Mercurial > trustbridge > nss-cmake-static
diff nss/lib/ckfw/mechanism.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 28 Jul 2014 10:47:06 +0200 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/nss/lib/ckfw/mechanism.c Mon Jul 28 10:47:06 2014 +0200 @@ -0,0 +1,1182 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * mechanism.c + * + * This file implements the NSSCKFWMechanism type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWMechanism + * + * -- create/destroy -- + * nssCKFWMechanism_Create + * nssCKFWMechanism_Destroy + * + * -- implement public accessors -- + * nssCKFWMechanism_GetMDMechanism + * nssCKFWMechanism_GetParameter + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWMechanism_GetMinKeySize + * nssCKFWMechanism_GetMaxKeySize + * nssCKFWMechanism_GetInHardware + * nssCKFWMechanism_GetCanEncrypt + * nssCKFWMechanism_GetCanDecrypt + * nssCKFWMechanism_GetCanDigest + * nssCKFWMechanism_GetCanSign + * nssCKFWMechanism_GetCanSignRecover + * nssCKFWMechanism_GetCanVerify + * nssCKFWMechanism_GetCanGenerate + * nssCKFWMechanism_GetCanGenerateKeyPair + * nssCKFWMechanism_GetCanUnwrap + * nssCKFWMechanism_GetCanWrap + * nssCKFWMechanism_GetCanDerive + * nssCKFWMechanism_EncryptInit + * nssCKFWMechanism_DecryptInit + * nssCKFWMechanism_DigestInit + * nssCKFWMechanism_SignInit + * nssCKFWMechanism_VerifyInit + * nssCKFWMechanism_SignRecoverInit + * nssCKFWMechanism_VerifyRecoverInit + * nssCKFWMechanism_GenerateKey + * nssCKFWMechanism_GenerateKeyPair + * nssCKFWMechanism_GetWrapKeyLength + * nssCKFWMechanism_WrapKey + * nssCKFWMechanism_UnwrapKey + * nssCKFWMechanism_DeriveKey + */ + + +struct NSSCKFWMechanismStr { + NSSCKMDMechanism *mdMechanism; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; +}; + +/* + * nssCKFWMechanism_Create + * + */ +NSS_IMPLEMENT NSSCKFWMechanism * +nssCKFWMechanism_Create +( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + NSSCKFWMechanism *fwMechanism; + + + fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); + if (!fwMechanism) { + return (NSSCKFWMechanism *)NULL; + } + fwMechanism->mdMechanism = mdMechanism; + fwMechanism->mdToken = mdToken; + fwMechanism->fwToken = fwToken; + fwMechanism->mdInstance = mdInstance; + fwMechanism->fwInstance = fwInstance; + return fwMechanism; +} + +/* + * nssCKFWMechanism_Destroy + * + */ +NSS_IMPLEMENT void +nssCKFWMechanism_Destroy +( + NSSCKFWMechanism *fwMechanism +) +{ + /* destroy any fw resources held by nssCKFWMechanism (currently none) */ + + if (!fwMechanism->mdMechanism->Destroy) { + /* destroys it's parent as well */ + fwMechanism->mdMechanism->Destroy( + fwMechanism->mdMechanism, + fwMechanism, + fwMechanism->mdInstance, + fwMechanism->fwInstance); + } + /* if the Destroy function wasn't supplied, then the mechanism is 'static', + * and there is nothing to destroy */ + return; +} + +/* + * nssCKFWMechanism_GetMDMechanism + * + */ +NSS_IMPLEMENT NSSCKMDMechanism * +nssCKFWMechanism_GetMDMechanism +( + NSSCKFWMechanism *fwMechanism +) +{ + return fwMechanism->mdMechanism; +} + +/* + * nssCKFWMechanism_GetMinKeySize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWMechanism_GetMinKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetMinKeySize) { + return 0; + } + + return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + +/* + * nssCKFWMechanism_GetMaxKeySize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWMechanism_GetMaxKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetMaxKeySize) { + return 0; + } + + return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + +/* + * nssCKFWMechanism_GetInHardware + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWMechanism_GetInHardware +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetInHardware) { + return CK_FALSE; + } + + return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + + +/* + * the following are determined automatically by which of the cryptographic + * functions are defined for this mechanism. + */ +/* + * nssCKFWMechanism_GetCanEncrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanEncrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->EncryptInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDecrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDecrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DecryptInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDigest + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDigest +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DigestInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanSign + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSign +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->SignInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanSignRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSignRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanVerify + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerify +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->VerifyInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanVerifyRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerifyRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanGenerate + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerate +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GenerateKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanGenerateKeyPair + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanUnwrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanUnwrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->UnwrapKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanWrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanWrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->WrapKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDerive + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDerive +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DeriveKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * These are the actual crypto operations + */ + +/* + * nssCKFWMechanism_EncryptInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_EncryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->EncryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->EncryptInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Encrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_DecryptInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DecryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DecryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->DecryptInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Decrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_DigestInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DigestInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DigestInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdOperation = fwMechanism->mdMechanism->DigestInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Digest, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_Digest); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_SignInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Sign, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_VerifyInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Verify, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_SignRecoverInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignRecoverInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_SignRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_VerifyRecoverInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_VerifyRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_GenerateKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_GenerateKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->GenerateKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = fwMechanism->mdMechanism->GenerateKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} + +/* + * nssCKFWMechanism_GenerateKeyPair + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_GenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdPublicKeyObject; + NSSCKMDObject *mdPrivateKeyObject; + NSSArena *arena; + CK_RV error = CKR_OK; + + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CKR_FUNCTION_FAILED; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); + if (!arena) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + error = fwMechanism->mdMechanism->GenerateKeyPair( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPrivateKeyTemplate, + ulPrivateKeyAttributeCount, + &mdPublicKeyObject, + &mdPrivateKeyObject); + + if (CKR_OK != error) { + return error; + } + + *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + if (!*fwPublicKeyObject) { + return error; + } + *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + + return error; +} + +/* + * nssCKFWMechanism_GetWrapKeyLength + */ +NSS_EXTERN CK_ULONG +nssCKFWMechanism_GetWrapKeyLength +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + *pError = CKR_FUNCTION_FAILED; + return (CK_ULONG) 0; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->GetWrapKeyLength( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + mdKeyObject, + fwKeyObject, + pError); +} + +/* + * nssCKFWMechanism_WrapKey + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_WrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->WrapKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + mdKeyObject, + fwKeyObject, + wrappedKey); +} + +/* + * nssCKFWMechanism_UnwrapKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_UnwrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->UnwrapKey) { + /* we could simulate UnwrapKey using Decrypt and Create object, but + * 1) it's not clear that would work well, and 2) the low level token + * may want to restrict unwrap key for a reason, so just fail it it + * can't be done */ + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdObject = fwMechanism->mdMechanism->UnwrapKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + wrappedKey, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} + +/* + * nssCKFWMechanism_DeriveKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_DeriveKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdBaseKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->DeriveKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); + mdObject = fwMechanism->mdMechanism->DeriveKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdBaseKeyObject, + fwBaseKeyObject, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} +