| Index: nss/lib/ckfw/session.c
|
| diff --git a/nss/lib/ckfw/session.c b/nss/lib/ckfw/session.c
|
| deleted file mode 100644
|
| index 4320a3971211fc965822cacd124bb1db1b1553d4..0000000000000000000000000000000000000000
|
| --- a/nss/lib/ckfw/session.c
|
| +++ /dev/null
|
| @@ -1,2377 +0,0 @@
|
| -/* This Source Code Form is subject to the terms of the Mozilla Public
|
| - * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -
|
| -/*
|
| - * session.c
|
| - *
|
| - * This file implements the NSSCKFWSession type and methods.
|
| - */
|
| -
|
| -#ifndef CK_T
|
| -#include "ck.h"
|
| -#endif /* CK_T */
|
| -
|
| -/*
|
| - * NSSCKFWSession
|
| - *
|
| - * -- create/destroy --
|
| - * nssCKFWSession_Create
|
| - * nssCKFWSession_Destroy
|
| - *
|
| - * -- public accessors --
|
| - * NSSCKFWSession_GetMDSession
|
| - * NSSCKFWSession_GetArena
|
| - * NSSCKFWSession_CallNotification
|
| - * NSSCKFWSession_IsRWSession
|
| - * NSSCKFWSession_IsSO
|
| - *
|
| - * -- implement public accessors --
|
| - * nssCKFWSession_GetMDSession
|
| - * nssCKFWSession_GetArena
|
| - * nssCKFWSession_CallNotification
|
| - * nssCKFWSession_IsRWSession
|
| - * nssCKFWSession_IsSO
|
| - *
|
| - * -- private accessors --
|
| - * nssCKFWSession_GetSlot
|
| - * nssCKFWSession_GetSessionState
|
| - * nssCKFWSession_SetFWFindObjects
|
| - * nssCKFWSession_GetFWFindObjects
|
| - * nssCKFWSession_SetMDSession
|
| - * nssCKFWSession_SetHandle
|
| - * nssCKFWSession_GetHandle
|
| - * nssCKFWSession_RegisterSessionObject
|
| - * nssCKFWSession_DeegisterSessionObject
|
| - *
|
| - * -- module fronts --
|
| - * nssCKFWSession_GetDeviceError
|
| - * nssCKFWSession_Login
|
| - * nssCKFWSession_Logout
|
| - * nssCKFWSession_InitPIN
|
| - * nssCKFWSession_SetPIN
|
| - * nssCKFWSession_GetOperationStateLen
|
| - * nssCKFWSession_GetOperationState
|
| - * nssCKFWSession_SetOperationState
|
| - * nssCKFWSession_CreateObject
|
| - * nssCKFWSession_CopyObject
|
| - * nssCKFWSession_FindObjectsInit
|
| - * nssCKFWSession_SeedRandom
|
| - * nssCKFWSession_GetRandom
|
| - */
|
| -
|
| -struct NSSCKFWSessionStr {
|
| - NSSArena *arena;
|
| - NSSCKMDSession *mdSession;
|
| - NSSCKFWToken *fwToken;
|
| - NSSCKMDToken *mdToken;
|
| - NSSCKFWInstance *fwInstance;
|
| - NSSCKMDInstance *mdInstance;
|
| - CK_VOID_PTR pApplication;
|
| - CK_NOTIFY Notify;
|
| -
|
| - /*
|
| - * Everything above is set at creation time, and then not modified.
|
| - * The items below are atomic. No locking required. If we fear
|
| - * about pointer-copies being nonatomic, we'll lock fwFindObjects.
|
| - */
|
| -
|
| - CK_BBOOL rw;
|
| - NSSCKFWFindObjects *fwFindObjects;
|
| - NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
|
| - nssCKFWHash *sessionObjectHash;
|
| - CK_SESSION_HANDLE hSession;
|
| -};
|
| -
|
| -#ifdef DEBUG
|
| -/*
|
| - * But first, the pointer-tracking stuff.
|
| - *
|
| - * NOTE: the pointer-tracking support in NSS/base currently relies
|
| - * upon NSPR's CallOnce support. That, however, relies upon NSPR's
|
| - * locking, which is tied into the runtime. We need a pointer-tracker
|
| - * implementation that uses the locks supplied through C_Initialize.
|
| - * That support, however, can be filled in later. So for now, I'll
|
| - * just do this routines as no-ops.
