OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 | |
5 /* | |
6 * mechanism.c | |
7 * | |
8 * This file implements the NSSCKFWMechanism type and methods. | |
9 */ | |
10 | |
11 #ifndef CK_T | |
12 #include "ck.h" | |
13 #endif /* CK_T */ | |
14 | |
15 /* | |
16 * NSSCKFWMechanism | |
17 * | |
18 * -- create/destroy -- | |
19 * nssCKFWMechanism_Create | |
20 * nssCKFWMechanism_Destroy | |
21 * | |
22 * -- implement public accessors -- | |
23 * nssCKFWMechanism_GetMDMechanism | |
24 * nssCKFWMechanism_GetParameter | |
25 * | |
26 * -- private accessors -- | |
27 * | |
28 * -- module fronts -- | |
29 * nssCKFWMechanism_GetMinKeySize | |
30 * nssCKFWMechanism_GetMaxKeySize | |
31 * nssCKFWMechanism_GetInHardware | |
32 * nssCKFWMechanism_GetCanEncrypt | |
33 * nssCKFWMechanism_GetCanDecrypt | |
34 * nssCKFWMechanism_GetCanDigest | |
35 * nssCKFWMechanism_GetCanSign | |
36 * nssCKFWMechanism_GetCanSignRecover | |
37 * nssCKFWMechanism_GetCanVerify | |
38 * nssCKFWMechanism_GetCanGenerate | |
39 * nssCKFWMechanism_GetCanGenerateKeyPair | |
40 * nssCKFWMechanism_GetCanUnwrap | |
41 * nssCKFWMechanism_GetCanWrap | |
42 * nssCKFWMechanism_GetCanDerive | |
43 * nssCKFWMechanism_EncryptInit | |
44 * nssCKFWMechanism_DecryptInit | |
45 * nssCKFWMechanism_DigestInit | |
46 * nssCKFWMechanism_SignInit | |
47 * nssCKFWMechanism_VerifyInit | |
48 * nssCKFWMechanism_SignRecoverInit | |
49 * nssCKFWMechanism_VerifyRecoverInit | |
50 * nssCKFWMechanism_GenerateKey | |
51 * nssCKFWMechanism_GenerateKeyPair | |
52 * nssCKFWMechanism_GetWrapKeyLength | |
53 * nssCKFWMechanism_WrapKey | |
54 * nssCKFWMechanism_UnwrapKey | |
55 * nssCKFWMechanism_DeriveKey | |
56 */ | |
57 | |
58 struct NSSCKFWMechanismStr { | |
59 NSSCKMDMechanism *mdMechanism; | |
60 NSSCKMDToken *mdToken; | |
61 NSSCKFWToken *fwToken; | |
62 NSSCKMDInstance *mdInstance; | |
63 NSSCKFWInstance *fwInstance; | |
64 }; | |
65 | |
66 /* | |
67 * nssCKFWMechanism_Create | |
68 * | |
69 */ | |
70 NSS_IMPLEMENT NSSCKFWMechanism * | |
71 nssCKFWMechanism_Create( | |
72 NSSCKMDMechanism *mdMechanism, | |
73 NSSCKMDToken *mdToken, | |
74 NSSCKFWToken *fwToken, | |
75 NSSCKMDInstance *mdInstance, | |
76 NSSCKFWInstance *fwInstance) | |
77 { | |
78 NSSCKFWMechanism *fwMechanism; | |
79 | |
80 fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); | |
81 if (!fwMechanism) { | |
82 return (NSSCKFWMechanism *)NULL; | |
83 } | |
84 fwMechanism->mdMechanism = mdMechanism; | |
85 fwMechanism->mdToken = mdToken; | |
86 fwMechanism->fwToken = fwToken; | |
87 fwMechanism->mdInstance = mdInstance; | |
88 fwMechanism->fwInstance = fwInstance; | |
89 return fwMechanism; | |
90 } | |
91 | |
92 /* | |
93 * nssCKFWMechanism_Destroy | |
94 * | |
95 */ | |
96 NSS_IMPLEMENT void | |
97 nssCKFWMechanism_Destroy( | |
98 NSSCKFWMechanism *fwMechanism) | |
99 { | |
100 /* destroy any fw resources held by nssCKFWMechanism (currently none) */ | |
101 | |
102 if (!fwMechanism->mdMechanism->Destroy) { | |
103 /* destroys it's parent as well */ | |
104 fwMechanism->mdMechanism->Destroy( | |
105 fwMechanism->mdMechanism, | |
106 fwMechanism, | |
107 fwMechanism->mdInstance, | |
108 fwMechanism->fwInstance); | |
109 } | |
110 /* if the Destroy function wasn't supplied, then the mechanism is 'static', | |
111 * and there is nothing to destroy */ | |
112 return; | |
113 } | |
114 | |
115 /* | |
116 * nssCKFWMechanism_GetMDMechanism | |
117 * | |
118 */ | |
119 NSS_IMPLEMENT NSSCKMDMechanism * | |
120 nssCKFWMechanism_GetMDMechanism( | |
121 NSSCKFWMechanism *fwMechanism) | |
122 { | |
123 return fwMechanism->mdMechanism; | |
124 } | |
125 | |
126 /* | |
127 * nssCKFWMechanism_GetMinKeySize | |
128 * | |
129 */ | |
130 NSS_IMPLEMENT CK_ULONG | |
131 nssCKFWMechanism_GetMinKeySize( | |
132 NSSCKFWMechanism *fwMechanism, | |
133 CK_RV *pError) | |
134 { | |
135 if (!fwMechanism->mdMechanism->GetMinKeySize) { | |
136 return 0; | |
137 } | |
138 | |
139 return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, | |
