andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: /* andre@0: * session.c andre@0: * andre@0: * This file implements the NSSCKFWSession type and methods. andre@0: */ andre@0: andre@0: #ifndef CK_T andre@0: #include "ck.h" andre@0: #endif /* CK_T */ andre@0: andre@0: /* andre@0: * NSSCKFWSession andre@0: * andre@0: * -- create/destroy -- andre@0: * nssCKFWSession_Create andre@0: * nssCKFWSession_Destroy andre@0: * andre@0: * -- public accessors -- andre@0: * NSSCKFWSession_GetMDSession andre@0: * NSSCKFWSession_GetArena andre@0: * NSSCKFWSession_CallNotification andre@0: * NSSCKFWSession_IsRWSession andre@0: * NSSCKFWSession_IsSO andre@0: * andre@0: * -- implement public accessors -- andre@0: * nssCKFWSession_GetMDSession andre@0: * nssCKFWSession_GetArena andre@0: * nssCKFWSession_CallNotification andre@0: * nssCKFWSession_IsRWSession andre@0: * nssCKFWSession_IsSO andre@0: * andre@0: * -- private accessors -- andre@0: * nssCKFWSession_GetSlot andre@0: * nssCKFWSession_GetSessionState andre@0: * nssCKFWSession_SetFWFindObjects andre@0: * nssCKFWSession_GetFWFindObjects andre@0: * nssCKFWSession_SetMDSession andre@0: * nssCKFWSession_SetHandle andre@0: * nssCKFWSession_GetHandle andre@0: * nssCKFWSession_RegisterSessionObject andre@0: * nssCKFWSession_DeegisterSessionObject andre@0: * andre@0: * -- module fronts -- andre@0: * nssCKFWSession_GetDeviceError andre@0: * nssCKFWSession_Login andre@0: * nssCKFWSession_Logout andre@0: * nssCKFWSession_InitPIN andre@0: * nssCKFWSession_SetPIN andre@0: * nssCKFWSession_GetOperationStateLen andre@0: * nssCKFWSession_GetOperationState andre@0: * nssCKFWSession_SetOperationState andre@0: * nssCKFWSession_CreateObject andre@0: * nssCKFWSession_CopyObject andre@0: * nssCKFWSession_FindObjectsInit andre@0: * nssCKFWSession_SeedRandom andre@0: * nssCKFWSession_GetRandom andre@0: */ andre@0: andre@0: struct NSSCKFWSessionStr { andre@0: NSSArena *arena; andre@0: NSSCKMDSession *mdSession; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKMDToken *mdToken; andre@0: NSSCKFWInstance *fwInstance; andre@0: NSSCKMDInstance *mdInstance; andre@0: CK_VOID_PTR pApplication; andre@0: CK_NOTIFY Notify; andre@0: andre@0: /* andre@0: * Everything above is set at creation time, and then not modified. andre@0: * The items below are atomic. No locking required. If we fear andre@0: * about pointer-copies being nonatomic, we'll lock fwFindObjects. andre@0: */ andre@0: andre@0: CK_BBOOL rw; andre@0: NSSCKFWFindObjects *fwFindObjects; andre@0: NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; andre@0: nssCKFWHash *sessionObjectHash; andre@0: CK_SESSION_HANDLE hSession; andre@0: }; andre@0: andre@0: #ifdef DEBUG andre@0: /* andre@0: * But first, the pointer-tracking stuff. andre@0: * andre@0: * NOTE: the pointer-tracking support in NSS/base currently relies andre@0: * upon NSPR's CallOnce support. That, however, relies upon NSPR's andre@0: * locking, which is tied into the runtime. We need a pointer-tracker andre@0: * implementation that uses the locks supplied through C_Initialize. andre@0: * That support, however, can be filled in later. So for now, I'll andre@0: * just do this routines as no-ops. andre@0: */ andre@0: andre@0: static CK_RV andre@0: session_add_pointer andre@0: ( andre@0: const NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: static CK_RV andre@0: session_remove_pointer andre@0: ( andre@0: const NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_verifyPointer andre@0: ( andre@0: const NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: #endif /* DEBUG */ andre@0: andre@0: /* andre@0: * nssCKFWSession_Create andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWSession * andre@0: nssCKFWSession_Create andre@0: ( andre@0: NSSCKFWToken *fwToken, andre@0: CK_BBOOL rw, andre@0: CK_VOID_PTR pApplication, andre@0: CK_NOTIFY Notify, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: NSSArena *arena = (NSSArena *)NULL; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWSlot *fwSlot; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSCKFWSession *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWToken_verifyPointer(fwToken); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSCKFWSession *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: arena = NSSArena_Create(); andre@0: if (!arena) { andre@0: *pError = CKR_HOST_MEMORY; andre@0: return (NSSCKFWSession *)NULL; andre@0: } andre@0: andre@0: fwSession = nss_ZNEW(arena, NSSCKFWSession); andre@0: if (!fwSession) { andre@0: *pError = CKR_HOST_MEMORY; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession->arena = arena; andre@0: fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ andre@0: fwSession->fwToken = fwToken; andre@0: fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); andre@0: andre@0: fwSlot = nssCKFWToken_GetFWSlot(fwToken); andre@0: fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); andre@0: fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); andre@0: andre@0: fwSession->rw = rw; andre@0: fwSession->pApplication = pApplication; andre@0: fwSession->Notify = Notify; andre@0: andre@0: fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; andre@0: andre@0: fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); andre@0: if (!fwSession->sessionObjectHash) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: goto loser; andre@0: } andre@0: andre@0: #ifdef DEBUG andre@0: *pError = session_add_pointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: goto loser; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return fwSession; andre@0: andre@0: loser: andre@0: if (arena) { andre@0: if (fwSession && fwSession->sessionObjectHash) { andre@0: (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); andre@0: } andre@0: NSSArena_Destroy(arena); andre@0: } andre@0: andre@0: return (NSSCKFWSession *)NULL; andre@0: } andre@0: andre@0: static void andre@0: nss_ckfw_session_object_destroy_iterator andre@0: ( andre@0: const void *key, andre@0: void *value, andre@0: void *closure andre@0: ) andre@0: { andre@0: NSSCKFWObject *fwObject = (NSSCKFWObject *)value; andre@0: nssCKFWObject_Finalize(fwObject, PR_TRUE); andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_Destroy andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_Destroy andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_BBOOL removeFromTokenHash andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: nssCKFWHash *sessionObjectHash; andre@0: NSSCKFWCryptoOperationState i; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if( removeFromTokenHash ) { andre@0: error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); andre@0: } andre@0: andre@0: /* andre@0: * Invalidate session objects andre@0: */ andre@0: andre@0: sessionObjectHash = fwSession->sessionObjectHash; andre@0: fwSession->sessionObjectHash = (nssCKFWHash *)NULL; andre@0: andre@0: nssCKFWHash_Iterate(sessionObjectHash, andre@0: nss_ckfw_session_object_destroy_iterator, andre@0: (void *)NULL); andre@0: andre@0: for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) { andre@0: if (fwSession->fwOperationArray[i]) { andre@0: nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); andre@0: } andre@0: } andre@0: andre@0: #ifdef DEBUG andre@0: (void)session_remove_pointer(fwSession); andre@0: #endif /* DEBUG */ andre@0: (void)nssCKFWHash_Destroy(sessionObjectHash); andre@0: NSSArena_Destroy(fwSession->arena); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetMDSession andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKMDSession * andre@0: nssCKFWSession_GetMDSession andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return (NSSCKMDSession *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return fwSession->mdSession; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetArena andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSArena * andre@0: nssCKFWSession_GetArena andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSArena *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSArena *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return fwSession->arena; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_CallNotification andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_CallNotification andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_NOTIFICATION event andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_SESSION_HANDLE handle; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if( (CK_NOTIFY)NULL == fwSession->Notify ) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); andre@0: if( (CK_SESSION_HANDLE)0 == handle ) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: error = fwSession->Notify(handle, event, fwSession->pApplication); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_IsRWSession andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_BBOOL andre@0: nssCKFWSession_IsRWSession andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CK_FALSE; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return fwSession->rw; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_IsSO andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_BBOOL andre@0: nssCKFWSession_IsSO andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: CK_STATE state; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CK_FALSE; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: state = nssCKFWToken_GetSessionState(fwSession->fwToken); andre@0: switch( state ) { andre@0: case CKS_RO_PUBLIC_SESSION: andre@0: case CKS_RO_USER_FUNCTIONS: andre@0: case CKS_RW_PUBLIC_SESSION: andre@0: case CKS_RW_USER_FUNCTIONS: andre@0: return CK_FALSE; andre@0: case CKS_RW_SO_FUNCTIONS: andre@0: return CK_TRUE; andre@0: default: andre@0: return CK_FALSE; andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetFWSlot andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWSlot * andre@0: nssCKFWSession_GetFWSlot andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return (NSSCKFWSlot *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return nssCKFWToken_GetFWSlot(fwSession->fwToken); andre@0: } andre@0: andre@0: /* andre@0: * nssCFKWSession_GetSessionState andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_STATE andre@0: nssCKFWSession_GetSessionState andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CKS_RO_PUBLIC_SESSION; /* whatever */ andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return nssCKFWToken_GetSessionState(fwSession->fwToken); andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SetFWFindObjects andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SetFWFindObjects andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWFindObjects *fwFindObjects andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: CK_RV error = CKR_OK; andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: /* fwFindObjects may be null */ andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if ((fwSession->fwFindObjects) && andre@0: (fwFindObjects)) { andre@0: return CKR_OPERATION_ACTIVE; andre@0: } andre@0: andre@0: fwSession->fwFindObjects = fwFindObjects; andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetFWFindObjects andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWFindObjects * andre@0: nssCKFWSession_GetFWFindObjects andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->fwFindObjects) { andre@0: *pError = CKR_OPERATION_NOT_INITIALIZED; andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: return fwSession->fwFindObjects; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SetMDSession andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SetMDSession andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDSession *mdSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: CK_RV error = CKR_OK; andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!mdSession) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: fwSession->mdSession = mdSession; andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SetHandle andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SetHandle andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: CK_RV error = CKR_OK; andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: fwSession->hSession = hSession; andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetHandle andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_SESSION_HANDLE andre@0: nssCKFWSession_GetHandle andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: return fwSession->hSession; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_RegisterSessionObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_RegisterSessionObject andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWObject *fwObject andre@0: ) andre@0: { andre@0: CK_RV rv = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (fwSession->sessionObjectHash) { andre@0: rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); andre@0: } andre@0: andre@0: return rv; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_DeregisterSessionObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_DeregisterSessionObject andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWObject *fwObject andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (fwSession->sessionObjectHash) { andre@0: nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); andre@0: } andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetDeviceError andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_ULONG andre@0: nssCKFWSession_GetDeviceError andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->mdSession->GetDeviceError) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: return fwSession->mdSession->GetDeviceError(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance); andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_Login andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_Login andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_USER_TYPE userType, andre@0: NSSItem *pin andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_STATE oldState; andre@0: CK_STATE newState; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: switch( userType ) { andre@0: case CKU_SO: andre@0: case CKU_USER: andre@0: break; andre@0: default: andre@0: return CKR_USER_TYPE_INVALID; andre@0: } andre@0: andre@0: if (!pin) { andre@0: if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); andre@0: andre@0: /* andre@0: * It's not clear what happens when you're already logged in. andre@0: * I'll just fail; but if we decide to change, the logic is andre@0: * all right here. andre@0: */ andre@0: andre@0: if( CKU_SO == userType ) { andre@0: switch( oldState ) { andre@0: case CKS_RO_PUBLIC_SESSION: andre@0: /* andre@0: * There's no such thing as a read-only security officer andre@0: * session, so fail. The error should be CKR_SESSION_READ_ONLY, andre@0: * except that C_Login isn't defined to return that. So we'll andre@0: * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. andre@0: */ andre@0: return CKR_SESSION_READ_ONLY_EXISTS; andre@0: case CKS_RO_USER_FUNCTIONS: andre@0: return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; andre@0: case CKS_RW_PUBLIC_SESSION: andre@0: newState = CKS_RW_SO_FUNCTIONS; andre@0: break; andre@0: case CKS_RW_USER_FUNCTIONS: andre@0: return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; andre@0: case CKS_RW_SO_FUNCTIONS: andre@0: return CKR_USER_ALREADY_LOGGED_IN; andre@0: default: andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: } else /* CKU_USER == userType */ { andre@0: switch( oldState ) { andre@0: case CKS_RO_PUBLIC_SESSION: andre@0: newState = CKS_RO_USER_FUNCTIONS; andre@0: break; andre@0: case CKS_RO_USER_FUNCTIONS: andre@0: return CKR_USER_ALREADY_LOGGED_IN; andre@0: case CKS_RW_PUBLIC_SESSION: andre@0: newState = CKS_RW_USER_FUNCTIONS; andre@0: break; andre@0: case CKS_RW_USER_FUNCTIONS: andre@0: return CKR_USER_ALREADY_LOGGED_IN; andre@0: case CKS_RW_SO_FUNCTIONS: andre@0: return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; andre@0: default: andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * So now we're in one of three cases: andre@0: * andre@0: * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; andre@0: * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; andre@0: * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; andre@0: */ andre@0: andre@0: if (!fwSession->mdSession->Login) { andre@0: /* andre@0: * The Module doesn't want to be informed (or check the pin) andre@0: * it'll just rely on the Framework as needed. andre@0: */ andre@0: ; andre@0: } else { andre@0: error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, userType, pin, oldState, newState); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: } andre@0: andre@0: (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_Logout andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_Logout andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_STATE oldState; andre@0: CK_STATE newState; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); andre@0: andre@0: switch( oldState ) { andre@0: case CKS_RO_PUBLIC_SESSION: andre@0: return CKR_USER_NOT_LOGGED_IN; andre@0: case CKS_RO_USER_FUNCTIONS: andre@0: newState = CKS_RO_PUBLIC_SESSION; andre@0: break; andre@0: case CKS_RW_PUBLIC_SESSION: andre@0: return CKR_USER_NOT_LOGGED_IN; andre@0: case CKS_RW_USER_FUNCTIONS: andre@0: newState = CKS_RW_PUBLIC_SESSION; andre@0: break; andre@0: case CKS_RW_SO_FUNCTIONS: andre@0: newState = CKS_RW_PUBLIC_SESSION; andre@0: break; andre@0: default: andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: /* andre@0: * So now we're in one of three cases: andre@0: * andre@0: * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; andre@0: * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; andre@0: * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; andre@0: */ andre@0: andre@0: if (!fwSession->mdSession->Logout) { andre@0: /* andre@0: * The Module doesn't want to be informed. Okay. andre@0: */ andre@0: ; andre@0: } else { andre@0: error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, oldState, newState); andre@0: if( CKR_OK != error ) { andre@0: /* andre@0: * Now what?! A failure really should end up with the Framework andre@0: * considering it logged out, right? andre@0: */ andre@0: ; andre@0: } andre@0: } andre@0: andre@0: (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_InitPIN andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_InitPIN andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *pin andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_STATE state; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: state = nssCKFWToken_GetSessionState(fwSession->fwToken); andre@0: if( CKS_RW_SO_FUNCTIONS != state ) { andre@0: return CKR_USER_NOT_LOGGED_IN; andre@0: } andre@0: andre@0: if (!pin) { andre@0: CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); andre@0: if( CK_TRUE != has ) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: } andre@0: andre@0: if (!fwSession->mdSession->InitPIN) { andre@0: return CKR_TOKEN_WRITE_PROTECTED; andre@0: } andre@0: andre@0: error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, pin); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SetPIN andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SetPIN andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *newPin, andre@0: NSSItem *oldPin andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!newPin) { andre@0: CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); andre@0: if( CK_TRUE != has ) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: } andre@0: andre@0: if (!oldPin) { andre@0: CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); andre@0: if( CK_TRUE != has ) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: } andre@0: andre@0: if (!fwSession->mdSession->SetPIN) { andre@0: return CKR_TOKEN_WRITE_PROTECTED; andre@0: } andre@0: andre@0: error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, newPin, oldPin); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetOperationStateLen andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_ULONG andre@0: nssCKFWSession_GetOperationStateLen andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: CK_ULONG mdAmt; andre@0: CK_ULONG fwAmt; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: return (CK_ULONG)0; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->mdSession->GetOperationStateLen) { andre@0: *pError = CKR_STATE_UNSAVEABLE; andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: /* andre@0: * We could check that the session is actually in some state.. andre@0: */ andre@0: andre@0: mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, pError); andre@0: andre@0: if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) { andre@0: return (CK_ULONG)0; andre@0: } andre@0: andre@0: /* andre@0: * Add a bit of sanity-checking andre@0: */ andre@0: fwAmt = mdAmt + 2*sizeof(CK_ULONG); andre@0: andre@0: return fwAmt; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetOperationState andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_GetOperationState andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *buffer andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG fwAmt; andre@0: CK_ULONG *ulBuffer; andre@0: NSSItem i2; andre@0: CK_ULONG n, i; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!buffer) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!buffer->data) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->mdSession->GetOperationState) { andre@0: return CKR_STATE_UNSAVEABLE; andre@0: } andre@0: andre@0: /* andre@0: * Sanity-check the caller's buffer. andre@0: */ andre@0: andre@0: error = CKR_OK; andre@0: fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); andre@0: if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) { andre@0: return error; andre@0: } andre@0: andre@0: if( buffer->size < fwAmt ) { andre@0: return CKR_BUFFER_TOO_SMALL; andre@0: } andre@0: andre@0: ulBuffer = (CK_ULONG *)buffer->data; andre@0: andre@0: i2.size = buffer->size - 2*sizeof(CK_ULONG); andre@0: i2.data = (void *)&ulBuffer[2]; andre@0: andre@0: error = fwSession->mdSession->GetOperationState(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, &i2); andre@0: andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * Add a little integrety/identity check. andre@0: * NOTE: right now, it's pretty stupid. andre@0: * A CRC or something would be better. andre@0: */ andre@0: andre@0: ulBuffer[0] = 0x434b4657; /* CKFW */ andre@0: ulBuffer[1] = 0; andre@0: n = i2.size/sizeof(CK_ULONG); andre@0: for( i = 0; i < n; i++ ) { andre@0: ulBuffer[1] ^= ulBuffer[2+i]; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SetOperationState andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SetOperationState andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *state, andre@0: NSSCKFWObject *encryptionKey, andre@0: NSSCKFWObject *authenticationKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG *ulBuffer; andre@0: CK_ULONG n, i; andre@0: CK_ULONG x; andre@0: NSSItem s; andre@0: NSSCKMDObject *mdek; andre@0: NSSCKMDObject *mdak; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!state) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!state->data) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (encryptionKey) { andre@0: error = nssCKFWObject_verifyPointer(encryptionKey); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: } andre@0: andre@0: if (authenticationKey) { andre@0: error = nssCKFWObject_verifyPointer(authenticationKey); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: ulBuffer = (CK_ULONG *)state->data; andre@0: if( 0x43b4657 != ulBuffer[0] ) { andre@0: return CKR_SAVED_STATE_INVALID; andre@0: } andre@0: n = (state->size / sizeof(CK_ULONG)) - 2; andre@0: x = (CK_ULONG)0; andre@0: for( i = 0; i < n; i++ ) { andre@0: x ^= ulBuffer[2+i]; andre@0: } andre@0: andre@0: if( x != ulBuffer[1] ) { andre@0: return CKR_SAVED_STATE_INVALID; andre@0: } andre@0: andre@0: if (!fwSession->mdSession->SetOperationState) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: s.size = state->size - 2*sizeof(CK_ULONG); andre@0: s.data = (void *)&ulBuffer[2]; andre@0: andre@0: if (encryptionKey) { andre@0: mdek = nssCKFWObject_GetMDObject(encryptionKey); andre@0: } else { andre@0: mdek = (NSSCKMDObject *)NULL; andre@0: } andre@0: andre@0: if (authenticationKey) { andre@0: mdak = nssCKFWObject_GetMDObject(authenticationKey); andre@0: } else { andre@0: mdak = (NSSCKMDObject *)NULL; andre@0: } andre@0: andre@0: error = fwSession->mdSession->SetOperationState(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); andre@0: andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * Here'd we restore any session data andre@0: */ andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: static CK_BBOOL andre@0: nss_attributes_form_token_object andre@0: ( andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount andre@0: ) andre@0: { andre@0: CK_ULONG i; andre@0: CK_BBOOL rv; andre@0: andre@0: for( i = 0; i < ulAttributeCount; i++ ) { andre@0: if( CKA_TOKEN == pTemplate[i].type ) { andre@0: /* If we sanity-check, we can remove this sizeof check */ andre@0: if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) { andre@0: (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); andre@0: return rv; andre@0: } else { andre@0: return CK_FALSE; andre@0: } andre@0: } andre@0: } andre@0: andre@0: return CK_FALSE; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_CreateObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWObject * andre@0: nssCKFWSession_CreateObject andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: NSSArena *arena; andre@0: NSSCKMDObject *mdObject; andre@0: NSSCKFWObject *fwObject; andre@0: CK_BBOOL isTokenObject; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != pError ) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { andre@0: *pError = CKR_ARGUMENTS_BAD; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* andre@0: * Here would be an excellent place to sanity-check the object. andre@0: */ andre@0: andre@0: isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); andre@0: if( CK_TRUE == isTokenObject ) { andre@0: /* === TOKEN OBJECT === */ andre@0: andre@0: if (!fwSession->mdSession->CreateObject) { andre@0: *pError = CKR_TOKEN_WRITE_PROTECTED; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); andre@0: if (!arena) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: goto callmdcreateobject; andre@0: } else { andre@0: /* === SESSION OBJECT === */ andre@0: andre@0: arena = nssCKFWSession_GetArena(fwSession, pError); andre@0: if (!arena) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( andre@0: fwSession->fwInstance) ) { andre@0: /* --- module handles the session object -- */ andre@0: andre@0: if (!fwSession->mdSession->CreateObject) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: goto callmdcreateobject; andre@0: } else { andre@0: /* --- framework handles the session object -- */ andre@0: mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, andre@0: arena, pTemplate, ulAttributeCount, pError); andre@0: goto gotmdobject; andre@0: } andre@0: } andre@0: andre@0: callmdcreateobject: andre@0: mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, andre@0: ulAttributeCount, pError); andre@0: andre@0: gotmdobject: andre@0: if (!mdObject) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: fwObject = nssCKFWObject_Create(arena, mdObject, andre@0: isTokenObject ? NULL : fwSession, andre@0: fwSession->fwToken, fwSession->fwInstance, pError); andre@0: if (!fwObject) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: if (mdObject->Destroy) { andre@0: (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, andre@0: fwSession->mdSession, fwSession, fwSession->mdToken, andre@0: fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); andre@0: } andre@0: andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: if( CK_FALSE == isTokenObject ) { andre@0: if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) { andre@0: *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); andre@0: if( CKR_OK != *pError ) { andre@0: nssCKFWObject_Finalize(fwObject, PR_TRUE); andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: } andre@0: } andre@0: andre@0: return fwObject; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_CopyObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWObject * andre@0: nssCKFWSession_CopyObject andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWObject *fwObject, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: CK_BBOOL oldIsToken; andre@0: CK_BBOOL newIsToken; andre@0: CK_ULONG i; andre@0: NSSCKFWObject *rv; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWObject_verifyPointer(fwObject); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* andre@0: * Sanity-check object andre@0: */ andre@0: andre@0: if (!fwObject) { andre@0: *pError = CKR_ARGUMENTS_BAD; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: oldIsToken = nssCKFWObject_IsTokenObject(fwObject); andre@0: andre@0: newIsToken = oldIsToken; andre@0: for( i = 0; i < ulAttributeCount; i++ ) { andre@0: if( CKA_TOKEN == pTemplate[i].type ) { andre@0: /* Since we sanity-checked the object, we know this is the right size. */ andre@0: (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); andre@0: break; andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * If the Module handles its session objects, or if both the new andre@0: * and old object are token objects, use CopyObject if it exists. andre@0: */ andre@0: andre@0: if ((fwSession->mdSession->CopyObject) && andre@0: (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || andre@0: (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( andre@0: fwSession->fwInstance))) ) { andre@0: /* use copy object */ andre@0: NSSArena *arena; andre@0: NSSCKMDObject *mdOldObject; andre@0: NSSCKMDObject *mdObject; andre@0: andre@0: mdOldObject = nssCKFWObject_GetMDObject(fwObject); andre@0: andre@0: if( CK_TRUE == newIsToken ) { andre@0: arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); andre@0: } else { andre@0: arena = nssCKFWSession_GetArena(fwSession, pError); andre@0: } andre@0: if (!arena) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, mdOldObject, andre@0: fwObject, arena, pTemplate, ulAttributeCount, pError); andre@0: if (!mdObject) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: rv = nssCKFWObject_Create(arena, mdObject, andre@0: newIsToken ? NULL : fwSession, andre@0: fwSession->fwToken, fwSession->fwInstance, pError); andre@0: andre@0: if( CK_FALSE == newIsToken ) { andre@0: if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) { andre@0: *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); andre@0: if( CKR_OK != *pError ) { andre@0: nssCKFWObject_Finalize(rv, PR_TRUE); andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: } andre@0: } andre@0: andre@0: return rv; andre@0: } else { andre@0: /* use create object */ andre@0: NSSArena *tmpArena; andre@0: CK_ATTRIBUTE_PTR newTemplate; andre@0: CK_ULONG i, j, n, newLength, k; andre@0: CK_ATTRIBUTE_TYPE_PTR oldTypes; andre@0: NSSCKFWObject *rv; andre@0: andre@0: n = nssCKFWObject_GetAttributeCount(fwObject, pError); andre@0: if( (0 == n) && (CKR_OK != *pError) ) { andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: tmpArena = NSSArena_Create(); andre@0: if (!tmpArena) { andre@0: *pError = CKR_HOST_MEMORY; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); andre@0: if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) { andre@0: NSSArena_Destroy(tmpArena); andre@0: *pError = CKR_HOST_MEMORY; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); andre@0: if( CKR_OK != *pError ) { andre@0: NSSArena_Destroy(tmpArena); andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: newLength = n; andre@0: for( i = 0; i < ulAttributeCount; i++ ) { andre@0: for( j = 0; j < n; j++ ) { andre@0: if( oldTypes[j] == pTemplate[i].type ) { andre@0: if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { andre@0: /* Removing the attribute */ andre@0: newLength--; andre@0: } andre@0: break; andre@0: } andre@0: } andre@0: if( j == n ) { andre@0: /* Not found */ andre@0: newLength++; andre@0: } andre@0: } andre@0: andre@0: newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); andre@0: if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) { andre@0: NSSArena_Destroy(tmpArena); andre@0: *pError = CKR_HOST_MEMORY; andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: k = 0; andre@0: for( j = 0; j < n; j++ ) { andre@0: for( i = 0; i < ulAttributeCount; i++ ) { andre@0: if( oldTypes[j] == pTemplate[i].type ) { andre@0: if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { andre@0: /* This attribute is being deleted */ andre@0: ; andre@0: } else { andre@0: /* This attribute is being replaced */ andre@0: newTemplate[k].type = pTemplate[i].type; andre@0: newTemplate[k].pValue = pTemplate[i].pValue; andre@0: newTemplate[k].ulValueLen = pTemplate[i].ulValueLen; andre@0: k++; andre@0: } andre@0: break; andre@0: } andre@0: } andre@0: if( i == ulAttributeCount ) { andre@0: /* This attribute is being copied over from the old object */ andre@0: NSSItem item, *it; andre@0: item.size = 0; andre@0: item.data = (void *)NULL; andre@0: it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], andre@0: &item, tmpArena, pError); andre@0: if (!it) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: NSSArena_Destroy(tmpArena); andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: newTemplate[k].type = oldTypes[j]; andre@0: newTemplate[k].pValue = it->data; andre@0: newTemplate[k].ulValueLen = it->size; andre@0: k++; andre@0: } andre@0: } andre@0: /* assert that k == newLength */ andre@0: andre@0: rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); andre@0: if (!rv) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: NSSArena_Destroy(tmpArena); andre@0: return (NSSCKFWObject *)NULL; andre@0: } andre@0: andre@0: NSSArena_Destroy(tmpArena); andre@0: return rv; andre@0: } andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_FindObjectsInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWFindObjects * andre@0: nssCKFWSession_FindObjectsInit andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; andre@0: NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; andre@0: andre@0: #ifdef NSSDEBUG andre@0: if (!pError) { andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) { andre@0: *pError = CKR_ARGUMENTS_BAD; andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( andre@0: fwSession->fwInstance) ) { andre@0: CK_ULONG i; andre@0: andre@0: /* andre@0: * Does the search criteria restrict us to token or session andre@0: * objects? andre@0: */ andre@0: andre@0: for( i = 0; i < ulAttributeCount; i++ ) { andre@0: if( CKA_TOKEN == pTemplate[i].type ) { andre@0: /* Yes, it does. */ andre@0: CK_BBOOL isToken; andre@0: if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) { andre@0: *pError = CKR_ATTRIBUTE_VALUE_INVALID; andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); andre@0: andre@0: if( CK_TRUE == isToken ) { andre@0: /* Pass it on to the module's search routine */ andre@0: if (!fwSession->mdSession->FindObjectsInit) { andre@0: goto wrap; andre@0: } andre@0: andre@0: mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, andre@0: pTemplate, ulAttributeCount, pError); andre@0: } else { andre@0: /* Do the search ourselves */ andre@0: mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, andre@0: pTemplate, ulAttributeCount, pError); andre@0: } andre@0: andre@0: if (!mdfo1) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: goto wrap; andre@0: } andre@0: } andre@0: andre@0: if( i == ulAttributeCount ) { andre@0: /* No, it doesn't. Do a hybrid search. */ andre@0: mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, andre@0: pTemplate, ulAttributeCount, pError); andre@0: andre@0: if (!mdfo1) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, andre@0: pTemplate, ulAttributeCount, pError); andre@0: if (!mdfo2) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: if (mdfo1->Final) { andre@0: mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance); andre@0: } andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: goto wrap; andre@0: } andre@0: /*NOTREACHED*/ andre@0: } else { andre@0: /* Module handles all its own objects. Pass on to module's search */ andre@0: mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, andre@0: fwSession, fwSession->mdToken, fwSession->fwToken, andre@0: fwSession->mdInstance, fwSession->fwInstance, andre@0: pTemplate, ulAttributeCount, pError); andre@0: andre@0: if (!mdfo1) { andre@0: if( CKR_OK == *pError ) { andre@0: *pError = CKR_GENERAL_ERROR; andre@0: } andre@0: return (NSSCKFWFindObjects *)NULL; andre@0: } andre@0: andre@0: goto wrap; andre@0: } andre@0: andre@0: wrap: andre@0: return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, andre@0: fwSession->fwInstance, mdfo1, mdfo2, pError); andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_SeedRandom andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_SeedRandom andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *seed andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!seed) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!seed->data) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if( 0 == seed->size ) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->mdSession->SeedRandom) { andre@0: return CKR_RANDOM_SEED_NOT_SUPPORTED; andre@0: } andre@0: andre@0: error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, seed); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetRandom andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_GetRandom andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSItem *buffer andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!buffer) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!buffer->data) { andre@0: return CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: if (!fwSession->mdSession->GetRandom) { andre@0: if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) { andre@0: return CKR_GENERAL_ERROR; andre@0: } else { andre@0: return CKR_RANDOM_NO_RNG; andre@0: } andre@0: } andre@0: andre@0: if( 0 == buffer->size ) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, andre@0: fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, andre@0: fwSession->fwInstance, buffer); andre@0: andre@0: return error; andre@0: } andre@0: andre@0: andre@0: /* andre@0: * nssCKFWSession_SetCurrentCryptoOperation andre@0: */ andre@0: NSS_IMPLEMENT void andre@0: nssCKFWSession_SetCurrentCryptoOperation andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperation * fwOperation, andre@0: NSSCKFWCryptoOperationState state andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: CK_RV error = CKR_OK; andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return; andre@0: } andre@0: andre@0: if ( state >= NSSCKFWCryptoOperationState_Max) { andre@0: return; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: fwSession->fwOperationArray[state] = fwOperation; andre@0: return; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_GetCurrentCryptoOperation