OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 /* | |
5 * This file implements PKCS 11 on top of our existing security modules | |
6 * | |
7 * For more information about PKCS 11 See PKCS 11 Token Inteface Standard. | |
8 * This implementation has two slots: | |
9 * slot 1 is our generic crypto support. It does not require login | |
10 * (unless you've enabled FIPS). It supports Public Key ops, and all they | |
11 * bulk ciphers and hashes. It can also support Private Key ops for imported | |
12 * Private keys. It does not have any token storage. | |
13 * slot 2 is our private key support. It requires a login before use. It | |
14 * can store Private Keys and Certs as token objects. Currently only private | |
15 * keys and their associated Certificates are saved on the token. | |
16 * | |
17 * In this implementation, session objects are only visible to the session | |
18 * that created or generated them. | |
19 */ | |
20 #include "seccomon.h" | |
21 #include "softoken.h" | |
22 #include "lowkeyi.h" | |
23 #include "pkcs11.h" | |
24 #include "pkcs11i.h" | |
25 #include "prenv.h" | |
26 #include "prprf.h" | |
27 | |
28 #include <ctype.h> | |
29 | |
30 #ifdef XP_UNIX | |
31 #define NSS_AUDIT_WITH_SYSLOG 1 | |
32 #include <syslog.h> | |
33 #include <unistd.h> | |
34 #endif | |
35 | |
36 #ifdef LINUX | |
37 #include <pthread.h> | |
38 #include <dlfcn.h> | |
39 #define LIBAUDIT_NAME "libaudit.so.0" | |
40 #ifndef AUDIT_CRYPTO_TEST_USER | |
41 #define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */ | |
42 #define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */ | |
43 #define AUDIT_CRYPTO_LOGIN 2402 /* Logged in as crypto officer */ | |
44 #define AUDIT_CRYPTO_LOGOUT 2403 /* Logged out from crypto */ | |
45 #define AUDIT_CRYPTO_KEY_USER 2404 /* Create,delete,negotiate */ | |
46 #define AUDIT_CRYPTO_FAILURE_USER 2405 /* Fail decrypt,encrypt,randomize *
/ | |
47 #endif | |
48 static void *libaudit_handle; | |
49 static int (*audit_open_func)(void); | |
50 static void (*audit_close_func)(int fd); | |
51 static int (*audit_log_user_message_func)(int audit_fd, int type, | |
52 const char *message, const char *hostname, const char *addr, | |
53 const char *tty, int result); | |
54 static int (*audit_send_user_message_func)(int fd, int type, | |
55 const char *message); | |
56 | |
57 static pthread_once_t libaudit_once_control = PTHREAD_ONCE_INIT; | |
58 | |
59 static void | |
60 libaudit_init(void) | |
61 { | |
62 libaudit_handle = dlopen(LIBAUDIT_NAME, RTLD_LAZY); | |
63 if (!libaudit_handle) { | |
64 return; | |
65 } | |
66 audit_open_func = dlsym(libaudit_handle, "audit_open"); | |
67 audit_close_func = dlsym(libaudit_handle, "audit_close"); | |
68 /* | |
69 * audit_send_user_message is the older function. | |
70 * audit_log_user_message, if available, is preferred. | |
71 */ | |
72 audit_log_user_message_func = dlsym(libaudit_handle, | |
73 "audit_log_user_message"); | |
74 if (!audit_log_user_message_func) { | |
75 audit_send_user_message_func = dlsym(libaudit_handle, | |
76 "audit_send_user_message"); | |
77 } | |
78 if (!audit_open_func || !audit_close_func || | |
79 (!audit_log_user_message_func && !audit_send_user_message_func)) { | |
80 dlclose(libaudit_handle); | |
81 libaudit_handle = NULL; | |
82 audit_open_func = NULL; | |
83 audit_close_func = NULL; | |
84 audit_log_user_message_func = NULL; | |
85 audit_send_user_message_func = NULL; | |
86 } | |
87 } | |
88 #endif /* LINUX */ | |
89 | |
90 | |
91 /* | |
92 * ******************** Password Utilities ******************************* | |
93 */ | |
94 static PRBool isLoggedIn = PR_FALSE; | |
95 PRBool sftk_fatalError = PR_FALSE; | |
96 | |
97 /* | |
98 * This function returns | |
99 * - CKR_PIN_INVALID if the password/PIN is not a legal UTF8 string | |
100 * - CKR_PIN_LEN_RANGE if the password/PIN is too short or does not | |
101 * consist of characters from three or more character classes. | |
102 * - CKR_OK otherwise | |
103 * | |
104 * The minimum password/PIN length is FIPS_MIN_PIN Unicode characters. | |
105 * We define five character classes: digits (0-9), ASCII lowercase letters, | |
106 * ASCII uppercase letters, ASCII non-alphanumeric characters (such as | |
107 * space and punctuation marks), and non-ASCII characters. If an ASCII | |
108 * uppercase letter is the first character of the password/PIN, the | |
109 * uppercase letter is not counted toward its character class. Similarly, | |
110 * if a digit is the last character of the password/PIN, the digit is not | |
111 * counted toward its character class. | |
112 * | |
113 * Although NSC_SetPIN and NSC_InitPIN already do the maximum and minimum | |
114 * password/PIN length checks, they check the length in bytes as opposed | |
115 * to characters. To meet the minimum password/PIN guessing probability | |
116 * requirements in FIPS 140-2, we need to check the length in characters. | |
117 */ | |
118 static CK_RV sftk_newPinCheck(CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { | |
119 unsigned int i; | |
120 int nchar = 0; /* number of characters */ | |
121 int ntrail = 0; /* number of trailing bytes to follow */ | |
122 int ndigit = 0; /* number of decimal digits */ | |
123 int nlower = 0; /* number of ASCII lowercase letters */ | |
124 int nupper = 0; /* number of ASCII uppercase letters */ | |
125 int nnonalnum = 0; /* number of ASCII non-alphanumeric characters */ | |
126 int nnonascii = 0; /* number of non-ASCII characters */ | |
127 int nclass; /* number of character classes */ | |
128 | |
129 for (i = 0; i < ulPinLen; i++) { | |
130 unsigned int byte = pPin[i]; | |
131 | |
132 if (ntrail) { | |
133 if ((byte & 0xc0) != 0x80) { | |
134 /* illegal */ | |
135 nchar = -1; | |
136 break; | |
137 } | |
138 if (--ntrail == 0) { | |
139 nchar++; | |
140 nnonascii++; | |
141 } | |
142 continue; | |
143 } | |
144 if ((byte & 0x80) == 0x00) { | |
145 /* single-byte (ASCII) character */ | |
146 nchar++; | |
147 if (isdigit(byte)) { | |
148 if (i < ulPinLen - 1) { | |
149 ndigit++; | |
150 } | |
151 } else if (islower(byte)) { | |
152 nlower++; | |
153 } else if (isupper(byte)) { | |
154 if (i > 0) { | |
155 nupper++; | |
156 } | |
157 } else { | |
158 nnonalnum++; | |
159 } | |
160 } else if ((byte & 0xe0) == 0xc0) { | |
161 /* leading byte of two-byte character */ | |
162 ntrail = 1; | |
163 } else if ((byte & 0xf0) == 0xe0) { | |
164 /* leading byte of three-byte character */ | |
165 ntrail = 2; | |
166 } else if ((byte & 0xf8) == 0xf0) { | |
167 /* leading byte of four-byte character */ | |
168 ntrail = 3; | |
169 } else { | |
170 /* illegal */ | |
171 nchar = -1; | |
172 break; | |
173 } | |
174 } | |
175 if (nchar == -1) { | |
176 /* illegal UTF8 string */ | |
177 return CKR_PIN_INVALID; | |