|
| - */
|
| -
|
| -static CK_RV
|
| -session_add_pointer(
|
| - const NSSCKFWSession *fwSession)
|
| -{
|
| - return CKR_OK;
|
| -}
|
| -
|
| -static CK_RV
|
| -session_remove_pointer(
|
| - const NSSCKFWSession *fwSession)
|
| -{
|
| - return CKR_OK;
|
| -}
|
| -
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_verifyPointer(
|
| - const NSSCKFWSession *fwSession)
|
| -{
|
| - return CKR_OK;
|
| -}
|
| -
|
| -#endif /* DEBUG */
|
| -
|
| -/*
|
| - * nssCKFWSession_Create
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWSession *
|
| -nssCKFWSession_Create(
|
| - NSSCKFWToken *fwToken,
|
| - CK_BBOOL rw,
|
| - CK_VOID_PTR pApplication,
|
| - CK_NOTIFY Notify,
|
| - CK_RV *pError)
|
| -{
|
| - NSSArena *arena = (NSSArena *)NULL;
|
| - NSSCKFWSession *fwSession;
|
| - NSSCKFWSlot *fwSlot;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSCKFWSession *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWToken_verifyPointer(fwToken);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSCKFWSession *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - arena = NSSArena_Create();
|
| - if (!arena) {
|
| - *pError = CKR_HOST_MEMORY;
|
| - return (NSSCKFWSession *)NULL;
|
| - }
|
| -
|
| - fwSession = nss_ZNEW(arena, NSSCKFWSession);
|
| - if (!fwSession) {
|
| - *pError = CKR_HOST_MEMORY;
|
| - goto loser;
|
| - }
|
| -
|
| - fwSession->arena = arena;
|
| - fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
|
| - fwSession->fwToken = fwToken;
|
| - fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
|
| -
|
| - fwSlot = nssCKFWToken_GetFWSlot(fwToken);
|
| - fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
|
| - fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
|
| -
|
| - fwSession->rw = rw;
|
| - fwSession->pApplication = pApplication;
|
| - fwSession->Notify = Notify;
|
| -
|
| - fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
|
| -
|
| - fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
|
| - if (!fwSession->sessionObjectHash) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - goto loser;
|
| - }
|
| -
|
| -#ifdef DEBUG
|
| - *pError = session_add_pointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - goto loser;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return fwSession;
|
| -
|
| -loser:
|
| - if (arena) {
|
| - if (fwSession && fwSession->sessionObjectHash) {
|
| - (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
|
| - }
|
| - NSSArena_Destroy(arena);
|
| - }
|
| -
|
| - return (NSSCKFWSession *)NULL;
|
| -}
|
| -
|
| -static void
|
| -nss_ckfw_session_object_destroy_iterator(
|
| - const void *key,
|
| - void *value,
|
| - void *closure)
|
| -{
|
| - NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
|
| - nssCKFWObject_Finalize(fwObject, PR_TRUE);
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_Destroy
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_Destroy(
|
| - NSSCKFWSession *fwSession,
|
| - CK_BBOOL removeFromTokenHash)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - nssCKFWHash *sessionObjectHash;
|
| - NSSCKFWCryptoOperationState i;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (removeFromTokenHash) {
|
| - error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
|
| - }
|
| -
|
| - /*
|
| - * Invalidate session objects
|
| - */
|
| -
|
| - sessionObjectHash = fwSession->sessionObjectHash;
|
| - fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
|
| -
|
| - nssCKFWHash_Iterate(sessionObjectHash,
|
| - nss_ckfw_session_object_destroy_iterator,
|
| - (void *)NULL);
|
| -
|
| - for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) {
|
| - if (fwSession->fwOperationArray[i]) {
|
| - nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
|
| - }
|
| - }
|
| -
|
| -#ifdef DEBUG
|
| - (void)session_remove_pointer(fwSession);
|
| -#endif /* DEBUG */
|
| - (void)nssCKFWHash_Destroy(sessionObjectHash);
|
| - NSSArena_Destroy(fwSession->arena);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetMDSession
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKMDSession *
|
| -nssCKFWSession_GetMDSession(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return (NSSCKMDSession *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return fwSession->mdSession;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetArena
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSArena *
|
| -nssCKFWSession_GetArena(
|
| - NSSCKFWSession *fwSession,
|
| - CK_RV *pError)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSArena *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSArena *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return fwSession->arena;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_CallNotification
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_CallNotification(
|
| - NSSCKFWSession *fwSession,
|
| - CK_NOTIFICATION event)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_SESSION_HANDLE handle;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if ((CK_NOTIFY)NULL == fwSession->Notify) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
|
| - if ((CK_SESSION_HANDLE)0 == handle) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - error = fwSession->Notify(handle, event, fwSession->pApplication);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_IsRWSession
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_BBOOL
|
| -nssCKFWSession_IsRWSession(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CK_FALSE;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return fwSession->rw;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_IsSO
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_BBOOL
|
| -nssCKFWSession_IsSO(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| - CK_STATE state;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CK_FALSE;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - state = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
| - switch (state) {
|
| - case CKS_RO_PUBLIC_SESSION:
|
| - case CKS_RO_USER_FUNCTIONS:
|
| - case CKS_RW_PUBLIC_SESSION:
|
| - case CKS_RW_USER_FUNCTIONS:
|
| - return CK_FALSE;
|
| - case CKS_RW_SO_FUNCTIONS:
|
| - return CK_TRUE;
|
| - default:
|
| - return CK_FALSE;
|
| - }
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetFWSlot
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWSlot *
|
| -nssCKFWSession_GetFWSlot(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return (NSSCKFWSlot *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return nssCKFWToken_GetFWSlot(fwSession->fwToken);
|
| -}
|
| -
|
| -/*
|
| - * nssCFKWSession_GetSessionState
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_STATE
|
| -nssCKFWSession_GetSessionState(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CKS_RO_PUBLIC_SESSION; /* whatever */
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return nssCKFWToken_GetSessionState(fwSession->fwToken);
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetFWFindObjects
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SetFWFindObjects(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWFindObjects *fwFindObjects)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - CK_RV error = CKR_OK;
|
| -#endif /* NSSDEBUG */
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| -/* fwFindObjects may be null */
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if ((fwSession->fwFindObjects) &&
|
| - (fwFindObjects)) {
|
| - return CKR_OPERATION_ACTIVE;
|
| - }
|
| -
|
| - fwSession->fwFindObjects = fwFindObjects;
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetFWFindObjects
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWFindObjects *
|
| -nssCKFWSession_GetFWFindObjects(
|
| - NSSCKFWSession *fwSession,
|
| - CK_RV *pError)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->fwFindObjects) {
|
| - *pError = CKR_OPERATION_NOT_INITIALIZED;
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - return fwSession->fwFindObjects;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetMDSession
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SetMDSession(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKMDSession *mdSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - CK_RV error = CKR_OK;
|
| -#endif /* NSSDEBUG */
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!mdSession) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - fwSession->mdSession = mdSession;
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetHandle
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SetHandle(
|
| - NSSCKFWSession *fwSession,
|
| - CK_SESSION_HANDLE hSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - CK_RV error = CKR_OK;
|
| -#endif /* NSSDEBUG */
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if ((CK_SESSION_HANDLE)0 != fwSession->hSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - fwSession->hSession = hSession;
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetHandle
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_SESSION_HANDLE
|
| -nssCKFWSession_GetHandle(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - return fwSession->hSession;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_RegisterSessionObject
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_RegisterSessionObject(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWObject *fwObject)
|
| -{
|
| - CK_RV rv = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (fwSession->sessionObjectHash) {
|
| - rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
|
| - }
|
| -
|
| - return rv;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_DeregisterSessionObject
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_DeregisterSessionObject(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWObject *fwObject)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (fwSession->sessionObjectHash) {
|
| - nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
|
| - }
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetDeviceError
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_ULONG
|
| -nssCKFWSession_GetDeviceError(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->mdSession->GetDeviceError) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance);
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_Login
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_Login(
|
| - NSSCKFWSession *fwSession,
|
| - CK_USER_TYPE userType,
|
| - NSSItem *pin)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_STATE oldState;
|
| - CK_STATE newState;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - switch (userType) {
|
| - case CKU_SO:
|
| - case CKU_USER:
|
| - break;
|
| - default:
|
| - return CKR_USER_TYPE_INVALID;
|
| - }
|
| -
|
| - if (!pin) {
|
| - if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
| -
|
| - /*
|
| - * It's not clear what happens when you're already logged in.
