The Tor Browser: security/nss/lib/ckfw/wrap.c@6474c204b198 (annotated)

security/nss/lib/ckfw/wrap.c@6474c204b198 (annotated)

security/nss/lib/ckfw/wrap.c

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * wrap.c
  *
  * This file contains the routines that actually implement the cryptoki
  * API, using the internal APIs of the NSS Cryptoki Framework.  There is
  * one routine here for every cryptoki routine.  For linking reasons
  * the actual entry points passed back with C_GetFunctionList have to
  * exist in one of the Module's source files; however, those are merely
  * simple wrappers that call these routines.  The intelligence of the
  * implementations is here.
  */
 #ifndef CK_T
 #include "ck.h"
 #endif /* CK_T */
 /*
  * NSSCKFWC_Initialize
  * NSSCKFWC_Finalize
  * NSSCKFWC_GetInfo
  * -- NSSCKFWC_GetFunctionList -- see the API insert file
  * NSSCKFWC_GetSlotList
  * NSSCKFWC_GetSlotInfo
  * NSSCKFWC_GetTokenInfo
  * NSSCKFWC_WaitForSlotEvent
  * NSSCKFWC_GetMechanismList
  * NSSCKFWC_GetMechanismInfo
  * NSSCKFWC_InitToken
  * NSSCKFWC_InitPIN
  * NSSCKFWC_SetPIN
  * NSSCKFWC_OpenSession
  * NSSCKFWC_CloseSession
  * NSSCKFWC_CloseAllSessions
  * NSSCKFWC_GetSessionInfo
  * NSSCKFWC_GetOperationState
  * NSSCKFWC_SetOperationState
  * NSSCKFWC_Login
  * NSSCKFWC_Logout
  * NSSCKFWC_CreateObject
  * NSSCKFWC_CopyObject
  * NSSCKFWC_DestroyObject
  * NSSCKFWC_GetObjectSize
  * NSSCKFWC_GetAttributeValue
  * NSSCKFWC_SetAttributeValue
  * NSSCKFWC_FindObjectsInit
  * NSSCKFWC_FindObjects
  * NSSCKFWC_FindObjectsFinal
  * NSSCKFWC_EncryptInit
  * NSSCKFWC_Encrypt
  * NSSCKFWC_EncryptUpdate
  * NSSCKFWC_EncryptFinal
  * NSSCKFWC_DecryptInit
  * NSSCKFWC_Decrypt
  * NSSCKFWC_DecryptUpdate
  * NSSCKFWC_DecryptFinal
  * NSSCKFWC_DigestInit
  * NSSCKFWC_Digest
  * NSSCKFWC_DigestUpdate
  * NSSCKFWC_DigestKey
  * NSSCKFWC_DigestFinal
  * NSSCKFWC_SignInit
  * NSSCKFWC_Sign
  * NSSCKFWC_SignUpdate
  * NSSCKFWC_SignFinal
  * NSSCKFWC_SignRecoverInit
  * NSSCKFWC_SignRecover
  * NSSCKFWC_VerifyInit
  * NSSCKFWC_Verify
  * NSSCKFWC_VerifyUpdate
  * NSSCKFWC_VerifyFinal
  * NSSCKFWC_VerifyRecoverInit
  * NSSCKFWC_VerifyRecover
  * NSSCKFWC_DigestEncryptUpdate
  * NSSCKFWC_DecryptDigestUpdate
  * NSSCKFWC_SignEncryptUpdate
  * NSSCKFWC_DecryptVerifyUpdate
  * NSSCKFWC_GenerateKey
  * NSSCKFWC_GenerateKeyPair
  * NSSCKFWC_WrapKey
  * NSSCKFWC_UnwrapKey
  * NSSCKFWC_DeriveKey
  * NSSCKFWC_SeedRandom
  * NSSCKFWC_GenerateRandom
  * NSSCKFWC_GetFunctionStatus
  * NSSCKFWC_CancelFunction
  */
 /* figure out out locking semantics */
 static CK_RV
 nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
                            CryptokiLockingState *pLocking_state) {
   int functionCount = 0;
   /* parsed according to (PKCS #11 Section 11.4) */
   /* no args, the degenerate version of case 1 */
   if (!pInitArgs) {
     *pLocking_state = SingleThreaded;
     return CKR_OK;
   }
   /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
   if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
     *pLocking_state = MultiThreaded;
     return CKR_OK;
   }
   if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++;
   if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++;
   if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++;
   if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++;
   /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
    * explicit case 1 */
   if (0 == functionCount) {
     *pLocking_state = SingleThreaded;
     return CKR_OK;
   }
   /* OS_LOCKING_OK is not set and functions have been supplied. Since
    * ckfw uses nssbase library which explicitly calls NSPR, and since
    * there is no way to reliably override these explicit calls to NSPR,
    * therefore we can't support applications which have their own threading
    * module.  Return CKR_CANT_LOCK if they supplied the correct number of
    * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
    * fail the initialize */
   return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
 }
 static PRInt32 liveInstances;
 /*
  * NSSCKFWC_Initialize
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Initialize
 (
   NSSCKFWInstance **pFwInstance,
   NSSCKMDInstance *mdInstance,
   CK_VOID_PTR pInitArgs
 )
 {
   CK_RV error = CKR_OK;
   CryptokiLockingState locking_state;
   if( (NSSCKFWInstance **)NULL == pFwInstance ) {
     error = CKR_GENERAL_ERROR;
     goto loser;
   }
   if (*pFwInstance) {
     error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
     goto loser;
   }
   if (!mdInstance) {
     error = CKR_GENERAL_ERROR;
     goto loser;
   }
   error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state);
   if( CKR_OK != error ) {
     goto loser;
   }
   *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
   if (!*pFwInstance) {
     goto loser;
   }
   PR_ATOMIC_INCREMENT(&liveInstances);
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CANT_LOCK:
   case CKR_CRYPTOKI_ALREADY_INITIALIZED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_NEED_TO_CREATE_THREADS:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Finalize
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Finalize
 (
   NSSCKFWInstance **pFwInstance
 )
 {
   CK_RV error = CKR_OK;
   if( (NSSCKFWInstance **)NULL == pFwInstance ) {
     error = CKR_GENERAL_ERROR;
     goto loser;
   }
   if (!*pFwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   error = nssCKFWInstance_Destroy(*pFwInstance);
   /* In any case */
   *pFwInstance = (NSSCKFWInstance *)NULL;
  loser:
   switch( error ) {
   PRInt32 remainingInstances;
   case CKR_OK:
     remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
     if (!remainingInstances) {
 	nssArena_Shutdown();
     }
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
     break;
   default:
     error = CKR_GENERAL_ERROR;
     break;
   }
   /*
    * A thread's error stack is automatically destroyed when the thread
    * terminates or, for the primordial thread, by PR_Cleanup.  On
    * Windows with MinGW, the thread private data destructor PR_Free
    * registered by this module is actually a thunk for PR_Free defined
    * in this module.  When the thread that unloads this module terminates
    * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
    * module.  Therefore we need to destroy the error stack before the
    * module is unloaded.