178 } | |
179 if (nchar < FIPS_MIN_PIN) { | |
180 return CKR_PIN_LEN_RANGE; | |
181 } | |
182 nclass = (ndigit != 0) + (nlower != 0) + (nupper != 0) + | |
183 (nnonalnum != 0) + (nnonascii != 0); | |
184 if (nclass < 3) { | |
185 return CKR_PIN_LEN_RANGE; | |
186 } | |
187 return CKR_OK; | |
188 } | |
189 | |
190 | |
191 /* FIPS required checks before any useful cryptographic services */ | |
192 static CK_RV sftk_fipsCheck(void) { | |
193 if (sftk_fatalError) | |
194 return CKR_DEVICE_ERROR; | |
195 if (!isLoggedIn) | |
196 return CKR_USER_NOT_LOGGED_IN; | |
197 return CKR_OK; | |
198 } | |
199 | |
200 | |
201 #define SFTK_FIPSCHECK() \ | |
202 CK_RV rv; \ | |
203 if ((rv = sftk_fipsCheck()) != CKR_OK) return rv; | |
204 | |
205 #define SFTK_FIPSFATALCHECK() \ | |
206 if (sftk_fatalError) return CKR_DEVICE_ERROR; | |
207 | |
208 | |
209 /* grab an attribute out of a raw template */ | |
210 void * | |
211 fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate, | |
212 CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type) | |
213 { | |
214 int i; | |
215 | |
216 for (i=0; i < (int) ulCount; i++) { | |
217 if (pTemplate[i].type == type) { | |
218 return pTemplate[i].pValue; | |
219 } | |
220 } | |
221 return NULL; | |
222 } | |
223 | |
224 | |
225 #define __PASTE(x,y) x##y | |
226 | |
227 /* ------------- forward declare all the NSC_ functions ------------- */ | |
228 #undef CK_NEED_ARG_LIST | |
229 #undef CK_PKCS11_FUNCTION_INFO | |
230 | |
231 #define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS,name) | |
232 #define CK_NEED_ARG_LIST 1 | |
233 | |
234 #include "pkcs11f.h" | |
235 | |
236 /* ------------- forward declare all the FIPS functions ------------- */ | |
237 #undef CK_NEED_ARG_LIST | |
238 #undef CK_PKCS11_FUNCTION_INFO | |
239 | |
240 #define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F,name) | |
241 #define CK_NEED_ARG_LIST 1 | |
242 | |
243 #include "pkcs11f.h" | |
244 | |
245 /* ------------- build the CK_CRYPTO_TABLE ------------------------- */ | |
246 static CK_FUNCTION_LIST sftk_fipsTable = { | |
247 { 1, 10 }, | |
248 | |
249 #undef CK_NEED_ARG_LIST | |
250 #undef CK_PKCS11_FUNCTION_INFO | |
251 | |
252 #define CK_PKCS11_FUNCTION_INFO(name) __PASTE(F,name), | |
253 | |
254 | |
255 #include "pkcs11f.h" | |
256 | |
257 }; | |
258 | |
259 #undef CK_NEED_ARG_LIST | |
260 #undef CK_PKCS11_FUNCTION_INFO | |
261 | |
262 | |
263 #undef __PASTE | |
264 | |
265 /* CKO_NOT_A_KEY can be any object class that's not a key object. */ | |
266 #define CKO_NOT_A_KEY CKO_DATA | |
267 | |
268 #define SFTK_IS_KEY_OBJECT(objClass) \ | |
269 (((objClass) == CKO_PUBLIC_KEY) || \ | |
270 ((objClass) == CKO_PRIVATE_KEY) || \ | |
271 ((objClass) == CKO_SECRET_KEY)) | |
272 | |
273 #define SFTK_IS_NONPUBLIC_KEY_OBJECT(objClass) \ | |
274 (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY)) | |
275 | |
276 static CK_RV | |
277 sftk_get_object_class_and_fipsCheck(CK_SESSION_HANDLE hSession, | |
278 CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass) | |
279 { | |
280 CK_RV rv; | |
281 CK_ATTRIBUTE class; | |
282 class.type = CKA_CLASS; | |
283 class.pValue = pObjClass; | |
284 class.ulValueLen = sizeof(*pObjClass); | |
285 rv = NSC_GetAttributeValue(hSession, hObject, &class, 1); | |
286 if ((rv == CKR_OK) && SFTK_IS_NONPUBLIC_KEY_OBJECT(*pObjClass)) { | |
287 rv = sftk_fipsCheck(); | |
288 } | |
289 return rv; | |
290 } | |
291 | |
292 #ifdef LINUX | |
293 | |
294 int | |
295 sftk_mapLinuxAuditType(NSSAuditSeverity severity, NSSAuditType auditType) | |
296 { | |
297 switch (auditType) { | |
298 case NSS_AUDIT_ACCESS_KEY: | |
299 case NSS_AUDIT_CHANGE_KEY: | |
300 case NSS_AUDIT_COPY_KEY: | |
301 case NSS_AUDIT_DERIVE_KEY: | |
302 case NSS_AUDIT_DESTROY_KEY: | |
303 case NSS_AUDIT_DIGEST_KEY: | |
304 case NSS_AUDIT_GENERATE_KEY: | |
305 case NSS_AUDIT_LOAD_KEY: | |
306 case NSS_AUDIT_UNWRAP_KEY: | |
307 case NSS_AUDIT_WRAP_KEY: | |
308 return AUDIT_CRYPTO_KEY_USER; | |
309 case NSS_AUDIT_CRYPT: | |
310 return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER : | |
311 AUDIT_CRYPTO_KEY_USER; | |
312 case NSS_AUDIT_FIPS_STATE: | |
313 case NSS_AUDIT_INIT_PIN: | |
314 case NSS_AUDIT_INIT_TOKEN: | |
315 case NSS_AUDIT_SET_PIN: | |
316 return AUDIT_CRYPTO_PARAM_CHANGE_USER; | |
317 case NSS_AUDIT_SELF_TEST: | |
318 return AUDIT_CRYPTO_TEST_USER; | |
319 case NSS_AUDIT_LOGIN: | |
320 return AUDIT_CRYPTO_LOGIN; | |
321 case NSS_AUDIT_LOGOUT: | |
322 return AUDIT_CRYPTO_LOGOUT; | |
323 /* we skip the fault case here so we can get compiler | |
324 * warnings if new 'NSSAuditType's are added without | |
325 * added them to this list, defaults fall through */ | |
326 } | |
327 /* default */ | |
328 return AUDIT_CRYPTO_PARAM_CHANGE_USER; | |
329 } | |
330 #endif | |
331 | |
332 | |
333 /********************************************************************** | |
334 * | |
335 * FIPS 140 auditable event logging | |
336 * | |
337 **********************************************************************/ | |
338 | |
339 PRBool sftk_audit_enabled = PR_FALSE; | |
340 | |
341 /* | |
342 * Each audit record must have the following information: | |
343 * - Date and time of the event | |
344 * - Type of event | |
345 * - user (subject) identity | |
346 * - outcome (success or failure) of the event | |
347 * - process ID | |
348 * - name (ID) of the object | |
349 * - for changes to data (except for authentication data and CSPs), the new | |
350 * and old values of the data | |
351 * - for authentication attempts, the origin of the attempt (e.g., terminal | |
352 * identifier) | |
353 * - for assuming a role, the type of role, and the location of the request | |
354 */ | |
355 void | |
356 sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType, | |
357 const char *msg) | |
358 { | |
359 #ifdef NSS_AUDIT_WITH_SYSLOG | |
360 int level; | |
361 | |
362 switch (severity) { | |
363 case NSS_AUDIT_ERROR: | |
364 level = LOG_ERR; | |
365 break; | |
366 case NSS_AUDIT_WARNING: | |
367 level = LOG_WARNING; | |
368 break; | |
369 default: | |
370 level = LOG_INFO; | |
371 break; | |
372 } | |
373 /* timestamp is provided by syslog in the message header */ | |
374 syslog(level | LOG_USER /* facility */, | |
375 "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s", | |
376 (int)getpid(), (int)getuid(), msg); | |
377 #ifdef LINUX | |
378 if (pthread_once(&libaudit_once_control, libaudit_init) != 0) { | |
379 return; | |
380 } | |
381 if (libaudit_handle) { | |
382 int audit_fd; | |
383 int linuxAuditType; | |
384 int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */ | |
385 char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg); | |
386 if (!message) { | |
387 return; | |
388 } | |
389 audit_fd = audit_open_func(); | |