|
| - * I'll just fail; but if we decide to change, the logic is
|
| - * all right here.
|
| - */
|
| -
|
| - if (CKU_SO == userType) {
|
| - switch (oldState) {
|
| - case CKS_RO_PUBLIC_SESSION:
|
| - /*
|
| - * There's no such thing as a read-only security officer
|
| - * session, so fail. The error should be CKR_SESSION_READ_ONLY,
|
| - * except that C_Login isn't defined to return that. So we'll
|
| - * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
|
| - */
|
| - return CKR_SESSION_READ_ONLY_EXISTS;
|
| - case CKS_RO_USER_FUNCTIONS:
|
| - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
| - case CKS_RW_PUBLIC_SESSION:
|
| - newState =
|
| - CKS_RW_SO_FUNCTIONS;
|
| - break;
|
| - case CKS_RW_USER_FUNCTIONS:
|
| - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
| - case CKS_RW_SO_FUNCTIONS:
|
| - return CKR_USER_ALREADY_LOGGED_IN;
|
| - default:
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| - } else /* CKU_USER == userType */ {
|
| - switch (oldState) {
|
| - case CKS_RO_PUBLIC_SESSION:
|
| - newState =
|
| - CKS_RO_USER_FUNCTIONS;
|
| - break;
|
| - case CKS_RO_USER_FUNCTIONS:
|
| - return CKR_USER_ALREADY_LOGGED_IN;
|
| - case CKS_RW_PUBLIC_SESSION:
|
| - newState =
|
| - CKS_RW_USER_FUNCTIONS;
|
| - break;
|
| - case CKS_RW_USER_FUNCTIONS:
|
| - return CKR_USER_ALREADY_LOGGED_IN;
|
| - case CKS_RW_SO_FUNCTIONS:
|
| - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
| - default:
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| - }
|
| -
|
| - /*
|
| - * So now we're in one of three cases:
|
| - *
|
| - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
|
| - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
|
| - * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
|
| - */
|
| -
|
| - if (!fwSession->mdSession->Login) {
|
| - /*
|
| - * The Module doesn't want to be informed (or check the pin)
|
| - * it'll just rely on the Framework as needed.
|
| - */
|
| - ;
|
| - } else {
|
| - error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, userType, pin, oldState, newState);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - }
|
| -
|
| - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_Logout
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_Logout(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_STATE oldState;
|
| - CK_STATE newState;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
| -
|
| - switch (oldState) {
|
| - case CKS_RO_PUBLIC_SESSION:
|
| - return CKR_USER_NOT_LOGGED_IN;
|
| - case CKS_RO_USER_FUNCTIONS:
|
| - newState = CKS_RO_PUBLIC_SESSION;
|
| - break;
|
| - case CKS_RW_PUBLIC_SESSION:
|
| - return CKR_USER_NOT_LOGGED_IN;
|
| - case CKS_RW_USER_FUNCTIONS:
|
| - newState = CKS_RW_PUBLIC_SESSION;
|
| - break;
|
| - case CKS_RW_SO_FUNCTIONS:
|
| - newState = CKS_RW_PUBLIC_SESSION;
|
| - break;
|
| - default:
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - /*
|
| - * So now we're in one of three cases:
|
| - *
|
| - * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
|
| - * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
|
| - * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
|
| - */
|
| -
|
| - if (!fwSession->mdSession->Logout) {
|
| - /*
|
| - * The Module doesn't want to be informed. Okay.
|
| - */
|
| - ;
|
| - } else {
|
| - error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, oldState, newState);
|
| - if (CKR_OK != error) {
|
| - /*
|
| - * Now what?! A failure really should end up with the Framework
|
| - * considering it logged out, right?
|
| - */
|
| - ;
|
| - }
|
| - }
|
| -
|
| - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_InitPIN
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_InitPIN(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *pin)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_STATE state;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - state = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
| - if (CKS_RW_SO_FUNCTIONS != state) {
|
| - return CKR_USER_NOT_LOGGED_IN;
|
| - }
|
| -
|
| - if (!pin) {
|
| - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
| - if (CK_TRUE != has) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| - }
|
| -
|
| - if (!fwSession->mdSession->InitPIN) {
|
| - return CKR_TOKEN_WRITE_PROTECTED;
|
| - }
|
| -
|
| - error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, pin);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetPIN
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SetPIN(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *oldPin,
|
| - NSSItem *newPin)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!newPin) {
|
| - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
| - if (CK_TRUE != has) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| - }
|
| -
|
| - if (!oldPin) {
|
| - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
| - if (CK_TRUE != has) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| - }
|
| -
|
| - if (!fwSession->mdSession->SetPIN) {
|
| - return CKR_TOKEN_WRITE_PROTECTED;
|
| - }
|
| -
|
| - error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, oldPin, newPin);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetOperationStateLen
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_ULONG
|
| -nssCKFWSession_GetOperationStateLen(
|
| - NSSCKFWSession *fwSession,
|
| - CK_RV *pError)
|
| -{
|
| - CK_ULONG mdAmt;
|
| - CK_ULONG fwAmt;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - return (CK_ULONG)0;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->mdSession->GetOperationStateLen) {
|
| - *pError = CKR_STATE_UNSAVEABLE;
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - /*
|
| - * We could check that the session is actually in some state..
