diff nss/lib/ckfw/mechanism.c @ 0:1e5118fa0cb1

This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nss/lib/ckfw/mechanism.c	Mon Jul 28 10:47:06 2014 +0200
@@ -0,0 +1,1182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * mechanism.c
+ *
+ * This file implements the NSSCKFWMechanism type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWMechanism
+ *
+ *  -- create/destroy --
+ *  nssCKFWMechanism_Create
+ *  nssCKFWMechanism_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWMechanism_GetMDMechanism
+ *  nssCKFWMechanism_GetParameter
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ *  nssCKFWMechanism_GetMinKeySize
+ *  nssCKFWMechanism_GetMaxKeySize
+ *  nssCKFWMechanism_GetInHardware
+ *  nssCKFWMechanism_GetCanEncrypt
+ *  nssCKFWMechanism_GetCanDecrypt
+ *  nssCKFWMechanism_GetCanDigest
+ *  nssCKFWMechanism_GetCanSign
+ *  nssCKFWMechanism_GetCanSignRecover
+ *  nssCKFWMechanism_GetCanVerify
+ *  nssCKFWMechanism_GetCanGenerate
+ *  nssCKFWMechanism_GetCanGenerateKeyPair
+ *  nssCKFWMechanism_GetCanUnwrap
+ *  nssCKFWMechanism_GetCanWrap
+ *  nssCKFWMechanism_GetCanDerive
+ *  nssCKFWMechanism_EncryptInit
+ *  nssCKFWMechanism_DecryptInit
+ *  nssCKFWMechanism_DigestInit
+ *  nssCKFWMechanism_SignInit
+ *  nssCKFWMechanism_VerifyInit
+ *  nssCKFWMechanism_SignRecoverInit
+ *  nssCKFWMechanism_VerifyRecoverInit
+ *  nssCKFWMechanism_GenerateKey
+ *  nssCKFWMechanism_GenerateKeyPair
+ *  nssCKFWMechanism_GetWrapKeyLength
+ *  nssCKFWMechanism_WrapKey
+ *  nssCKFWMechanism_UnwrapKey
+ *  nssCKFWMechanism_DeriveKey
+ */
+
+
+struct NSSCKFWMechanismStr {
+   NSSCKMDMechanism *mdMechanism;
+   NSSCKMDToken *mdToken;
+   NSSCKFWToken *fwToken;
+   NSSCKMDInstance *mdInstance;
+   NSSCKFWInstance *fwInstance;
+};
+
+/*
+ * nssCKFWMechanism_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMechanism *
+nssCKFWMechanism_Create
+(
+  NSSCKMDMechanism *mdMechanism,
+  NSSCKMDToken *mdToken,
+  NSSCKFWToken *fwToken,
+  NSSCKMDInstance *mdInstance,
+  NSSCKFWInstance *fwInstance
+)
+{
+  NSSCKFWMechanism *fwMechanism;
+
+
+  fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
+  if (!fwMechanism) {
+    return (NSSCKFWMechanism *)NULL;
+  }
+  fwMechanism->mdMechanism = mdMechanism;
+  fwMechanism->mdToken = mdToken;
+  fwMechanism->fwToken = fwToken;
+  fwMechanism->mdInstance = mdInstance;
+  fwMechanism->fwInstance = fwInstance;
+  return fwMechanism;
+}
+
+/*
+ * nssCKFWMechanism_Destroy
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWMechanism_Destroy
+(
+  NSSCKFWMechanism *fwMechanism
+)
+{
+  /* destroy any fw resources held by nssCKFWMechanism (currently none) */
+
+  if (!fwMechanism->mdMechanism->Destroy) {
+    /* destroys it's parent as well */
+    fwMechanism->mdMechanism->Destroy(
+        fwMechanism->mdMechanism, 
+        fwMechanism,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance);
+  }
+  /* if the Destroy function wasn't supplied, then the mechanism is 'static',
+   * and there is nothing to destroy */
+  return;
+}
+
+/*
+ * nssCKFWMechanism_GetMDMechanism
+ *
+ */
+NSS_IMPLEMENT NSSCKMDMechanism *
+nssCKFWMechanism_GetMDMechanism
+(
+  NSSCKFWMechanism *fwMechanism
+)
+{
+  return fwMechanism->mdMechanism;
+}
+
+/*
+ * nssCKFWMechanism_GetMinKeySize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWMechanism_GetMinKeySize
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->GetMinKeySize) {
+    return 0;
+  }
+
+  return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
+    fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 
+    fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+/*
+ * nssCKFWMechanism_GetMaxKeySize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWMechanism_GetMaxKeySize
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->GetMaxKeySize) {
+    return 0;
+  }
+
+  return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
+    fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 
+    fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+/*
+ * nssCKFWMechanism_GetInHardware
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWMechanism_GetInHardware
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->GetInHardware) {
+    return CK_FALSE;
+  }
+
+  return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
+    fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 
+    fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+
+/*
+ * the following are determined automatically by which of the cryptographic
+ * functions are defined for this mechanism.