390 if (audit_fd < 0) { | |
391 PR_smprintf_free(message); | |
392 return; | |
393 } | |
394 linuxAuditType = sftk_mapLinuxAuditType(severity, auditType); | |
395 if (audit_log_user_message_func) { | |
396 audit_log_user_message_func(audit_fd, linuxAuditType, message, | |
397 NULL, NULL, NULL, result); | |
398 } else { | |
399 audit_send_user_message_func(audit_fd, linuxAuditType, message); | |
400 } | |
401 audit_close_func(audit_fd); | |
402 PR_smprintf_free(message); | |
403 } | |
404 #endif /* LINUX */ | |
405 #else | |
406 /* do nothing */ | |
407 #endif | |
408 } | |
409 | |
410 | |
411 /********************************************************************** | |
412 * | |
413 * Start of PKCS 11 functions | |
414 * | |
415 **********************************************************************/ | |
416 /* return the function list */ | |
417 CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) { | |
418 | |
419 CHECK_FORK(); | |
420 | |
421 *pFunctionList = &sftk_fipsTable; | |
422 return CKR_OK; | |
423 } | |
424 | |
425 /* sigh global so pkcs11 can read it */ | |
426 PRBool nsf_init = PR_FALSE; | |
427 | |
428 /* FC_Initialize initializes the PKCS #11 library. */ | |
429 CK_RV FC_Initialize(CK_VOID_PTR pReserved) { | |
430 const char *envp; | |
431 CK_RV crv; | |
432 | |
433 sftk_ForkReset(pReserved, &crv); | |
434 | |
435 if (nsf_init) { | |
436 return CKR_CRYPTOKI_ALREADY_INITIALIZED; | |
437 } | |
438 | |
439 if ((envp = PR_GetEnvSecure("NSS_ENABLE_AUDIT")) != NULL) { | |
440 sftk_audit_enabled = (atoi(envp) == 1); | |
441 } | |
442 | |
443 crv = nsc_CommonInitialize(pReserved, PR_TRUE); | |
444 | |
445 /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/ | |
446 if (crv != CKR_OK) { | |
447 sftk_fatalError = PR_TRUE; | |
448 return crv; | |
449 } | |
450 | |
451 sftk_fatalError = PR_FALSE; /* any error has been reset */ | |
452 | |
453 crv = sftk_fipsPowerUpSelfTest(); | |
454 if (crv != CKR_OK) { | |
455 nsc_CommonFinalize(NULL, PR_TRUE); | |
456 sftk_fatalError = PR_TRUE; | |
457 if (sftk_audit_enabled) { | |
458 char msg[128]; | |
459 PR_snprintf(msg,sizeof msg, | |
460 "C_Initialize()=0x%08lX " | |
461 "power-up self-tests failed", | |
462 (PRUint32)crv); | |
463 sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); | |
464 } | |
465 return crv; | |
466 } | |
467 nsf_init = PR_TRUE; | |
468 | |
469 return CKR_OK; | |
470 } | |
471 | |
472 /*FC_Finalize indicates that an application is done with the PKCS #11 library.*/ | |
473 CK_RV FC_Finalize (CK_VOID_PTR pReserved) { | |
474 CK_RV crv; | |
475 | |
476 if (sftk_ForkReset(pReserved, &crv)) { | |
477 return crv; | |
478 } | |
479 | |
480 if (!nsf_init) { | |
481 return CKR_OK; | |
482 } | |
483 | |
484 crv = nsc_CommonFinalize (pReserved, PR_TRUE); | |
485 | |
486 nsf_init = (PRBool) !(crv == CKR_OK); | |
487 return crv; | |
488 } | |
489 | |
490 | |
491 /* FC_GetInfo returns general information about PKCS #11. */ | |
492 CK_RV FC_GetInfo(CK_INFO_PTR pInfo) { | |
493 CHECK_FORK(); | |
494 | |
495 return NSC_GetInfo(pInfo); | |
496 } | |
497 | |
498 /* FC_GetSlotList obtains a list of slots in the system. */ | |
499 CK_RV FC_GetSlotList(CK_BBOOL tokenPresent, | |
500 CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { | |
501 CHECK_FORK(); | |
502 | |
503 return nsc_CommonGetSlotList(tokenPresent,pSlotList,pulCount, | |
504 NSC_FIPS_MODULE); | |
505 } | |
506 | |
507 /* FC_GetSlotInfo obtains information about a particular slot in the system. */ | |
508 CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { | |
509 CHECK_FORK(); | |
510 | |
511 return NSC_GetSlotInfo(slotID,pInfo); | |
512 } | |
513 | |
514 | |
515 /*FC_GetTokenInfo obtains information about a particular token in the system.*/ | |
516 CK_RV FC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) { | |
517 CK_RV crv; | |
518 | |
519 CHECK_FORK(); | |
520 | |
521 crv = NSC_GetTokenInfo(slotID,pInfo); | |
522 if (crv == CKR_OK) | |
523 pInfo->flags |= CKF_LOGIN_REQUIRED; | |
524 return crv; | |
525 | |
526 } | |
527 | |
528 | |
529 | |
530 /*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/ | |
531 CK_RV FC_GetMechanismList(CK_SLOT_ID slotID, | |
532 CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) { | |
533 CHECK_FORK(); | |
534 | |
535 SFTK_FIPSFATALCHECK(); | |
536 if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; | |
537 /* FIPS Slot supports all functions */ | |
538 return NSC_GetMechanismList(slotID,pMechanismList,pusCount); | |
539 } | |
540 | |
541 | |
542 /* FC_GetMechanismInfo obtains information about a particular mechanism | |
543 * possibly supported by a token. */ | |
544 CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, | |
545 CK_MECHANISM_INFO_PTR pInfo) { | |
546 CHECK_FORK(); | |
547 | |
548 SFTK_FIPSFATALCHECK(); | |
549 if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; | |
550 /* FIPS Slot supports all functions */ | |
551 return NSC_GetMechanismInfo(slotID,type,pInfo); | |
552 } | |
553 | |
554 | |
555 /* FC_InitToken initializes a token. */ | |
556 CK_RV FC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin, | |
557 CK_ULONG usPinLen,CK_CHAR_PTR pLabel) { | |
558 CK_RV crv; | |
559 | |
560 CHECK_FORK(); | |
561 | |
562 crv = NSC_InitToken(slotID,pPin,usPinLen,pLabel); | |
563 if (sftk_audit_enabled) { | |
564 char msg[128]; | |
565 NSSAuditSeverity severity = (crv == CKR_OK) ? | |
566 NSS_AUDIT_INFO : NSS_AUDIT_ERROR; | |
567 /* pLabel points to a 32-byte label, which is not null-terminated */ | |
568 PR_snprintf(msg,sizeof msg, | |
569 "C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX", | |
570 (PRUint32)slotID,pLabel,(PRUint32)crv); | |
571 sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg); | |
572 } | |
573 return crv; | |
574 } | |
575 | |
576 | |
577 /* FC_InitPIN initializes the normal user's PIN. */ | |
578 CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession, | |
579 CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { | |
580 CK_RV rv; | |
581 | |
582 CHECK_FORK(); | |
583 | |
584 if (sftk_fatalError) return CKR_DEVICE_ERROR; | |
585 if ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK) { | |
586 rv = NSC_InitPIN(hSession,pPin,ulPinLen); | |
587 } | |
588 if (sftk_audit_enabled) { | |
589 char msg[128]; | |
590 NSSAuditSeverity severity = (rv == CKR_OK) ? | |
591 NSS_AUDIT_INFO : NSS_AUDIT_ERROR; | |
592 PR_snprintf(msg,sizeof msg, | |
593 "C_InitPIN(hSession=0x%08lX)=0x%08lX", | |
594 (PRUint32)hSession,(PRUint32)rv); | |
595 sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg); | |
596 } | |
597 return rv; | |
598 } | |
599 | |
600 | |
601 /* FC_SetPIN modifies the PIN of user that is currently logged in. */ | |
602 /* NOTE: This is only valid for the PRIVATE_KEY_SLOT */ | |
