKF_LOGIN_REQUIRED;
- }
-
- if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
- pInfo->flags |= CKF_USER_PIN_INITIALIZED;
- }
-
- if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
- pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
- }
-
- if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
- pInfo->flags |= CKF_CLOCK_ON_TOKEN;
- }
-
- if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
- pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
- }
-
- if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
- pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
- }
-
- pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
- pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
- pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
- pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
- pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
- pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
- pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
- pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
- pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
- pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
- pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
- pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
-
- error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_WaitForSlotEvent
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- CK_BBOOL block;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- CK_ULONG i;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( flags & ~CKF_DONT_BLOCK ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
- if (!fwSlot) {
- goto loser;
- }
-
- for( i = 0; i < nSlots; i++ ) {
- if( fwSlot == slots[i] ) {
- *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
- return CKR_OK;
- }
- }
-
- error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
-
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NO_EVENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetMechanismList
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismList
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- CK_ULONG count;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- count = nssCKFWToken_GetMechanismCount(fwToken);
-
- if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
- *pulCount = count;
- return CKR_OK;
- }
-
- if( *pulCount < count ) {
- *pulCount = count;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
-
- *pulCount = count;
-
- if( 0 != count ) {
- error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
- } else {
- error = CKR_OK;
- }
-
- if( CKR_OK == error ) {
- return CKR_OK;
- }
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetMechanismInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
- pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
-
- if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) {
- pInfo->flags |= CKF_HW;
- }
- if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) {
- pInfo->flags |= CKF_ENCRYPT;
- }
- if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DECRYPT;
- }
- if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DIGEST;
- }
- if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) {
- pInfo->flags |= CKF_SIGN;
- }
- if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) {
- pInfo->flags |= CKF_SIGN_RECOVER;
- }
- if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) {
- pInfo->flags |= CKF_VERIFY;
- }
- if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) {
- pInfo->flags |= CKF_VERIFY_RECOVER;
- }
- if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) {
- pInfo->flags |= CKF_GENERATE;
- }
- if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) {
- pInfo->flags |= CKF_GENERATE_KEY_PAIR;
- }
- if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) {
- pInfo->flags |= CKF_WRAP;
- }
- if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) {
- pInfo->flags |= CKF_UNWRAP;
- }
- if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DERIVE;
- }
- nssCKFWMechanism_Destroy(fwMechanism);
-
- return error;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_InitToken
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitToken
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSItem pin;
- NSSUTF8 *label;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- label = (NSSUTF8 *)pLabel; /* identity conversion */
-
- error = nssCKFWToken_InitToken(fwToken, &pin, label);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_InitPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
-
- error = nssCKFWSession_InitPIN(fwSession, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetPIN
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem oldPin, newPin, *oldArg, *newArg;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
- oldArg = (NSSItem *)NULL;
- } else {
- oldArg = &oldPin;
- oldPin.size = (PRUint32)ulOldLen;
- oldPin.data = (void *)pOldPin;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
- newArg = (NSSItem *)NULL;
- } else {
- newArg = &newPin;
- newPin.size = (PRUint32)ulNewLen;
- newPin.data = (void *)pNewPin;
- }
-
- error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_OpenSession
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_OpenSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWSession *fwSession;
- CK_BBOOL rw;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- if( flags & CKF_RW_SESSION ) {
- rw = CK_TRUE;
- } else {
- rw = CK_FALSE;
- }
-
- if( flags & CKF_SERIAL_SESSION ) {
- ;
- } else {
- error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
- goto loser;
- }
-
- if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phSession = (CK_SESSION_HANDLE)0;
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
- Notify, &error);
- if (!fwSession) {
- goto loser;
- }
-
- *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
- fwSession, &error);
- if( (CK_SESSION_HANDLE)0 == *phSession ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CloseSession
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
- error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CloseAllSessions
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseAllSessions
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID
-)
-{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = slots[ slotID-1 ];
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- error = nssCKFWToken_CloseAllSessions(fwToken);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetSessionInfo
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSessionInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
- pInfo->state = nssCKFWSession_GetSessionState(fwSession);
-
- if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
- pInfo->flags |= CKF_RW_SESSION;
- }
-
- pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
-
- pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- CK_ULONG len;
- NSSItem buf;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
- if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
- *pulOperationStateLen = len;
- return CKR_OK;
- }
-
- if( *pulOperationStateLen < len ) {
- *pulOperationStateLen = len;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- buf.size = (PRUint32)*pulOperationStateLen;
- buf.data = (void *)pOperationState;
- *pulOperationStateLen = len;
- error = nssCKFWSession_GetOperationState(fwSession, &buf);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_STATE_UNSAVEABLE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetOperationState
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *eKey;
- NSSCKFWObject *aKey;
- NSSItem state;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * We could loop through the buffer, to catch any purify errors
- * in a place with a "user error" note.
