1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ckfw/mechanism.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1182 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * mechanism.c
1.10 + *
1.11 + * This file implements the NSSCKFWMechanism type and methods.
1.12 + */
1.13 +
1.14 +#ifndef CK_T
1.15 +#include "ck.h"
1.16 +#endif /* CK_T */
1.17 +
1.18 +/*
1.19 + * NSSCKFWMechanism
1.20 + *
1.21 + * -- create/destroy --
1.22 + * nssCKFWMechanism_Create
1.23 + * nssCKFWMechanism_Destroy
1.24 + *
1.25 + * -- implement public accessors --
1.26 + * nssCKFWMechanism_GetMDMechanism
1.27 + * nssCKFWMechanism_GetParameter
1.28 + *
1.29 + * -- private accessors --
1.30 + *
1.31 + * -- module fronts --
1.32 + * nssCKFWMechanism_GetMinKeySize
1.33 + * nssCKFWMechanism_GetMaxKeySize
1.34 + * nssCKFWMechanism_GetInHardware
1.35 + * nssCKFWMechanism_GetCanEncrypt
1.36 + * nssCKFWMechanism_GetCanDecrypt
1.37 + * nssCKFWMechanism_GetCanDigest
1.38 + * nssCKFWMechanism_GetCanSign
1.39 + * nssCKFWMechanism_GetCanSignRecover
1.40 + * nssCKFWMechanism_GetCanVerify
1.41 + * nssCKFWMechanism_GetCanGenerate
1.42 + * nssCKFWMechanism_GetCanGenerateKeyPair
1.43 + * nssCKFWMechanism_GetCanUnwrap
1.44 + * nssCKFWMechanism_GetCanWrap
1.45 + * nssCKFWMechanism_GetCanDerive
1.46 + * nssCKFWMechanism_EncryptInit
1.47 + * nssCKFWMechanism_DecryptInit
1.48 + * nssCKFWMechanism_DigestInit
1.49 + * nssCKFWMechanism_SignInit
1.50 + * nssCKFWMechanism_VerifyInit
1.51 + * nssCKFWMechanism_SignRecoverInit
1.52 + * nssCKFWMechanism_VerifyRecoverInit
1.53 + * nssCKFWMechanism_GenerateKey
1.54 + * nssCKFWMechanism_GenerateKeyPair
1.55 + * nssCKFWMechanism_GetWrapKeyLength
1.56 + * nssCKFWMechanism_WrapKey
1.57 + * nssCKFWMechanism_UnwrapKey
1.58 + * nssCKFWMechanism_DeriveKey
1.59 + */
1.60 +
1.61 +
1.62 +struct NSSCKFWMechanismStr {
1.63 + NSSCKMDMechanism *mdMechanism;
1.64 + NSSCKMDToken *mdToken;
1.65 + NSSCKFWToken *fwToken;
1.66 + NSSCKMDInstance *mdInstance;
1.67 + NSSCKFWInstance *fwInstance;
1.68 +};
1.69 +
1.70 +/*
1.71 + * nssCKFWMechanism_Create
1.72 + *
1.73 + */
1.74 +NSS_IMPLEMENT NSSCKFWMechanism *
1.75 +nssCKFWMechanism_Create
1.76 +(
1.77 + NSSCKMDMechanism *mdMechanism,
1.78 + NSSCKMDToken *mdToken,
1.79 + NSSCKFWToken *fwToken,
1.80 + NSSCKMDInstance *mdInstance,
1.81 + NSSCKFWInstance *fwInstance
1.82 +)
1.83 +{
1.84 + NSSCKFWMechanism *fwMechanism;
1.85 +
1.86 +
1.87 + fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
1.88 + if (!fwMechanism) {
1.89 + return (NSSCKFWMechanism *)NULL;
1.90 + }
1.91 + fwMechanism->mdMechanism = mdMechanism;
1.92 + fwMechanism->mdToken = mdToken;
1.93 + fwMechanism->fwToken = fwToken;
1.94 + fwMechanism->mdInstance = mdInstance;
1.95 + fwMechanism->fwInstance = fwInstance;
1.96 + return fwMechanism;
1.97 +}
1.98 +
1.99 +/*
1.100 + * nssCKFWMechanism_Destroy
1.101 + *
1.102 + */
1.103 +NSS_IMPLEMENT void
1.104 +nssCKFWMechanism_Destroy
1.105 +(
1.106 + NSSCKFWMechanism *fwMechanism
1.107 +)
1.108 +{
1.109 + /* destroy any fw resources held by nssCKFWMechanism (currently none) */
1.110 +
1.111 + if (!fwMechanism->mdMechanism->Destroy) {
1.112 + /* destroys it's parent as well */
1.113 + fwMechanism->mdMechanism->Destroy(
1.114 + fwMechanism->mdMechanism,
1.115 + fwMechanism,
1.116 + fwMechanism->mdInstance,
1.117 + fwMechanism->fwInstance);
1.118 + }
1.119 + /* if the Destroy function wasn't supplied, then the mechanism is 'static',
1.120 + * and there is nothing to destroy */
1.121 + return;
1.122 +}
1.123 +
1.124 +/*
1.125 + * nssCKFWMechanism_GetMDMechanism
1.126 + *
1.127 + */
1.128 +NSS_IMPLEMENT NSSCKMDMechanism *
1.129 +nssCKFWMechanism_GetMDMechanism
1.130 +(
1.131 + NSSCKFWMechanism *fwMechanism
1.132 +)
1.133 +{
1.134 + return fwMechanism->mdMechanism;
1.135 +}
1.136 +
1.137 +/*
1.138 + * nssCKFWMechanism_GetMinKeySize
1.139 + *
1.140 + */
1.141 +NSS_IMPLEMENT CK_ULONG
1.142 +nssCKFWMechanism_GetMinKeySize
1.143 +(