|
| - */
|
| -
|
| - mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, pError);
|
| -
|
| - if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) {
|
| - return (CK_ULONG)0;
|
| - }
|
| -
|
| - /*
|
| - * Add a bit of sanity-checking
|
| - */
|
| - fwAmt = mdAmt + 2 * sizeof(CK_ULONG);
|
| -
|
| - return fwAmt;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetOperationState
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_GetOperationState(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *buffer)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_ULONG fwAmt;
|
| - CK_ULONG *ulBuffer;
|
| - NSSItem i2;
|
| - CK_ULONG n, i;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!buffer) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!buffer->data) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->mdSession->GetOperationState) {
|
| - return CKR_STATE_UNSAVEABLE;
|
| - }
|
| -
|
| - /*
|
| - * Sanity-check the caller's buffer.
|
| - */
|
| -
|
| - error = CKR_OK;
|
| - fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
|
| - if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) {
|
| - return error;
|
| - }
|
| -
|
| - if (buffer->size < fwAmt) {
|
| - return CKR_BUFFER_TOO_SMALL;
|
| - }
|
| -
|
| - ulBuffer = (CK_ULONG *)buffer->data;
|
| -
|
| - i2.size = buffer->size - 2 * sizeof(CK_ULONG);
|
| - i2.data = (void *)&ulBuffer[2];
|
| -
|
| - error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance, &i2);
|
| -
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - /*
|
| - * Add a little integrety/identity check.
|
| - * NOTE: right now, it's pretty stupid.
|
| - * A CRC or something would be better.
|
| - */
|
| -
|
| - ulBuffer[0] = 0x434b4657; /* CKFW */
|
| - ulBuffer[1] = 0;
|
| - n = i2.size / sizeof(CK_ULONG);
|
| - for (i = 0; i < n; i++) {
|
| - ulBuffer[1] ^= ulBuffer[2 + i];
|
| - }
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetOperationState
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SetOperationState(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *state,
|
| - NSSCKFWObject *encryptionKey,
|
| - NSSCKFWObject *authenticationKey)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| - CK_ULONG *ulBuffer;
|
| - CK_ULONG n, i;
|
| - CK_ULONG x;
|
| - NSSItem s;
|
| - NSSCKMDObject *mdek;
|
| - NSSCKMDObject *mdak;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!state) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!state->data) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (encryptionKey) {
|
| - error = nssCKFWObject_verifyPointer(encryptionKey);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - }
|
| -
|
| - if (authenticationKey) {
|
| - error = nssCKFWObject_verifyPointer(authenticationKey);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - ulBuffer = (CK_ULONG *)state->data;
|
| - if (0x43b4657 != ulBuffer[0]) {
|
| - return CKR_SAVED_STATE_INVALID;
|
| - }
|
| - n = (state->size / sizeof(CK_ULONG)) - 2;
|
| - x = (CK_ULONG)0;
|
| - for (i = 0; i < n; i++) {
|
| - x ^= ulBuffer[2 + i];
|
| - }
|
| -
|
| - if (x != ulBuffer[1]) {
|
| - return CKR_SAVED_STATE_INVALID;
|
| - }
|
| -
|
| - if (!fwSession->mdSession->SetOperationState) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - s.size = state->size - 2 * sizeof(CK_ULONG);
|
| - s.data = (void *)&ulBuffer[2];
|
| -
|
| - if (encryptionKey) {
|
| - mdek = nssCKFWObject_GetMDObject(encryptionKey);
|
| - } else {
|
| - mdek = (NSSCKMDObject *)NULL;
|
| - }
|
| -
|
| - if (authenticationKey) {
|
| - mdak = nssCKFWObject_GetMDObject(authenticationKey);
|
| - } else {
|
| - mdak = (NSSCKMDObject *)NULL;
|
| - }
|
| -
|
| - error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
|
| -
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - /*
|
| - * Here'd we restore any session data
|
| - */
|
| -
|
| - return CKR_OK;
|
| -}
|
| -
|
| -static CK_BBOOL
|
| -nss_attributes_form_token_object(
|
| - CK_ATTRIBUTE_PTR pTemplate,
|
| - CK_ULONG ulAttributeCount)
|
| -{
|
| - CK_ULONG i;
|
| - CK_BBOOL rv;
|
| -
|
| - for (i = 0; i < ulAttributeCount; i++) {
|
| - if (CKA_TOKEN == pTemplate[i].type) {
|
| - /* If we sanity-check, we can remove this sizeof check */
|
| - if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
|
| - (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
| - return rv;
|
| - } else {
|
| - return CK_FALSE;
|
| - }
|
| - }
|
| - }
|
| -
|
| - return CK_FALSE;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_CreateObject
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWObject *
|
| -nssCKFWSession_CreateObject(
|
| - NSSCKFWSession *fwSession,
|
| - CK_ATTRIBUTE_PTR pTemplate,
|
| - CK_ULONG ulAttributeCount,
|
| - CK_RV *pError)
|
| -{
|
| - NSSArena *arena;
|
| - NSSCKMDObject *mdObject;
|
| - NSSCKFWObject *fwObject;
|
| - CK_BBOOL isTokenObject;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != pError) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
|
| - *pError = CKR_ARGUMENTS_BAD;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /*
|
| - * Here would be an excellent place to sanity-check the object.