+ */
+/*
+ * nssCKFWMechanism_GetCanEncrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanEncrypt
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->EncryptInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDecrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDecrypt
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->DecryptInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDigest
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDigest
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->DigestInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanSign
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSign
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->SignInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanSignRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSignRecover
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->SignRecoverInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanVerify
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerify
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->VerifyInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanVerifyRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerifyRecover
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanGenerate
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerate
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->GenerateKey) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanGenerateKeyPair
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerateKeyPair
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanUnwrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanUnwrap
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->UnwrapKey) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanWrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanWrap
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->WrapKey) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDerive
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDerive
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_RV *pError
+)
+{
+  if (!fwMechanism->mdMechanism->DeriveKey) {
+    return CK_FALSE;
+  }
+  return CK_TRUE;
+}
+
+/*
+ * These are the actual crypto operations
+ */
+
+/* 
+ * nssCKFWMechanism_EncryptInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_EncryptInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_EncryptDecrypt);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->EncryptInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->EncryptInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_Encrypt, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_EncryptDecrypt);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_DecryptInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DecryptInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_EncryptDecrypt);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->DecryptInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->DecryptInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_Decrypt, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_EncryptDecrypt);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_DigestInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DigestInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_Digest);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->DigestInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdOperation = fwMechanism->mdMechanism->DigestInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_Digest, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_Digest);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_SignInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_SignVerify);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->SignInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->SignInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_Sign, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_SignVerify);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_VerifyInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_SignVerify);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->VerifyInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->VerifyInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_Verify, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_SignVerify);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_SignRecoverInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignRecoverInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_SignVerify);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->SignRecoverInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_SignRecover, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_SignVerify);
+  }
+
+loser:
+  return error;
+}
+
+/* 
+ * nssCKFWMechanism_VerifyRecoverInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyRecoverInit
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM     *pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwObject
+)
+{
+  NSSCKFWCryptoOperation *fwOperation;
+  NSSCKMDCryptoOperation *mdOperation;
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  CK_RV  error = CKR_OK;
+
+
+  fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 
+                        NSSCKFWCryptoOperationState_SignVerify);
+  if (fwOperation) {
+    return CKR_OPERATION_ACTIVE;
+  }
+
+  if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = nssCKFWObject_GetMDObject(fwObject);
+  mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error
+  );
+  if (!mdOperation) {
+    goto loser;
+  }
+
+  fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 
+        mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+        fwMechanism->mdInstance, fwMechanism->fwInstance,
+        NSSCKFWCryptoOperationType_VerifyRecover, &error);
+  if (fwOperation) {
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                NSSCKFWCryptoOperationState_SignVerify);
+  }
+
+loser:
+  return error;
+}
+
+/*
+ * nssCKFWMechanism_GenerateKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_GenerateKey
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG         ulAttributeCount,
+  CK_RV            *pError
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  NSSCKFWObject  *fwObject = NULL;
+  NSSArena       *arena;
+
+  if (!fwMechanism->mdMechanism->GenerateKey) {