603 CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, | |
604 CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) { | |
605 CK_RV rv; | |
606 | |
607 CHECK_FORK(); | |
608 | |
609 if ((rv = sftk_fipsCheck()) == CKR_OK && | |
610 (rv = sftk_newPinCheck(pNewPin,usNewLen)) == CKR_OK) { | |
611 rv = NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen); | |
612 } | |
613 if (sftk_audit_enabled) { | |
614 char msg[128]; | |
615 NSSAuditSeverity severity = (rv == CKR_OK) ? | |
616 NSS_AUDIT_INFO : NSS_AUDIT_ERROR; | |
617 PR_snprintf(msg,sizeof msg, | |
618 "C_SetPIN(hSession=0x%08lX)=0x%08lX", | |
619 (PRUint32)hSession,(PRUint32)rv); | |
620 sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg); | |
621 } | |
622 return rv; | |
623 } | |
624 | |
625 /* FC_OpenSession opens a session between an application and a token. */ | |
626 CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, | |
627 CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) { | |
628 SFTK_FIPSFATALCHECK(); | |
629 | |
630 CHECK_FORK(); | |
631 | |
632 return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession); | |
633 } | |
634 | |
635 | |
636 /* FC_CloseSession closes a session between an application and a token. */ | |
637 CK_RV FC_CloseSession(CK_SESSION_HANDLE hSession) { | |
638 CHECK_FORK(); | |
639 | |
640 return NSC_CloseSession(hSession); | |
641 } | |
642 | |
643 | |
644 /* FC_CloseAllSessions closes all sessions with a token. */ | |
645 CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID) { | |
646 | |
647 CHECK_FORK(); | |
648 | |
649 return NSC_CloseAllSessions (slotID); | |
650 } | |
651 | |
652 | |
653 /* FC_GetSessionInfo obtains information about the session. */ | |
654 CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession, | |
655 CK_SESSION_INFO_PTR pInfo) { | |
656 CK_RV rv; | |
657 SFTK_FIPSFATALCHECK(); | |
658 | |
659 CHECK_FORK(); | |
660 | |
661 rv = NSC_GetSessionInfo(hSession,pInfo); | |
662 if (rv == CKR_OK) { | |
663 if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) { | |
664 pInfo->state = CKS_RO_USER_FUNCTIONS; | |
665 } | |
666 if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) { | |
667 pInfo->state = CKS_RW_USER_FUNCTIONS; | |
668 } | |
669 } | |
670 return rv; | |
671 } | |
672 | |
673 /* FC_Login logs a user into a token. */ | |
674 CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, | |
675 CK_CHAR_PTR pPin, CK_ULONG usPinLen) { | |
676 CK_RV rv; | |
677 PRBool successful; | |
678 if (sftk_fatalError) return CKR_DEVICE_ERROR; | |
679 rv = NSC_Login(hSession,userType,pPin,usPinLen); | |
680 successful = (rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN); | |
681 if (successful) | |
682 isLoggedIn = PR_TRUE; | |
683 if (sftk_audit_enabled) { | |
684 char msg[128]; | |
685 NSSAuditSeverity severity; | |
686 severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR; | |
687 PR_snprintf(msg,sizeof msg, | |
688 "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX", | |
689 (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv); | |
690 sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg); | |
691 } | |
692 return rv; | |
693 } | |
694 | |
695 /* FC_Logout logs a user out from a token. */ | |
696 CK_RV FC_Logout(CK_SESSION_HANDLE hSession) { | |
697 CK_RV rv; | |
698 | |
699 CHECK_FORK(); | |
700 | |
701 if ((rv = sftk_fipsCheck()) == CKR_OK) { | |
702 rv = NSC_Logout(hSession); | |
703 isLoggedIn = PR_FALSE; | |
704 } | |
705 if (sftk_audit_enabled) { | |
706 char msg[128]; | |
707 NSSAuditSeverity severity = (rv == CKR_OK) ? | |
708 NSS_AUDIT_INFO : NSS_AUDIT_ERROR; | |
709 PR_snprintf(msg,sizeof msg, | |
710 "C_Logout(hSession=0x%08lX)=0x%08lX", | |
711 (PRUint32)hSession,(PRUint32)rv); | |
712 sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg); | |
713 } | |
714 return rv; | |
715 } | |
716 | |
717 | |
718 /* FC_CreateObject creates a new object. */ | |
719 CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession, | |
720 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, | |
721 CK_OBJECT_HANDLE_PTR phObject) { | |
722 CK_OBJECT_CLASS * classptr; | |
723 CK_RV rv = CKR_OK; | |
724 | |
725 CHECK_FORK(); | |
726 | |
727 classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS); | |
728 if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; | |
729 | |
730 if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT)
{ | |
731 if (sftk_fatalError) | |
732 return CKR_DEVICE_ERROR; | |
733 } else { | |
734 rv = sftk_fipsCheck(); | |
735 if (rv != CKR_OK) | |
736 return rv; | |
737 } | |
738 | |
739 /* FIPS can't create keys from raw key material */ | |
740 if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) { | |
741 rv = CKR_ATTRIBUTE_VALUE_INVALID; | |
742 } else { | |
743 rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject); | |
744 } | |
745 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) { | |
746 sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv); | |
747 } | |
748 return rv; | |
749 } | |
750 | |
751 | |
752 | |
753 | |
754 | |
755 /* FC_CopyObject copies an object, creating a new object for the copy. */ | |
756 CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession, | |
757 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, | |
758 CK_OBJECT_HANDLE_PTR phNewObject) { | |
759 CK_RV rv; | |
760 CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; | |
761 | |
762 CHECK_FORK(); | |
763 | |
764 SFTK_FIPSFATALCHECK(); | |
765 rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass); | |
766 if (rv == CKR_OK) { | |
767 rv = NSC_CopyObject(hSession,hObject,pTemplate,ulCount,phNewObject); | |
768 } | |
769 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { | |
770 sftk_AuditCopyObject(hSession, | |
771 hObject,pTemplate,ulCount,phNewObject,rv); | |
772 } | |
773 return rv; | |
774 } | |
775 | |
776 | |
777 /* FC_DestroyObject destroys an object. */ | |
778 CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession, | |
779 CK_OBJECT_HANDLE hObject) { | |
780 CK_RV rv; | |
781 CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; | |
782 | |
783 CHECK_FORK(); | |
784 | |
785 SFTK_FIPSFATALCHECK(); | |
786 rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass); | |
787 if (rv == CKR_OK) { | |
788 rv = NSC_DestroyObject(hSession,hObject); | |
789 } | |
790 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { | |
791 sftk_AuditDestroyObject(hSession,hObject,rv); | |
792 } | |
793 return rv; | |
794 } | |
795 | |
796 | |
797 /* FC_GetObjectSize gets the size of an object in bytes. */ | |
798 CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession, | |
799 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) { | |
800 CK_RV rv; | |
801 CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; | |
802 | |
803 CHECK_FORK(); | |