1.144 + NSSCKFWMechanism *fwMechanism,
1.145 + CK_RV *pError
1.146 +)
1.147 +{
1.148 + if (!fwMechanism->mdMechanism->GetMinKeySize) {
1.149 + return 0;
1.150 + }
1.151 +
1.152 + return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
1.153 + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
1.154 + fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
1.155 +}
1.156 +
1.157 +/*
1.158 + * nssCKFWMechanism_GetMaxKeySize
1.159 + *
1.160 + */
1.161 +NSS_IMPLEMENT CK_ULONG
1.162 +nssCKFWMechanism_GetMaxKeySize
1.163 +(
1.164 + NSSCKFWMechanism *fwMechanism,
1.165 + CK_RV *pError
1.166 +)
1.167 +{
1.168 + if (!fwMechanism->mdMechanism->GetMaxKeySize) {
1.169 + return 0;
1.170 + }
1.171 +
1.172 + return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
1.173 + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
1.174 + fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
1.175 +}
1.176 +
1.177 +/*
1.178 + * nssCKFWMechanism_GetInHardware
1.179 + *
1.180 + */
1.181 +NSS_IMPLEMENT CK_BBOOL
1.182 +nssCKFWMechanism_GetInHardware
1.183 +(
1.184 + NSSCKFWMechanism *fwMechanism,
1.185 + CK_RV *pError
1.186 +)
1.187 +{
1.188 + if (!fwMechanism->mdMechanism->GetInHardware) {
1.189 + return CK_FALSE;
1.190 + }
1.191 +
1.192 + return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
1.193 + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
1.194 + fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
1.195 +}
1.196 +
1.197 +
1.198 +/*
1.199 + * the following are determined automatically by which of the cryptographic
1.200 + * functions are defined for this mechanism.
1.201 + */
1.202 +/*
1.203 + * nssCKFWMechanism_GetCanEncrypt
1.204 + *
1.205 + */
1.206 +NSS_EXTERN CK_BBOOL
1.207 +nssCKFWMechanism_GetCanEncrypt
1.208 +(
1.209 + NSSCKFWMechanism *fwMechanism,
1.210 + CK_RV *pError
1.211 +)
1.212 +{
1.213 + if (!fwMechanism->mdMechanism->EncryptInit) {
1.214 + return CK_FALSE;
1.215 + }
1.216 + return CK_TRUE;
1.217 +}
1.218 +
1.219 +/*
1.220 + * nssCKFWMechanism_GetCanDecrypt
1.221 + *
1.222 + */
1.223 +NSS_EXTERN CK_BBOOL
1.224 +nssCKFWMechanism_GetCanDecrypt
1.225 +(
1.226 + NSSCKFWMechanism *fwMechanism,
1.227 + CK_RV *pError
1.228 +)
1.229 +{
1.230 + if (!fwMechanism->mdMechanism->DecryptInit) {
1.231 + return CK_FALSE;
1.232 + }
1.233 + return CK_TRUE;
1.234 +}
1.235 +
1.236 +/*
1.237 + * nssCKFWMechanism_GetCanDigest
1.238 + *
1.239 + */
1.240 +NSS_EXTERN CK_BBOOL
1.241 +nssCKFWMechanism_GetCanDigest
1.242 +(
1.243 + NSSCKFWMechanism *fwMechanism,
1.244 + CK_RV *pError
1.245 +)
1.246 +{
1.247 + if (!fwMechanism->mdMechanism->DigestInit) {
1.248 + return CK_FALSE;
1.249 + }
1.250 + return CK_TRUE;
1.251 +}
1.252 +
1.253 +/*
1.254 + * nssCKFWMechanism_GetCanSign
1.255 + *
1.256 + */
1.257 +NSS_EXTERN CK_BBOOL
1.258 +nssCKFWMechanism_GetCanSign
1.259 +(
1.260 + NSSCKFWMechanism *fwMechanism,
1.261 + CK_RV *pError
1.262 +)
1.263 +{
1.264 + if (!fwMechanism->mdMechanism->SignInit) {
1.265 + return CK_FALSE;
1.266 + }
1.267 + return CK_TRUE;
1.268 +}
1.269 +
1.270 +/*
1.271 + * nssCKFWMechanism_GetCanSignRecover
1.272 + *
1.273 + */
1.274 +NSS_EXTERN CK_BBOOL
1.275 +nssCKFWMechanism_GetCanSignRecover
1.276 +(
1.277 + NSSCKFWMechanism *fwMechanism,
1.278 + CK_RV *pError
1.279 +)
1.280 +{
1.281 + if (!fwMechanism->mdMechanism->SignRecoverInit) {
1.282 + return CK_FALSE;
1.283 + }
1.284 + return CK_TRUE;
1.285 +}
1.286 +
1.287 +/*
1.288 + * nssCKFWMechanism_GetCanVerify
1.289 + *
1.290 + */
1.291 +NSS_EXTERN CK_BBOOL
1.292 +nssCKFWMechanism_GetCanVerify
1.293 +(
1.294 + NSSCKFWMechanism *fwMechanism,
1.295 + CK_RV *pError
1.296 +)
1.297 +{
1.298 + if (!fwMechanism->mdMechanism->VerifyInit) {
1.299 + return CK_FALSE;
1.300 + }
1.301 + return CK_TRUE;
1.302 +}
1.303 +
1.304 +/*
1.305 + * nssCKFWMechanism_GetCanVerifyRecover
1.306 + *
1.307 + */
1.308 +NSS_EXTERN CK_BBOOL
1.309 +nssCKFWMechanism_GetCanVerifyRecover
1.310 +(
1.311 + NSSCKFWMechanism *fwMechanism,