    */
   nss_DestroyErrorStack();
   return error;
 }
 /*
  * NSSCKFWC_GetInfo
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetInfo
 (
   NSSCKFWInstance *fwInstance,
   CK_INFO_PTR pInfo
 )
 {
   CK_RV error = CKR_OK;
   if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here means a caller error
    */
   (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
   pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
   error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
   if( CKR_OK != error ) {
     goto loser;
   }
   pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
   error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
   if( CKR_OK != error ) {
     goto loser;
   }
   pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
     break;
   default:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * C_GetFunctionList is implemented entirely in the Module's file which
  * includes the Framework API insert file.  It requires no "actual"
  * NSSCKFW routine.
  */
 /*
  * NSSCKFWC_GetSlotList
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetSlotList
 (
   NSSCKFWInstance *fwInstance,
   CK_BBOOL tokenPresent,
   CK_SLOT_ID_PTR pSlotList,
   CK_ULONG_PTR pulCount
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   switch( tokenPresent ) {
   case CK_TRUE:
   case CK_FALSE:
     break;
   default:
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
     *pulCount = nSlots;
     return CKR_OK;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
   if( *pulCount < nSlots ) {
     *pulCount = nSlots;
     error = CKR_BUFFER_TOO_SMALL;
     goto loser;
   } else {
     CK_ULONG i;
     *pulCount = nSlots;
     /*
      * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
      * just index one when we need it.
      */
     for( i = 0; i < nSlots; i++ ) {
       pSlotList[i] = i+1;
     }
     return CKR_OK;
   }
  loser:
   switch( error ) {
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetSlotInfo
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetSlotInfo
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_SLOT_INFO_PTR pInfo
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
   if( CKR_OK != error ) {
     goto loser;
   }
   error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
   if( CKR_OK != error ) {
     goto loser;
   }
   if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     pInfo->flags |= CKF_TOKEN_PRESENT;
   }
   if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
     pInfo->flags |= CKF_REMOVABLE_DEVICE;
   }
   if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
     pInfo->flags |= CKF_HW_SLOT;
   }
   pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
   pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SLOT_ID_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetTokenInfo
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetTokenInfo
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_TOKEN_INFO_PTR pInfo
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
   if( CKR_OK != error ) {
     goto loser;
   }
   error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
   if( CKR_OK != error ) {
     goto loser;
   }
   error = nssCKFWToken_GetModel(fwToken, pInfo->model);
   if( CKR_OK != error ) {
     goto loser;
   }
   error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
   if( CKR_OK != error ) {
     goto loser;
   }
   if( nssCKFWToken_GetHasRNG(fwToken) ) {
     pInfo->flags |= CKF_RNG;
   }
   if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
     pInfo->flags |= CKF_WRITE_PROTECTED;
   }
   if( nssCKFWToken_GetLoginRequired(fwToken) ) {
     pInfo->flags |= CKF_LOGIN_REQUIRED;
   }
   if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
     pInfo->flags |= CKF_USER_PIN_INITIALIZED;
   }
   if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
     pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
   }
   if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
     pInfo->flags |= CKF_CLOCK_ON_TOKEN;
   }
   if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
     pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
   }
   if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
     pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
   }
   pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
   pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
   pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
   pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
   pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
   pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
   pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
   pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
   pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
   pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
   pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
   pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
   error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_DEVICE_REMOVED:
   case CKR_TOKEN_NOT_PRESENT:
     if (fwToken)
       nssCKFWToken_Destroy(fwToken);
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_RECOGNIZED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_WaitForSlotEvent
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_WaitForSlotEvent
 (
   NSSCKFWInstance *fwInstance,
   CK_FLAGS flags,
   CK_SLOT_ID_PTR pSlot,
   CK_VOID_PTR pReserved
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   CK_BBOOL block;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   CK_ULONG i;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   if( flags & ~CKF_DONT_BLOCK ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
   if (!fwSlot) {
     goto loser;
   }
   for( i = 0; i < nSlots; i++ ) {
     if( fwSlot == slots[i] ) {
       *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
       return CKR_OK;
     }
   }
   error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
  loser:
   switch( error ) {
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_NO_EVENT:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetMechanismList
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetMechanismList
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_MECHANISM_TYPE_PTR pMechanismList,
   CK_ULONG_PTR pulCount
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   CK_ULONG count;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   count = nssCKFWToken_GetMechanismCount(fwToken);
   if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
     *pulCount = count;
     return CKR_OK;
   }
   if( *pulCount < count ) {
     *pulCount = count;
     error = CKR_BUFFER_TOO_SMALL;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
   *pulCount = count;
   if( 0 != count ) {
     error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
   } else {
     error = CKR_OK;
   }
   if( CKR_OK == error ) {
     return CKR_OK;
   }
  loser:
   switch( error ) {
   case CKR_DEVICE_REMOVED:
   case CKR_TOKEN_NOT_PRESENT:
     if (fwToken)
       nssCKFWToken_Destroy(fwToken);
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_RECOGNIZED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetMechanismInfo
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetMechanismInfo
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_MECHANISM_TYPE type,
   CK_MECHANISM_INFO_PTR pInfo
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
   if (!fwMechanism) {
     goto loser;
   }
   pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
   pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
   if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) {
     pInfo->flags |= CKF_HW;
   }
   if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) {
     pInfo->flags |= CKF_ENCRYPT;
   }
   if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) {
     pInfo->flags |= CKF_DECRYPT;
   }
   if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) {
     pInfo->flags |= CKF_DIGEST;
   }
   if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) {
     pInfo->flags |= CKF_SIGN;
   }
   if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) {
     pInfo->flags |= CKF_SIGN_RECOVER;
   }
   if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) {
     pInfo->flags |= CKF_VERIFY;
   }
   if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) {
     pInfo->flags |= CKF_VERIFY_RECOVER;
   }
   if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) {
     pInfo->flags |= CKF_GENERATE;
   }
   if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) {
     pInfo->flags |= CKF_GENERATE_KEY_PAIR;
   }
   if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) {
     pInfo->flags |= CKF_WRAP;
   }
   if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) {
     pInfo->flags |= CKF_UNWRAP;
   }
   if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) {
     pInfo->flags |= CKF_DERIVE;
   }
   nssCKFWMechanism_Destroy(fwMechanism);
   return error;
  loser:
   switch( error ) {
   case CKR_DEVICE_REMOVED:
   case CKR_TOKEN_NOT_PRESENT:
     if (fwToken)
       nssCKFWToken_Destroy(fwToken);
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_MECHANISM_INVALID:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_RECOGNIZED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_InitToken
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_InitToken
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_CHAR_PTR pPin,
   CK_ULONG ulPinLen,
   CK_CHAR_PTR pLabel
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   NSSItem pin;
   NSSUTF8 *label;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   pin.size = (PRUint32)ulPinLen;
   pin.data = (void *)pPin;
   label = (NSSUTF8 *)pLabel; /* identity conversion */
   error = nssCKFWToken_InitToken(fwToken, &pin, label);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_DEVICE_REMOVED:
   case CKR_TOKEN_NOT_PRESENT:
     if (fwToken)
       nssCKFWToken_Destroy(fwToken);
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_PIN_INCORRECT:
   case CKR_PIN_LOCKED:
   case CKR_SESSION_EXISTS:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_RECOGNIZED:
   case CKR_TOKEN_WRITE_PROTECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_InitPIN
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_InitPIN
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_CHAR_PTR pPin,
   CK_ULONG ulPinLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSItem pin, *arg;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
     arg = (NSSItem *)NULL;
   } else {
     arg = &pin;
     pin.size = (PRUint32)ulPinLen;
     pin.data = (void *)pPin;
   }
   error = nssCKFWSession_InitPIN(fwSession, arg);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_PIN_INVALID:
   case CKR_PIN_LEN_RANGE:
   case CKR_SESSION_READ_ONLY:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SetPIN
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SetPIN
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_CHAR_PTR pOldPin,
   CK_ULONG ulOldLen,
   CK_CHAR_PTR pNewPin,
   CK_ULONG ulNewLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSItem oldPin, newPin, *oldArg, *newArg;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
     oldArg = (NSSItem *)NULL;
   } else {
     oldArg = &oldPin;
     oldPin.size = (PRUint32)ulOldLen;
     oldPin.data = (void *)pOldPin;
   }
   if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
     newArg = (NSSItem *)NULL;
   } else {
     newArg = &newPin;
     newPin.size = (PRUint32)ulNewLen;
     newPin.data = (void *)pNewPin;
   }
   error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_PIN_INCORRECT:
   case CKR_PIN_INVALID:
   case CKR_PIN_LEN_RANGE:
   case CKR_PIN_LOCKED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TOKEN_WRITE_PROTECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_OpenSession
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_OpenSession
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID,
   CK_FLAGS flags,
   CK_VOID_PTR pApplication,
   CK_NOTIFY Notify,
   CK_SESSION_HANDLE_PTR phSession
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   NSSCKFWSession *fwSession;
   CK_BBOOL rw;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   if( flags & CKF_RW_SESSION ) {
     rw = CK_TRUE;
   } else {
     rw = CK_FALSE;
   }
   if( flags & CKF_SERIAL_SESSION ) {
     ;
   } else {
     error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
     goto loser;
   }
   if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   *phSession = (CK_SESSION_HANDLE)0;
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
                Notify, &error);
   if (!fwSession) {
     goto loser;
   }
   *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
                  fwSession, &error);
   if( (CK_SESSION_HANDLE)0 == *phSession ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SESSION_COUNT:
   case CKR_SESSION_EXISTS:
   case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
   case CKR_SESSION_READ_WRITE_SO_EXISTS:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_PRESENT:
   case CKR_TOKEN_NOT_RECOGNIZED:
   case CKR_TOKEN_WRITE_PROTECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_CloseSession
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_CloseSession
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
   error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_CloseAllSessions
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_CloseAllSessions
 (
   NSSCKFWInstance *fwInstance,
   CK_SLOT_ID slotID
 )
 {
   CK_RV error = CKR_OK;
   CK_ULONG nSlots;
   NSSCKFWSlot **slots;
   NSSCKFWSlot *fwSlot;
   NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
   if( (CK_ULONG)0 == nSlots ) {
     goto loser;
   }
   if( (slotID < 1) || (slotID > nSlots) ) {
     error = CKR_SLOT_ID_INVALID;
     goto loser;
   }
   slots = nssCKFWInstance_GetSlots(fwInstance, &error);
   if( (NSSCKFWSlot **)NULL == slots ) {
     goto loser;
   }
   fwSlot = slots[ slotID-1 ];
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   error = nssCKFWToken_CloseAllSessions(fwToken);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SLOT_ID_INVALID:
   case CKR_TOKEN_NOT_PRESENT:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetSessionInfo
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetSessionInfo
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_SESSION_INFO_PTR pInfo
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWSlot *fwSlot;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR;