- */
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
- eKey = (NSSCKFWObject *)NULL;
- } else {
- eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
- if (!eKey) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
- }
-
- if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
- aKey = (NSSCKFWObject *)NULL;
- } else {
- aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
- if (!aKey) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
- }
-
- state.data = pOperationState;
- state.size = ulOperationStateLen;
-
- error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_NOT_NEEDED:
- case CKR_SAVED_STATE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Login
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Login
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
-
- error = nssCKFWSession_Login(fwSession, userType, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_EXPIRED:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TOO_MANY_TYPES:
- case CKR_USER_TYPE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_Logout
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Logout
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Logout(fwSession);
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CreateObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CreateObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phObject = (CK_OBJECT_HANDLE)0;
-
- fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
- ulCount, &error);
- if (!fwObject) {
- goto loser;
- }
-
- *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phObject ) {
- nssCKFWObject_Destroy(fwObject);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_CopyObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CopyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *fwNewObject;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *phNewObject = (CK_OBJECT_HANDLE)0;
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
- pTemplate, ulCount, &error);
- if (!fwNewObject) {
- goto loser;
- }
-
- *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
- fwNewObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
- nssCKFWObject_Destroy(fwNewObject);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_DestroyObject
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DestroyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
- nssCKFWObject_Destroy(fwObject);
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetObjectSize
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetObjectSize
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- *pulSize = (CK_ULONG)0;
-
- *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
- if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_INFORMATION_SENSITIVE:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetAttributeValue
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- CK_BBOOL sensitive = CK_FALSE;
- CK_BBOOL invalid = CK_FALSE;
- CK_BBOOL tooSmall = CK_FALSE;
- CK_ULONG i;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- for( i = 0; i < ulCount; i++ ) {
- CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
- pTemplate[i].type, &error);
- if( (CK_ULONG)0 == size ) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_OK:
- break;
- default:
- goto loser;
- }
- }
-
- if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) {
- pTemplate[i].ulValueLen = size;
- } else {
- NSSItem it, *p;
-
- if( pTemplate[i].ulValueLen < size ) {
- tooSmall = CK_TRUE;
- continue;
- }
-
- it.size = (PRUint32)pTemplate[i].ulValueLen;
- it.data = (void *)pTemplate[i].pValue;
- p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
- (NSSArena *)NULL, &error);
- if (!p) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- default:
- goto loser;
- }
- }
-
- pTemplate[i].ulValueLen = size;
- }
- }
-
- if( sensitive ) {
- error = CKR_ATTRIBUTE_SENSITIVE;
- goto loser;
- } else if( invalid ) {
- error = CKR_ATTRIBUTE_TYPE_INVALID;
- goto loser;
- } else if( tooSmall ) {
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_SetAttributeValue
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- CK_ULONG i;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- for (i=0; i < ulCount; i++) {
- NSSItem value;
-
- value.data = pTemplate[i].pValue;
- value.size = pTemplate[i].ulValueLen;
-
- error = nssCKFWObject_SetAttribute(fwObject, fwSession,
- pTemplate[i].type, &value);
-
- if( CKR_OK != error ) {
- goto loser;
- }
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjectsInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjectsInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if (fwFindObjects) {
- error = CKR_OPERATION_ACTIVE;
- goto loser;
- }
-
- if( CKR_OPERATION_NOT_INITIALIZED != error ) {
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
- pTemplate, ulCount, &error);
- if (!fwFindObjects) {
- goto loser;
- }
-
- error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
-
- if( CKR_OK != error ) {
- nssCKFWFindObjects_Destroy(fwFindObjects);
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjects
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjects
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
- CK_ULONG i;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount);