1.312 + CK_RV *pError
1.313 +)
1.314 +{
1.315 + if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
1.316 + return CK_FALSE;
1.317 + }
1.318 + return CK_TRUE;
1.319 +}
1.320 +
1.321 +/*
1.322 + * nssCKFWMechanism_GetCanGenerate
1.323 + *
1.324 + */
1.325 +NSS_EXTERN CK_BBOOL
1.326 +nssCKFWMechanism_GetCanGenerate
1.327 +(
1.328 + NSSCKFWMechanism *fwMechanism,
1.329 + CK_RV *pError
1.330 +)
1.331 +{
1.332 + if (!fwMechanism->mdMechanism->GenerateKey) {
1.333 + return CK_FALSE;
1.334 + }
1.335 + return CK_TRUE;
1.336 +}
1.337 +
1.338 +/*
1.339 + * nssCKFWMechanism_GetCanGenerateKeyPair
1.340 + *
1.341 + */
1.342 +NSS_EXTERN CK_BBOOL
1.343 +nssCKFWMechanism_GetCanGenerateKeyPair
1.344 +(
1.345 + NSSCKFWMechanism *fwMechanism,
1.346 + CK_RV *pError
1.347 +)
1.348 +{
1.349 + if (!fwMechanism->mdMechanism->GenerateKeyPair) {
1.350 + return CK_FALSE;
1.351 + }
1.352 + return CK_TRUE;
1.353 +}
1.354 +
1.355 +/*
1.356 + * nssCKFWMechanism_GetCanUnwrap
1.357 + *
1.358 + */
1.359 +NSS_EXTERN CK_BBOOL
1.360 +nssCKFWMechanism_GetCanUnwrap
1.361 +(
1.362 + NSSCKFWMechanism *fwMechanism,
1.363 + CK_RV *pError
1.364 +)
1.365 +{
1.366 + if (!fwMechanism->mdMechanism->UnwrapKey) {
1.367 + return CK_FALSE;
1.368 + }
1.369 + return CK_TRUE;
1.370 +}
1.371 +
1.372 +/*
1.373 + * nssCKFWMechanism_GetCanWrap
1.374 + *
1.375 + */
1.376 +NSS_EXTERN CK_BBOOL
1.377 +nssCKFWMechanism_GetCanWrap
1.378 +(
1.379 + NSSCKFWMechanism *fwMechanism,
1.380 + CK_RV *pError
1.381 +)
1.382 +{
1.383 + if (!fwMechanism->mdMechanism->WrapKey) {
1.384 + return CK_FALSE;
1.385 + }
1.386 + return CK_TRUE;
1.387 +}
1.388 +
1.389 +/*
1.390 + * nssCKFWMechanism_GetCanDerive
1.391 + *
1.392 + */
1.393 +NSS_EXTERN CK_BBOOL
1.394 +nssCKFWMechanism_GetCanDerive
1.395 +(
1.396 + NSSCKFWMechanism *fwMechanism,
1.397 + CK_RV *pError
1.398 +)
1.399 +{
1.400 + if (!fwMechanism->mdMechanism->DeriveKey) {
1.401 + return CK_FALSE;
1.402 + }
1.403 + return CK_TRUE;
1.404 +}
1.405 +
1.406 +/*
1.407 + * These are the actual crypto operations
1.408 + */
1.409 +
1.410 +/*
1.411 + * nssCKFWMechanism_EncryptInit
1.412 + * Start an encryption session.
1.413 + */
1.414 +NSS_EXTERN CK_RV
1.415 +nssCKFWMechanism_EncryptInit
1.416 +(
1.417 + NSSCKFWMechanism *fwMechanism,
1.418 + CK_MECHANISM *pMechanism,
1.419 + NSSCKFWSession *fwSession,
1.420 + NSSCKFWObject *fwObject
1.421 +)
1.422 +{
1.423 + NSSCKFWCryptoOperation *fwOperation;
1.424 + NSSCKMDCryptoOperation *mdOperation;
1.425 + NSSCKMDSession *mdSession;
1.426 + NSSCKMDObject *mdObject;
1.427 + CK_RV error = CKR_OK;
1.428 +
1.429 +
1.430 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.431 + NSSCKFWCryptoOperationState_EncryptDecrypt);
1.432 + if (fwOperation) {
1.433 + return CKR_OPERATION_ACTIVE;
1.434 + }
1.435 +
1.436 + if (!fwMechanism->mdMechanism->EncryptInit) {
1.437 + return CKR_FUNCTION_FAILED;
1.438 + }
1.439 +
1.440 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.441 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.442 + mdOperation = fwMechanism->mdMechanism->EncryptInit(
1.443 + fwMechanism->mdMechanism,
1.444 + fwMechanism,
1.445 + pMechanism,
1.446 + mdSession,
1.447 + fwSession,
1.448 + fwMechanism->mdToken,
1.449 + fwMechanism->fwToken,
1.450 + fwMechanism->mdInstance,
1.451 + fwMechanism->fwInstance,
1.452 + mdObject,
1.453 + fwObject,
1.454 + &error
1.455 + );
1.456 + if (!mdOperation) {
1.457 + goto loser;
1.458 + }
1.459 +
1.460 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.461 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.462 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.463 + NSSCKFWCryptoOperationType_Encrypt, &error);
1.464 + if (fwOperation) {
1.465 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.466 + NSSCKFWCryptoOperationState_EncryptDecrypt);
1.467 + }
1.468 +
1.469 +loser:
1.470 + return error;
1.471 +}
1.472 +
1.473 +/*
1.474 + * nssCKFWMechanism_DecryptInit
1.475 + * Start an encryption session.