140 fwMechanism, fwMechanism->mdT
oken, fwMechanism->fwToken, | |
141 fwMechanism->mdInstance, fwMe
chanism->fwInstance, pError); | |
142 } | |
143 | |
144 /* | |
145 * nssCKFWMechanism_GetMaxKeySize | |
146 * | |
147 */ | |
148 NSS_IMPLEMENT CK_ULONG | |
149 nssCKFWMechanism_GetMaxKeySize( | |
150 NSSCKFWMechanism *fwMechanism, | |
151 CK_RV *pError) | |
152 { | |
153 if (!fwMechanism->mdMechanism->GetMaxKeySize) { | |
154 return 0; | |
155 } | |
156 | |
157 return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, | |
158 fwMechanism, fwMechanism->mdT
oken, fwMechanism->fwToken, | |
159 fwMechanism->mdInstance, fwMe
chanism->fwInstance, pError); | |
160 } | |
161 | |
162 /* | |
163 * nssCKFWMechanism_GetInHardware | |
164 * | |
165 */ | |
166 NSS_IMPLEMENT CK_BBOOL | |
167 nssCKFWMechanism_GetInHardware( | |
168 NSSCKFWMechanism *fwMechanism, | |
169 CK_RV *pError) | |
170 { | |
171 if (!fwMechanism->mdMechanism->GetInHardware) { | |
172 return CK_FALSE; | |
173 } | |
174 | |
175 return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, | |
176 fwMechanism, fwMechanism->mdT
oken, fwMechanism->fwToken, | |
177 fwMechanism->mdInstance, fwMe
chanism->fwInstance, pError); | |
178 } | |
179 | |
180 /* | |
181 * the following are determined automatically by which of the cryptographic | |
182 * functions are defined for this mechanism. | |
183 */ | |
184 /* | |
185 * nssCKFWMechanism_GetCanEncrypt | |
186 * | |
187 */ | |
188 NSS_EXTERN CK_BBOOL | |
189 nssCKFWMechanism_GetCanEncrypt( | |
190 NSSCKFWMechanism *fwMechanism, | |
191 CK_RV *pError) | |
192 { | |
193 if (!fwMechanism->mdMechanism->EncryptInit) { | |
194 return CK_FALSE; | |
195 } | |
196 return CK_TRUE; | |
197 } | |
198 | |
199 /* | |
200 * nssCKFWMechanism_GetCanDecrypt | |
201 * | |
202 */ | |
203 NSS_EXTERN CK_BBOOL | |
204 nssCKFWMechanism_GetCanDecrypt( | |
205 NSSCKFWMechanism *fwMechanism, | |
206 CK_RV *pError) | |
207 { | |
208 if (!fwMechanism->mdMechanism->DecryptInit) { | |
209 return CK_FALSE; | |
210 } | |
211 return CK_TRUE; | |
212 } | |
213 | |
214 /* | |
215 * nssCKFWMechanism_GetCanDigest | |
216 * | |
217 */ | |
218 NSS_EXTERN CK_BBOOL | |
219 nssCKFWMechanism_GetCanDigest( | |
220 NSSCKFWMechanism *fwMechanism, | |
221 CK_RV *pError) | |
222 { | |
223 if (!fwMechanism->mdMechanism->DigestInit) { | |
224 return CK_FALSE; | |
225 } | |
226 return CK_TRUE; | |
227 } | |
228 | |
229 /* | |
230 * nssCKFWMechanism_GetCanSign | |
231 * | |
232 */ | |
233 NSS_EXTERN CK_BBOOL | |
234 nssCKFWMechanism_GetCanSign( | |
235 NSSCKFWMechanism *fwMechanism, | |
236 CK_RV *pError) | |
237 { | |
238 if (!fwMechanism->mdMechanism->SignInit) { | |
239 return CK_FALSE; | |
240 } | |
241 return CK_TRUE; | |
242 } | |
243 | |
244 /* | |
245 * nssCKFWMechanism_GetCanSignRecover | |
246 * | |
247 */ | |
248 NSS_EXTERN CK_BBOOL | |
249 nssCKFWMechanism_GetCanSignRecover( | |
250 NSSCKFWMechanism *fwMechanism, | |
251 CK_RV *pError) | |
252 { | |
253 if (!fwMechanism->mdMechanism->SignRecoverInit) { | |
254 return CK_FALSE; | |
255 } | |
256 return CK_TRUE; | |
257 } | |
258 | |
259 /* | |
260 * nssCKFWMechanism_GetCanVerify | |
261 * | |
262 */ | |
263 NSS_EXTERN CK_BBOOL | |
264 nssCKFWMechanism_GetCanVerify( | |
265 NSSCKFWMechanism *fwMechanism, | |
266 CK_RV *pError) | |
267 { | |
268 if (!fwMechanism->mdMechanism->VerifyInit) { | |
269 return CK_FALSE; | |
270 } | |
271 return CK_TRUE; | |
272 } | |
273 | |
274 /* | |
275 * nssCKFWMechanism_GetCanVerifyRecover | |
276 * | |
277 */ | |
278 NSS_EXTERN CK_BBOOL | |
279 nssCKFWMechanism_GetCanVerifyRecover( | |
280 NSSCKFWMechanism *fwMechanism, | |
281 CK_RV *pError) | |
282 { | |
283 if (!fwMechanism->mdMechanism->VerifyRecoverInit) { | |
284 return CK_FALSE; | |
285 } | |
286 return CK_TRUE; | |
287 } | |
288 | |
289 /* | |
290 * nssCKFWMechanism_GetCanGenerate | |
291 * | |
292 */ | |
293 NSS_EXTERN CK_BBOOL | |
294 nssCKFWMechanism_GetCanGenerate( | |
295 NSSCKFWMechanism *fwMechanism, | |