804 | |
805 SFTK_FIPSFATALCHECK(); | |
806 rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass); | |
807 if (rv == CKR_OK) { | |
808 rv = NSC_GetObjectSize(hSession, hObject, pulSize); | |
809 } | |
810 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { | |
811 sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv); | |
812 } | |
813 return rv; | |
814 } | |
815 | |
816 | |
817 /* FC_GetAttributeValue obtains the value of one or more object attributes. */ | |
818 CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession, | |
819 CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { | |
820 CK_RV rv; | |
821 CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; | |
822 | |
823 CHECK_FORK(); | |
824 | |
825 SFTK_FIPSFATALCHECK(); | |
826 rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass); | |
827 if (rv == CKR_OK) { | |
828 rv = NSC_GetAttributeValue(hSession,hObject,pTemplate,ulCount); | |
829 } | |
830 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { | |
831 sftk_AuditGetAttributeValue(hSession,hObject,pTemplate,ulCount,rv); | |
832 } | |
833 return rv; | |
834 } | |
835 | |
836 | |
837 /* FC_SetAttributeValue modifies the value of one or more object attributes */ | |
838 CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession, | |
839 CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) { | |
840 CK_RV rv; | |
841 CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY; | |
842 | |
843 CHECK_FORK(); | |
844 | |
845 SFTK_FIPSFATALCHECK(); | |
846 rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass); | |
847 if (rv == CKR_OK) { | |
848 rv = NSC_SetAttributeValue(hSession,hObject,pTemplate,ulCount); | |
849 } | |
850 if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) { | |
851 sftk_AuditSetAttributeValue(hSession,hObject,pTemplate,ulCount,rv); | |
852 } | |
853 return rv; | |
854 } | |
855 | |
856 | |
857 | |
858 /* FC_FindObjectsInit initializes a search for token and session objects | |
859 * that match a template. */ | |
860 CK_RV FC_FindObjectsInit(CK_SESSION_HANDLE hSession, | |
861 CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) { | |
862 /* let publically readable object be found */ | |
863 unsigned int i; | |
864 CK_RV rv; | |
865 PRBool needLogin = PR_FALSE; | |
866 | |
867 | |
868 CHECK_FORK(); | |
869 | |
870 SFTK_FIPSFATALCHECK(); | |
871 | |
872 for (i=0; i < usCount; i++) { | |
873 CK_OBJECT_CLASS class; | |
874 if (pTemplate[i].type != CKA_CLASS) { | |
875 continue; | |
876 } | |
877 if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) { | |
878 continue; | |
879 } | |
880 if (pTemplate[i].pValue == NULL) { | |
881 continue; | |
882 } | |
883 class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue; | |
884 if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) { | |
885 needLogin = PR_TRUE; | |
886 break; | |
887 } | |
888 } | |
889 if (needLogin) { | |
890 if ((rv = sftk_fipsCheck()) != CKR_OK) return rv; | |
891 } | |
892 return NSC_FindObjectsInit(hSession,pTemplate,usCount); | |
893 } | |
894 | |
895 | |
896 /* FC_FindObjects continues a search for token and session objects | |
897 * that match a template, obtaining additional object handles. */ | |
898 CK_RV FC_FindObjects(CK_SESSION_HANDLE hSession, | |
899 CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount, | |
900 CK_ULONG_PTR pusObjectCount) { | |
901 CHECK_FORK(); | |
902 | |
903 /* let publically readable object be found */ | |
904 SFTK_FIPSFATALCHECK(); | |
905 return NSC_FindObjects(hSession,phObject,usMaxObjectCount, | |
906 pusObjectCount); | |
907 } | |
908 | |
909 | |
910 /* | |
911 ************** Crypto Functions: Encrypt ************************ | |
912 */ | |
913 | |
914 /* FC_EncryptInit initializes an encryption operation. */ | |
915 CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession, | |
916 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { | |
917 SFTK_FIPSCHECK(); | |
918 CHECK_FORK(); | |
919 | |
920 rv = NSC_EncryptInit(hSession,pMechanism,hKey); | |
921 if (sftk_audit_enabled) { | |
922 sftk_AuditCryptInit("Encrypt",hSession,pMechanism,hKey,rv); | |
923 } | |
924 return rv; | |
925 } | |
926 | |
927 /* FC_Encrypt encrypts single-part data. */ | |
928 CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, | |
929 CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData, | |
930 CK_ULONG_PTR pusEncryptedDataLen) { | |
931 SFTK_FIPSCHECK(); | |
932 CHECK_FORK(); | |
933 | |
934 return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData, | |
935 pusEncryptedDataLen); | |
936 } | |
937 | |
938 | |
939 /* FC_EncryptUpdate continues a multiple-part encryption operation. */ | |
940 CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession, | |
941 CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart, | |
942 CK_ULONG_PTR pusEncryptedPartLen) { | |
943 SFTK_FIPSCHECK(); | |
944 CHECK_FORK(); | |
945 | |
946 return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart, | |
947 pusEncryptedPartLen); | |
948 } | |
949 | |
950 | |
951 /* FC_EncryptFinal finishes a multiple-part encryption operation. */ | |
952 CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession, | |
953 CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) { | |
954 SFTK_FIPSCHECK(); | |
955 CHECK_FORK(); | |
956 | |
957 return NSC_EncryptFinal(hSession,pLastEncryptedPart, | |
958 pusLastEncryptedPartLen); | |
959 } | |
960 | |
961 /* | |
962 ************** Crypto Functions: Decrypt ************************ | |
963 */ | |
964 | |
965 | |
966 /* FC_DecryptInit initializes a decryption operation. */ | |
967 CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession, | |
968 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { | |
969 SFTK_FIPSCHECK(); | |
970 CHECK_FORK(); | |
971 | |
972 rv = NSC_DecryptInit(hSession,pMechanism,hKey); | |
973 if (sftk_audit_enabled) { | |
974 sftk_AuditCryptInit("Decrypt",hSession,pMechanism,hKey,rv); | |
975 } | |
976 return rv; | |
977 } | |
978 | |
979 /* FC_Decrypt decrypts encrypted data in a single part. */ | |
980 CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession, | |
981 CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData, | |
982 CK_ULONG_PTR pusDataLen) { | |
983 SFTK_FIPSCHECK(); | |
984 CHECK_FORK(); | |
985 | |
986 return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData, | |
987 pusDataLen); | |
988 } | |
989 | |
990 | |
991 /* FC_DecryptUpdate continues a multiple-part decryption operation. */ | |
992 CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession, | |
993 CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen, | |
994 CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) { | |
995 SFTK_FIPSCHECK(); | |
996 CHECK_FORK(); | |
997 | |
998 return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen, | |