1.476 + */
1.477 +NSS_EXTERN CK_RV
1.478 +nssCKFWMechanism_DecryptInit
1.479 +(
1.480 + NSSCKFWMechanism *fwMechanism,
1.481 + CK_MECHANISM *pMechanism,
1.482 + NSSCKFWSession *fwSession,
1.483 + NSSCKFWObject *fwObject
1.484 +)
1.485 +{
1.486 + NSSCKFWCryptoOperation *fwOperation;
1.487 + NSSCKMDCryptoOperation *mdOperation;
1.488 + NSSCKMDSession *mdSession;
1.489 + NSSCKMDObject *mdObject;
1.490 + CK_RV error = CKR_OK;
1.491 +
1.492 +
1.493 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.494 + NSSCKFWCryptoOperationState_EncryptDecrypt);
1.495 + if (fwOperation) {
1.496 + return CKR_OPERATION_ACTIVE;
1.497 + }
1.498 +
1.499 + if (!fwMechanism->mdMechanism->DecryptInit) {
1.500 + return CKR_FUNCTION_FAILED;
1.501 + }
1.502 +
1.503 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.504 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.505 + mdOperation = fwMechanism->mdMechanism->DecryptInit(
1.506 + fwMechanism->mdMechanism,
1.507 + fwMechanism,
1.508 + pMechanism,
1.509 + mdSession,
1.510 + fwSession,
1.511 + fwMechanism->mdToken,
1.512 + fwMechanism->fwToken,
1.513 + fwMechanism->mdInstance,
1.514 + fwMechanism->fwInstance,
1.515 + mdObject,
1.516 + fwObject,
1.517 + &error
1.518 + );
1.519 + if (!mdOperation) {
1.520 + goto loser;
1.521 + }
1.522 +
1.523 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.524 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.525 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.526 + NSSCKFWCryptoOperationType_Decrypt, &error);
1.527 + if (fwOperation) {
1.528 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.529 + NSSCKFWCryptoOperationState_EncryptDecrypt);
1.530 + }
1.531 +
1.532 +loser:
1.533 + return error;
1.534 +}
1.535 +
1.536 +/*
1.537 + * nssCKFWMechanism_DigestInit
1.538 + * Start an encryption session.
1.539 + */
1.540 +NSS_EXTERN CK_RV
1.541 +nssCKFWMechanism_DigestInit
1.542 +(
1.543 + NSSCKFWMechanism *fwMechanism,
1.544 + CK_MECHANISM *pMechanism,
1.545 + NSSCKFWSession *fwSession
1.546 +)
1.547 +{
1.548 + NSSCKFWCryptoOperation *fwOperation;
1.549 + NSSCKMDCryptoOperation *mdOperation;
1.550 + NSSCKMDSession *mdSession;
1.551 + CK_RV error = CKR_OK;
1.552 +
1.553 +
1.554 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.555 + NSSCKFWCryptoOperationState_Digest);
1.556 + if (fwOperation) {
1.557 + return CKR_OPERATION_ACTIVE;
1.558 + }
1.559 +
1.560 + if (!fwMechanism->mdMechanism->DigestInit) {
1.561 + return CKR_FUNCTION_FAILED;
1.562 + }
1.563 +
1.564 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.565 + mdOperation = fwMechanism->mdMechanism->DigestInit(
1.566 + fwMechanism->mdMechanism,
1.567 + fwMechanism,
1.568 + pMechanism,
1.569 + mdSession,
1.570 + fwSession,
1.571 + fwMechanism->mdToken,
1.572 + fwMechanism->fwToken,
1.573 + fwMechanism->mdInstance,
1.574 + fwMechanism->fwInstance,
1.575 + &error
1.576 + );
1.577 + if (!mdOperation) {
1.578 + goto loser;
1.579 + }
1.580 +
1.581 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.582 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.583 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.584 + NSSCKFWCryptoOperationType_Digest, &error);
1.585 + if (fwOperation) {
1.586 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.587 + NSSCKFWCryptoOperationState_Digest);
1.588 + }
1.589 +
1.590 +loser:
1.591 + return error;
1.592 +}
1.593 +
1.594 +/*
1.595 + * nssCKFWMechanism_SignInit
1.596 + * Start an encryption session.