- *pulObjectCount = (CK_ULONG)0;
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if (!fwFindObjects) {
- goto loser;
- }
-
- for( i = 0; i < ulMaxObjectCount; i++ ) {
- NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects,
- NULL, &error);
- if (!fwObject) {
- break;
- }
-
- phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject);
- if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
- phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
- }
- if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
- /* This isn't right either, is it? */
- nssCKFWObject_Destroy(fwObject);
- goto loser;
- }
- }
-
- *pulObjectCount = i;
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_FindObjectsFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjectsFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if (!fwFindObjects) {
- error = CKR_OPERATION_NOT_INITIALIZED;
- goto loser;
- }
-
- nssCKFWFindObjects_Destroy(fwFindObjects);
- error = nssCKFWSession_SetFWFindObjects(fwSession,
- (NSSCKFWFindObjects *)NULL);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_EncryptInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism,
- fwSession, fwObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_Encrypt
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Encrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_Encrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_CLOSED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_EncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Update(fwSession,
- NSSCKFWCryptoOperationType_Encrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_EncryptFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_EncryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Final(fwSession,
- NSSCKFWCryptoOperationType_Encrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pLastEncryptedPart, pulLastEncryptedPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DecryptInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism,
- fwSession, fwObject);
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_Decrypt
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Decrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_Decrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- case CKR_DATA_LEN_RANGE:
- error = CKR_ENCRYPTED_DATA_LEN_RANGE;
- break;
- case CKR_DATA_INVALID:
- error = CKR_ENCRYPTED_DATA_INVALID;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DecryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Update(fwSession,
- NSSCKFWCryptoOperationType_Decrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- case CKR_DATA_LEN_RANGE:
- error = CKR_ENCRYPTED_DATA_LEN_RANGE;
- break;
- case CKR_DATA_INVALID:
- error = CKR_ENCRYPTED_DATA_INVALID;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DecryptFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Final(fwSession,
- NSSCKFWCryptoOperationType_Decrypt,
- NSSCKFWCryptoOperationState_EncryptDecrypt,
- pLastPart, pulLastPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_FAILED:
- case CKR_FUNCTION_CANCELED:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- case CKR_DATA_LEN_RANGE:
- error = CKR_ENCRYPTED_DATA_LEN_RANGE;
- break;
- case CKR_DATA_INVALID:
- error = CKR_ENCRYPTED_DATA_INVALID;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DigestInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_Digest
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Digest
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_Digest,
- NSSCKFWCryptoOperationState_Digest,
- pData, ulDataLen, pDigest, pulDigestLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DigestUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_DigestUpdate(fwSession,
- NSSCKFWCryptoOperationType_Digest,
- NSSCKFWCryptoOperationState_Digest,
- pData, ulDataLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DigestKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_DigestKey(fwSession, fwObject);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_INDIGESTIBLE:
- case CKR_KEY_SIZE_RANGE:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DigestFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Final(fwSession,
- NSSCKFWCryptoOperationType_Digest,
- NSSCKFWCryptoOperationState_Digest,
- pDigest, pulDigestLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession,
- fwObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_Sign
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Sign
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_Sign,
- NSSCKFWCryptoOperationState_SignVerify,
- pData, ulDataLen, pSignature, pulSignatureLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_FUNCTION_REJECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_DigestUpdate(fwSession,
- NSSCKFWCryptoOperationType_Sign,
- NSSCKFWCryptoOperationState_SignVerify,
- pPart, ulPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Final(fwSession,
- NSSCKFWCryptoOperationType_Sign,
- NSSCKFWCryptoOperationState_SignVerify,
- pSignature, pulSignatureLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_FUNCTION_REJECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignRecoverInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession,
- fwObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignRecover
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_SignRecover,
- NSSCKFWCryptoOperationState_SignVerify,
- pData, ulDataLen, pSignature, pulSignatureLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_VerifyInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession,
- fwObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_Verify
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_Verify
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_Verify,
- NSSCKFWCryptoOperationState_SignVerify,
- pData, ulDataLen, pSignature, &ulSignatureLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_VerifyUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_DigestUpdate(fwSession,
- NSSCKFWCryptoOperationType_Verify,
- NSSCKFWCryptoOperationState_SignVerify,
- pPart, ulPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_VerifyFinal
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_Final(fwSession,
- NSSCKFWCryptoOperationType_Verify,
- NSSCKFWCryptoOperationState_SignVerify,
- pSignature, &ulSignatureLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_VerifyRecoverInit
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism,
- fwSession, fwObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_CLOSED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_VerifyRecover
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_VerifyRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateFinal(fwSession,
- NSSCKFWCryptoOperationType_VerifyRecover,
- NSSCKFWCryptoOperationState_SignVerify,
- pSignature, ulSignatureLen, pData, pulDataLen);
- if (CKR_OK == error) {
- return CKR_OK;
- }
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DigestEncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DigestEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateCombo(fwSession,
- NSSCKFWCryptoOperationType_Encrypt,
- NSSCKFWCryptoOperationType_Digest,
- NSSCKFWCryptoOperationState_Digest,
- pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DecryptDigestUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptDigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateCombo(fwSession,
- NSSCKFWCryptoOperationType_Decrypt,
- NSSCKFWCryptoOperationType_Digest,
- NSSCKFWCryptoOperationState_Digest,
- pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- case CKR_DATA_INVALID:
- error = CKR_ENCRYPTED_DATA_INVALID;
- break;
- case CKR_DATA_LEN_RANGE:
- error = CKR_ENCRYPTED_DATA_LEN_RANGE;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SignEncryptUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SignEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateCombo(fwSession,
- NSSCKFWCryptoOperationType_Encrypt,
- NSSCKFWCryptoOperationType_Sign,
- NSSCKFWCryptoOperationState_SignVerify,
- pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DecryptVerifyUpdate
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DecryptVerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- error = nssCKFWSession_UpdateCombo(fwSession,
- NSSCKFWCryptoOperationType_Decrypt,
- NSSCKFWCryptoOperationType_Verify,
- NSSCKFWCryptoOperationState_SignVerify,
- pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DATA_LEN_RANGE:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- case CKR_DATA_INVALID:
- error = CKR_ENCRYPTED_DATA_INVALID;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_GenerateKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- fwObject = nssCKFWMechanism_GenerateKey(
- fwMechanism,
- pMechanism,
- fwSession,
- pTemplate,
- ulCount,
- &error);
-
- nssCKFWMechanism_Destroy(fwMechanism);
- if (!fwObject) {
- goto loser;
- }
- *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_GenerateKeyPair
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateKeyPair
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwPrivateKeyObject;
- NSSCKFWObject *fwPublicKeyObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- error= nssCKFWMechanism_GenerateKeyPair(
- fwMechanism,
- pMechanism,
- fwSession,
- pPublicKeyTemplate,
- ulPublicKeyAttributeCount,
- pPublicKeyTemplate,
- ulPublicKeyAttributeCount,
- &fwPublicKeyObject,
- &fwPrivateKeyObject);
-
- nssCKFWMechanism_Destroy(fwMechanism);
- if (CKR_OK != error) {
- goto loser;
- }
- *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
- fwPublicKeyObject,
- &error);
- if (CKR_OK != error) {
- goto loser;
- }
- *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
- fwPrivateKeyObject,
- &error);
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_DOMAIN_PARAMS_INVALID:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_WrapKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_WrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwKeyObject;
- NSSCKFWObject *fwWrappingKeyObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
- NSSItem wrappedKey;
- CK_ULONG wrappedKeyLength = 0;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
- hWrappingKey);
- if (!fwWrappingKeyObject) {
- error = CKR_WRAPPING_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
- if (!fwKeyObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- /*
- * first get the length...