     goto loser;
   }
   pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
   pInfo->state = nssCKFWSession_GetSessionState(fwSession);
   if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
     pInfo->flags |= CKF_RW_SESSION;
   }
   pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
   pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetOperationState
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetOperationState
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pOperationState,
   CK_ULONG_PTR pulOperationStateLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   CK_ULONG len;
   NSSItem buf;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
   if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
     goto loser;
   }
   if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
     *pulOperationStateLen = len;
     return CKR_OK;
   }
   if( *pulOperationStateLen < len ) {
     *pulOperationStateLen = len;
     error = CKR_BUFFER_TOO_SMALL;
     goto loser;
   }
   buf.size = (PRUint32)*pulOperationStateLen;
   buf.data = (void *)pOperationState;
   *pulOperationStateLen = len;
   error = nssCKFWSession_GetOperationState(fwSession, &buf);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_STATE_UNSAVEABLE:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SetOperationState
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SetOperationState
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pOperationState,
   CK_ULONG ulOperationStateLen,
   CK_OBJECT_HANDLE hEncryptionKey,
   CK_OBJECT_HANDLE hAuthenticationKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *eKey;
   NSSCKFWObject *aKey;
   NSSItem state;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * We could loop through the buffer, to catch any purify errors
    * in a place with a "user error" note.
    */
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
     eKey = (NSSCKFWObject *)NULL;
   } else {
     eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
     if (!eKey) {
       error = CKR_KEY_HANDLE_INVALID;
       goto loser;
     }
   }
   if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
     aKey = (NSSCKFWObject *)NULL;
   } else {
     aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
     if (!aKey) {
       error = CKR_KEY_HANDLE_INVALID;
       goto loser;
     }
   }
   state.data = pOperationState;
   state.size = ulOperationStateLen;
   error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_CHANGED:
   case CKR_KEY_NEEDED:
   case CKR_KEY_NOT_NEEDED:
   case CKR_SAVED_STATE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Login
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Login
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_USER_TYPE userType,
   CK_CHAR_PTR pPin,
   CK_ULONG ulPinLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSItem pin, *arg;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
     arg = (NSSItem *)NULL;
   } else {
     arg = &pin;
     pin.size = (PRUint32)ulPinLen;
     pin.data = (void *)pPin;
   }
   error = nssCKFWSession_Login(fwSession, userType, arg);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_PIN_EXPIRED:
   case CKR_PIN_INCORRECT:
   case CKR_PIN_LOCKED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY_EXISTS:
   case CKR_USER_ALREADY_LOGGED_IN:
   case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
   case CKR_USER_PIN_NOT_INITIALIZED:
   case CKR_USER_TOO_MANY_TYPES:
   case CKR_USER_TYPE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Logout
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Logout
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Logout(fwSession);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_CreateObject
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_CreateObject
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount,
   CK_OBJECT_HANDLE_PTR phObject
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   *phObject = (CK_OBJECT_HANDLE)0;
   fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
                ulCount, &error);
   if (!fwObject) {
     goto loser;
   }
   *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
   if( (CK_OBJECT_HANDLE)0 == *phObject ) {
     nssCKFWObject_Destroy(fwObject);
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCOMPLETE:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_CopyObject
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_CopyObject
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hObject,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount,
   CK_OBJECT_HANDLE_PTR phNewObject
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWObject *fwNewObject;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   *phNewObject = (CK_OBJECT_HANDLE)0;
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
   if (!fwObject) {
     error = CKR_OBJECT_HANDLE_INVALID;
     goto loser;
   }
   fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
                   pTemplate, ulCount, &error);
   if (!fwNewObject) {
     goto loser;
   }
   *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
                    fwNewObject, &error);
   if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
     nssCKFWObject_Destroy(fwNewObject);
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OBJECT_HANDLE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DestroyObject
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DestroyObject
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hObject
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
   if (!fwObject) {
     error = CKR_OBJECT_HANDLE_INVALID;
     goto loser;
   }
   nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
   nssCKFWObject_Destroy(fwObject);
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OBJECT_HANDLE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TOKEN_WRITE_PROTECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetObjectSize
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetObjectSize
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hObject,
   CK_ULONG_PTR pulSize
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
   if (!fwObject) {
     error = CKR_OBJECT_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   *pulSize = (CK_ULONG)0;
   *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
   if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_INFORMATION_SENSITIVE:
   case CKR_OBJECT_HANDLE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetAttributeValue
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetAttributeValue
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hObject,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   CK_BBOOL sensitive = CK_FALSE;
   CK_BBOOL invalid = CK_FALSE;
   CK_BBOOL tooSmall = CK_FALSE;
   CK_ULONG i;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
   if (!fwObject) {
     error = CKR_OBJECT_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   for( i = 0; i < ulCount; i++ ) {
     CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
                       pTemplate[i].type, &error);
     if( (CK_ULONG)0 == size ) {
       switch( error ) {
       case CKR_ATTRIBUTE_SENSITIVE:
       case CKR_INFORMATION_SENSITIVE:
         sensitive = CK_TRUE;
         pTemplate[i].ulValueLen = (CK_ULONG)(-1);
         continue;
       case CKR_ATTRIBUTE_TYPE_INVALID:
         invalid = CK_TRUE;
         pTemplate[i].ulValueLen = (CK_ULONG)(-1);
         continue;
       case CKR_OK:
         break;
       default:
         goto loser;
       }
     }
     if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) {
       pTemplate[i].ulValueLen = size;
     } else {
       NSSItem it, *p;
       if( pTemplate[i].ulValueLen < size ) {
         tooSmall = CK_TRUE;
         continue;
       }
       it.size = (PRUint32)pTemplate[i].ulValueLen;
       it.data = (void *)pTemplate[i].pValue;
       p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
             (NSSArena *)NULL, &error);
       if (!p) {
         switch( error ) {
         case CKR_ATTRIBUTE_SENSITIVE:
         case CKR_INFORMATION_SENSITIVE:
           sensitive = CK_TRUE;
           pTemplate[i].ulValueLen = (CK_ULONG)(-1);
           continue;
         case CKR_ATTRIBUTE_TYPE_INVALID:
           invalid = CK_TRUE;
           pTemplate[i].ulValueLen = (CK_ULONG)(-1);
           continue;
         default:
           goto loser;
         }
       }
       pTemplate[i].ulValueLen = size;
     }
   }
   if( sensitive ) {
     error = CKR_ATTRIBUTE_SENSITIVE;
     goto loser;
   } else if( invalid ) {
     error = CKR_ATTRIBUTE_TYPE_INVALID;
     goto loser;
   } else if( tooSmall ) {
     error = CKR_BUFFER_TOO_SMALL;
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ATTRIBUTE_SENSITIVE:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OBJECT_HANDLE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SetAttributeValue
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SetAttributeValue
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hObject,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   CK_ULONG i;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
   if (!fwObject) {
     error = CKR_OBJECT_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   for (i=0; i < ulCount; i++) {
     NSSItem value;
     value.data = pTemplate[i].pValue;
     value.size = pTemplate[i].ulValueLen;
     error = nssCKFWObject_SetAttribute(fwObject, fwSession,
                                        pTemplate[i].type, &value);
     if( CKR_OK != error ) {
       goto loser;
     }
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OBJECT_HANDLE_INVALID:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_FindObjectsInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_FindObjectsInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWFindObjects *fwFindObjects;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
   if (fwFindObjects) {
     error = CKR_OPERATION_ACTIVE;
     goto loser;
   }
   if( CKR_OPERATION_NOT_INITIALIZED != error ) {
     goto loser;
   }
   fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
                     pTemplate, ulCount, &error);
   if (!fwFindObjects) {
     goto loser;
   }
   error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
   if( CKR_OK != error ) {
     nssCKFWFindObjects_Destroy(fwFindObjects);
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_ACTIVE:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_FindObjects
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_FindObjects
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE_PTR phObject,
   CK_ULONG ulMaxObjectCount,
   CK_ULONG_PTR pulObjectCount
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWFindObjects *fwFindObjects;
   CK_ULONG i;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount);
   *pulObjectCount = (CK_ULONG)0;
   fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
   if (!fwFindObjects) {
     goto loser;
   }
   for( i = 0; i < ulMaxObjectCount; i++ ) {
     NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects,
                                 NULL, &error);
     if (!fwObject) {
       break;
     }
     phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject);
     if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
       phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
     }
     if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
       /* This isn't right either, is it? */
       nssCKFWObject_Destroy(fwObject);
       goto loser;
     }
   }
   *pulObjectCount = i;
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_FindObjectsFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_FindObjectsFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWFindObjects *fwFindObjects;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
   if (!fwFindObjects) {
     error = CKR_OPERATION_NOT_INITIALIZED;
     goto loser;
   }
   nssCKFWFindObjects_Destroy(fwFindObjects);
   error = nssCKFWSession_SetFWFindObjects(fwSession,
                                           (NSSCKFWFindObjects *)NULL);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_EncryptInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_EncryptInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism,
                                         fwSession, fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Encrypt
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Encrypt
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen,
   CK_BYTE_PTR pEncryptedData,
   CK_ULONG_PTR pulEncryptedDataLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_Encrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_INVALID:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_CLOSED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_EncryptUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_EncryptUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pPart,
   CK_ULONG ulPartLen,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG_PTR pulEncryptedPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Update(fwSession,
            NSSCKFWCryptoOperationType_Encrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_EncryptFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_EncryptFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pLastEncryptedPart,
   CK_ULONG_PTR pulLastEncryptedPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Final(fwSession,
            NSSCKFWCryptoOperationType_Encrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pLastEncryptedPart, pulLastEncryptedPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DecryptInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DecryptInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism,
                                        fwSession, fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Decrypt
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Decrypt
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pEncryptedData,
   CK_ULONG ulEncryptedDataLen,
   CK_BYTE_PTR pData,
   CK_ULONG_PTR pulDataLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_Decrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_ENCRYPTED_DATA_INVALID:
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   case CKR_DATA_LEN_RANGE:
     error = CKR_ENCRYPTED_DATA_LEN_RANGE;
     break;
   case CKR_DATA_INVALID:
     error = CKR_ENCRYPTED_DATA_INVALID;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DecryptUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DecryptUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG ulEncryptedPartLen,
   CK_BYTE_PTR pPart,
   CK_ULONG_PTR pulPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Update(fwSession,
            NSSCKFWCryptoOperationType_Decrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_ENCRYPTED_DATA_INVALID:
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   case CKR_DATA_LEN_RANGE:
     error = CKR_ENCRYPTED_DATA_LEN_RANGE;
     break;
   case CKR_DATA_INVALID:
     error = CKR_ENCRYPTED_DATA_INVALID;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DecryptFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DecryptFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pLastPart,
   CK_ULONG_PTR pulLastPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Final(fwSession,
            NSSCKFWCryptoOperationType_Decrypt,
            NSSCKFWCryptoOperationState_EncryptDecrypt,
            pLastPart, pulLastPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_FAILED:
   case CKR_FUNCTION_CANCELED:
   case CKR_ENCRYPTED_DATA_INVALID:
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   case CKR_DATA_LEN_RANGE:
     error = CKR_ENCRYPTED_DATA_LEN_RANGE;
     break;
   case CKR_DATA_INVALID:
     error = CKR_ENCRYPTED_DATA_INVALID;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DigestInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DigestInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Digest
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Digest
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen,
   CK_BYTE_PTR pDigest,
   CK_ULONG_PTR pulDigestLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_Digest,
            NSSCKFWCryptoOperationState_Digest,
            pData, ulDataLen, pDigest, pulDigestLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DigestUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DigestUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_DigestUpdate(fwSession,
            NSSCKFWCryptoOperationType_Digest,
            NSSCKFWCryptoOperationState_Digest,
            pData, ulDataLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DigestKey
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DigestKey
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_DigestKey(fwSession, fwObject);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_INDIGESTIBLE:
   case CKR_KEY_SIZE_RANGE:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DigestFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DigestFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pDigest,
   CK_ULONG_PTR pulDigestLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Final(fwSession,
            NSSCKFWCryptoOperationType_Digest,
            NSSCKFWCryptoOperationState_Digest,
            pDigest, pulDigestLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession,
                                     fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Sign
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Sign
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen,
   CK_BYTE_PTR pSignature,
   CK_ULONG_PTR pulSignatureLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_Sign,
            NSSCKFWCryptoOperationState_SignVerify,
            pData, ulDataLen, pSignature, pulSignatureLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_INVALID:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
   case CKR_FUNCTION_REJECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pPart,
   CK_ULONG ulPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_DigestUpdate(fwSession,
            NSSCKFWCryptoOperationType_Sign,
            NSSCKFWCryptoOperationState_SignVerify,
            pPart, ulPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pSignature,
   CK_ULONG_PTR pulSignatureLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Final(fwSession,
            NSSCKFWCryptoOperationType_Sign,
            NSSCKFWCryptoOperationState_SignVerify,
            pSignature, pulSignatureLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
   case CKR_FUNCTION_REJECTED:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignRecoverInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignRecoverInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession,
                                            fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignRecover
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignRecover
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen,
   CK_BYTE_PTR pSignature,
   CK_ULONG_PTR pulSignatureLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_SignRecover,
            NSSCKFWCryptoOperationState_SignVerify,
            pData, ulDataLen, pSignature, pulSignatureLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_INVALID:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_VerifyInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_VerifyInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession,
                                       fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_Verify
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_Verify
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pData,
   CK_ULONG ulDataLen,
   CK_BYTE_PTR pSignature,
   CK_ULONG ulSignatureLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_Verify,
            NSSCKFWCryptoOperationState_SignVerify,
            pData, ulDataLen, pSignature, &ulSignatureLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_INVALID:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SIGNATURE_INVALID:
   case CKR_SIGNATURE_LEN_RANGE:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_VerifyUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_VerifyUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pPart,
   CK_ULONG ulPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_DigestUpdate(fwSession,
            NSSCKFWCryptoOperationType_Verify,
            NSSCKFWCryptoOperationState_SignVerify,
            pPart, ulPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_VerifyFinal
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_VerifyFinal
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pSignature,
   CK_ULONG ulSignatureLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_Final(fwSession,
            NSSCKFWCryptoOperationType_Verify,
            NSSCKFWCryptoOperationState_SignVerify,
            pSignature, &ulSignatureLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SIGNATURE_INVALID:
   case CKR_SIGNATURE_LEN_RANGE:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_VerifyRecoverInit
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_VerifyRecoverInit
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism,
                                              fwSession, fwObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_FUNCTION_NOT_PERMITTED:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_CLOSED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_VerifyRecover
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_VerifyRecover
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pSignature,