999 pPart,pusPartLen); | |
1000 } | |
1001 | |
1002 | |
1003 /* FC_DecryptFinal finishes a multiple-part decryption operation. */ | |
1004 CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession, | |
1005 CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) { | |
1006 SFTK_FIPSCHECK(); | |
1007 CHECK_FORK(); | |
1008 | |
1009 return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen); | |
1010 } | |
1011 | |
1012 | |
1013 /* | |
1014 ************** Crypto Functions: Digest (HASH) ************************ | |
1015 */ | |
1016 | |
1017 /* FC_DigestInit initializes a message-digesting operation. */ | |
1018 CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession, | |
1019 CK_MECHANISM_PTR pMechanism) { | |
1020 SFTK_FIPSFATALCHECK(); | |
1021 CHECK_FORK(); | |
1022 | |
1023 return NSC_DigestInit(hSession, pMechanism); | |
1024 } | |
1025 | |
1026 | |
1027 /* FC_Digest digests data in a single part. */ | |
1028 CK_RV FC_Digest(CK_SESSION_HANDLE hSession, | |
1029 CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest, | |
1030 CK_ULONG_PTR pusDigestLen) { | |
1031 SFTK_FIPSFATALCHECK(); | |
1032 CHECK_FORK(); | |
1033 | |
1034 return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen); | |
1035 } | |
1036 | |
1037 | |
1038 /* FC_DigestUpdate continues a multiple-part message-digesting operation. */ | |
1039 CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, | |
1040 CK_ULONG usPartLen) { | |
1041 SFTK_FIPSFATALCHECK(); | |
1042 CHECK_FORK(); | |
1043 | |
1044 return NSC_DigestUpdate(hSession,pPart,usPartLen); | |
1045 } | |
1046 | |
1047 | |
1048 /* FC_DigestFinal finishes a multiple-part message-digesting operation. */ | |
1049 CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest, | |
1050 CK_ULONG_PTR pusDigestLen) { | |
1051 SFTK_FIPSFATALCHECK(); | |
1052 CHECK_FORK(); | |
1053 | |
1054 return NSC_DigestFinal(hSession,pDigest,pusDigestLen); | |
1055 } | |
1056 | |
1057 | |
1058 /* | |
1059 ************** Crypto Functions: Sign ************************ | |
1060 */ | |
1061 | |
1062 /* FC_SignInit initializes a signature (private key encryption) operation, | |
1063 * where the signature is (will be) an appendix to the data, | |
1064 * and plaintext cannot be recovered from the signature */ | |
1065 CK_RV FC_SignInit(CK_SESSION_HANDLE hSession, | |
1066 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { | |
1067 SFTK_FIPSCHECK(); | |
1068 CHECK_FORK(); | |
1069 | |
1070 rv = NSC_SignInit(hSession,pMechanism,hKey); | |
1071 if (sftk_audit_enabled) { | |
1072 sftk_AuditCryptInit("Sign",hSession,pMechanism,hKey,rv); | |
1073 } | |
1074 return rv; | |
1075 } | |
1076 | |
1077 | |
1078 /* FC_Sign signs (encrypts with private key) data in a single part, | |
1079 * where the signature is (will be) an appendix to the data, | |
1080 * and plaintext cannot be recovered from the signature */ | |
1081 CK_RV FC_Sign(CK_SESSION_HANDLE hSession, | |
1082 CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature, | |
1083 CK_ULONG_PTR pusSignatureLen) { | |
1084 SFTK_FIPSCHECK(); | |
1085 CHECK_FORK(); | |
1086 | |
1087 return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen); | |
1088 } | |
1089 | |
1090 | |
1091 /* FC_SignUpdate continues a multiple-part signature operation, | |
1092 * where the signature is (will be) an appendix to the data, | |
1093 * and plaintext cannot be recovered from the signature */ | |
1094 CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart, | |
1095 CK_ULONG usPartLen) { | |
1096 SFTK_FIPSCHECK(); | |
1097 CHECK_FORK(); | |
1098 | |
1099 return NSC_SignUpdate(hSession,pPart,usPartLen); | |
1100 } | |
1101 | |
1102 | |
1103 /* FC_SignFinal finishes a multiple-part signature operation, | |
1104 * returning the signature. */ | |
1105 CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature, | |
1106 CK_ULONG_PTR pusSignatureLen) { | |
1107 SFTK_FIPSCHECK(); | |
1108 CHECK_FORK(); | |
1109 | |
1110 return NSC_SignFinal(hSession,pSignature,pusSignatureLen); | |
1111 } | |
1112 | |
1113 /* | |
1114 ************** Crypto Functions: Sign Recover ************************ | |
1115 */ | |
1116 /* FC_SignRecoverInit initializes a signature operation, | |
1117 * where the (digest) data can be recovered from the signature. | |
1118 * E.g. encryption with the user's private key */ | |
1119 CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession, | |
1120 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { | |
1121 SFTK_FIPSCHECK(); | |
1122 CHECK_FORK(); | |
1123 | |
1124 rv = NSC_SignRecoverInit(hSession,pMechanism,hKey); | |
1125 if (sftk_audit_enabled) { | |
1126 sftk_AuditCryptInit("SignRecover",hSession,pMechanism,hKey,rv); | |
1127 } | |
1128 return rv; | |
1129 } | |
1130 | |
1131 | |
1132 /* FC_SignRecover signs data in a single operation | |
1133 * where the (digest) data can be recovered from the signature. | |
1134 * E.g. encryption with the user's private key */ | |
1135 CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, | |
1136 CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) { | |
1137 SFTK_FIPSCHECK(); | |
1138 CHECK_FORK(); | |
1139 | |
1140 return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen); | |
1141 } | |
1142 | |
1143 /* | |
1144 ************** Crypto Functions: verify ************************ | |
1145 */ | |
1146 | |
1147 /* FC_VerifyInit initializes a verification operation, | |
1148 * where the signature is an appendix to the data, | |
1149 * and plaintext cannot be recovered from the signature (e.g. DSA) */ | |
1150 CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession, | |
1151 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { | |
1152 SFTK_FIPSCHECK(); | |
1153 CHECK_FORK(); | |
1154 | |
1155 rv = NSC_VerifyInit(hSession,pMechanism,hKey); | |
1156 if (sftk_audit_enabled) { | |
1157 sftk_AuditCryptInit("Verify",hSession,pMechanism,hKey,rv); | |
1158 } | |
1159 return rv; | |
1160 } | |
1161 | |
1162 | |
1163 /* FC_Verify verifies a signature in a single-part operation, | |
1164 * where the signature is an appendix to the data, | |
1165 * and plaintext cannot be recovered from the signature */ | |
1166 CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, | |
1167 CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) { | |
1168 /* make sure we're legal */ | |
1169 SFTK_FIPSCHECK(); | |
1170 CHECK_FORK(); | |
1171 | |
1172 return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen); | |
1173 } | |
1174 | |
1175 | |
1176 /* FC_VerifyUpdate continues a multiple-part verification operation, | |
1177 * where the signature is an appendix to the data, | |
1178 * and plaintext cannot be recovered from the signature */ | |
1179 CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, | |