+    *pError = CKR_FUNCTION_FAILED;
+    return (NSSCKFWObject *)NULL;
+  }
+
+  arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+  if (!arena) {
+    if (CKR_OK == *pError) {
+      *pError = CKR_GENERAL_ERROR;
+    }
+    return (NSSCKFWObject *)NULL;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdObject = fwMechanism->mdMechanism->GenerateKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+  if (!mdObject) {
+    return (NSSCKFWObject *)NULL;
+  }
+
+  fwObject = nssCKFWObject_Create(arena, mdObject, 
+        fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+  return fwObject;
+}
+
+/*
+ * nssCKFWMechanism_GenerateKeyPair
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_GenerateKeyPair
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+  CK_ULONG         ulPublicKeyAttributeCount,
+  CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+  CK_ULONG         ulPrivateKeyAttributeCount,
+  NSSCKFWObject    **fwPublicKeyObject,
+  NSSCKFWObject    **fwPrivateKeyObject
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdPublicKeyObject;
+  NSSCKMDObject  *mdPrivateKeyObject;
+  NSSArena       *arena;
+  CK_RV         error = CKR_OK;
+
+  if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
+  if (!arena) {
+    if (CKR_OK == error) {
+      error = CKR_GENERAL_ERROR;
+    }
+    return error;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  error = fwMechanism->mdMechanism->GenerateKeyPair(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        pPublicKeyTemplate,
+        ulPublicKeyAttributeCount,
+        pPrivateKeyTemplate,
+        ulPrivateKeyAttributeCount,
+        &mdPublicKeyObject,
+        &mdPrivateKeyObject);
+
+  if (CKR_OK != error) {
+    return error;
+  }
+
+  *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, 
+        fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+  if (!*fwPublicKeyObject) {
+    return error;
+  }
+  *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, 
+        fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+
+  return error;
+}
+
+/*
+ * nssCKFWMechanism_GetWrapKeyLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWMechanism_GetWrapKeyLength
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwWrappingKeyObject,
+  NSSCKFWObject    *fwKeyObject,
+  CK_RV                   *pError
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdWrappingKeyObject;
+  NSSCKMDObject  *mdKeyObject;
+
+  if (!fwMechanism->mdMechanism->WrapKey) {
+    *pError = CKR_FUNCTION_FAILED;
+    return (CK_ULONG) 0;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+  mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+  return fwMechanism->mdMechanism->GetWrapKeyLength(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        mdKeyObject,
+        fwKeyObject,
+        pError);
+}
+
+/*
+ * nssCKFWMechanism_WrapKey
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_WrapKey
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwWrappingKeyObject,
+  NSSCKFWObject    *fwKeyObject,
+  NSSItem          *wrappedKey
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdWrappingKeyObject;
+  NSSCKMDObject  *mdKeyObject;
+
+  if (!fwMechanism->mdMechanism->WrapKey) {
+    return CKR_FUNCTION_FAILED;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+  mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+  return fwMechanism->mdMechanism->WrapKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        mdKeyObject,
+        fwKeyObject,
+        wrappedKey);
+}
+
+/*
+ * nssCKFWMechanism_UnwrapKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_UnwrapKey
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwWrappingKeyObject,
+  NSSItem          *wrappedKey,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG         ulAttributeCount,
+  CK_RV            *pError
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  NSSCKMDObject  *mdWrappingKeyObject;
+  NSSCKFWObject  *fwObject = NULL;
+  NSSArena       *arena;
+
+  if (!fwMechanism->mdMechanism->UnwrapKey) {
+    /* we could simulate UnwrapKey using Decrypt and Create object, but
+     * 1) it's not clear that would work well, and 2) the low level token
+     * may want to restrict unwrap key for a reason, so just fail it it
+     * can't be done */
+    *pError = CKR_FUNCTION_FAILED;
+    return (NSSCKFWObject *)NULL;
+  }
+
+  arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+  if (!arena) {
+    if (CKR_OK == *pError) {
+      *pError = CKR_GENERAL_ERROR;
+    }
+    return (NSSCKFWObject *)NULL;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+  mdObject = fwMechanism->mdMechanism->UnwrapKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        wrappedKey,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+  if (!mdObject) {
+    return (NSSCKFWObject *)NULL;
+  }
+
+  fwObject = nssCKFWObject_Create(arena, mdObject, 
+        fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+  return fwObject;
+}
+
+/* 
+ * nssCKFWMechanism_DeriveKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_DeriveKey
+(
+  NSSCKFWMechanism *fwMechanism,
+  CK_MECHANISM_PTR pMechanism,
+  NSSCKFWSession   *fwSession,
+  NSSCKFWObject    *fwBaseKeyObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG         ulAttributeCount,
+  CK_RV            *pError
+)
+{
+  NSSCKMDSession *mdSession;
+  NSSCKMDObject  *mdObject;
+  NSSCKMDObject  *mdBaseKeyObject;
+  NSSCKFWObject  *fwObject = NULL;
+  NSSArena       *arena;
+
+  if (!fwMechanism->mdMechanism->DeriveKey) {
+    *pError = CKR_FUNCTION_FAILED;
+    return (NSSCKFWObject *)NULL;
+  }
+
+  arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+  if (!arena) {
+    if (CKR_OK == *pError) {
+      *pError = CKR_GENERAL_ERROR;
+    }
+    return (NSSCKFWObject *)NULL;
+  }
+
+  mdSession = nssCKFWSession_GetMDSession(fwSession);
+  mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
+  mdObject = fwMechanism->mdMechanism->DeriveKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdBaseKeyObject,
+        fwBaseKeyObject,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+  if (!mdObject) {
+    return (NSSCKFWObject *)NULL;
+  }
+
+  fwObject = nssCKFWObject_Create(arena, mdObject, 
+        fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+  return fwObject;
+}
+
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)