296 CK_RV *pError) | |
297 { | |
298 if (!fwMechanism->mdMechanism->GenerateKey) { | |
299 return CK_FALSE; | |
300 } | |
301 return CK_TRUE; | |
302 } | |
303 | |
304 /* | |
305 * nssCKFWMechanism_GetCanGenerateKeyPair | |
306 * | |
307 */ | |
308 NSS_EXTERN CK_BBOOL | |
309 nssCKFWMechanism_GetCanGenerateKeyPair( | |
310 NSSCKFWMechanism *fwMechanism, | |
311 CK_RV *pError) | |
312 { | |
313 if (!fwMechanism->mdMechanism->GenerateKeyPair) { | |
314 return CK_FALSE; | |
315 } | |
316 return CK_TRUE; | |
317 } | |
318 | |
319 /* | |
320 * nssCKFWMechanism_GetCanUnwrap | |
321 * | |
322 */ | |
323 NSS_EXTERN CK_BBOOL | |
324 nssCKFWMechanism_GetCanUnwrap( | |
325 NSSCKFWMechanism *fwMechanism, | |
326 CK_RV *pError) | |
327 { | |
328 if (!fwMechanism->mdMechanism->UnwrapKey) { | |
329 return CK_FALSE; | |
330 } | |
331 return CK_TRUE; | |
332 } | |
333 | |
334 /* | |
335 * nssCKFWMechanism_GetCanWrap | |
336 * | |
337 */ | |
338 NSS_EXTERN CK_BBOOL | |
339 nssCKFWMechanism_GetCanWrap( | |
340 NSSCKFWMechanism *fwMechanism, | |
341 CK_RV *pError) | |
342 { | |
343 if (!fwMechanism->mdMechanism->WrapKey) { | |
344 return CK_FALSE; | |
345 } | |
346 return CK_TRUE; | |
347 } | |
348 | |
349 /* | |
350 * nssCKFWMechanism_GetCanDerive | |
351 * | |
352 */ | |
353 NSS_EXTERN CK_BBOOL | |
354 nssCKFWMechanism_GetCanDerive( | |
355 NSSCKFWMechanism *fwMechanism, | |
356 CK_RV *pError) | |
357 { | |
358 if (!fwMechanism->mdMechanism->DeriveKey) { | |
359 return CK_FALSE; | |
360 } | |
361 return CK_TRUE; | |
362 } | |
363 | |
364 /* | |
365 * These are the actual crypto operations | |
366 */ | |
367 | |
368 /* | |
369 * nssCKFWMechanism_EncryptInit | |
370 * Start an encryption session. | |
371 */ | |
372 NSS_EXTERN CK_RV | |
373 nssCKFWMechanism_EncryptInit( | |
374 NSSCKFWMechanism *fwMechanism, | |
375 CK_MECHANISM *pMechanism, | |
376 NSSCKFWSession *fwSession, | |
377 NSSCKFWObject *fwObject) | |
378 { | |
379 NSSCKFWCryptoOperation *fwOperation; | |
380 NSSCKMDCryptoOperation *mdOperation; | |
381 NSSCKMDSession *mdSession; | |
382 NSSCKMDObject *mdObject; | |
383 CK_RV error = CKR_OK; | |
384 | |
385 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
386 NSSCKFWCryptoOperatio
nState_EncryptDecrypt); | |
387 if (fwOperation) { | |
388 return CKR_OPERATION_ACTIVE; | |
389 } | |
390 | |
391 if (!fwMechanism->mdMechanism->EncryptInit) { | |
392 return CKR_FUNCTION_FAILED; | |
393 } | |
394 | |
395 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
396 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
397 mdOperation = fwMechanism->mdMechanism->EncryptInit( | |
398 fwMechanism->mdMechanism, | |
399 fwMechanism, | |
400 pMechanism, | |
401 mdSession, | |
402 fwSession, | |
403 fwMechanism->mdToken, | |
404 fwMechanism->fwToken, | |
405 fwMechanism->mdInstance, | |
406 fwMechanism->fwInstance, | |
407 mdObject, | |
408 fwObject, | |
409 &error); | |
410 if (!mdOperation) { | |
411 goto loser; | |
412 } | |
413 | |
414 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
415 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
416 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
417 NSSCKFWCryptoOperationType_Encry
pt, &error); | |
418 if (fwOperation) { | |
419 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
420 NSSCKFWCryptoOperationState_Enc
ryptDecrypt); | |
421 } | |
422 | |
423 loser: | |
424 return error; | |
425 } | |
426 | |
427 /* | |
428 * nssCKFWMechanism_DecryptInit | |
429 * Start an encryption session. | |
430 */ | |
431 NSS_EXTERN CK_RV | |
432 nssCKFWMechanism_DecryptInit( | |
433 NSSCKFWMechanism *fwMechanism, | |
434 CK_MECHANISM *pMechanism, | |
435 NSSCKFWSession *fwSession, | |
436 NSSCKFWObject *fwObject) | |
437 { | |
438 NSSCKFWCryptoOperation *fwOperation; | |
439 NSSCKMDCryptoOperation *mdOperation; | |
440 NSSCKMDSession *mdSession; | |
441 NSSCKMDObject *mdObject; | |
442 CK_RV error = CKR_OK; | |
443 | |
444 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