andre@0: */ andre@0: NSS_IMPLEMENT NSSCKFWCryptoOperation * andre@0: nssCKFWSession_GetCurrentCryptoOperation andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationState state andre@0: ) andre@0: { andre@0: #ifdef NSSDEBUG andre@0: CK_RV error = CKR_OK; andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return (NSSCKFWCryptoOperation *)NULL; andre@0: } andre@0: andre@0: if ( state >= NSSCKFWCryptoOperationState_Max) { andre@0: return (NSSCKFWCryptoOperation *)NULL; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return (NSSCKFWCryptoOperation *)NULL; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: return fwSession->fwOperationArray[state]; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_Final andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_Final andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationType type, andre@0: NSSCKFWCryptoOperationState state, andre@0: CK_BYTE_PTR outBuf, andre@0: CK_ULONG_PTR outBufLen andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSItem outputBuffer; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* handle buffer issues, note for Verify, the type is an input buffer. */ andre@0: if (NSSCKFWCryptoOperationType_Verify == type) { andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto done; andre@0: } andre@0: } else { andre@0: CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); andre@0: CK_ULONG maxBufLen = *outBufLen; andre@0: andre@0: if (CKR_OK != error) { andre@0: goto done; andre@0: } andre@0: *outBufLen = len; andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if (len > maxBufLen) { andre@0: return CKR_BUFFER_TOO_SMALL; andre@0: } andre@0: } andre@0: outputBuffer.data = outBuf; andre@0: outputBuffer.size = *outBufLen; andre@0: andre@0: error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); andre@0: done: andre@0: if (CKR_BUFFER_TOO_SMALL == error) { andre@0: return error; andre@0: } andre@0: /* clean up our state */ andre@0: nssCKFWCryptoOperation_Destroy(fwOperation); andre@0: nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_Update andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_Update andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationType type, andre@0: NSSCKFWCryptoOperationState state, andre@0: CK_BYTE_PTR inBuf, andre@0: CK_ULONG inBufLen, andre@0: CK_BYTE_PTR outBuf, andre@0: CK_ULONG_PTR outBufLen andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSItem inputBuffer; andre@0: NSSItem outputBuffer; andre@0: CK_ULONG len; andre@0: CK_ULONG maxBufLen; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: inputBuffer.data = inBuf; andre@0: inputBuffer.size = inBufLen; andre@0: andre@0: /* handle buffer issues, note for Verify, the type is an input buffer. */ andre@0: len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, andre@0: &error); andre@0: if (CKR_OK != error) { andre@0: return error; andre@0: } andre@0: maxBufLen = *outBufLen; andre@0: andre@0: *outBufLen = len; andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if (len > maxBufLen) { andre@0: return CKR_BUFFER_TOO_SMALL; andre@0: } andre@0: outputBuffer.data = outBuf; andre@0: outputBuffer.size = *outBufLen; andre@0: andre@0: return nssCKFWCryptoOperation_Update(fwOperation, andre@0: &inputBuffer, &outputBuffer); andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_DigestUpdate andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_DigestUpdate andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationType type, andre@0: NSSCKFWCryptoOperationState state, andre@0: CK_BYTE_PTR inBuf, andre@0: CK_ULONG inBufLen andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSItem inputBuffer; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: inputBuffer.data = inBuf; andre@0: inputBuffer.size = inBufLen; andre@0: andre@0: andre@0: error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_DigestUpdate andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_DigestKey andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWObject *fwKey andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSItem *inputBuffer; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, andre@0: NSSCKFWCryptoOperationState_Digest); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (NSSCKFWCryptoOperationType_Digest != andre@0: nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); andre@0: if (CKR_FUNCTION_FAILED != error) { andre@0: return error; andre@0: } andre@0: andre@0: /* no machine depended way for this to happen, do it by hand */ andre@0: inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); andre@0: if (!inputBuffer) { andre@0: /* couldn't get the value, just fail then */ andre@0: return error; andre@0: } andre@0: error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); andre@0: nssItem_Destroy(inputBuffer); andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * nssCKFWSession_UpdateFinal andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_UpdateFinal andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationType type, andre@0: NSSCKFWCryptoOperationState state, andre@0: CK_BYTE_PTR inBuf, andre@0: CK_ULONG inBufLen, andre@0: CK_BYTE_PTR outBuf, andre@0: CK_ULONG_PTR outBufLen andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSItem inputBuffer; andre@0: NSSItem outputBuffer; andre@0: PRBool isEncryptDecrypt; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: inputBuffer.data = inBuf; andre@0: inputBuffer.size = inBufLen; andre@0: isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) || andre@0: (NSSCKFWCryptoOperationType_Decrypt == type)) ; andre@0: andre@0: /* handle buffer issues, note for Verify, the type is an input buffer. */ andre@0: if (NSSCKFWCryptoOperationType_Verify == type) { andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto done; andre@0: } andre@0: } else { andre@0: CK_ULONG maxBufLen = *outBufLen; andre@0: CK_ULONG len; andre@0: andre@0: len = (isEncryptDecrypt) ? andre@0: nssCKFWCryptoOperation_GetOperationLength(fwOperation, andre@0: &inputBuffer, &error) : andre@0: nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); andre@0: andre@0: if (CKR_OK != error) { andre@0: goto done; andre@0: } andre@0: andre@0: *outBufLen = len; andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if (len > maxBufLen) { andre@0: return CKR_BUFFER_TOO_SMALL; andre@0: } andre@0: } andre@0: outputBuffer.data = outBuf; andre@0: outputBuffer.size = *outBufLen; andre@0: andre@0: error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, andre@0: &inputBuffer, &outputBuffer); andre@0: andre@0: /* UpdateFinal isn't support, manually use Update and Final */ andre@0: if (CKR_FUNCTION_FAILED == error) { andre@0: error = isEncryptDecrypt ? andre@0: nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) : andre@0: nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); andre@0: andre@0: if (CKR_OK == error) { andre@0: error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); andre@0: } andre@0: } andre@0: andre@0: andre@0: done: andre@0: if (CKR_BUFFER_TOO_SMALL == error) { andre@0: /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. andre@0: * the crypto state to be freed */ andre@0: return error; andre@0: } andre@0: andre@0: /* clean up our state */ andre@0: nssCKFWCryptoOperation_Destroy(fwOperation); andre@0: nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); andre@0: return error; andre@0: } andre@0: andre@0: NSS_IMPLEMENT CK_RV andre@0: nssCKFWSession_UpdateCombo andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationType encryptType, andre@0: NSSCKFWCryptoOperationType digestType, andre@0: NSSCKFWCryptoOperationState digestState, andre@0: CK_BYTE_PTR inBuf, andre@0: CK_ULONG inBufLen, andre@0: CK_BYTE_PTR outBuf, andre@0: CK_ULONG_PTR outBufLen andre@0: ) andre@0: { andre@0: NSSCKFWCryptoOperation *fwOperation; andre@0: NSSCKFWCryptoOperation *fwPeerOperation; andre@0: NSSItem inputBuffer; andre@0: NSSItem outputBuffer; andre@0: CK_ULONG maxBufLen = *outBufLen; andre@0: CK_ULONG len; andre@0: CK_RV error = CKR_OK; andre@0: andre@0: #ifdef NSSDEBUG andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: andre@0: if (!fwSession->mdSession) { andre@0: return CKR_GENERAL_ERROR; andre@0: } andre@0: #endif /* NSSDEBUG */ andre@0: andre@0: /* make sure we have a valid operation initialized */ andre@0: fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt); andre@0: if (!fwOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: /* make sure we have a valid operation initialized */ andre@0: fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, andre@0: digestState); andre@0: if (!fwPeerOperation) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: /* make sure it's the correct type */ andre@0: if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { andre@0: return CKR_OPERATION_NOT_INITIALIZED; andre@0: } andre@0: andre@0: inputBuffer.data = inBuf; andre@0: inputBuffer.size = inBufLen; andre@0: len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, andre@0: &inputBuffer, &error); andre@0: if (CKR_OK != error) { andre@0: return error; andre@0: } andre@0: andre@0: *outBufLen = len; andre@0: if ((CK_BYTE_PTR)NULL == outBuf) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if (len > maxBufLen) { andre@0: return CKR_BUFFER_TOO_SMALL; andre@0: } andre@0: andre@0: outputBuffer.data = outBuf; andre@0: outputBuffer.size = *outBufLen; andre@0: andre@0: error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, andre@0: &inputBuffer, &outputBuffer); andre@0: if (CKR_FUNCTION_FAILED == error) { andre@0: PRBool isEncrypt = andre@0: (PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType); andre@0: andre@0: if (isEncrypt) { andre@0: error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, andre@0: &inputBuffer); andre@0: if (CKR_OK != error) { andre@0: return error; andre@0: } andre@0: } andre@0: error = nssCKFWCryptoOperation_Update(fwOperation, andre@0: &inputBuffer, &outputBuffer); andre@0: if (CKR_OK != error) { andre@0: return error; andre@0: } andre@0: if (!isEncrypt) { andre@0: error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, andre@0: &outputBuffer); andre@0: } andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: andre@0: /* andre@0: * NSSCKFWSession_GetMDSession andre@0: * andre@0: */ andre@0: andre@0: NSS_IMPLEMENT NSSCKMDSession * andre@0: NSSCKFWSession_GetMDSession andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return (NSSCKMDSession *)NULL; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return nssCKFWSession_GetMDSession(fwSession); andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWSession_GetArena andre@0: * andre@0: */ andre@0: andre@0: NSS_IMPLEMENT NSSArena * andre@0: NSSCKFWSession_GetArena andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_RV *pError andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: if (!pError) { andre@0: return (NSSArena *)NULL; andre@0: } andre@0: andre@0: *pError = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != *pError ) { andre@0: return (NSSArena *)NULL; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return nssCKFWSession_GetArena(fwSession, pError); andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWSession_CallNotification andre@0: * andre@0: */ andre@0: andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWSession_CallNotification andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: CK_NOTIFICATION event andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: CK_RV error = CKR_OK; andre@0: andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return error; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return nssCKFWSession_CallNotification(fwSession, event); andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWSession_IsRWSession andre@0: * andre@0: */ andre@0: andre@0: NSS_IMPLEMENT CK_BBOOL andre@0: NSSCKFWSession_IsRWSession andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CK_FALSE; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return nssCKFWSession_IsRWSession(fwSession); andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWSession_IsSO andre@0: * andre@0: */ andre@0: andre@0: NSS_IMPLEMENT CK_BBOOL andre@0: NSSCKFWSession_IsSO andre@0: ( andre@0: NSSCKFWSession *fwSession andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { andre@0: return CK_FALSE; andre@0: } andre@0: #endif /* DEBUG */ andre@0: andre@0: return nssCKFWSession_IsSO(fwSession); andre@0: } andre@0: andre@0: NSS_IMPLEMENT NSSCKFWCryptoOperation * andre@0: NSSCKFWSession_GetCurrentCryptoOperation andre@0: ( andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKFWCryptoOperationState state andre@0: ) andre@0: { andre@0: #ifdef DEBUG andre@0: CK_RV error = CKR_OK; andre@0: error = nssCKFWSession_verifyPointer(fwSession); andre@0: if( CKR_OK != error ) { andre@0: return (NSSCKFWCryptoOperation *)NULL; andre@0: } andre@0: andre@0: if ( state >= NSSCKFWCryptoOperationState_Max) { andre@0: return (NSSCKFWCryptoOperation *)NULL; andre@0: } andre@0: #endif /* DEBUG */ andre@0: return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); andre@0: }