andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: /* andre@0: * wrap.c andre@0: * andre@0: * This file contains the routines that actually implement the cryptoki andre@0: * API, using the internal APIs of the NSS Cryptoki Framework. There is andre@0: * one routine here for every cryptoki routine. For linking reasons andre@0: * the actual entry points passed back with C_GetFunctionList have to andre@0: * exist in one of the Module's source files; however, those are merely andre@0: * simple wrappers that call these routines. The intelligence of the andre@0: * implementations is here. andre@0: */ andre@0: andre@0: #ifndef CK_T andre@0: #include "ck.h" andre@0: #endif /* CK_T */ andre@0: andre@0: /* andre@0: * NSSCKFWC_Initialize andre@0: * NSSCKFWC_Finalize andre@0: * NSSCKFWC_GetInfo andre@0: * -- NSSCKFWC_GetFunctionList -- see the API insert file andre@0: * NSSCKFWC_GetSlotList andre@0: * NSSCKFWC_GetSlotInfo andre@0: * NSSCKFWC_GetTokenInfo andre@0: * NSSCKFWC_WaitForSlotEvent andre@0: * NSSCKFWC_GetMechanismList andre@0: * NSSCKFWC_GetMechanismInfo andre@0: * NSSCKFWC_InitToken andre@0: * NSSCKFWC_InitPIN andre@0: * NSSCKFWC_SetPIN andre@0: * NSSCKFWC_OpenSession andre@0: * NSSCKFWC_CloseSession andre@0: * NSSCKFWC_CloseAllSessions andre@0: * NSSCKFWC_GetSessionInfo andre@0: * NSSCKFWC_GetOperationState andre@0: * NSSCKFWC_SetOperationState andre@0: * NSSCKFWC_Login andre@0: * NSSCKFWC_Logout andre@0: * NSSCKFWC_CreateObject andre@0: * NSSCKFWC_CopyObject andre@0: * NSSCKFWC_DestroyObject andre@0: * NSSCKFWC_GetObjectSize andre@0: * NSSCKFWC_GetAttributeValue andre@0: * NSSCKFWC_SetAttributeValue andre@0: * NSSCKFWC_FindObjectsInit andre@0: * NSSCKFWC_FindObjects andre@0: * NSSCKFWC_FindObjectsFinal andre@0: * NSSCKFWC_EncryptInit andre@0: * NSSCKFWC_Encrypt andre@0: * NSSCKFWC_EncryptUpdate andre@0: * NSSCKFWC_EncryptFinal andre@0: * NSSCKFWC_DecryptInit andre@0: * NSSCKFWC_Decrypt andre@0: * NSSCKFWC_DecryptUpdate andre@0: * NSSCKFWC_DecryptFinal andre@0: * NSSCKFWC_DigestInit andre@0: * NSSCKFWC_Digest andre@0: * NSSCKFWC_DigestUpdate andre@0: * NSSCKFWC_DigestKey andre@0: * NSSCKFWC_DigestFinal andre@0: * NSSCKFWC_SignInit andre@0: * NSSCKFWC_Sign andre@0: * NSSCKFWC_SignUpdate andre@0: * NSSCKFWC_SignFinal andre@0: * NSSCKFWC_SignRecoverInit andre@0: * NSSCKFWC_SignRecover andre@0: * NSSCKFWC_VerifyInit andre@0: * NSSCKFWC_Verify andre@0: * NSSCKFWC_VerifyUpdate andre@0: * NSSCKFWC_VerifyFinal andre@0: * NSSCKFWC_VerifyRecoverInit andre@0: * NSSCKFWC_VerifyRecover andre@0: * NSSCKFWC_DigestEncryptUpdate andre@0: * NSSCKFWC_DecryptDigestUpdate andre@0: * NSSCKFWC_SignEncryptUpdate andre@0: * NSSCKFWC_DecryptVerifyUpdate andre@0: * NSSCKFWC_GenerateKey andre@0: * NSSCKFWC_GenerateKeyPair andre@0: * NSSCKFWC_WrapKey andre@0: * NSSCKFWC_UnwrapKey andre@0: * NSSCKFWC_DeriveKey andre@0: * NSSCKFWC_SeedRandom andre@0: * NSSCKFWC_GenerateRandom andre@0: * NSSCKFWC_GetFunctionStatus andre@0: * NSSCKFWC_CancelFunction andre@0: */ andre@0: andre@0: /* figure out out locking semantics */ andre@0: static CK_RV andre@0: nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, andre@0: CryptokiLockingState *pLocking_state) { andre@0: int functionCount = 0; andre@0: andre@0: /* parsed according to (PKCS #11 Section 11.4) */ andre@0: /* no args, the degenerate version of case 1 */ andre@0: if (!pInitArgs) { andre@0: *pLocking_state = SingleThreaded; andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ andre@0: if (pInitArgs->flags & CKF_OS_LOCKING_OK) { andre@0: *pLocking_state = MultiThreaded; andre@0: return CKR_OK; andre@0: } andre@0: if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; andre@0: if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; andre@0: if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; andre@0: if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; andre@0: andre@0: /* CKF_OS_LOCKING_OK is not set, and not functions supplied, andre@0: * explicit case 1 */ andre@0: if (0 == functionCount) { andre@0: *pLocking_state = SingleThreaded; andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* OS_LOCKING_OK is not set and functions have been supplied. Since andre@0: * ckfw uses nssbase library which explicitly calls NSPR, and since andre@0: * there is no way to reliably override these explicit calls to NSPR, andre@0: * therefore we can't support applications which have their own threading andre@0: * module. Return CKR_CANT_LOCK if they supplied the correct number of andre@0: * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will andre@0: * fail the initialize */ andre@0: return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; andre@0: } andre@0: andre@0: static PRInt32 liveInstances; andre@0: andre@0: /* andre@0: * NSSCKFWC_Initialize andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Initialize andre@0: ( andre@0: NSSCKFWInstance **pFwInstance, andre@0: NSSCKMDInstance *mdInstance, andre@0: CK_VOID_PTR pInitArgs andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CryptokiLockingState locking_state; andre@0: andre@0: if( (NSSCKFWInstance **)NULL == pFwInstance ) { andre@0: error = CKR_GENERAL_ERROR; andre@0: goto loser; andre@0: } andre@0: andre@0: if (*pFwInstance) { andre@0: error = CKR_CRYPTOKI_ALREADY_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: if (!mdInstance) { andre@0: error = CKR_GENERAL_ERROR; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); andre@0: if (!*pFwInstance) { andre@0: goto loser; andre@0: } andre@0: PR_ATOMIC_INCREMENT(&liveInstances); andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CANT_LOCK: andre@0: case CKR_CRYPTOKI_ALREADY_INITIALIZED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_NEED_TO_CREATE_THREADS: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Finalize andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Finalize andre@0: ( andre@0: NSSCKFWInstance **pFwInstance andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: andre@0: if( (NSSCKFWInstance **)NULL == pFwInstance ) { andre@0: error = CKR_GENERAL_ERROR; andre@0: goto loser; andre@0: } andre@0: andre@0: if (!*pFwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWInstance_Destroy(*pFwInstance); andre@0: andre@0: /* In any case */ andre@0: *pFwInstance = (NSSCKFWInstance *)NULL; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: PRInt32 remainingInstances; andre@0: case CKR_OK: andre@0: remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); andre@0: if (!remainingInstances) { andre@0: nssArena_Shutdown(); andre@0: } andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: break; andre@0: default: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: /* andre@0: * A thread's error stack is automatically destroyed when the thread andre@0: * terminates or, for the primordial thread, by PR_Cleanup. On andre@0: * Windows with MinGW, the thread private data destructor PR_Free andre@0: * registered by this module is actually a thunk for PR_Free defined andre@0: * in this module. When the thread that unloads this module terminates andre@0: * or calls PR_Cleanup, the thunk for PR_Free is already gone with the andre@0: * module. Therefore we need to destroy the error stack before the andre@0: * module is unloaded. andre@0: */ andre@0: nss_DestroyErrorStack(); andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetInfo andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetInfo andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_INFO_PTR pInfo andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: andre@0: if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here means a caller error andre@0: */ andre@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); andre@0: andre@0: pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); andre@0: andre@0: error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); andre@0: andre@0: error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: break; andre@0: default: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * C_GetFunctionList is implemented entirely in the Module's file which andre@0: * includes the Framework API insert file. It requires no "actual" andre@0: * NSSCKFW routine. andre@0: */ andre@0: andre@0: /* andre@0: * NSSCKFWC_GetSlotList andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetSlotList andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_BBOOL tokenPresent, andre@0: CK_SLOT_ID_PTR pSlotList, andre@0: CK_ULONG_PTR pulCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: switch( tokenPresent ) { andre@0: case CK_TRUE: andre@0: case CK_FALSE: andre@0: break; andre@0: default: andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { andre@0: *pulCount = nSlots; andre@0: return CKR_OK; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); andre@0: andre@0: if( *pulCount < nSlots ) { andre@0: *pulCount = nSlots; andre@0: error = CKR_BUFFER_TOO_SMALL; andre@0: goto loser; andre@0: } else { andre@0: CK_ULONG i; andre@0: *pulCount = nSlots; andre@0: andre@0: /* andre@0: * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we andre@0: * just index one when we need it. andre@0: */ andre@0: andre@0: for( i = 0; i < nSlots; i++ ) { andre@0: pSlotList[i] = i+1; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetSlotInfo andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetSlotInfo andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_SLOT_INFO_PTR pInfo andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: pInfo->flags |= CKF_TOKEN_PRESENT; andre@0: } andre@0: andre@0: if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { andre@0: pInfo->flags |= CKF_REMOVABLE_DEVICE; andre@0: } andre@0: andre@0: if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { andre@0: pInfo->flags |= CKF_HW_SLOT; andre@0: } andre@0: andre@0: pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); andre@0: pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SLOT_ID_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetTokenInfo andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetTokenInfo andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_TOKEN_INFO_PTR pInfo andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWToken_GetLabel(fwToken, pInfo->label); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWToken_GetModel(fwToken, pInfo->model); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetHasRNG(fwToken) ) { andre@0: pInfo->flags |= CKF_RNG; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { andre@0: pInfo->flags |= CKF_WRITE_PROTECTED; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetLoginRequired(fwToken) ) { andre@0: pInfo->flags |= CKF_LOGIN_REQUIRED; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { andre@0: pInfo->flags |= CKF_USER_PIN_INITIALIZED; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { andre@0: pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { andre@0: pInfo->flags |= CKF_CLOCK_ON_TOKEN; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { andre@0: pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; andre@0: } andre@0: andre@0: if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { andre@0: pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; andre@0: } andre@0: andre@0: pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); andre@0: pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); andre@0: pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); andre@0: pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); andre@0: pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); andre@0: pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); andre@0: pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); andre@0: pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); andre@0: pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); andre@0: pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); andre@0: pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); andre@0: pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); andre@0: andre@0: error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: if (fwToken) andre@0: nssCKFWToken_Destroy(fwToken); andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_RECOGNIZED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_WaitForSlotEvent andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_WaitForSlotEvent andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_FLAGS flags, andre@0: CK_SLOT_ID_PTR pSlot, andre@0: CK_VOID_PTR pReserved andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: CK_BBOOL block; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: CK_ULONG i; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: if( flags & ~CKF_DONT_BLOCK ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); andre@0: if (!fwSlot) { andre@0: goto loser; andre@0: } andre@0: andre@0: for( i = 0; i < nSlots; i++ ) { andre@0: if( fwSlot == slots[i] ) { andre@0: *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); andre@0: return CKR_OK; andre@0: } andre@0: } andre@0: andre@0: error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_NO_EVENT: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetMechanismList andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetMechanismList andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_MECHANISM_TYPE_PTR pMechanismList, andre@0: CK_ULONG_PTR pulCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: CK_ULONG count; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: count = nssCKFWToken_GetMechanismCount(fwToken); andre@0: andre@0: if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { andre@0: *pulCount = count; andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if( *pulCount < count ) { andre@0: *pulCount = count; andre@0: error = CKR_BUFFER_TOO_SMALL; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); andre@0: andre@0: *pulCount = count; andre@0: andre@0: if( 0 != count ) { andre@0: error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); andre@0: } else { andre@0: error = CKR_OK; andre@0: } andre@0: andre@0: if( CKR_OK == error ) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: if (fwToken) andre@0: nssCKFWToken_Destroy(fwToken); andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_RECOGNIZED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetMechanismInfo andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetMechanismInfo andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_MECHANISM_TYPE type, andre@0: CK_MECHANISM_INFO_PTR pInfo andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); andre@0: pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); andre@0: andre@0: if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_HW; andre@0: } andre@0: if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_ENCRYPT; andre@0: } andre@0: if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_DECRYPT; andre@0: } andre@0: if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_DIGEST; andre@0: } andre@0: if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_SIGN; andre@0: } andre@0: if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_SIGN_RECOVER; andre@0: } andre@0: if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_VERIFY; andre@0: } andre@0: if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_VERIFY_RECOVER; andre@0: } andre@0: if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_GENERATE; andre@0: } andre@0: if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_GENERATE_KEY_PAIR; andre@0: } andre@0: if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_WRAP; andre@0: } andre@0: if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_UNWRAP; andre@0: } andre@0: if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { andre@0: pInfo->flags |= CKF_DERIVE; andre@0: } andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: return error; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: if (fwToken) andre@0: nssCKFWToken_Destroy(fwToken); andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_RECOGNIZED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_InitToken andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_InitToken andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_CHAR_PTR pPin, andre@0: CK_ULONG ulPinLen, andre@0: CK_CHAR_PTR pLabel andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: NSSItem pin; andre@0: NSSUTF8 *label; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: pin.size = (PRUint32)ulPinLen; andre@0: pin.data = (void *)pPin; andre@0: label = (NSSUTF8 *)pLabel; /* identity conversion */ andre@0: andre@0: error = nssCKFWToken_InitToken(fwToken, &pin, label); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: if (fwToken) andre@0: nssCKFWToken_Destroy(fwToken); andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_PIN_INCORRECT: andre@0: case CKR_PIN_LOCKED: andre@0: case CKR_SESSION_EXISTS: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_RECOGNIZED: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_InitPIN andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_InitPIN andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_CHAR_PTR pPin, andre@0: CK_ULONG ulPinLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSItem pin, *arg; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { andre@0: arg = (NSSItem *)NULL; andre@0: } else { andre@0: arg = &pin; andre@0: pin.size = (PRUint32)ulPinLen; andre@0: pin.data = (void *)pPin; andre@0: } andre@0: andre@0: error = nssCKFWSession_InitPIN(fwSession, arg); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_PIN_INVALID: andre@0: case CKR_PIN_LEN_RANGE: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SetPIN andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SetPIN andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_CHAR_PTR pOldPin, andre@0: CK_ULONG ulOldLen, andre@0: CK_CHAR_PTR pNewPin, andre@0: CK_ULONG ulNewLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSItem oldPin, newPin, *oldArg, *newArg; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { andre@0: oldArg = (NSSItem *)NULL; andre@0: } else { andre@0: oldArg = &oldPin; andre@0: oldPin.size = (PRUint32)ulOldLen; andre@0: oldPin.data = (void *)pOldPin; andre@0: } andre@0: andre@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { andre@0: newArg = (NSSItem *)NULL; andre@0: } else { andre@0: newArg = &newPin; andre@0: newPin.size = (PRUint32)ulNewLen; andre@0: newPin.data = (void *)pNewPin; andre@0: } andre@0: andre@0: error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_PIN_INCORRECT: andre@0: case CKR_PIN_INVALID: andre@0: case CKR_PIN_LEN_RANGE: andre@0: case CKR_PIN_LOCKED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_OpenSession andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_OpenSession andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID, andre@0: CK_FLAGS flags, andre@0: CK_VOID_PTR pApplication, andre@0: CK_NOTIFY Notify, andre@0: CK_SESSION_HANDLE_PTR phSession andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: NSSCKFWSession *fwSession; andre@0: CK_BBOOL rw; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( flags & CKF_RW_SESSION ) { andre@0: rw = CK_TRUE; andre@0: } else { andre@0: rw = CK_FALSE; andre@0: } andre@0: andre@0: if( flags & CKF_SERIAL_SESSION ) { andre@0: ; andre@0: } else { andre@0: error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; andre@0: goto loser; andre@0: } andre@0: andre@0: if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: *phSession = (CK_SESSION_HANDLE)0; andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, andre@0: Notify, &error); andre@0: if (!fwSession) { andre@0: goto loser; andre@0: } andre@0: andre@0: *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, andre@0: fwSession, &error); andre@0: if( (CK_SESSION_HANDLE)0 == *phSession ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SESSION_COUNT: andre@0: case CKR_SESSION_EXISTS: andre@0: case CKR_SESSION_PARALLEL_NOT_SUPPORTED: andre@0: case CKR_SESSION_READ_WRITE_SO_EXISTS: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: case CKR_TOKEN_NOT_RECOGNIZED: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_CloseSession andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_CloseSession andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); andre@0: error = nssCKFWSession_Destroy(fwSession, CK_TRUE); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_CloseAllSessions andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_CloseAllSessions andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SLOT_ID slotID andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: CK_ULONG nSlots; andre@0: NSSCKFWSlot **slots; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); andre@0: if( (CK_ULONG)0 == nSlots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (slotID < 1) || (slotID > nSlots) ) { andre@0: error = CKR_SLOT_ID_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); andre@0: if( (NSSCKFWSlot **)NULL == slots ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = slots[ slotID-1 ]; andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWToken_CloseAllSessions(fwToken); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SLOT_ID_INVALID: andre@0: case CKR_TOKEN_NOT_PRESENT: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetSessionInfo andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetSessionInfo andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_SESSION_INFO_PTR pInfo andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWSlot *fwSlot; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; andre@0: goto loser; andre@0: } andre@0: andre@0: pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); andre@0: pInfo->state = nssCKFWSession_GetSessionState(fwSession); andre@0: andre@0: if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { andre@0: pInfo->flags |= CKF_RW_SESSION; andre@0: } andre@0: andre@0: pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ andre@0: andre@0: pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetOperationState andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetOperationState andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pOperationState, andre@0: CK_ULONG_PTR pulOperationStateLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: CK_ULONG len; andre@0: NSSItem buf; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: len = nssCKFWSession_GetOperationStateLen(fwSession, &error); andre@0: if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { andre@0: *pulOperationStateLen = len; andre@0: return CKR_OK; andre@0: } andre@0: andre@0: if( *pulOperationStateLen < len ) { andre@0: *pulOperationStateLen = len; andre@0: error = CKR_BUFFER_TOO_SMALL; andre@0: goto loser; andre@0: } andre@0: andre@0: buf.size = (PRUint32)*pulOperationStateLen; andre@0: buf.data = (void *)pOperationState; andre@0: *pulOperationStateLen = len; andre@0: error = nssCKFWSession_GetOperationState(fwSession, &buf); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_STATE_UNSAVEABLE: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SetOperationState andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SetOperationState andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pOperationState, andre@0: CK_ULONG ulOperationStateLen, andre@0: CK_OBJECT_HANDLE hEncryptionKey, andre@0: CK_OBJECT_HANDLE hAuthenticationKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *eKey; andre@0: NSSCKFWObject *aKey; andre@0: NSSItem state; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * We could loop through the buffer, to catch any purify errors andre@0: * in a place with a "user error" note. andre@0: */ andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { andre@0: eKey = (NSSCKFWObject *)NULL; andre@0: } else { andre@0: eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); andre@0: if (!eKey) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { andre@0: aKey = (NSSCKFWObject *)NULL; andre@0: } else { andre@0: aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); andre@0: if (!aKey) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: state.data = pOperationState; andre@0: state.size = ulOperationStateLen; andre@0: andre@0: error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_CHANGED: andre@0: case CKR_KEY_NEEDED: andre@0: case CKR_KEY_NOT_NEEDED: andre@0: case CKR_SAVED_STATE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Login andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Login andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_USER_TYPE userType, andre@0: CK_CHAR_PTR pPin, andre@0: CK_ULONG ulPinLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSItem pin, *arg; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { andre@0: arg = (NSSItem *)NULL; andre@0: } else { andre@0: arg = &pin; andre@0: pin.size = (PRUint32)ulPinLen; andre@0: pin.data = (void *)pPin; andre@0: } andre@0: andre@0: error = nssCKFWSession_Login(fwSession, userType, arg); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_PIN_INCORRECT: andre@0: case CKR_PIN_LOCKED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY_EXISTS: andre@0: case CKR_USER_ALREADY_LOGGED_IN: andre@0: case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: andre@0: case CKR_USER_PIN_NOT_INITIALIZED: andre@0: case CKR_USER_TOO_MANY_TYPES: andre@0: case CKR_USER_TYPE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Logout andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Logout andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Logout(fwSession); andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_CreateObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_CreateObject andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount, andre@0: CK_OBJECT_HANDLE_PTR phObject andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: *phObject = (CK_OBJECT_HANDLE)0; andre@0: andre@0: fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, andre@0: ulCount, &error); andre@0: if (!fwObject) { andre@0: goto loser; andre@0: } andre@0: andre@0: *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); andre@0: if( (CK_OBJECT_HANDLE)0 == *phObject ) { andre@0: nssCKFWObject_Destroy(fwObject); andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCOMPLETE: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_CopyObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_CopyObject andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hObject, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount, andre@0: CK_OBJECT_HANDLE_PTR phNewObject andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWObject *fwNewObject; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: *phNewObject = (CK_OBJECT_HANDLE)0; andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); andre@0: if (!fwObject) { andre@0: error = CKR_OBJECT_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, andre@0: pTemplate, ulCount, &error); andre@0: if (!fwNewObject) { andre@0: goto loser; andre@0: } andre@0: andre@0: *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, andre@0: fwNewObject, &error); andre@0: if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { andre@0: nssCKFWObject_Destroy(fwNewObject); andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OBJECT_HANDLE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DestroyObject andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DestroyObject andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hObject andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); andre@0: if (!fwObject) { andre@0: error = CKR_OBJECT_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); andre@0: nssCKFWObject_Destroy(fwObject); andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OBJECT_HANDLE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetObjectSize andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetObjectSize andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hObject, andre@0: CK_ULONG_PTR pulSize andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); andre@0: if (!fwObject) { andre@0: error = CKR_OBJECT_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: *pulSize = (CK_ULONG)0; andre@0: andre@0: *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); andre@0: if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_INFORMATION_SENSITIVE: andre@0: case CKR_OBJECT_HANDLE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetAttributeValue andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetAttributeValue andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hObject, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: CK_BBOOL sensitive = CK_FALSE; andre@0: CK_BBOOL invalid = CK_FALSE; andre@0: CK_BBOOL tooSmall = CK_FALSE; andre@0: CK_ULONG i; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); andre@0: if (!fwObject) { andre@0: error = CKR_OBJECT_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: for( i = 0; i < ulCount; i++ ) { andre@0: CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, andre@0: pTemplate[i].type, &error); andre@0: if( (CK_ULONG)0 == size ) { andre@0: switch( error ) { andre@0: case CKR_ATTRIBUTE_SENSITIVE: andre@0: case CKR_INFORMATION_SENSITIVE: andre@0: sensitive = CK_TRUE; andre@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); andre@0: continue; andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: invalid = CK_TRUE; andre@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); andre@0: continue; andre@0: case CKR_OK: andre@0: break; andre@0: default: andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { andre@0: pTemplate[i].ulValueLen = size; andre@0: } else { andre@0: NSSItem it, *p; andre@0: andre@0: if( pTemplate[i].ulValueLen < size ) { andre@0: tooSmall = CK_TRUE; andre@0: continue; andre@0: } andre@0: andre@0: it.size = (PRUint32)pTemplate[i].ulValueLen; andre@0: it.data = (void *)pTemplate[i].pValue; andre@0: p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, andre@0: (NSSArena *)NULL, &error); andre@0: if (!p) { andre@0: switch( error ) { andre@0: case CKR_ATTRIBUTE_SENSITIVE: andre@0: case CKR_INFORMATION_SENSITIVE: andre@0: sensitive = CK_TRUE; andre@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); andre@0: continue; andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: invalid = CK_TRUE; andre@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); andre@0: continue; andre@0: default: andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: pTemplate[i].ulValueLen = size; andre@0: } andre@0: } andre@0: andre@0: if( sensitive ) { andre@0: error = CKR_ATTRIBUTE_SENSITIVE; andre@0: goto loser; andre@0: } else if( invalid ) { andre@0: error = CKR_ATTRIBUTE_TYPE_INVALID; andre@0: goto loser; andre@0: } else if( tooSmall ) { andre@0: error = CKR_BUFFER_TOO_SMALL; andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ATTRIBUTE_SENSITIVE: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OBJECT_HANDLE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SetAttributeValue andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SetAttributeValue andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hObject, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: CK_ULONG i; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); andre@0: if (!fwObject) { andre@0: error = CKR_OBJECT_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: for (i=0; i < ulCount; i++) { andre@0: NSSItem value; andre@0: andre@0: value.data = pTemplate[i].pValue; andre@0: value.size = pTemplate[i].ulValueLen; andre@0: andre@0: error = nssCKFWObject_SetAttribute(fwObject, fwSession, andre@0: pTemplate[i].type, &value); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OBJECT_HANDLE_INVALID: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_FindObjectsInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_FindObjectsInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWFindObjects *fwFindObjects; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); andre@0: if (fwFindObjects) { andre@0: error = CKR_OPERATION_ACTIVE; andre@0: goto loser; andre@0: } andre@0: andre@0: if( CKR_OPERATION_NOT_INITIALIZED != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, andre@0: pTemplate, ulCount, &error); andre@0: if (!fwFindObjects) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); andre@0: andre@0: if( CKR_OK != error ) { andre@0: nssCKFWFindObjects_Destroy(fwFindObjects); andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_FindObjects andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_FindObjects andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE_PTR phObject, andre@0: CK_ULONG ulMaxObjectCount, andre@0: CK_ULONG_PTR pulObjectCount andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWFindObjects *fwFindObjects; andre@0: CK_ULONG i; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); andre@0: *pulObjectCount = (CK_ULONG)0; andre@0: andre@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); andre@0: if (!fwFindObjects) { andre@0: goto loser; andre@0: } andre@0: andre@0: for( i = 0; i < ulMaxObjectCount; i++ ) { andre@0: NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, andre@0: NULL, &error); andre@0: if (!fwObject) { andre@0: break; andre@0: } andre@0: andre@0: phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); andre@0: if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { andre@0: phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); andre@0: } andre@0: if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { andre@0: /* This isn't right either, is it? */ andre@0: nssCKFWObject_Destroy(fwObject); andre@0: goto loser; andre@0: } andre@0: } andre@0: andre@0: *pulObjectCount = i; andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_FindObjectsFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_FindObjectsFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWFindObjects *fwFindObjects; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); andre@0: if (!fwFindObjects) { andre@0: error = CKR_OPERATION_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: nssCKFWFindObjects_Destroy(fwFindObjects); andre@0: error = nssCKFWSession_SetFWFindObjects(fwSession, andre@0: (NSSCKFWFindObjects *)NULL); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_EncryptInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_EncryptInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, andre@0: fwSession, fwObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Encrypt andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Encrypt andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen, andre@0: CK_BYTE_PTR pEncryptedData, andre@0: CK_ULONG_PTR pulEncryptedDataLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_Encrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_INVALID: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_CLOSED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_EncryptUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_EncryptUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG ulPartLen, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG_PTR pulEncryptedPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Update(fwSession, andre@0: NSSCKFWCryptoOperationType_Encrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_EncryptFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_EncryptFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pLastEncryptedPart, andre@0: CK_ULONG_PTR pulLastEncryptedPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Final(fwSession, andre@0: NSSCKFWCryptoOperationType_Encrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pLastEncryptedPart, pulLastEncryptedPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DecryptInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DecryptInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, andre@0: fwSession, fwObject); andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Decrypt andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Decrypt andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pEncryptedData, andre@0: CK_ULONG ulEncryptedDataLen, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG_PTR pulDataLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_Decrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: case CKR_DATA_LEN_RANGE: andre@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; andre@0: break; andre@0: case CKR_DATA_INVALID: andre@0: error = CKR_ENCRYPTED_DATA_INVALID; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DecryptUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DecryptUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG ulEncryptedPartLen, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG_PTR pulPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Update(fwSession, andre@0: NSSCKFWCryptoOperationType_Decrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: case CKR_DATA_LEN_RANGE: andre@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; andre@0: break; andre@0: case CKR_DATA_INVALID: andre@0: error = CKR_ENCRYPTED_DATA_INVALID; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DecryptFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DecryptFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pLastPart, andre@0: CK_ULONG_PTR pulLastPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Final(fwSession, andre@0: NSSCKFWCryptoOperationType_Decrypt, andre@0: NSSCKFWCryptoOperationState_EncryptDecrypt, andre@0: pLastPart, pulLastPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: case CKR_DATA_LEN_RANGE: andre@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; andre@0: break; andre@0: case CKR_DATA_INVALID: andre@0: error = CKR_ENCRYPTED_DATA_INVALID; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DigestInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DigestInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Digest andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Digest andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen, andre@0: CK_BYTE_PTR pDigest, andre@0: CK_ULONG_PTR pulDigestLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_Digest, andre@0: NSSCKFWCryptoOperationState_Digest, andre@0: pData, ulDataLen, pDigest, pulDigestLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DigestUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DigestUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_DigestUpdate(fwSession, andre@0: NSSCKFWCryptoOperationType_Digest, andre@0: NSSCKFWCryptoOperationState_Digest, andre@0: pData, ulDataLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DigestKey andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DigestKey andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_DigestKey(fwSession, fwObject); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_INDIGESTIBLE: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DigestFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DigestFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pDigest, andre@0: CK_ULONG_PTR pulDigestLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Final(fwSession, andre@0: NSSCKFWCryptoOperationType_Digest, andre@0: NSSCKFWCryptoOperationState_Digest, andre@0: pDigest, pulDigestLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, andre@0: fwObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Sign andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Sign andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG_PTR pulSignatureLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_Sign, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pData, ulDataLen, pSignature, pulSignatureLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_INVALID: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: case CKR_FUNCTION_REJECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG ulPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_DigestUpdate(fwSession, andre@0: NSSCKFWCryptoOperationType_Sign, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pPart, ulPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG_PTR pulSignatureLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Final(fwSession, andre@0: NSSCKFWCryptoOperationType_Sign, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pSignature, pulSignatureLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: case CKR_FUNCTION_REJECTED: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignRecoverInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignRecoverInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, andre@0: fwObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignRecover andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignRecover andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG_PTR pulSignatureLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_SignRecover, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pData, ulDataLen, pSignature, pulSignatureLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_INVALID: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_VerifyInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_VerifyInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, andre@0: fwObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_Verify andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_Verify andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG ulDataLen, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG ulSignatureLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_Verify, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pData, ulDataLen, pSignature, &ulSignatureLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_INVALID: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SIGNATURE_INVALID: andre@0: case CKR_SIGNATURE_LEN_RANGE: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_VerifyUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_VerifyUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG ulPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_DigestUpdate(fwSession, andre@0: NSSCKFWCryptoOperationType_Verify, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pPart, ulPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_VerifyFinal andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_VerifyFinal andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG ulSignatureLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_Final(fwSession, andre@0: NSSCKFWCryptoOperationType_Verify, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pSignature, &ulSignatureLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SIGNATURE_INVALID: andre@0: case CKR_SIGNATURE_LEN_RANGE: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_VerifyRecoverInit andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_VerifyRecoverInit andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, andre@0: fwSession, fwObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_VerifyRecover andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_VerifyRecover andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pSignature, andre@0: CK_ULONG ulSignatureLen, andre@0: CK_BYTE_PTR pData, andre@0: CK_ULONG_PTR pulDataLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateFinal(fwSession, andre@0: NSSCKFWCryptoOperationType_VerifyRecover, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pSignature, ulSignatureLen, pData, pulDataLen); andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_INVALID: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SIGNATURE_INVALID: andre@0: case CKR_SIGNATURE_LEN_RANGE: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DigestEncryptUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DigestEncryptUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG ulPartLen, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG_PTR pulEncryptedPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateCombo(fwSession, andre@0: NSSCKFWCryptoOperationType_Encrypt, andre@0: NSSCKFWCryptoOperationType_Digest, andre@0: NSSCKFWCryptoOperationState_Digest, andre@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DecryptDigestUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DecryptDigestUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG ulEncryptedPartLen, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG_PTR pulPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateCombo(fwSession, andre@0: NSSCKFWCryptoOperationType_Decrypt, andre@0: NSSCKFWCryptoOperationType_Digest, andre@0: NSSCKFWCryptoOperationState_Digest, andre@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: case CKR_DATA_INVALID: andre@0: error = CKR_ENCRYPTED_DATA_INVALID; andre@0: break; andre@0: case CKR_DATA_LEN_RANGE: andre@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SignEncryptUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SignEncryptUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG ulPartLen, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG_PTR pulEncryptedPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateCombo(fwSession, andre@0: NSSCKFWCryptoOperationType_Encrypt, andre@0: NSSCKFWCryptoOperationType_Sign, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DecryptVerifyUpdate andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DecryptVerifyUpdate andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pEncryptedPart, andre@0: CK_ULONG ulEncryptedPartLen, andre@0: CK_BYTE_PTR pPart, andre@0: CK_ULONG_PTR pulPartLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: error = nssCKFWSession_UpdateCombo(fwSession, andre@0: NSSCKFWCryptoOperationType_Decrypt, andre@0: NSSCKFWCryptoOperationType_Verify, andre@0: NSSCKFWCryptoOperationState_SignVerify, andre@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DATA_LEN_RANGE: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_NOT_INITIALIZED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: break; andre@0: case CKR_DATA_INVALID: andre@0: error = CKR_ENCRYPTED_DATA_INVALID; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GenerateKey andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GenerateKey andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulCount, andre@0: CK_OBJECT_HANDLE_PTR phKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWMechanism_GenerateKey( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: pTemplate, andre@0: ulCount, andre@0: &error); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: if (!fwObject) { andre@0: goto loser; andre@0: } andre@0: *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCOMPLETE: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GenerateKeyPair andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GenerateKeyPair andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_ATTRIBUTE_PTR pPublicKeyTemplate, andre@0: CK_ULONG ulPublicKeyAttributeCount, andre@0: CK_ATTRIBUTE_PTR pPrivateKeyTemplate, andre@0: CK_ULONG ulPrivateKeyAttributeCount, andre@0: CK_OBJECT_HANDLE_PTR phPublicKey, andre@0: CK_OBJECT_HANDLE_PTR phPrivateKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwPrivateKeyObject; andre@0: NSSCKFWObject *fwPublicKeyObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: error= nssCKFWMechanism_GenerateKeyPair( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: pPublicKeyTemplate, andre@0: ulPublicKeyAttributeCount, andre@0: pPublicKeyTemplate, andre@0: ulPublicKeyAttributeCount, andre@0: &fwPublicKeyObject, andre@0: &fwPrivateKeyObject); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: if (CKR_OK != error) { andre@0: goto loser; andre@0: } andre@0: *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, andre@0: fwPublicKeyObject, andre@0: &error); andre@0: if (CKR_OK != error) { andre@0: goto loser; andre@0: } andre@0: *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, andre@0: fwPrivateKeyObject, andre@0: &error); andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_DOMAIN_PARAMS_INVALID: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCOMPLETE: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_WrapKey andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_WrapKey andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hWrappingKey, andre@0: CK_OBJECT_HANDLE hKey, andre@0: CK_BYTE_PTR pWrappedKey, andre@0: CK_ULONG_PTR pulWrappedKeyLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwKeyObject; andre@0: NSSCKFWObject *fwWrappingKeyObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: NSSItem wrappedKey; andre@0: CK_ULONG wrappedKeyLength = 0; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, andre@0: hWrappingKey); andre@0: if (!fwWrappingKeyObject) { andre@0: error = CKR_WRAPPING_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); andre@0: if (!fwKeyObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * first get the length... andre@0: */ andre@0: wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: fwWrappingKeyObject, andre@0: fwKeyObject, andre@0: &error); andre@0: if ((CK_ULONG) 0 == wrappedKeyLength) { andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: goto loser; andre@0: } andre@0: if ((CK_BYTE_PTR)NULL == pWrappedKey) { andre@0: *pulWrappedKeyLen = wrappedKeyLength; andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: return CKR_OK; andre@0: } andre@0: if (wrappedKeyLength > *pulWrappedKeyLen) { andre@0: *pulWrappedKeyLen = wrappedKeyLength; andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: error = CKR_BUFFER_TOO_SMALL; andre@0: goto loser; andre@0: } andre@0: andre@0: andre@0: wrappedKey.data = pWrappedKey; andre@0: wrappedKey.size = wrappedKeyLength; andre@0: andre@0: error = nssCKFWMechanism_WrapKey( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: fwWrappingKeyObject, andre@0: fwKeyObject, andre@0: &wrappedKey); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: *pulWrappedKeyLen = wrappedKey.size; andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_NOT_WRAPPABLE: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_UNEXTRACTABLE: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_WRAPPING_KEY_HANDLE_INVALID: andre@0: case CKR_WRAPPING_KEY_SIZE_RANGE: andre@0: case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: andre@0: break; andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_UnwrapKey andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_UnwrapKey andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hUnwrappingKey, andre@0: CK_BYTE_PTR pWrappedKey, andre@0: CK_ULONG ulWrappedKeyLen, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_OBJECT_HANDLE_PTR phKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWObject *fwWrappingKeyObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: NSSItem wrappedKey; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, andre@0: hUnwrappingKey); andre@0: if (!fwWrappingKeyObject) { andre@0: error = CKR_WRAPPING_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: wrappedKey.data = pWrappedKey; andre@0: wrappedKey.size = ulWrappedKeyLen; andre@0: andre@0: fwObject = nssCKFWMechanism_UnwrapKey( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: fwWrappingKeyObject, andre@0: &wrappedKey, andre@0: pTemplate, andre@0: ulAttributeCount, andre@0: &error); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: if (!fwObject) { andre@0: goto loser; andre@0: } andre@0: *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_BUFFER_TOO_SMALL: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_DOMAIN_PARAMS_INVALID: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCOMPLETE: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_UNWRAPPING_KEY_HANDLE_INVALID: andre@0: case CKR_UNWRAPPING_KEY_SIZE_RANGE: andre@0: case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: case CKR_WRAPPED_KEY_INVALID: andre@0: case CKR_WRAPPED_KEY_LEN_RANGE: andre@0: break; andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; andre@0: break; andre@0: case CKR_KEY_SIZE_RANGE: andre@0: error = CKR_UNWRAPPING_KEY_SIZE_RANGE; andre@0: break; andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; andre@0: break; andre@0: case CKR_ENCRYPTED_DATA_INVALID: andre@0: error = CKR_WRAPPED_KEY_INVALID; andre@0: break; andre@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: andre@0: error = CKR_WRAPPED_KEY_LEN_RANGE; andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_DeriveKey andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_DeriveKey andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: CK_OBJECT_HANDLE hBaseKey, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_OBJECT_HANDLE_PTR phKey andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSCKFWObject *fwObject; andre@0: NSSCKFWObject *fwBaseKeyObject; andre@0: NSSCKFWSlot *fwSlot; andre@0: NSSCKFWToken *fwToken; andre@0: NSSCKFWMechanism *fwMechanism; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); andre@0: if (!fwBaseKeyObject) { andre@0: error = CKR_KEY_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); andre@0: if (!fwSlot) { andre@0: error = CKR_GENERAL_ERROR; /* should never happen! */ andre@0: goto loser; andre@0: } andre@0: andre@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { andre@0: error = CKR_TOKEN_NOT_PRESENT; andre@0: goto loser; andre@0: } andre@0: andre@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); andre@0: if (!fwToken) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); andre@0: if (!fwMechanism) { andre@0: goto loser; andre@0: } andre@0: andre@0: fwObject = nssCKFWMechanism_DeriveKey( andre@0: fwMechanism, andre@0: pMechanism, andre@0: fwSession, andre@0: fwBaseKeyObject, andre@0: pTemplate, andre@0: ulAttributeCount, andre@0: &error); andre@0: andre@0: nssCKFWMechanism_Destroy(fwMechanism); andre@0: if (!fwObject) { andre@0: goto loser; andre@0: } andre@0: *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); andre@0: andre@0: if (CKR_OK == error) { andre@0: return CKR_OK; andre@0: } andre@0: andre@0: loser: andre@0: /* verify error */ andre@0: switch( error ) { andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_ATTRIBUTE_READ_ONLY: andre@0: case CKR_ATTRIBUTE_TYPE_INVALID: andre@0: case CKR_ATTRIBUTE_VALUE_INVALID: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_DEVICE_REMOVED: andre@0: case CKR_DOMAIN_PARAMS_INVALID: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_KEY_HANDLE_INVALID: andre@0: case CKR_KEY_SIZE_RANGE: andre@0: case CKR_KEY_TYPE_INCONSISTENT: andre@0: case CKR_MECHANISM_INVALID: andre@0: case CKR_MECHANISM_PARAM_INVALID: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_PIN_EXPIRED: andre@0: case CKR_SESSION_CLOSED: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_SESSION_READ_ONLY: andre@0: case CKR_TEMPLATE_INCOMPLETE: andre@0: case CKR_TEMPLATE_INCONSISTENT: andre@0: case CKR_TOKEN_WRITE_PROTECTED: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_SeedRandom andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_SeedRandom andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pSeed, andre@0: CK_ULONG ulSeedLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSItem seed; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* We could read through the buffer in a Purify trap */ andre@0: andre@0: seed.size = (PRUint32)ulSeedLen; andre@0: seed.data = (void *)pSeed; andre@0: andre@0: error = nssCKFWSession_SeedRandom(fwSession, &seed); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_RANDOM_SEED_NOT_SUPPORTED: andre@0: case CKR_RANDOM_NO_RNG: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GenerateRandom andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GenerateRandom andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession, andre@0: CK_BYTE_PTR pRandomData, andre@0: CK_ULONG ulRandomLen andre@0: ) andre@0: { andre@0: CK_RV error = CKR_OK; andre@0: NSSCKFWSession *fwSession; andre@0: NSSItem buffer; andre@0: andre@0: if (!fwInstance) { andre@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; andre@0: goto loser; andre@0: } andre@0: andre@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); andre@0: if (!fwSession) { andre@0: error = CKR_SESSION_HANDLE_INVALID; andre@0: goto loser; andre@0: } andre@0: andre@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { andre@0: error = CKR_ARGUMENTS_BAD; andre@0: goto loser; andre@0: } andre@0: andre@0: /* andre@0: * A purify error here indicates caller error. andre@0: */ andre@0: (void)nsslibc_memset(pRandomData, 0, ulRandomLen); andre@0: andre@0: buffer.size = (PRUint32)ulRandomLen; andre@0: buffer.data = (void *)pRandomData; andre@0: andre@0: error = nssCKFWSession_GetRandom(fwSession, &buffer); andre@0: andre@0: if( CKR_OK != error ) { andre@0: goto loser; andre@0: } andre@0: andre@0: return CKR_OK; andre@0: andre@0: loser: andre@0: switch( error ) { andre@0: case CKR_SESSION_CLOSED: andre@0: /* destroy session? */ andre@0: break; andre@0: case CKR_DEVICE_REMOVED: andre@0: /* (void)nssCKFWToken_Destroy(fwToken); */ andre@0: break; andre@0: case CKR_ARGUMENTS_BAD: andre@0: case CKR_CRYPTOKI_NOT_INITIALIZED: andre@0: case CKR_DEVICE_ERROR: andre@0: case CKR_DEVICE_MEMORY: andre@0: case CKR_FUNCTION_CANCELED: andre@0: case CKR_FUNCTION_FAILED: andre@0: case CKR_GENERAL_ERROR: andre@0: case CKR_HOST_MEMORY: andre@0: case CKR_OPERATION_ACTIVE: andre@0: case CKR_RANDOM_NO_RNG: andre@0: case CKR_SESSION_HANDLE_INVALID: andre@0: case CKR_USER_NOT_LOGGED_IN: andre@0: break; andre@0: default: andre@0: case CKR_OK: andre@0: error = CKR_GENERAL_ERROR; andre@0: break; andre@0: } andre@0: andre@0: return error; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_GetFunctionStatus andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_GetFunctionStatus andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: return CKR_FUNCTION_NOT_PARALLEL; andre@0: } andre@0: andre@0: /* andre@0: * NSSCKFWC_CancelFunction andre@0: * andre@0: */ andre@0: NSS_IMPLEMENT CK_RV andre@0: NSSCKFWC_CancelFunction andre@0: ( andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_SESSION_HANDLE hSession andre@0: ) andre@0: { andre@0: return CKR_FUNCTION_NOT_PARALLEL; andre@0: }