445 NSSCKFWCryptoOperatio
nState_EncryptDecrypt); | |
446 if (fwOperation) { | |
447 return CKR_OPERATION_ACTIVE; | |
448 } | |
449 | |
450 if (!fwMechanism->mdMechanism->DecryptInit) { | |
451 return CKR_FUNCTION_FAILED; | |
452 } | |
453 | |
454 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
455 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
456 mdOperation = fwMechanism->mdMechanism->DecryptInit( | |
457 fwMechanism->mdMechanism, | |
458 fwMechanism, | |
459 pMechanism, | |
460 mdSession, | |
461 fwSession, | |
462 fwMechanism->mdToken, | |
463 fwMechanism->fwToken, | |
464 fwMechanism->mdInstance, | |
465 fwMechanism->fwInstance, | |
466 mdObject, | |
467 fwObject, | |
468 &error); | |
469 if (!mdOperation) { | |
470 goto loser; | |
471 } | |
472 | |
473 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
474 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
475 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
476 NSSCKFWCryptoOperationType_Decry
pt, &error); | |
477 if (fwOperation) { | |
478 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
479 NSSCKFWCryptoOperationState_Enc
ryptDecrypt); | |
480 } | |
481 | |
482 loser: | |
483 return error; | |
484 } | |
485 | |
486 /* | |
487 * nssCKFWMechanism_DigestInit | |
488 * Start an encryption session. | |
489 */ | |
490 NSS_EXTERN CK_RV | |
491 nssCKFWMechanism_DigestInit( | |
492 NSSCKFWMechanism *fwMechanism, | |
493 CK_MECHANISM *pMechanism, | |
494 NSSCKFWSession *fwSession) | |
495 { | |
496 NSSCKFWCryptoOperation *fwOperation; | |
497 NSSCKMDCryptoOperation *mdOperation; | |
498 NSSCKMDSession *mdSession; | |
499 CK_RV error = CKR_OK; | |
500 | |
501 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
502 NSSCKFWCryptoOperatio
nState_Digest); | |
503 if (fwOperation) { | |
504 return CKR_OPERATION_ACTIVE; | |
505 } | |
506 | |
507 if (!fwMechanism->mdMechanism->DigestInit) { | |
508 return CKR_FUNCTION_FAILED; | |
509 } | |
510 | |
511 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
512 mdOperation = fwMechanism->mdMechanism->DigestInit( | |
513 fwMechanism->mdMechanism, | |
514 fwMechanism, | |
515 pMechanism, | |
516 mdSession, | |
517 fwSession, | |
518 fwMechanism->mdToken, | |
519 fwMechanism->fwToken, | |
520 fwMechanism->mdInstance, | |
521 fwMechanism->fwInstance, | |
522 &error); | |
523 if (!mdOperation) { | |
524 goto loser; | |
525 } | |
526 | |
527 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
528 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
529 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
530 NSSCKFWCryptoOperationType_Diges
t, &error); | |
531 if (fwOperation) { | |
532 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
533 NSSCKFWCryptoOperationState_Dig
est); | |
534 } | |
535 | |
536 loser: | |
537 return error; | |
538 } | |
539 | |
540 /* | |
541 * nssCKFWMechanism_SignInit | |
542 * Start an encryption session. | |
543 */ | |
544 NSS_EXTERN CK_RV | |
545 nssCKFWMechanism_SignInit( | |
546 NSSCKFWMechanism *fwMechanism, | |
547 CK_MECHANISM *pMechanism, | |
548 NSSCKFWSession *fwSession, | |
549 NSSCKFWObject *fwObject) | |
550 { | |
551 NSSCKFWCryptoOperation *fwOperation; | |
552 NSSCKMDCryptoOperation *mdOperation; | |
553 NSSCKMDSession *mdSession; | |
554 NSSCKMDObject *mdObject; | |
555 CK_RV error = CKR_OK; | |
556 | |
557 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
558 NSSCKFWCryptoOperatio
nState_SignVerify); | |
559 if (fwOperation) { | |
560 return CKR_OPERATION_ACTIVE; | |
561 } | |
562 | |
563 if (!fwMechanism->mdMechanism->SignInit) { | |
564 return CKR_FUNCTION_FAILED; | |
565 } | |
566 | |
567 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
568 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
569 mdOperation = fwMechanism->mdMechanism->SignInit( | |
570 fwMechanism->mdMechanism, | |
571 fwMechanism, | |
572 pMechanism, | |
573 mdSession, | |
574 fwSession, | |
575 fwMechanism->mdToken, | |
576 fwMechanism->fwToken, | |