   CK_ULONG ulSignatureLen,
   CK_BYTE_PTR pData,
   CK_ULONG_PTR pulDataLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateFinal(fwSession,
            NSSCKFWCryptoOperationType_VerifyRecover,
            NSSCKFWCryptoOperationState_SignVerify,
            pSignature, ulSignatureLen, pData, pulDataLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_INVALID:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SIGNATURE_INVALID:
   case CKR_SIGNATURE_LEN_RANGE:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DigestEncryptUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DigestEncryptUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pPart,
   CK_ULONG ulPartLen,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG_PTR pulEncryptedPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateCombo(fwSession,
            NSSCKFWCryptoOperationType_Encrypt,
            NSSCKFWCryptoOperationType_Digest,
            NSSCKFWCryptoOperationState_Digest,
            pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DecryptDigestUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DecryptDigestUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG ulEncryptedPartLen,
   CK_BYTE_PTR pPart,
   CK_ULONG_PTR pulPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateCombo(fwSession,
            NSSCKFWCryptoOperationType_Decrypt,
            NSSCKFWCryptoOperationType_Digest,
            NSSCKFWCryptoOperationState_Digest,
            pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_ENCRYPTED_DATA_INVALID:
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   case CKR_DATA_INVALID:
     error = CKR_ENCRYPTED_DATA_INVALID;
     break;
   case CKR_DATA_LEN_RANGE:
     error = CKR_ENCRYPTED_DATA_LEN_RANGE;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SignEncryptUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SignEncryptUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pPart,
   CK_ULONG ulPartLen,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG_PTR pulEncryptedPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateCombo(fwSession,
            NSSCKFWCryptoOperationType_Encrypt,
            NSSCKFWCryptoOperationType_Sign,
            NSSCKFWCryptoOperationState_SignVerify,
            pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DecryptVerifyUpdate
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DecryptVerifyUpdate
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pEncryptedPart,
   CK_ULONG ulEncryptedPartLen,
   CK_BYTE_PTR pPart,
   CK_ULONG_PTR pulPartLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   error = nssCKFWSession_UpdateCombo(fwSession,
            NSSCKFWCryptoOperationType_Decrypt,
            NSSCKFWCryptoOperationType_Verify,
            NSSCKFWCryptoOperationState_SignVerify,
            pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DATA_LEN_RANGE:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_ENCRYPTED_DATA_INVALID:
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_NOT_INITIALIZED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
     break;
   case CKR_DATA_INVALID:
     error = CKR_ENCRYPTED_DATA_INVALID;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GenerateKey
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GenerateKey
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   fwObject = nssCKFWMechanism_GenerateKey(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 pTemplate,
                 ulCount,
                 &error);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (!fwObject) {
     goto loser;
   }
   *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCOMPLETE:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GenerateKeyPair
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GenerateKeyPair
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_ATTRIBUTE_PTR pPublicKeyTemplate,
   CK_ULONG ulPublicKeyAttributeCount,
   CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
   CK_ULONG ulPrivateKeyAttributeCount,
   CK_OBJECT_HANDLE_PTR phPublicKey,
   CK_OBJECT_HANDLE_PTR phPrivateKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwPrivateKeyObject;
   NSSCKFWObject *fwPublicKeyObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   error= nssCKFWMechanism_GenerateKeyPair(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 pPublicKeyTemplate,
                 ulPublicKeyAttributeCount,
                 pPublicKeyTemplate,
                 ulPublicKeyAttributeCount,
                 &fwPublicKeyObject,
                 &fwPrivateKeyObject);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (CKR_OK != error) {
     goto loser;
   }
   *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
                                                  fwPublicKeyObject,
                                                  &error);
   if (CKR_OK != error) {
     goto loser;
   }
   *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
                                                  fwPrivateKeyObject,
                                                  &error);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_DOMAIN_PARAMS_INVALID:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCOMPLETE:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_WrapKey
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_WrapKey
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hWrappingKey,
   CK_OBJECT_HANDLE hKey,
   CK_BYTE_PTR pWrappedKey,
   CK_ULONG_PTR pulWrappedKeyLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwKeyObject;
   NSSCKFWObject *fwWrappingKeyObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   NSSItem  wrappedKey;
   CK_ULONG wrappedKeyLength = 0;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
                                                             hWrappingKey);
   if (!fwWrappingKeyObject) {
     error = CKR_WRAPPING_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
   if (!fwKeyObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   /*
    * first get the length...
    */
   wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 fwWrappingKeyObject,
                 fwKeyObject,
                 &error);
   if ((CK_ULONG) 0 == wrappedKeyLength) {
     nssCKFWMechanism_Destroy(fwMechanism);
     goto loser;
   }
   if ((CK_BYTE_PTR)NULL == pWrappedKey) {
     *pulWrappedKeyLen = wrappedKeyLength;
     nssCKFWMechanism_Destroy(fwMechanism);
     return CKR_OK;
   }
   if (wrappedKeyLength > *pulWrappedKeyLen) {
     *pulWrappedKeyLen = wrappedKeyLength;
     nssCKFWMechanism_Destroy(fwMechanism);
     error = CKR_BUFFER_TOO_SMALL;
     goto loser;
   }
   wrappedKey.data = pWrappedKey;
   wrappedKey.size = wrappedKeyLength;
   error = nssCKFWMechanism_WrapKey(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 fwWrappingKeyObject,
                 fwKeyObject,
                 &wrappedKey);
   nssCKFWMechanism_Destroy(fwMechanism);
   *pulWrappedKeyLen = wrappedKey.size;
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_NOT_WRAPPABLE:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_UNEXTRACTABLE:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_WRAPPING_KEY_HANDLE_INVALID:
   case CKR_WRAPPING_KEY_SIZE_RANGE:
   case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