|
| - */
|
| -
|
| - isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
|
| - if (CK_TRUE == isTokenObject) {
|
| - /* === TOKEN OBJECT === */
|
| -
|
| - if (!fwSession->mdSession->CreateObject) {
|
| - *pError = CKR_TOKEN_WRITE_PROTECTED;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
| - if (!arena) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - goto callmdcreateobject;
|
| - } else {
|
| - /* === SESSION OBJECT === */
|
| -
|
| - arena = nssCKFWSession_GetArena(fwSession, pError);
|
| - if (!arena) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
|
| - fwSession->fwInstance)) {
|
| - /* --- module handles the session object -- */
|
| -
|
| - if (!fwSession->mdSession->CreateObject) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - goto callmdcreateobject;
|
| - } else {
|
| - /* --- framework handles the session object -- */
|
| - mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
|
| - arena, pTemplate, ulAttributeCount, pError);
|
| - goto gotmdobject;
|
| - }
|
| - }
|
| -
|
| -callmdcreateobject:
|
| - mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
|
| - ulAttributeCount, pError);
|
| -
|
| -gotmdobject:
|
| - if (!mdObject) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - fwObject = nssCKFWObject_Create(arena, mdObject,
|
| - isTokenObject ? NULL
|
| - : fwSession,
|
| - fwSession->fwToken, fwSession->fwInstance, pError);
|
| - if (!fwObject) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| -
|
| - if (mdObject->Destroy) {
|
| - (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
|
| - fwSession->mdSession, fwSession, fwSession->mdToken,
|
| - fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
|
| - }
|
| -
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - if (CK_FALSE == isTokenObject) {
|
| - if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) {
|
| - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
|
| - if (CKR_OK != *pError) {
|
| - nssCKFWObject_Finalize(fwObject, PR_TRUE);
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| - }
|
| - }
|
| -
|
| - return fwObject;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_CopyObject
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWObject *
|
| -nssCKFWSession_CopyObject(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWObject *fwObject,
|
| - CK_ATTRIBUTE_PTR pTemplate,
|
| - CK_ULONG ulAttributeCount,
|
| - CK_RV *pError)
|
| -{
|
| - CK_BBOOL oldIsToken;
|
| - CK_BBOOL newIsToken;
|
| - CK_ULONG i;
|
| - NSSCKFWObject *rv;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWObject_verifyPointer(fwObject);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /*
|
| - * Sanity-check object
|
| - */
|
| -
|
| - if (!fwObject) {
|
| - *pError = CKR_ARGUMENTS_BAD;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
|
| -
|
| - newIsToken = oldIsToken;
|
| - for (i = 0; i < ulAttributeCount; i++) {
|
| - if (CKA_TOKEN == pTemplate[i].type) {
|
| - /* Since we sanity-checked the object, we know this is the right size. */
|
| - (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
| - break;
|
| - }
|
| - }
|
| -
|
| - /*
|
| - * If the Module handles its session objects, or if both the new
|
| - * and old object are token objects, use CopyObject if it exists.
|
| - */
|
| -
|
| - if ((fwSession->mdSession->CopyObject) &&
|
| - (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
|
| - (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
|
| - fwSession->fwInstance)))) {
|
| - /* use copy object */
|
| - NSSArena *arena;
|
| - NSSCKMDObject *mdOldObject;
|
| - NSSCKMDObject *mdObject;
|
| -
|
| - mdOldObject = nssCKFWObject_GetMDObject(fwObject);
|
| -
|
| - if (CK_TRUE == newIsToken) {
|
| - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
| - } else {
|
| - arena = nssCKFWSession_GetArena(fwSession, pError);
|
| - }
|
| - if (!arena) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
|
| - fwObject, arena, pTemplate, ulAttributeCount, pError);
|
| - if (!mdObject) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - rv = nssCKFWObject_Create(arena, mdObject,
|
| - newIsToken ? NULL
|
| - : fwSession,
|
| - fwSession->fwToken, fwSession->fwInstance, pError);
|
| -
|
| - if (CK_FALSE == newIsToken) {
|
| - if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) {
|
| - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
|
| - if (CKR_OK != *pError) {
|
| - nssCKFWObject_Finalize(rv, PR_TRUE);
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| - }
|
| - }
|
| -
|
| - return rv;
|
| - } else {
|
| - /* use create object */
|
| - NSSArena *tmpArena;
|
| - CK_ATTRIBUTE_PTR newTemplate;
|
| - CK_ULONG i, j, n, newLength, k;
|
| - CK_ATTRIBUTE_TYPE_PTR oldTypes;
|
| - NSSCKFWObject *rv;
|
| -
|
| - n = nssCKFWObject_GetAttributeCount(fwObject, pError);
|
| - if ((0 == n) && (CKR_OK != *pError)) {
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - tmpArena = NSSArena_Create();
|
| - if (!tmpArena) {
|
| - *pError = CKR_HOST_MEMORY;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
|
| - if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) {
|
| - NSSArena_Destroy(tmpArena);
|
| - *pError = CKR_HOST_MEMORY;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
|
| - if (CKR_OK != *pError) {
|
| - NSSArena_Destroy(tmpArena);
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - newLength = n;
|
| - for (i = 0; i < ulAttributeCount; i++) {
|
| - for (j = 0; j < n; j++) {
|
| - if (oldTypes[j] == pTemplate[i].type) {
|
| - if ((CK_VOID_PTR)NULL ==
|
| - pTemplate[i].pValue) {
|
| - /* Removing the attribute */
|
| - newLength--;
|
| - }
|
| - break;
|
| - }
|
| - }
|
| - if (j == n) {
|
| - /* Not found */
|
| - newLength++;
|
| - }
|
| - }
|
| -
|
| - newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
|
| - if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) {
|
| - NSSArena_Destroy(tmpArena);
|
| - *pError = CKR_HOST_MEMORY;
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - k = 0;
|
| - for (j = 0; j < n; j++) {
|
| - for (i = 0; i < ulAttributeCount; i++) {
|
| - if (oldTypes[j] == pTemplate[i].type) {
|
| - if ((CK_VOID_PTR)NULL ==
|
| - pTemplate[i].pValue) {