577 fwMechanism->mdInstance, | |
578 fwMechanism->fwInstance, | |
579 mdObject, | |
580 fwObject, | |
581 &error); | |
582 if (!mdOperation) { | |
583 goto loser; | |
584 } | |
585 | |
586 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
587 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
588 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
589 NSSCKFWCryptoOperationType_Sign,
&error); | |
590 if (fwOperation) { | |
591 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
592 NSSCKFWCryptoOperationState_Sig
nVerify); | |
593 } | |
594 | |
595 loser: | |
596 return error; | |
597 } | |
598 | |
599 /* | |
600 * nssCKFWMechanism_VerifyInit | |
601 * Start an encryption session. | |
602 */ | |
603 NSS_EXTERN CK_RV | |
604 nssCKFWMechanism_VerifyInit( | |
605 NSSCKFWMechanism *fwMechanism, | |
606 CK_MECHANISM *pMechanism, | |
607 NSSCKFWSession *fwSession, | |
608 NSSCKFWObject *fwObject) | |
609 { | |
610 NSSCKFWCryptoOperation *fwOperation; | |
611 NSSCKMDCryptoOperation *mdOperation; | |
612 NSSCKMDSession *mdSession; | |
613 NSSCKMDObject *mdObject; | |
614 CK_RV error = CKR_OK; | |
615 | |
616 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
617 NSSCKFWCryptoOperatio
nState_SignVerify); | |
618 if (fwOperation) { | |
619 return CKR_OPERATION_ACTIVE; | |
620 } | |
621 | |
622 if (!fwMechanism->mdMechanism->VerifyInit) { | |
623 return CKR_FUNCTION_FAILED; | |
624 } | |
625 | |
626 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
627 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
628 mdOperation = fwMechanism->mdMechanism->VerifyInit( | |
629 fwMechanism->mdMechanism, | |
630 fwMechanism, | |
631 pMechanism, | |
632 mdSession, | |
633 fwSession, | |
634 fwMechanism->mdToken, | |
635 fwMechanism->fwToken, | |
636 fwMechanism->mdInstance, | |
637 fwMechanism->fwInstance, | |
638 mdObject, | |
639 fwObject, | |
640 &error); | |
641 if (!mdOperation) { | |
642 goto loser; | |
643 } | |
644 | |
645 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
646 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
647 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
648 NSSCKFWCryptoOperationType_Verif
y, &error); | |
649 if (fwOperation) { | |
650 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
651 NSSCKFWCryptoOperationState_Sig
nVerify); | |
652 } | |
653 | |
654 loser: | |
655 return error; | |
656 } | |
657 | |
658 /* | |
659 * nssCKFWMechanism_SignRecoverInit | |
660 * Start an encryption session. | |
661 */ | |
662 NSS_EXTERN CK_RV | |
663 nssCKFWMechanism_SignRecoverInit( | |
664 NSSCKFWMechanism *fwMechanism, | |
665 CK_MECHANISM *pMechanism, | |
666 NSSCKFWSession *fwSession, | |
667 NSSCKFWObject *fwObject) | |
668 { | |
669 NSSCKFWCryptoOperation *fwOperation; | |
670 NSSCKMDCryptoOperation *mdOperation; | |
671 NSSCKMDSession *mdSession; | |
672 NSSCKMDObject *mdObject; | |
673 CK_RV error = CKR_OK; | |
674 | |
675 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
676 NSSCKFWCryptoOperatio
nState_SignVerify); | |
677 if (fwOperation) { | |
678 return CKR_OPERATION_ACTIVE; | |
679 } | |
680 | |
681 if (!fwMechanism->mdMechanism->SignRecoverInit) { | |
682 return CKR_FUNCTION_FAILED; | |
683 } | |
684 | |
685 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
686 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
687 mdOperation = fwMechanism->mdMechanism->SignRecoverInit( | |
688 fwMechanism->mdMechanism, | |
689 fwMechanism, | |
690 pMechanism, | |
691 mdSession, | |
692 fwSession, | |
693 fwMechanism->mdToken, | |
694 fwMechanism->fwToken, | |
695 fwMechanism->mdInstance, | |
696 fwMechanism->fwInstance, | |
697 mdObject, | |
698 fwObject, | |
699 &error); | |
700 if (!mdOperation) { | |
701 goto loser; | |
702 } | |
703 | |
704 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
705 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
706 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
707 NSSCKFWCryptoOperationType_SignR
ecover, &error); | |
708 if (fwOperation) { | |