1180 CK_ULONG usPartLen) { | |
1181 SFTK_FIPSCHECK(); | |
1182 CHECK_FORK(); | |
1183 | |
1184 return NSC_VerifyUpdate(hSession,pPart,usPartLen); | |
1185 } | |
1186 | |
1187 | |
1188 /* FC_VerifyFinal finishes a multiple-part verification operation, | |
1189 * checking the signature. */ | |
1190 CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession, | |
1191 CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) { | |
1192 SFTK_FIPSCHECK(); | |
1193 CHECK_FORK(); | |
1194 | |
1195 return NSC_VerifyFinal(hSession,pSignature,usSignatureLen); | |
1196 } | |
1197 | |
1198 /* | |
1199 ************** Crypto Functions: Verify Recover ************************ | |
1200 */ | |
1201 | |
1202 /* FC_VerifyRecoverInit initializes a signature verification operation, | |
1203 * where the data is recovered from the signature. | |
1204 * E.g. Decryption with the user's public key */ | |
1205 CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, | |
1206 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) { | |
1207 SFTK_FIPSCHECK(); | |
1208 CHECK_FORK(); | |
1209 | |
1210 rv = NSC_VerifyRecoverInit(hSession,pMechanism,hKey); | |
1211 if (sftk_audit_enabled) { | |
1212 sftk_AuditCryptInit("VerifyRecover",hSession,pMechanism,hKey,rv); | |
1213 } | |
1214 return rv; | |
1215 } | |
1216 | |
1217 | |
1218 /* FC_VerifyRecover verifies a signature in a single-part operation, | |
1219 * where the data is recovered from the signature. | |
1220 * E.g. Decryption with the user's public key */ | |
1221 CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession, | |
1222 CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen, | |
1223 CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) { | |
1224 SFTK_FIPSCHECK(); | |
1225 CHECK_FORK(); | |
1226 | |
1227 return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData, | |
1228 pusDataLen); | |
1229 } | |
1230 | |
1231 /* | |
1232 **************************** Key Functions: ************************ | |
1233 */ | |
1234 | |
1235 /* FC_GenerateKey generates a secret key, creating a new key object. */ | |
1236 CK_RV FC_GenerateKey(CK_SESSION_HANDLE hSession, | |
1237 CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount, | |
1238 CK_OBJECT_HANDLE_PTR phKey) { | |
1239 CK_BBOOL *boolptr; | |
1240 | |
1241 SFTK_FIPSCHECK(); | |
1242 CHECK_FORK(); | |
1243 | |
1244 /* all secret keys must be sensitive, if the upper level code tries to say | |
1245 * otherwise, reject it. */ | |
1246 boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE); | |
1247 if (boolptr != NULL) { | |
1248 if (!(*boolptr)) { | |
1249 return CKR_ATTRIBUTE_VALUE_INVALID; | |
1250 } | |
1251 } | |
1252 | |
1253 rv = NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey); | |
1254 if (sftk_audit_enabled) { | |
1255 sftk_AuditGenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey,rv); | |
1256 } | |
1257 return rv; | |
1258 } | |
1259 | |
1260 | |
1261 /* FC_GenerateKeyPair generates a public-key/private-key pair, | |
1262 * creating new key objects. */ | |
1263 CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession, | |
1264 CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, | |
1265 CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, | |
1266 CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, | |
1267 CK_OBJECT_HANDLE_PTR phPrivateKey) { | |
1268 CK_BBOOL *boolptr; | |
1269 CK_RV crv; | |
1270 | |
1271 SFTK_FIPSCHECK(); | |
1272 CHECK_FORK(); | |
1273 | |
1274 | |
1275 /* all private keys must be sensitive, if the upper level code tries to say | |
1276 * otherwise, reject it. */ | |
1277 boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate, | |
1278 usPrivateKeyAttributeCount, CKA_SENSITIVE); | |
1279 if (boolptr != NULL) { | |
1280 if (!(*boolptr)) { | |
1281 return CKR_ATTRIBUTE_VALUE_INVALID; | |
1282 } | |
1283 } | |
1284 crv = NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate, | |
1285 usPublicKeyAttributeCount,pPrivateKeyTemplate, | |
1286 usPrivateKeyAttributeCount,phPublicKey,phPrivateKey); | |
1287 if (crv == CKR_GENERAL_ERROR) { | |
1288 /* pairwise consistency check failed. */ | |
1289 sftk_fatalError = PR_TRUE; | |
1290 } | |
1291 if (sftk_audit_enabled) { | |
1292 sftk_AuditGenerateKeyPair(hSession,pMechanism,pPublicKeyTemplate, | |
1293 usPublicKeyAttributeCount,pPrivateKeyTemplate, | |
1294 usPrivateKeyAttributeCount,phPublicKey,phPrivateKey,crv); | |
1295 } | |
1296 return crv; | |
1297 } | |
1298 | |
1299 | |
1300 /* FC_WrapKey wraps (i.e., encrypts) a key. */ | |
1301 CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession, | |
1302 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, | |
1303 CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, | |
1304 CK_ULONG_PTR pulWrappedKeyLen) { | |
1305 SFTK_FIPSCHECK(); | |
1306 CHECK_FORK(); | |
1307 | |
1308 rv = NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, | |
1309 pulWrappedKeyLen); | |
1310 if (sftk_audit_enabled) { | |
1311 sftk_AuditWrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey, | |
1312 pulWrappedKeyLen,rv); | |
1313 } | |
1314 return rv; | |
1315 } | |
1316 | |
1317 | |
1318 /* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */ | |
1319 CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession, | |
1320 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, | |
1321 CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, | |
1322 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, | |
1323 CK_OBJECT_HANDLE_PTR phKey) { | |
1324 CK_BBOOL *boolptr; | |
1325 | |
1326 SFTK_FIPSCHECK(); | |
1327 CHECK_FORK(); | |
1328 | |
1329 /* all secret keys must be sensitive, if the upper level code tries to say | |
1330 * otherwise, reject it. */ | |
1331 boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, | |
1332 ulAttributeCount, CKA_SENSITIVE); | |
1333 if (boolptr != NULL) { | |
1334 if (!(*boolptr)) { | |
1335 return CKR_ATTRIBUTE_VALUE_INVALID; | |
1336 } | |
1337 } | |
1338 rv = NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey, | |
1339 ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey); | |
1340 if (sftk_audit_enabled) { | |
1341 sftk_AuditUnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey, | |
1342 ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey,rv); | |
1343 } | |
1344 return rv; | |
1345 } | |
1346 | |
1347 | |
1348 /* FC_DeriveKey derives a key from a base key, creating a new key object. */ | |
1349 CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession, | |
1350 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, | |
1351 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, | |
1352 CK_OBJECT_HANDLE_PTR phKey) { | |
1353 CK_BBOOL *boolptr; | |
1354 | |
1355 SFTK_FIPSCHECK(); | |
1356 CHECK_FORK(); | |
1357 | |