1.597 + */
1.598 +NSS_EXTERN CK_RV
1.599 +nssCKFWMechanism_SignInit
1.600 +(
1.601 + NSSCKFWMechanism *fwMechanism,
1.602 + CK_MECHANISM *pMechanism,
1.603 + NSSCKFWSession *fwSession,
1.604 + NSSCKFWObject *fwObject
1.605 +)
1.606 +{
1.607 + NSSCKFWCryptoOperation *fwOperation;
1.608 + NSSCKMDCryptoOperation *mdOperation;
1.609 + NSSCKMDSession *mdSession;
1.610 + NSSCKMDObject *mdObject;
1.611 + CK_RV error = CKR_OK;
1.612 +
1.613 +
1.614 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.615 + NSSCKFWCryptoOperationState_SignVerify);
1.616 + if (fwOperation) {
1.617 + return CKR_OPERATION_ACTIVE;
1.618 + }
1.619 +
1.620 + if (!fwMechanism->mdMechanism->SignInit) {
1.621 + return CKR_FUNCTION_FAILED;
1.622 + }
1.623 +
1.624 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.625 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.626 + mdOperation = fwMechanism->mdMechanism->SignInit(
1.627 + fwMechanism->mdMechanism,
1.628 + fwMechanism,
1.629 + pMechanism,
1.630 + mdSession,
1.631 + fwSession,
1.632 + fwMechanism->mdToken,
1.633 + fwMechanism->fwToken,
1.634 + fwMechanism->mdInstance,
1.635 + fwMechanism->fwInstance,
1.636 + mdObject,
1.637 + fwObject,
1.638 + &error
1.639 + );
1.640 + if (!mdOperation) {
1.641 + goto loser;
1.642 + }
1.643 +
1.644 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.645 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.646 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.647 + NSSCKFWCryptoOperationType_Sign, &error);
1.648 + if (fwOperation) {
1.649 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.650 + NSSCKFWCryptoOperationState_SignVerify);
1.651 + }
1.652 +
1.653 +loser:
1.654 + return error;
1.655 +}
1.656 +
1.657 +/*
1.658 + * nssCKFWMechanism_VerifyInit
1.659 + * Start an encryption session.
1.660 + */
1.661 +NSS_EXTERN CK_RV
1.662 +nssCKFWMechanism_VerifyInit
1.663 +(
1.664 + NSSCKFWMechanism *fwMechanism,
1.665 + CK_MECHANISM *pMechanism,
1.666 + NSSCKFWSession *fwSession,
1.667 + NSSCKFWObject *fwObject
1.668 +)
1.669 +{
1.670 + NSSCKFWCryptoOperation *fwOperation;
1.671 + NSSCKMDCryptoOperation *mdOperation;
1.672 + NSSCKMDSession *mdSession;
1.673 + NSSCKMDObject *mdObject;
1.674 + CK_RV error = CKR_OK;
1.675 +
1.676 +
1.677 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.678 + NSSCKFWCryptoOperationState_SignVerify);
1.679 + if (fwOperation) {
1.680 + return CKR_OPERATION_ACTIVE;
1.681 + }
1.682 +
1.683 + if (!fwMechanism->mdMechanism->VerifyInit) {
1.684 + return CKR_FUNCTION_FAILED;
1.685 + }
1.686 +
1.687 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.688 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.689 + mdOperation = fwMechanism->mdMechanism->VerifyInit(
1.690 + fwMechanism->mdMechanism,
1.691 + fwMechanism,
1.692 + pMechanism,
1.693 + mdSession,
1.694 + fwSession,
1.695 + fwMechanism->mdToken,
1.696 + fwMechanism->fwToken,
1.697 + fwMechanism->mdInstance,
1.698 + fwMechanism->fwInstance,
1.699 + mdObject,
1.700 + fwObject,
1.701 + &error
1.702 + );
1.703 + if (!mdOperation) {
1.704 + goto loser;
1.705 + }
1.706 +
1.707 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.708 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.709 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.710 + NSSCKFWCryptoOperationType_Verify, &error);
1.711 + if (fwOperation) {
1.712 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.713 + NSSCKFWCryptoOperationState_SignVerify);
1.714 + }
1.715 +
1.716 +loser:
1.717 + return error;
1.718 +}
1.719 +
1.720 +/*
1.721 + * nssCKFWMechanism_SignRecoverInit
1.722 + * Start an encryption session.
1.723 + */
1.724 +NSS_EXTERN CK_RV
1.725 +nssCKFWMechanism_SignRecoverInit
1.726 +(
1.727 + NSSCKFWMechanism *fwMechanism,
1.728 + CK_MECHANISM *pMechanism,
1.729 + NSSCKFWSession *fwSession,
1.730 + NSSCKFWObject *fwObject
1.731 +)
1.732 +{
1.733 + NSSCKFWCryptoOperation *fwOperation;
1.734 + NSSCKMDCryptoOperation *mdOperation;
1.735 + NSSCKMDSession *mdSession;
1.736 + NSSCKMDObject *mdObject;
1.737 + CK_RV error = CKR_OK;
1.738 +
1.739 +
1.740 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.741 + NSSCKFWCryptoOperationState_SignVerify);
1.742 + if (fwOperation) {
1.743 + return CKR_OPERATION_ACTIVE;
1.744 + }
1.745 +
1.746 + if (!fwMechanism->mdMechanism->SignRecoverInit) {
1.747 + return CKR_FUNCTION_FAILED;
1.748 + }
1.749 +
1.750 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.751 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.752 + mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
1.753 + fwMechanism->mdMechanism,
1.754 + fwMechanism,
1.755 + pMechanism,
1.756 + mdSession,
1.757 + fwSession,
1.758 + fwMechanism->mdToken,
1.759 + fwMechanism->fwToken,
1.760 + fwMechanism->mdInstance,
1.761 + fwMechanism->fwInstance,
1.762 + mdObject,
1.763 + fwObject,
1.764 + &error
1.765 + );
1.766 + if (!mdOperation) {
1.767 + goto loser;
1.768 + }
1.769 +
1.770 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.771 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.772 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.773 + NSSCKFWCryptoOperationType_SignRecover, &error);
1.774 + if (fwOperation) {
1.775 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.776 + NSSCKFWCryptoOperationState_SignVerify);
1.777 + }
1.778 +
1.779 +loser:
1.780 + return error;
1.781 +}
1.782 +
1.783 +/*
1.784 + * nssCKFWMechanism_VerifyRecoverInit
1.785 + * Start an encryption session.