709 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
710 NSSCKFWCryptoOperationState_Sig
nVerify); | |
711 } | |
712 | |
713 loser: | |
714 return error; | |
715 } | |
716 | |
717 /* | |
718 * nssCKFWMechanism_VerifyRecoverInit | |
719 * Start an encryption session. | |
720 */ | |
721 NSS_EXTERN CK_RV | |
722 nssCKFWMechanism_VerifyRecoverInit( | |
723 NSSCKFWMechanism *fwMechanism, | |
724 CK_MECHANISM *pMechanism, | |
725 NSSCKFWSession *fwSession, | |
726 NSSCKFWObject *fwObject) | |
727 { | |
728 NSSCKFWCryptoOperation *fwOperation; | |
729 NSSCKMDCryptoOperation *mdOperation; | |
730 NSSCKMDSession *mdSession; | |
731 NSSCKMDObject *mdObject; | |
732 CK_RV error = CKR_OK; | |
733 | |
734 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, | |
735 NSSCKFWCryptoOperatio
nState_SignVerify); | |
736 if (fwOperation) { | |
737 return CKR_OPERATION_ACTIVE; | |
738 } | |
739 | |
740 if (!fwMechanism->mdMechanism->VerifyRecoverInit) { | |
741 return CKR_FUNCTION_FAILED; | |
742 } | |
743 | |
744 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
745 mdObject = nssCKFWObject_GetMDObject(fwObject); | |
746 mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( | |
747 fwMechanism->mdMechanism, | |
748 fwMechanism, | |
749 pMechanism, | |
750 mdSession, | |
751 fwSession, | |
752 fwMechanism->mdToken, | |
753 fwMechanism->fwToken, | |
754 fwMechanism->mdInstance, | |
755 fwMechanism->fwInstance, | |
756 mdObject, | |
757 fwObject, | |
758 &error); | |
759 if (!mdOperation) { | |
760 goto loser; | |
761 } | |
762 | |
763 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, | |
764 mdSession, fwSession, fwMechanis
m->mdToken, fwMechanism->fwToken, | |
765 fwMechanism->mdInstance, fwMecha
nism->fwInstance, | |
766 NSSCKFWCryptoOperationType_Verif
yRecover, &error); | |
767 if (fwOperation) { | |
768 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, | |
769 NSSCKFWCryptoOperationState_Sig
nVerify); | |
770 } | |
771 | |
772 loser: | |
773 return error; | |
774 } | |
775 | |
776 /* | |
777 * nssCKFWMechanism_GenerateKey | |
778 */ | |
779 NSS_EXTERN NSSCKFWObject * | |
780 nssCKFWMechanism_GenerateKey( | |
781 NSSCKFWMechanism *fwMechanism, | |
782 CK_MECHANISM_PTR pMechanism, | |
783 NSSCKFWSession *fwSession, | |
784 CK_ATTRIBUTE_PTR pTemplate, | |
785 CK_ULONG ulAttributeCount, | |
786 CK_RV *pError) | |
787 { | |
788 NSSCKMDSession *mdSession; | |
789 NSSCKMDObject *mdObject; | |
790 NSSCKFWObject *fwObject = NULL; | |
791 NSSArena *arena; | |
792 | |
793 if (!fwMechanism->mdMechanism->GenerateKey) { | |
794 *pError = CKR_FUNCTION_FAILED; | |
795 return (NSSCKFWObject *)NULL; | |
796 } | |
797 | |
798 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); | |
799 if (!arena) { | |
800 if (CKR_OK == *pError) { | |
801 *pError = CKR_GENERAL_ERROR; | |
802 } | |
803 return (NSSCKFWObject *)NULL; | |
804 } | |
805 | |
806 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
807 mdObject = fwMechanism->mdMechanism->GenerateKey( | |
808 fwMechanism->mdMechanism, | |
809 fwMechanism, | |
810 pMechanism, | |
811 mdSession, | |
812 fwSession, | |
813 fwMechanism->mdToken, | |
814 fwMechanism->fwToken, | |
815 fwMechanism->mdInstance, | |
816 fwMechanism->fwInstance, | |
817 pTemplate, | |
818 ulAttributeCount, | |
819 pError); | |
820 | |
821 if (!mdObject) { | |
822 return (NSSCKFWObject *)NULL; | |
823 } | |
824 | |
825 fwObject = nssCKFWObject_Create(arena, mdObject, | |
826 fwSession, fwMechanism->fwToken, fwMechanism
->fwInstance, pError); | |
827 | |
828 return fwObject; | |
829 } | |
830 | |
831 /* | |
832 * nssCKFWMechanism_GenerateKeyPair | |
833 */ | |
834 NSS_EXTERN CK_RV | |
835 nssCKFWMechanism_GenerateKeyPair( | |
836 NSSCKFWMechanism *fwMechanism, | |
837 CK_MECHANISM_PTR pMechanism, | |
838 NSSCKFWSession *fwSession, | |
839 CK_ATTRIBUTE_PTR pPublicKeyTemplate, | |
840 CK_ULONG ulPublicKeyAttributeCount, | |
841 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, | |