     break;
   case CKR_KEY_TYPE_INCONSISTENT:
     error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_UnwrapKey
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_UnwrapKey
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hUnwrappingKey,
   CK_BYTE_PTR pWrappedKey,
   CK_ULONG ulWrappedKeyLen,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulAttributeCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWObject *fwWrappingKeyObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   NSSItem  wrappedKey;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
                                                             hUnwrappingKey);
   if (!fwWrappingKeyObject) {
     error = CKR_WRAPPING_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   wrappedKey.data = pWrappedKey;
   wrappedKey.size = ulWrappedKeyLen;
   fwObject = nssCKFWMechanism_UnwrapKey(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 fwWrappingKeyObject,
                 &wrappedKey,
                 pTemplate,
                 ulAttributeCount,
                 &error);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (!fwObject) {
     goto loser;
   }
   *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_BUFFER_TOO_SMALL:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_DOMAIN_PARAMS_INVALID:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCOMPLETE:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
   case CKR_UNWRAPPING_KEY_SIZE_RANGE:
   case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
   case CKR_USER_NOT_LOGGED_IN:
   case CKR_WRAPPED_KEY_INVALID:
   case CKR_WRAPPED_KEY_LEN_RANGE:
     break;
   case CKR_KEY_HANDLE_INVALID:
     error = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
     break;
   case CKR_KEY_SIZE_RANGE:
     error = CKR_UNWRAPPING_KEY_SIZE_RANGE;
     break;
   case CKR_KEY_TYPE_INCONSISTENT:
     error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
     break;
   case CKR_ENCRYPTED_DATA_INVALID:
     error = CKR_WRAPPED_KEY_INVALID;
     break;
   case CKR_ENCRYPTED_DATA_LEN_RANGE:
     error = CKR_WRAPPED_KEY_LEN_RANGE;
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_DeriveKey
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_DeriveKey
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_MECHANISM_PTR pMechanism,
   CK_OBJECT_HANDLE hBaseKey,
   CK_ATTRIBUTE_PTR pTemplate,
   CK_ULONG ulAttributeCount,
   CK_OBJECT_HANDLE_PTR phKey
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSCKFWObject *fwObject;
   NSSCKFWObject *fwBaseKeyObject;
   NSSCKFWSlot  *fwSlot;
   NSSCKFWToken  *fwToken;
   NSSCKFWMechanism *fwMechanism;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey);
   if (!fwBaseKeyObject) {
     error = CKR_KEY_HANDLE_INVALID;
     goto loser;
   }
   fwSlot = nssCKFWSession_GetFWSlot(fwSession);
   if (!fwSlot) {
     error = CKR_GENERAL_ERROR; /* should never happen! */
     goto loser;
   }
   if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
     error = CKR_TOKEN_NOT_PRESENT;
     goto loser;
   }
   fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
   if (!fwToken) {
     goto loser;
   }
   fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
   if (!fwMechanism) {
     goto loser;
   }
   fwObject = nssCKFWMechanism_DeriveKey(
                 fwMechanism,
                 pMechanism,
                 fwSession,
                 fwBaseKeyObject,
                 pTemplate,
                 ulAttributeCount,
                 &error);
   nssCKFWMechanism_Destroy(fwMechanism);
   if (!fwObject) {
     goto loser;
   }
   *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
   if (CKR_OK == error) {
     return CKR_OK;
   }
 loser:
   /* verify error */
   switch( error ) {
   case CKR_ARGUMENTS_BAD:
   case CKR_ATTRIBUTE_READ_ONLY:
   case CKR_ATTRIBUTE_TYPE_INVALID:
   case CKR_ATTRIBUTE_VALUE_INVALID:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_DEVICE_REMOVED:
   case CKR_DOMAIN_PARAMS_INVALID:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_KEY_HANDLE_INVALID:
   case CKR_KEY_SIZE_RANGE:
   case CKR_KEY_TYPE_INCONSISTENT:
   case CKR_MECHANISM_INVALID:
   case CKR_MECHANISM_PARAM_INVALID:
   case CKR_OPERATION_ACTIVE:
   case CKR_PIN_EXPIRED:
   case CKR_SESSION_CLOSED:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_SESSION_READ_ONLY:
   case CKR_TEMPLATE_INCOMPLETE:
   case CKR_TEMPLATE_INCONSISTENT:
   case CKR_TOKEN_WRITE_PROTECTED:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_SeedRandom
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_SeedRandom
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pSeed,
   CK_ULONG ulSeedLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSItem seed;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /* We could read through the buffer in a Purify trap */
   seed.size = (PRUint32)ulSeedLen;
   seed.data = (void *)pSeed;
   error = nssCKFWSession_SeedRandom(fwSession, &seed);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_ACTIVE:
   case CKR_RANDOM_SEED_NOT_SUPPORTED:
   case CKR_RANDOM_NO_RNG:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GenerateRandom
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GenerateRandom
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession,
   CK_BYTE_PTR pRandomData,
   CK_ULONG ulRandomLen
 )
 {
   CK_RV error = CKR_OK;
   NSSCKFWSession *fwSession;
   NSSItem buffer;
   if (!fwInstance) {
     error = CKR_CRYPTOKI_NOT_INITIALIZED;
     goto loser;
   }
   fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
   if (!fwSession) {
     error = CKR_SESSION_HANDLE_INVALID;
     goto loser;
   }
   if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) {
     error = CKR_ARGUMENTS_BAD;
     goto loser;
   }
   /*
    * A purify error here indicates caller error.
    */
   (void)nsslibc_memset(pRandomData, 0, ulRandomLen);
   buffer.size = (PRUint32)ulRandomLen;
   buffer.data = (void *)pRandomData;
   error = nssCKFWSession_GetRandom(fwSession, &buffer);
   if( CKR_OK != error ) {
     goto loser;
   }
   return CKR_OK;
  loser:
   switch( error ) {
   case CKR_SESSION_CLOSED:
     /* destroy session? */
     break;
   case CKR_DEVICE_REMOVED:
     /* (void)nssCKFWToken_Destroy(fwToken); */
     break;
   case CKR_ARGUMENTS_BAD:
   case CKR_CRYPTOKI_NOT_INITIALIZED:
   case CKR_DEVICE_ERROR:
   case CKR_DEVICE_MEMORY:
   case CKR_FUNCTION_CANCELED:
   case CKR_FUNCTION_FAILED:
   case CKR_GENERAL_ERROR:
   case CKR_HOST_MEMORY:
   case CKR_OPERATION_ACTIVE:
   case CKR_RANDOM_NO_RNG:
   case CKR_SESSION_HANDLE_INVALID:
   case CKR_USER_NOT_LOGGED_IN:
     break;
   default:
   case CKR_OK:
     error = CKR_GENERAL_ERROR;
     break;
   }
   return error;
 }
 /*
  * NSSCKFWC_GetFunctionStatus
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_GetFunctionStatus
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession
 )
 {
   return CKR_FUNCTION_NOT_PARALLEL;
 }
 /*
  * NSSCKFWC_CancelFunction
  *
  */
 NSS_IMPLEMENT CK_RV
 NSSCKFWC_CancelFunction
 (
   NSSCKFWInstance *fwInstance,
   CK_SESSION_HANDLE hSession
 )
 {
   return CKR_FUNCTION_NOT_PARALLEL;
 }

The Tor Browser / annotate

security/nss/lib/ckfw/wrap.c@6474c204b198 (annotated)

security/nss/lib/ckfw/wrap.c