- */
- wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength(
- fwMechanism,
- pMechanism,
- fwSession,
- fwWrappingKeyObject,
- fwKeyObject,
- &error);
- if ((CK_ULONG) 0 == wrappedKeyLength) {
- nssCKFWMechanism_Destroy(fwMechanism);
- goto loser;
- }
- if ((CK_BYTE_PTR)NULL == pWrappedKey) {
- *pulWrappedKeyLen = wrappedKeyLength;
- nssCKFWMechanism_Destroy(fwMechanism);
- return CKR_OK;
- }
- if (wrappedKeyLength > *pulWrappedKeyLen) {
- *pulWrappedKeyLen = wrappedKeyLength;
- nssCKFWMechanism_Destroy(fwMechanism);
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
-
-
- wrappedKey.data = pWrappedKey;
- wrappedKey.size = wrappedKeyLength;
-
- error = nssCKFWMechanism_WrapKey(
- fwMechanism,
- pMechanism,
- fwSession,
- fwWrappingKeyObject,
- fwKeyObject,
- &wrappedKey);
-
- nssCKFWMechanism_Destroy(fwMechanism);
- *pulWrappedKeyLen = wrappedKey.size;
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_NOT_WRAPPABLE:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_UNEXTRACTABLE:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_WRAPPING_KEY_HANDLE_INVALID:
- case CKR_WRAPPING_KEY_SIZE_RANGE:
- case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
- break;
- case CKR_KEY_TYPE_INCONSISTENT:
- error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_UnwrapKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_UnwrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *fwWrappingKeyObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
- NSSItem wrappedKey;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
- hUnwrappingKey);
- if (!fwWrappingKeyObject) {
- error = CKR_WRAPPING_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- wrappedKey.data = pWrappedKey;
- wrappedKey.size = ulWrappedKeyLen;
-
- fwObject = nssCKFWMechanism_UnwrapKey(
- fwMechanism,
- pMechanism,
- fwSession,
- fwWrappingKeyObject,
- &wrappedKey,
- pTemplate,
- ulAttributeCount,
- &error);
-
- nssCKFWMechanism_Destroy(fwMechanism);
- if (!fwObject) {
- goto loser;
- }
- *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_DOMAIN_PARAMS_INVALID:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
- case CKR_UNWRAPPING_KEY_SIZE_RANGE:
- case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_WRAPPED_KEY_INVALID:
- case CKR_WRAPPED_KEY_LEN_RANGE:
- break;
- case CKR_KEY_HANDLE_INVALID:
- error = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
- break;
- case CKR_KEY_SIZE_RANGE:
- error = CKR_UNWRAPPING_KEY_SIZE_RANGE;
- break;
- case CKR_KEY_TYPE_INCONSISTENT:
- error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
- break;
- case CKR_ENCRYPTED_DATA_INVALID:
- error = CKR_WRAPPED_KEY_INVALID;
- break;
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- error = CKR_WRAPPED_KEY_LEN_RANGE;
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_DeriveKey
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_DeriveKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *fwBaseKeyObject;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken;
- NSSCKFWMechanism *fwMechanism;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey);
- if (!fwBaseKeyObject) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
- }
-
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR; /* should never happen! */
- goto loser;
- }
-
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
-
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
-
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
- if (!fwMechanism) {
- goto loser;
- }
-
- fwObject = nssCKFWMechanism_DeriveKey(
- fwMechanism,
- pMechanism,
- fwSession,
- fwBaseKeyObject,
- pTemplate,
- ulAttributeCount,
- &error);
-
- nssCKFWMechanism_Destroy(fwMechanism);
- if (!fwObject) {
- goto loser;
- }
- *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
-
- if (CKR_OK == error) {
- return CKR_OK;
- }
-
-loser:
- /* verify error */
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- case CKR_DOMAIN_PARAMS_INVALID:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_MECHANISM_INVALID:
- case CKR_MECHANISM_PARAM_INVALID:
- case CKR_OPERATION_ACTIVE:
- case CKR_PIN_EXPIRED:
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
- return error;
-}
-
-/*
- * NSSCKFWC_SeedRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_SeedRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem seed;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /* We could read through the buffer in a Purify trap */
-
- seed.size = (PRUint32)ulSeedLen;
- seed.data = (void *)pSeed;
-
- error = nssCKFWSession_SeedRandom(fwSession, &seed);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_RANDOM_SEED_NOT_SUPPORTED:
- case CKR_RANDOM_NO_RNG:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GenerateRandom
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GenerateRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen
-)
-{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem buffer;
-
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pRandomData, 0, ulRandomLen);
-
- buffer.size = (PRUint32)ulRandomLen;
- buffer.data = (void *)pRandomData;
-
- error = nssCKFWSession_GetRandom(fwSession, &buffer);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_CANCELED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_ACTIVE:
- case CKR_RANDOM_NO_RNG:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
-}
-
-/*
- * NSSCKFWC_GetFunctionStatus
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetFunctionStatus
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-/*
- * NSSCKFWC_CancelFunction
- *
- */
-NSS_IMPLEMENT CK_RV
-NSSCKFWC_CancelFunction
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
« no previous file with comments | « mozilla/security/nss/lib/ckfw/token.c ('k') | mozilla/security/nss/lib/cryptohi/cryptohi.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698