842 CK_ULONG ulPrivateKeyAttributeCount, | |
843 NSSCKFWObject **fwPublicKeyObject, | |
844 NSSCKFWObject **fwPrivateKeyObject) | |
845 { | |
846 NSSCKMDSession *mdSession; | |
847 NSSCKMDObject *mdPublicKeyObject; | |
848 NSSCKMDObject *mdPrivateKeyObject; | |
849 NSSArena *arena; | |
850 CK_RV error = CKR_OK; | |
851 | |
852 if (!fwMechanism->mdMechanism->GenerateKeyPair) { | |
853 return CKR_FUNCTION_FAILED; | |
854 } | |
855 | |
856 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); | |
857 if (!arena) { | |
858 if (CKR_OK == error) { | |
859 error = CKR_GENERAL_ERROR; | |
860 } | |
861 return error; | |
862 } | |
863 | |
864 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
865 error = fwMechanism->mdMechanism->GenerateKeyPair( | |
866 fwMechanism->mdMechanism, | |
867 fwMechanism, | |
868 pMechanism, | |
869 mdSession, | |
870 fwSession, | |
871 fwMechanism->mdToken, | |
872 fwMechanism->fwToken, | |
873 fwMechanism->mdInstance, | |
874 fwMechanism->fwInstance, | |
875 pPublicKeyTemplate, | |
876 ulPublicKeyAttributeCount, | |
877 pPrivateKeyTemplate, | |
878 ulPrivateKeyAttributeCount, | |
879 &mdPublicKeyObject, | |
880 &mdPrivateKeyObject); | |
881 | |
882 if (CKR_OK != error) { | |
883 return error; | |
884 } | |
885 | |
886 *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, | |
887 fwSession, fwMechanism->fwToken, f
wMechanism->fwInstance, &error); | |
888 if (!*fwPublicKeyObject) { | |
889 return error; | |
890 } | |
891 *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, | |
892 fwSession, fwMechanism->fwToken,
fwMechanism->fwInstance, &error); | |
893 | |
894 return error; | |
895 } | |
896 | |
897 /* | |
898 * nssCKFWMechanism_GetWrapKeyLength | |
899 */ | |
900 NSS_EXTERN CK_ULONG | |
901 nssCKFWMechanism_GetWrapKeyLength( | |
902 NSSCKFWMechanism *fwMechanism, | |
903 CK_MECHANISM_PTR pMechanism, | |
904 NSSCKFWSession *fwSession, | |
905 NSSCKFWObject *fwWrappingKeyObject, | |
906 NSSCKFWObject *fwKeyObject, | |
907 CK_RV *pError) | |
908 { | |
909 NSSCKMDSession *mdSession; | |
910 NSSCKMDObject *mdWrappingKeyObject; | |
911 NSSCKMDObject *mdKeyObject; | |
912 | |
913 if (!fwMechanism->mdMechanism->WrapKey) { | |
914 *pError = CKR_FUNCTION_FAILED; | |
915 return (CK_ULONG)0; | |
916 } | |
917 | |
918 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
919 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); | |
920 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); | |
921 return fwMechanism->mdMechanism->GetWrapKeyLength( | |
922 fwMechanism->mdMechanism, | |
923 fwMechanism, | |
924 pMechanism, | |
925 mdSession, | |
926 fwSession, | |
927 fwMechanism->mdToken, | |
928 fwMechanism->fwToken, | |
929 fwMechanism->mdInstance, | |
930 fwMechanism->fwInstance, | |
931 mdWrappingKeyObject, | |
932 fwWrappingKeyObject, | |
933 mdKeyObject, | |
934 fwKeyObject, | |
935 pError); | |
936 } | |
937 | |
938 /* | |
939 * nssCKFWMechanism_WrapKey | |
940 */ | |
941 NSS_EXTERN CK_RV | |
942 nssCKFWMechanism_WrapKey( | |
943 NSSCKFWMechanism *fwMechanism, | |
944 CK_MECHANISM_PTR pMechanism, | |
945 NSSCKFWSession *fwSession, | |
946 NSSCKFWObject *fwWrappingKeyObject, | |
947 NSSCKFWObject *fwKeyObject, | |
948 NSSItem *wrappedKey) | |
949 { | |
950 NSSCKMDSession *mdSession; | |
951 NSSCKMDObject *mdWrappingKeyObject; | |
952 NSSCKMDObject *mdKeyObject; | |
953 | |
954 if (!fwMechanism->mdMechanism->WrapKey) { | |
955 return CKR_FUNCTION_FAILED; | |
956 } | |
957 | |
958 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
959 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); | |
960 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); | |
961 return fwMechanism->mdMechanism->WrapKey( | |
962 fwMechanism->mdMechanism, | |
963 fwMechanism, | |
964 pMechanism, | |
965 mdSession, | |
966 fwSession, | |
967 fwMechanism->mdToken, | |
968 fwMechanism->fwToken, | |
969 fwMechanism->mdInstance, | |
970 fwMechanism->fwInstance, | |
971 mdWrappingKeyObject, | |
972 fwWrappingKeyObject, | |