|
| - /* This attribute is being deleted */
|
| - ;
|
| - } else {
|
| - /* This attribute is being replaced */
|
| - newTemplate[k].type =
|
| - pTemplate[i].type;
|
| - newTemplate[k].pValue =
|
| - pTemplate[i].pValue;
|
| - newTemplate[k].ulValueLen =
|
| - pTemplate[i].ulValueLen;
|
| - k++;
|
| - }
|
| - break;
|
| - }
|
| - }
|
| - if (i == ulAttributeCount) {
|
| - /* This attribute is being copied over from the old object */
|
| - NSSItem item, *it;
|
| - item.size = 0;
|
| - item.data = (void *)NULL;
|
| - it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
|
| - &item, tmpArena, pError);
|
| - if (!it) {
|
| - if (CKR_OK ==
|
| - *pError) {
|
| - *pError =
|
| - CKR_GENERAL_ERROR;
|
| - }
|
| - NSSArena_Destroy(tmpArena);
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| - newTemplate[k].type = oldTypes[j];
|
| - newTemplate[k].pValue = it->data;
|
| - newTemplate[k].ulValueLen = it->size;
|
| - k++;
|
| - }
|
| - }
|
| - /* assert that k == newLength */
|
| -
|
| - rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
|
| - if (!rv) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - NSSArena_Destroy(tmpArena);
|
| - return (NSSCKFWObject *)NULL;
|
| - }
|
| -
|
| - NSSArena_Destroy(tmpArena);
|
| - return rv;
|
| - }
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_FindObjectsInit
|
| - *
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWFindObjects *
|
| -nssCKFWSession_FindObjectsInit(
|
| - NSSCKFWSession *fwSession,
|
| - CK_ATTRIBUTE_PTR pTemplate,
|
| - CK_ULONG ulAttributeCount,
|
| - CK_RV *pError)
|
| -{
|
| - NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
|
| - NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
|
| -
|
| -#ifdef NSSDEBUG
|
| - if (!pError) {
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) {
|
| - *pError = CKR_ARGUMENTS_BAD;
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
|
| - fwSession->fwInstance)) {
|
| - CK_ULONG i;
|
| -
|
| - /*
|
| - * Does the search criteria restrict us to token or session
|
| - * objects?
|
| - */
|
| -
|
| - for (i = 0; i < ulAttributeCount; i++) {
|
| - if (CKA_TOKEN == pTemplate[i].type) {
|
| - /* Yes, it does. */
|
| - CK_BBOOL isToken;
|
| - if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) {
|
| - *pError =
|
| - CKR_ATTRIBUTE_VALUE_INVALID;
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| - (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
| -
|
| - if (CK_TRUE == isToken) {
|
| - /* Pass it on to the module's search routine */
|
| - if (!fwSession->mdSession->FindObjectsInit) {
|
| - goto wrap;
|
| - }
|
| -
|
| - mdfo1 =
|
| - fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance,
|
| - pTemplate, ulAttributeCount, pError);
|
| - } else {
|
| - /* Do the search ourselves */
|
| - mdfo1 =
|
| - nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
| - pTemplate, ulAttributeCount, pError);
|
| - }
|
| -
|
| - if (!mdfo1) {
|
| - if (CKR_OK ==
|
| - *pError) {
|
| - *pError =
|
| - CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - goto wrap;
|
| - }
|
| - }
|
| -
|
| - if (i == ulAttributeCount) {
|
| - /* No, it doesn't. Do a hybrid search. */
|
| - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance,
|
| - pTemplate, ulAttributeCount, pError);
|
| -
|
| - if (!mdfo1) {
|
| - if (CKR_OK == *pError) {
|
| - *pError =
|
| - CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
| - pTemplate, ulAttributeCount, pError);
|
| - if (!mdfo2) {
|
| - if (CKR_OK == *pError) {
|
| - *pError =
|
| - CKR_GENERAL_ERROR;
|
| - }
|
| - if (mdfo1->Final) {
|
| - mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance);
|
| - }
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - goto wrap;
|
| - }
|
| - /*NOTREACHED*/
|
| - } else {
|
| - /* Module handles all its own objects. Pass on to module's search */
|
| - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
| - fwSession, fwSession->mdToken, fwSession->fwToken,
|
| - fwSession->mdInstance, fwSession->fwInstance,
|
| - pTemplate, ulAttributeCount, pError);
|
| -
|
| - if (!mdfo1) {
|
| - if (CKR_OK == *pError) {
|
| - *pError = CKR_GENERAL_ERROR;
|
| - }
|
| - return (NSSCKFWFindObjects *)NULL;
|
| - }
|
| -
|
| - goto wrap;
|
| - }
|
| -
|
| -wrap:
|
| - return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
|
| - fwSession->fwInstance, mdfo1, mdfo2, pError);
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SeedRandom
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_SeedRandom(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *seed)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!seed) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!seed->data) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (0 == seed->size) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->mdSession->SeedRandom) {
|
| - return CKR_RANDOM_SEED_NOT_SUPPORTED;
|
| - }
|
| -
|
| - error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, seed);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetRandom
|
| - *
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_GetRandom(
|
| - NSSCKFWSession *fwSession,
|
| - NSSItem *buffer)
|
| -{
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!buffer) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!buffer->data) {
|
| - return CKR_ARGUMENTS_BAD;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - if (!fwSession->mdSession->GetRandom) {
|
| - if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
|
| - return CKR_GENERAL_ERROR;
|
| - } else {
|
| - return CKR_RANDOM_NO_RNG;
|
| - }
|
| - }
|
| -
|
| - if (0 == buffer->size) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
|
| - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
| - fwSession->fwInstance, buffer);
|
| -
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_SetCurrentCryptoOperation
|
| - */
|
| -NSS_IMPLEMENT void
|
| -nssCKFWSession_SetCurrentCryptoOperation(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperation *fwOperation,
|
| - NSSCKFWCryptoOperationState state)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - CK_RV error = CKR_OK;
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return;