1.786 + */
1.787 +NSS_EXTERN CK_RV
1.788 +nssCKFWMechanism_VerifyRecoverInit
1.789 +(
1.790 + NSSCKFWMechanism *fwMechanism,
1.791 + CK_MECHANISM *pMechanism,
1.792 + NSSCKFWSession *fwSession,
1.793 + NSSCKFWObject *fwObject
1.794 +)
1.795 +{
1.796 + NSSCKFWCryptoOperation *fwOperation;
1.797 + NSSCKMDCryptoOperation *mdOperation;
1.798 + NSSCKMDSession *mdSession;
1.799 + NSSCKMDObject *mdObject;
1.800 + CK_RV error = CKR_OK;
1.801 +
1.802 +
1.803 + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
1.804 + NSSCKFWCryptoOperationState_SignVerify);
1.805 + if (fwOperation) {
1.806 + return CKR_OPERATION_ACTIVE;
1.807 + }
1.808 +
1.809 + if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
1.810 + return CKR_FUNCTION_FAILED;
1.811 + }
1.812 +
1.813 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.814 + mdObject = nssCKFWObject_GetMDObject(fwObject);
1.815 + mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
1.816 + fwMechanism->mdMechanism,
1.817 + fwMechanism,
1.818 + pMechanism,
1.819 + mdSession,
1.820 + fwSession,
1.821 + fwMechanism->mdToken,
1.822 + fwMechanism->fwToken,
1.823 + fwMechanism->mdInstance,
1.824 + fwMechanism->fwInstance,
1.825 + mdObject,
1.826 + fwObject,
1.827 + &error
1.828 + );
1.829 + if (!mdOperation) {
1.830 + goto loser;
1.831 + }
1.832 +
1.833 + fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
1.834 + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
1.835 + fwMechanism->mdInstance, fwMechanism->fwInstance,
1.836 + NSSCKFWCryptoOperationType_VerifyRecover, &error);
1.837 + if (fwOperation) {
1.838 + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
1.839 + NSSCKFWCryptoOperationState_SignVerify);
1.840 + }
1.841 +
1.842 +loser:
1.843 + return error;
1.844 +}
1.845 +
1.846 +/*
1.847 + * nssCKFWMechanism_GenerateKey
1.848 + */
1.849 +NSS_EXTERN NSSCKFWObject *
1.850 +nssCKFWMechanism_GenerateKey
1.851 +(
1.852 + NSSCKFWMechanism *fwMechanism,
1.853 + CK_MECHANISM_PTR pMechanism,
1.854 + NSSCKFWSession *fwSession,
1.855 + CK_ATTRIBUTE_PTR pTemplate,
1.856 + CK_ULONG ulAttributeCount,
1.857 + CK_RV *pError
1.858 +)
1.859 +{
1.860 + NSSCKMDSession *mdSession;
1.861 + NSSCKMDObject *mdObject;
1.862 + NSSCKFWObject *fwObject = NULL;
1.863 + NSSArena *arena;
1.864 +
1.865 + if (!fwMechanism->mdMechanism->GenerateKey) {
1.866 + *pError = CKR_FUNCTION_FAILED;
1.867 + return (NSSCKFWObject *)NULL;
1.868 + }
1.869 +
1.870 + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
1.871 + if (!arena) {
1.872 + if (CKR_OK == *pError) {
1.873 + *pError = CKR_GENERAL_ERROR;
1.874 + }
1.875 + return (NSSCKFWObject *)NULL;
1.876 + }
1.877 +
1.878 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.879 + mdObject = fwMechanism->mdMechanism->GenerateKey(
1.880 + fwMechanism->mdMechanism,
1.881 + fwMechanism,
1.882 + pMechanism,
1.883 + mdSession,
1.884 + fwSession,
1.885 + fwMechanism->mdToken,
1.886 + fwMechanism->fwToken,
1.887 + fwMechanism->mdInstance,
1.888 + fwMechanism->fwInstance,
1.889 + pTemplate,
1.890 + ulAttributeCount,
1.891 + pError);
1.892 +
1.893 + if (!mdObject) {
1.894 + return (NSSCKFWObject *)NULL;
1.895 + }
1.896 +
1.897 + fwObject = nssCKFWObject_Create(arena, mdObject,
1.898 + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
1.899 +
1.900 + return fwObject;
1.901 +}
1.902 +
1.903 +/*
1.904 + * nssCKFWMechanism_GenerateKeyPair
1.905 + */
1.906 +NSS_EXTERN CK_RV
1.907 +nssCKFWMechanism_GenerateKeyPair
1.908 +(
1.909 + NSSCKFWMechanism *fwMechanism,
1.910 + CK_MECHANISM_PTR pMechanism,
1.911 + NSSCKFWSession *fwSession,
1.912 + CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1.913 + CK_ULONG ulPublicKeyAttributeCount,
1.914 + CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1.915 + CK_ULONG ulPrivateKeyAttributeCount,
1.916 + NSSCKFWObject **fwPublicKeyObject,
1.917 + NSSCKFWObject **fwPrivateKeyObject
1.918 +)
1.919 +{
1.920 + NSSCKMDSession *mdSession;