973 mdKeyObject, | |
974 fwKeyObject, | |
975 wrappedKey); | |
976 } | |
977 | |
978 /* | |
979 * nssCKFWMechanism_UnwrapKey | |
980 */ | |
981 NSS_EXTERN NSSCKFWObject * | |
982 nssCKFWMechanism_UnwrapKey( | |
983 NSSCKFWMechanism *fwMechanism, | |
984 CK_MECHANISM_PTR pMechanism, | |
985 NSSCKFWSession *fwSession, | |
986 NSSCKFWObject *fwWrappingKeyObject, | |
987 NSSItem *wrappedKey, | |
988 CK_ATTRIBUTE_PTR pTemplate, | |
989 CK_ULONG ulAttributeCount, | |
990 CK_RV *pError) | |
991 { | |
992 NSSCKMDSession *mdSession; | |
993 NSSCKMDObject *mdObject; | |
994 NSSCKMDObject *mdWrappingKeyObject; | |
995 NSSCKFWObject *fwObject = NULL; | |
996 NSSArena *arena; | |
997 | |
998 if (!fwMechanism->mdMechanism->UnwrapKey) { | |
999 /* we could simulate UnwrapKey using Decrypt and Create object, but | |
1000 * 1) it's not clear that would work well, and 2) the low level token | |
1001 * may want to restrict unwrap key for a reason, so just fail it it | |
1002 * can't be done */ | |
1003 *pError = CKR_FUNCTION_FAILED; | |
1004 return (NSSCKFWObject *)NULL; | |
1005 } | |
1006 | |
1007 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); | |
1008 if (!arena) { | |
1009 if (CKR_OK == *pError) { | |
1010 *pError = CKR_GENERAL_ERROR; | |
1011 } | |
1012 return (NSSCKFWObject *)NULL; | |
1013 } | |
1014 | |
1015 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
1016 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); | |
1017 mdObject = fwMechanism->mdMechanism->UnwrapKey( | |
1018 fwMechanism->mdMechanism, | |
1019 fwMechanism, | |
1020 pMechanism, | |
1021 mdSession, | |
1022 fwSession, | |
1023 fwMechanism->mdToken, | |
1024 fwMechanism->fwToken, | |
1025 fwMechanism->mdInstance, | |
1026 fwMechanism->fwInstance, | |
1027 mdWrappingKeyObject, | |
1028 fwWrappingKeyObject, | |
1029 wrappedKey, | |
1030 pTemplate, | |
1031 ulAttributeCount, | |
1032 pError); | |
1033 | |
1034 if (!mdObject) { | |
1035 return (NSSCKFWObject *)NULL; | |
1036 } | |
1037 | |
1038 fwObject = nssCKFWObject_Create(arena, mdObject, | |
1039 fwSession, fwMechanism->fwToken, fwMechanism
->fwInstance, pError); | |
1040 | |
1041 return fwObject; | |
1042 } | |
1043 | |
1044 /* | |
1045 * nssCKFWMechanism_DeriveKey | |
1046 */ | |
1047 NSS_EXTERN NSSCKFWObject * | |
1048 nssCKFWMechanism_DeriveKey( | |
1049 NSSCKFWMechanism *fwMechanism, | |
1050 CK_MECHANISM_PTR pMechanism, | |
1051 NSSCKFWSession *fwSession, | |
1052 NSSCKFWObject *fwBaseKeyObject, | |
1053 CK_ATTRIBUTE_PTR pTemplate, | |
1054 CK_ULONG ulAttributeCount, | |
1055 CK_RV *pError) | |
1056 { | |
1057 NSSCKMDSession *mdSession; | |
1058 NSSCKMDObject *mdObject; | |
1059 NSSCKMDObject *mdBaseKeyObject; | |
1060 NSSCKFWObject *fwObject = NULL; | |
1061 NSSArena *arena; | |
1062 | |
1063 if (!fwMechanism->mdMechanism->DeriveKey) { | |
1064 *pError = CKR_FUNCTION_FAILED; | |
1065 return (NSSCKFWObject *)NULL; | |
1066 } | |
1067 | |
1068 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); | |
1069 if (!arena) { | |
1070 if (CKR_OK == *pError) { | |
1071 *pError = CKR_GENERAL_ERROR; | |
1072 } | |
1073 return (NSSCKFWObject *)NULL; | |
1074 } | |
1075 | |
1076 mdSession = nssCKFWSession_GetMDSession(fwSession); | |
1077 mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); | |
1078 mdObject = fwMechanism->mdMechanism->DeriveKey( | |
1079 fwMechanism->mdMechanism, | |
1080 fwMechanism, | |
1081 pMechanism, | |
1082 mdSession, | |
1083 fwSession, | |
1084 fwMechanism->mdToken, | |
1085 fwMechanism->fwToken, | |
1086 fwMechanism->mdInstance, | |
1087 fwMechanism->fwInstance, | |
1088 mdBaseKeyObject, | |
1089 fwBaseKeyObject, | |
1090 pTemplate, | |
1091 ulAttributeCount, | |
1092 pError); | |
1093 | |
1094 if (!mdObject) { | |
1095 return (NSSCKFWObject *)NULL; | |
1096 } | |
1097 | |
1098 fwObject = nssCKFWObject_Create(arena, mdObject, | |
1099 fwSession, fwMechanism->fwToken, fwMechanism
->fwInstance, pError); | |
1100 | |
1101 return fwObject; | |
1102 } | |
OLD | NEW |