1358 /* all secret keys must be sensitive, if the upper level code tries to say | |
1359 * otherwise, reject it. */ | |
1360 boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, | |
1361 ulAttributeCount, CKA_SENSITIVE); | |
1362 if (boolptr != NULL) { | |
1363 if (!(*boolptr)) { | |
1364 return CKR_ATTRIBUTE_VALUE_INVALID; | |
1365 } | |
1366 } | |
1367 rv = NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate, | |
1368 ulAttributeCount, phKey); | |
1369 if (sftk_audit_enabled) { | |
1370 sftk_AuditDeriveKey(hSession,pMechanism,hBaseKey,pTemplate, | |
1371 ulAttributeCount,phKey,rv); | |
1372 } | |
1373 return rv; | |
1374 } | |
1375 | |
1376 /* | |
1377 **************************** Radom Functions: ************************ | |
1378 */ | |
1379 | |
1380 /* FC_SeedRandom mixes additional seed material into the token's random number | |
1381 * generator. */ | |
1382 CK_RV FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, | |
1383 CK_ULONG usSeedLen) { | |
1384 CK_RV crv; | |
1385 | |
1386 SFTK_FIPSFATALCHECK(); | |
1387 CHECK_FORK(); | |
1388 | |
1389 crv = NSC_SeedRandom(hSession,pSeed,usSeedLen); | |
1390 if (crv != CKR_OK) { | |
1391 sftk_fatalError = PR_TRUE; | |
1392 } | |
1393 return crv; | |
1394 } | |
1395 | |
1396 | |
1397 /* FC_GenerateRandom generates random data. */ | |
1398 CK_RV FC_GenerateRandom(CK_SESSION_HANDLE hSession, | |
1399 CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen) { | |
1400 CK_RV crv; | |
1401 | |
1402 CHECK_FORK(); | |
1403 | |
1404 SFTK_FIPSFATALCHECK(); | |
1405 crv = NSC_GenerateRandom(hSession,pRandomData,ulRandomLen); | |
1406 if (crv != CKR_OK) { | |
1407 sftk_fatalError = PR_TRUE; | |
1408 if (sftk_audit_enabled) { | |
1409 char msg[128]; | |
1410 PR_snprintf(msg,sizeof msg, | |
1411 "C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, " | |
1412 "ulRandomLen=%lu)=0x%08lX " | |
1413 "self-test: continuous RNG test failed", | |
1414 (PRUint32)hSession,pRandomData, | |
1415 (PRUint32)ulRandomLen,(PRUint32)crv); | |
1416 sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); | |
1417 } | |
1418 } | |
1419 return crv; | |
1420 } | |
1421 | |
1422 | |
1423 /* FC_GetFunctionStatus obtains an updated status of a function running | |
1424 * in parallel with an application. */ | |
1425 CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) { | |
1426 SFTK_FIPSCHECK(); | |
1427 CHECK_FORK(); | |
1428 | |
1429 return NSC_GetFunctionStatus(hSession); | |
1430 } | |
1431 | |
1432 | |
1433 /* FC_CancelFunction cancels a function running in parallel */ | |
1434 CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) { | |
1435 SFTK_FIPSCHECK(); | |
1436 CHECK_FORK(); | |
1437 | |
1438 return NSC_CancelFunction(hSession); | |
1439 } | |
1440 | |
1441 /* | |
1442 **************************** Version 1.1 Functions: ************************ | |
1443 */ | |
1444 | |
1445 /* FC_GetOperationState saves the state of the cryptographic | |
1446 *operation in a session. */ | |
1447 CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, | |
1448 CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) { | |
1449 SFTK_FIPSFATALCHECK(); | |
1450 CHECK_FORK(); | |
1451 | |
1452 return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen); | |
1453 } | |
1454 | |
1455 | |
1456 /* FC_SetOperationState restores the state of the cryptographic operation | |
1457 * in a session. */ | |
1458 CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, | |
1459 CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, | |
1460 CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) { | |
1461 SFTK_FIPSFATALCHECK(); | |
1462 CHECK_FORK(); | |
1463 | |
1464 return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen, | |
1465 hEncryptionKey,hAuthenticationKey); | |
1466 } | |
1467 | |
1468 /* FC_FindObjectsFinal finishes a search for token and session objects. */ | |
1469 CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) { | |
1470 /* let publically readable object be found */ | |
1471 SFTK_FIPSFATALCHECK(); | |
1472 CHECK_FORK(); | |
1473 | |
1474 return NSC_FindObjectsFinal(hSession); | |
1475 } | |
1476 | |
1477 | |
1478 /* Dual-function cryptographic operations */ | |
1479 | |
1480 /* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption | |
1481 * operation. */ | |
1482 CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, | |
1483 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, | |
1484 CK_ULONG_PTR pulEncryptedPartLen) { | |
1485 SFTK_FIPSCHECK(); | |
1486 CHECK_FORK(); | |
1487 | |
1488 return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart, | |
1489 pulEncryptedPartLen); | |
1490 } | |
1491 | |
1492 | |
1493 /* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting | |
1494 * operation. */ | |
1495 CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, | |
1496 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, | |
1497 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) { | |
1498 SFTK_FIPSCHECK(); | |
1499 CHECK_FORK(); | |
1500 | |
1501 return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen, | |
1502 pPart,pulPartLen); | |
1503 } | |
1504 | |
1505 /* FC_SignEncryptUpdate continues a multiple-part signing and encryption | |
1506 * operation. */ | |
1507 CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, | |
1508 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, | |
1509 CK_ULONG_PTR pulEncryptedPartLen) { | |
1510 SFTK_FIPSCHECK(); | |
1511 CHECK_FORK(); | |
1512 | |
1513 return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart, | |
1514 pulEncryptedPartLen); | |
1515 } | |
1516 | |
1517 /* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify | |
1518 * operation. */ | |
1519 CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, | |
1520 CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, | |
1521 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { | |
1522 SFTK_FIPSCHECK(); | |
1523 CHECK_FORK(); | |
1524 | |
1525 return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, | |
1526 pData,pulDataLen); | |
1527 } | |
1528 | |
1529 | |
1530 /* FC_DigestKey continues a multi-part message-digesting operation, | |
1531 * by digesting the value of a secret key as part of the data already digested. | |
1532 */ | |
1533 CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { | |
1534 SFTK_FIPSCHECK(); | |
1535 CHECK_FORK(); | |
1536 | |
1537 rv = NSC_DigestKey(hSession,hKey); | |
1538 if (sftk_audit_enabled) { | |
1539 sftk_AuditDigestKey(hSession,hKey,rv); | |
1540 } | |
1541 return rv; | |
1542 } | |
1543 | |
1544 | |
1545 CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, | |
1546 CK_VOID_PTR pReserved) | |
1547 { | |
1548 CHECK_FORK(); | |
1549 | |
1550 return NSC_WaitForSlotEvent(flags, pSlot, pReserved); | |
1551 } | |
OLD | NEW |