|
| - }
|
| -
|
| - if (state >= NSSCKFWCryptoOperationState_Max) {
|
| - return;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| - fwSession->fwOperationArray[state] = fwOperation;
|
| - return;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_GetCurrentCryptoOperation
|
| - */
|
| -NSS_IMPLEMENT NSSCKFWCryptoOperation *
|
| -nssCKFWSession_GetCurrentCryptoOperation(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationState state)
|
| -{
|
| -#ifdef NSSDEBUG
|
| - CK_RV error = CKR_OK;
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return (NSSCKFWCryptoOperation *)NULL;
|
| - }
|
| -
|
| - if (state >= NSSCKFWCryptoOperationState_Max) {
|
| - return (NSSCKFWCryptoOperation *)NULL;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return (NSSCKFWCryptoOperation *)NULL;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| - return fwSession->fwOperationArray[state];
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_Final
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_Final(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationType type,
|
| - NSSCKFWCryptoOperationState state,
|
| - CK_BYTE_PTR outBuf,
|
| - CK_ULONG_PTR outBufLen)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSItem outputBuffer;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* handle buffer issues, note for Verify, the type is an input buffer. */
|
| - if (NSSCKFWCryptoOperationType_Verify == type) {
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - error = CKR_ARGUMENTS_BAD;
|
| - goto done;
|
| - }
|
| - } else {
|
| - CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
| - CK_ULONG maxBufLen = *outBufLen;
|
| -
|
| - if (CKR_OK != error) {
|
| - goto done;
|
| - }
|
| - *outBufLen = len;
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - if (len > maxBufLen) {
|
| - return CKR_BUFFER_TOO_SMALL;
|
| - }
|
| - }
|
| - outputBuffer.data = outBuf;
|
| - outputBuffer.size = *outBufLen;
|
| -
|
| - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
|
| -done:
|
| - if (CKR_BUFFER_TOO_SMALL == error) {
|
| - return error;
|
| - }
|
| - /* clean up our state */
|
| - nssCKFWCryptoOperation_Destroy(fwOperation);
|
| - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_Update
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_Update(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationType type,
|
| - NSSCKFWCryptoOperationState state,
|
| - CK_BYTE_PTR inBuf,
|
| - CK_ULONG inBufLen,
|
| - CK_BYTE_PTR outBuf,
|
| - CK_ULONG_PTR outBufLen)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSItem inputBuffer;
|
| - NSSItem outputBuffer;
|
| - CK_ULONG len;
|
| - CK_ULONG maxBufLen;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - inputBuffer.data = inBuf;
|
| - inputBuffer.size = inBufLen;
|
| -
|
| - /* handle buffer issues, note for Verify, the type is an input buffer. */
|
| - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
|
| - &error);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - maxBufLen = *outBufLen;
|
| -
|
| - *outBufLen = len;
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - if (len > maxBufLen) {
|
| - return CKR_BUFFER_TOO_SMALL;
|
| - }
|
| - outputBuffer.data = outBuf;
|
| - outputBuffer.size = *outBufLen;
|
| -
|
| - return nssCKFWCryptoOperation_Update(fwOperation,
|
| - &inputBuffer, &outputBuffer);
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_DigestUpdate
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_DigestUpdate(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationType type,
|
| - NSSCKFWCryptoOperationState state,
|
| - CK_BYTE_PTR inBuf,
|
| - CK_ULONG inBufLen)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSItem inputBuffer;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - inputBuffer.data = inBuf;
|
| - inputBuffer.size = inBufLen;
|
| -
|
| - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_DigestUpdate
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_DigestKey(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWObject *fwKey)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSItem *inputBuffer;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
| - NSSCKFWCryptoOperationState_Digest);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (NSSCKFWCryptoOperationType_Digest !=
|
| - nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
|
| - if (CKR_FUNCTION_FAILED != error) {
|
| - return error;
|
| - }
|
| -
|
| - /* no machine depended way for this to happen, do it by hand */
|
| - inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
|
| - if (!inputBuffer) {
|
| - /* couldn't get the value, just fail then */
|
| - return error;
|
| - }
|
| - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
|
| - nssItem_Destroy(inputBuffer);
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * nssCKFWSession_UpdateFinal
|
| - */
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_UpdateFinal(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationType type,
|
| - NSSCKFWCryptoOperationState state,
|
| - CK_BYTE_PTR inBuf,
|
| - CK_ULONG inBufLen,
|
| - CK_BYTE_PTR outBuf,
|
| - CK_ULONG_PTR outBufLen)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSItem inputBuffer;
|
| - NSSItem outputBuffer;
|
| - PRBool isEncryptDecrypt;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - inputBuffer.data = inBuf;
|
| - inputBuffer.size = inBufLen;
|
| - isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) ||
|
| - (NSSCKFWCryptoOperationType_Decrypt == type));
|
| -
|
| - /* handle buffer issues, note for Verify, the type is an input buffer. */
|
| - if (NSSCKFWCryptoOperationType_Verify == type) {
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - error = CKR_ARGUMENTS_BAD;
|
| - goto done;
|
| - }
|
| - } else {
|
| - CK_ULONG maxBufLen = *outBufLen;
|
| - CK_ULONG len;
|
| -
|
| - len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
| - &inputBuffer, &error)
|
| - : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
| -
|
| - if (CKR_OK != error) {
|
| - goto done;
|
| - }
|
| -
|
| - *outBufLen = len;
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - if (len > maxBufLen) {