1.921 + NSSCKMDObject *mdPublicKeyObject;
1.922 + NSSCKMDObject *mdPrivateKeyObject;
1.923 + NSSArena *arena;
1.924 + CK_RV error = CKR_OK;
1.925 +
1.926 + if (!fwMechanism->mdMechanism->GenerateKeyPair) {
1.927 + return CKR_FUNCTION_FAILED;
1.928 + }
1.929 +
1.930 + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
1.931 + if (!arena) {
1.932 + if (CKR_OK == error) {
1.933 + error = CKR_GENERAL_ERROR;
1.934 + }
1.935 + return error;
1.936 + }
1.937 +
1.938 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.939 + error = fwMechanism->mdMechanism->GenerateKeyPair(
1.940 + fwMechanism->mdMechanism,
1.941 + fwMechanism,
1.942 + pMechanism,
1.943 + mdSession,
1.944 + fwSession,
1.945 + fwMechanism->mdToken,
1.946 + fwMechanism->fwToken,
1.947 + fwMechanism->mdInstance,
1.948 + fwMechanism->fwInstance,
1.949 + pPublicKeyTemplate,
1.950 + ulPublicKeyAttributeCount,
1.951 + pPrivateKeyTemplate,
1.952 + ulPrivateKeyAttributeCount,
1.953 + &mdPublicKeyObject,
1.954 + &mdPrivateKeyObject);
1.955 +
1.956 + if (CKR_OK != error) {
1.957 + return error;
1.958 + }
1.959 +
1.960 + *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
1.961 + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
1.962 + if (!*fwPublicKeyObject) {
1.963 + return error;
1.964 + }
1.965 + *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
1.966 + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
1.967 +
1.968 + return error;
1.969 +}
1.970 +
1.971 +/*
1.972 + * nssCKFWMechanism_GetWrapKeyLength
1.973 + */
1.974 +NSS_EXTERN CK_ULONG
1.975 +nssCKFWMechanism_GetWrapKeyLength
1.976 +(
1.977 + NSSCKFWMechanism *fwMechanism,
1.978 + CK_MECHANISM_PTR pMechanism,
1.979 + NSSCKFWSession *fwSession,
1.980 + NSSCKFWObject *fwWrappingKeyObject,
1.981 + NSSCKFWObject *fwKeyObject,
1.982 + CK_RV *pError
1.983 +)
1.984 +{
1.985 + NSSCKMDSession *mdSession;
1.986 + NSSCKMDObject *mdWrappingKeyObject;
1.987 + NSSCKMDObject *mdKeyObject;
1.988 +
1.989 + if (!fwMechanism->mdMechanism->WrapKey) {
1.990 + *pError = CKR_FUNCTION_FAILED;
1.991 + return (CK_ULONG) 0;
1.992 + }
1.993 +
1.994 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.995 + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
1.996 + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
1.997 + return fwMechanism->mdMechanism->GetWrapKeyLength(
1.998 + fwMechanism->mdMechanism,
1.999 + fwMechanism,
1.1000 + pMechanism,
1.1001 + mdSession,
1.1002 + fwSession,
1.1003 + fwMechanism->mdToken,
1.1004 + fwMechanism->fwToken,
1.1005 + fwMechanism->mdInstance,
1.1006 + fwMechanism->fwInstance,
1.1007 + mdWrappingKeyObject,
1.1008 + fwWrappingKeyObject,
1.1009 + mdKeyObject,
1.1010 + fwKeyObject,
1.1011 + pError);
1.1012 +}
1.1013 +
1.1014 +/*
1.1015 + * nssCKFWMechanism_WrapKey
1.1016 + */
1.1017 +NSS_EXTERN CK_RV
1.1018 +nssCKFWMechanism_WrapKey
1.1019 +(
1.1020 + NSSCKFWMechanism *fwMechanism,
1.1021 + CK_MECHANISM_PTR pMechanism,
1.1022 + NSSCKFWSession *fwSession,
1.1023 + NSSCKFWObject *fwWrappingKeyObject,
1.1024 + NSSCKFWObject *fwKeyObject,
1.1025 + NSSItem *wrappedKey
1.1026 +)
1.1027 +{
1.1028 + NSSCKMDSession *mdSession;
1.1029 + NSSCKMDObject *mdWrappingKeyObject;
1.1030 + NSSCKMDObject *mdKeyObject;
1.1031 +
1.1032 + if (!fwMechanism->mdMechanism->WrapKey) {
1.1033 + return CKR_FUNCTION_FAILED;
1.1034 + }
1.1035 +
1.1036 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.1037 + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
1.1038 + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
1.1039 + return fwMechanism->mdMechanism->WrapKey(
1.1040 + fwMechanism->mdMechanism,
1.1041 + fwMechanism,
1.1042 + pMechanism,
1.1043 + mdSession,
1.1044 + fwSession,
1.1045 + fwMechanism->mdToken,
1.1046 + fwMechanism->fwToken,
1.1047 + fwMechanism->mdInstance,
1.1048 + fwMechanism->fwInstance,
1.1049 + mdWrappingKeyObject,
1.1050 + fwWrappingKeyObject,
1.1051 + mdKeyObject,
1.1052 + fwKeyObject,
1.1053 + wrappedKey);
1.1054 +}
1.1055 +
1.1056 +/*
1.1057 + * nssCKFWMechanism_UnwrapKey
1.1058 + */
1.1059 +NSS_EXTERN NSSCKFWObject *
1.1060 +nssCKFWMechanism_UnwrapKey
1.1061 +(
1.1062 + NSSCKFWMechanism *fwMechanism,
1.1063 + CK_MECHANISM_PTR pMechanism,
1.1064 + NSSCKFWSession *fwSession,
1.1065 + NSSCKFWObject *fwWrappingKeyObject,
1.1066 + NSSItem *wrappedKey,
1.1067 + CK_ATTRIBUTE_PTR pTemplate,
1.1068 + CK_ULONG ulAttributeCount,
1.1069 + CK_RV *pError
1.1070 +)
1.1071 +{
1.1072 + NSSCKMDSession *mdSession;
1.1073 + NSSCKMDObject *mdObject;
1.1074 + NSSCKMDObject *mdWrappingKeyObject;
1.1075 + NSSCKFWObject *fwObject = NULL;
1.1076 + NSSArena *arena;
1.1077 +
1.1078 + if (!fwMechanism->mdMechanism->UnwrapKey) {
1.1079 + /* we could simulate UnwrapKey using Decrypt and Create object, but
1.1080 + * 1) it's not clear that would work well, and 2) the low level token
1.1081 + * may want to restrict unwrap key for a reason, so just fail it it
1.1082 + * can't be done */
1.1083 + *pError = CKR_FUNCTION_FAILED;
1.1084 + return (NSSCKFWObject *)NULL;
1.1085 + }
1.1086 +
1.1087 + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
1.1088 + if (!arena) {
1.1089 + if (CKR_OK == *pError) {
1.1090 + *pError = CKR_GENERAL_ERROR;
1.1091 + }
1.1092 + return (NSSCKFWObject *)NULL;
1.1093 + }
1.1094 +
1.1095 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.1096 + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
1.1097 + mdObject = fwMechanism->mdMechanism->UnwrapKey(
1.1098 + fwMechanism->mdMechanism,
1.1099 + fwMechanism,
1.1100 + pMechanism,
1.1101 + mdSession,
1.1102 + fwSession,
1.1103 + fwMechanism->mdToken,
1.1104 + fwMechanism->fwToken,
1.1105 + fwMechanism->mdInstance,
1.1106 + fwMechanism->fwInstance,
1.1107 + mdWrappingKeyObject,
1.1108 + fwWrappingKeyObject,
1.1109 + wrappedKey,
1.1110 + pTemplate,
1.1111 + ulAttributeCount,
1.1112 + pError);
1.1113 +
1.1114 + if (!mdObject) {
1.1115 + return (NSSCKFWObject *)NULL;
1.1116 + }
1.1117 +
1.1118 + fwObject = nssCKFWObject_Create(arena, mdObject,
1.1119 + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
1.1120 +
1.1121 + return fwObject;
1.1122 +}
1.1123 +
1.1124 +/*
1.1125 + * nssCKFWMechanism_DeriveKey
1.1126 + */
1.1127 +NSS_EXTERN NSSCKFWObject *
1.1128 +nssCKFWMechanism_DeriveKey
1.1129 +(
1.1130 + NSSCKFWMechanism *fwMechanism,
1.1131 + CK_MECHANISM_PTR pMechanism,
1.1132 + NSSCKFWSession *fwSession,
1.1133 + NSSCKFWObject *fwBaseKeyObject,
1.1134 + CK_ATTRIBUTE_PTR pTemplate,
1.1135 + CK_ULONG ulAttributeCount,
1.1136 + CK_RV *pError
1.1137 +)
1.1138 +{
1.1139 + NSSCKMDSession *mdSession;
1.1140 + NSSCKMDObject *mdObject;
1.1141 + NSSCKMDObject *mdBaseKeyObject;
1.1142 + NSSCKFWObject *fwObject = NULL;
1.1143 + NSSArena *arena;
1.1144 +
1.1145 + if (!fwMechanism->mdMechanism->DeriveKey) {
1.1146 + *pError = CKR_FUNCTION_FAILED;
1.1147 + return (NSSCKFWObject *)NULL;
1.1148 + }
1.1149 +
1.1150 + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
1.1151 + if (!arena) {
1.1152 + if (CKR_OK == *pError) {
1.1153 + *pError = CKR_GENERAL_ERROR;
1.1154 + }
1.1155 + return (NSSCKFWObject *)NULL;
1.1156 + }
1.1157 +
1.1158 + mdSession = nssCKFWSession_GetMDSession(fwSession);
1.1159 + mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
1.1160 + mdObject = fwMechanism->mdMechanism->DeriveKey(
1.1161 + fwMechanism->mdMechanism,
1.1162 + fwMechanism,
1.1163 + pMechanism,
1.1164 + mdSession,
1.1165 + fwSession,
1.1166 + fwMechanism->mdToken,
1.1167 + fwMechanism->fwToken,
1.1168 + fwMechanism->mdInstance,
1.1169 + fwMechanism->fwInstance,
1.1170 + mdBaseKeyObject,
1.1171 + fwBaseKeyObject,
1.1172 + pTemplate,
1.1173 + ulAttributeCount,
1.1174 + pError);
1.1175 +
1.1176 + if (!mdObject) {
1.1177 + return (NSSCKFWObject *)NULL;
1.1178 + }
1.1179 +
1.1180 + fwObject = nssCKFWObject_Create(arena, mdObject,
1.1181 + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
1.1182 +
1.1183 + return fwObject;
1.1184 +}
1.1185 +