|
| - return CKR_BUFFER_TOO_SMALL;
|
| - }
|
| - }
|
| - outputBuffer.data = outBuf;
|
| - outputBuffer.size = *outBufLen;
|
| -
|
| - error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
|
| - &inputBuffer, &outputBuffer);
|
| -
|
| - /* UpdateFinal isn't support, manually use Update and Final */
|
| - if (CKR_FUNCTION_FAILED == error) {
|
| - error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
|
| - : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
| -
|
| - if (CKR_OK == error) {
|
| - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
|
| - }
|
| - }
|
| -
|
| -done:
|
| - if (CKR_BUFFER_TOO_SMALL == error) {
|
| - /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
|
| - * the crypto state to be freed */
|
| - return error;
|
| - }
|
| -
|
| - /* clean up our state */
|
| - nssCKFWCryptoOperation_Destroy(fwOperation);
|
| - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
|
| - return error;
|
| -}
|
| -
|
| -NSS_IMPLEMENT CK_RV
|
| -nssCKFWSession_UpdateCombo(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationType encryptType,
|
| - NSSCKFWCryptoOperationType digestType,
|
| - NSSCKFWCryptoOperationState digestState,
|
| - CK_BYTE_PTR inBuf,
|
| - CK_ULONG inBufLen,
|
| - CK_BYTE_PTR outBuf,
|
| - CK_ULONG_PTR outBufLen)
|
| -{
|
| - NSSCKFWCryptoOperation *fwOperation;
|
| - NSSCKFWCryptoOperation *fwPeerOperation;
|
| - NSSItem inputBuffer;
|
| - NSSItem outputBuffer;
|
| - CK_ULONG maxBufLen = *outBufLen;
|
| - CK_ULONG len;
|
| - CK_RV error = CKR_OK;
|
| -
|
| -#ifdef NSSDEBUG
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - if (!fwSession->mdSession) {
|
| - return CKR_GENERAL_ERROR;
|
| - }
|
| -#endif /* NSSDEBUG */
|
| -
|
| - /* make sure we have a valid operation initialized */
|
| - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
| - NSSCKFWCryptoOperationState_EncryptDecrypt);
|
| - if (!fwOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| - /* make sure we have a valid operation initialized */
|
| - fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
| - digestState);
|
| - if (!fwPeerOperation) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - /* make sure it's the correct type */
|
| - if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
| - return CKR_OPERATION_NOT_INITIALIZED;
|
| - }
|
| -
|
| - inputBuffer.data = inBuf;
|
| - inputBuffer.size = inBufLen;
|
| - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
| - &inputBuffer, &error);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -
|
| - *outBufLen = len;
|
| - if ((CK_BYTE_PTR)NULL == outBuf) {
|
| - return CKR_OK;
|
| - }
|
| -
|
| - if (len > maxBufLen) {
|
| - return CKR_BUFFER_TOO_SMALL;
|
| - }
|
| -
|
| - outputBuffer.data = outBuf;
|
| - outputBuffer.size = *outBufLen;
|
| -
|
| - error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
|
| - &inputBuffer, &outputBuffer);
|
| - if (CKR_FUNCTION_FAILED == error) {
|
| - PRBool isEncrypt =
|
| - (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType);
|
| -
|
| - if (isEncrypt) {
|
| - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
|
| - &inputBuffer);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - }
|
| - error = nssCKFWCryptoOperation_Update(fwOperation,
|
| - &inputBuffer, &outputBuffer);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| - if (!isEncrypt) {
|
| - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
|
| - &outputBuffer);
|
| - }
|
| - }
|
| - return error;
|
| -}
|
| -
|
| -/*
|
| - * NSSCKFWSession_GetMDSession
|
| - *
|
| - */
|
| -
|
| -NSS_IMPLEMENT NSSCKMDSession *
|
| -NSSCKFWSession_GetMDSession(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef DEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return (NSSCKMDSession *)NULL;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return nssCKFWSession_GetMDSession(fwSession);
|
| -}
|
| -
|
| -/*
|
| - * NSSCKFWSession_GetArena
|
| - *
|
| - */
|
| -
|
| -NSS_IMPLEMENT NSSArena *
|
| -NSSCKFWSession_GetArena(
|
| - NSSCKFWSession *fwSession,
|
| - CK_RV *pError)
|
| -{
|
| -#ifdef DEBUG
|
| - if (!pError) {
|
| - return (NSSArena *)NULL;
|
| - }
|
| -
|
| - *pError = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != *pError) {
|
| - return (NSSArena *)NULL;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return nssCKFWSession_GetArena(fwSession, pError);
|
| -}
|
| -
|
| -/*
|
| - * NSSCKFWSession_CallNotification
|
| - *
|
| - */
|
| -
|
| -NSS_IMPLEMENT CK_RV
|
| -NSSCKFWSession_CallNotification(
|
| - NSSCKFWSession *fwSession,
|
| - CK_NOTIFICATION event)
|
| -{
|
| -#ifdef DEBUG
|
| - CK_RV error = CKR_OK;
|
| -
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return error;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return nssCKFWSession_CallNotification(fwSession, event);
|
| -}
|
| -
|
| -/*
|
| - * NSSCKFWSession_IsRWSession
|
| - *
|
| - */
|
| -
|
| -NSS_IMPLEMENT CK_BBOOL
|
| -NSSCKFWSession_IsRWSession(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef DEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CK_FALSE;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return nssCKFWSession_IsRWSession(fwSession);
|
| -}
|
| -
|
| -/*
|
| - * NSSCKFWSession_IsSO
|
| - *
|
| - */
|
| -
|
| -NSS_IMPLEMENT CK_BBOOL
|
| -NSSCKFWSession_IsSO(
|
| - NSSCKFWSession *fwSession)
|
| -{
|
| -#ifdef DEBUG
|
| - if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
|
| - return CK_FALSE;
|
| - }
|
| -#endif /* DEBUG */
|
| -
|
| - return nssCKFWSession_IsSO(fwSession);
|
| -}
|
| -
|
| -NSS_IMPLEMENT NSSCKFWCryptoOperation *
|
| -NSSCKFWSession_GetCurrentCryptoOperation(
|
| - NSSCKFWSession *fwSession,
|
| - NSSCKFWCryptoOperationState state)
|
| -{
|
| -#ifdef DEBUG
|
| - CK_RV error = CKR_OK;
|
| - error = nssCKFWSession_verifyPointer(fwSession);
|
| - if (CKR_OK != error) {
|
| - return (NSSCKFWCryptoOperation *)NULL;
|
| - }
|
| -
|
| - if (state >= NSSCKFWCryptoOperationState_Max) {
|
| - return (NSSCKFWCryptoOperation *)NULL;
|
| - }
|
| -#endif /* DEBUG */
|
| - return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
| -}
|
|
|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master