security/nss/lib/ckfw/mechanism.c@b8a032363ba2
security/nss/lib/ckfw/mechanism.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * mechanism.c
7 *
8 * This file implements the NSSCKFWMechanism type and methods.
9 */
11 #ifndef CK_T
12 #include "ck.h"
13 #endif /* CK_T */
15 /*
16 * NSSCKFWMechanism
17 *
18 * -- create/destroy --
19 * nssCKFWMechanism_Create
20 * nssCKFWMechanism_Destroy
21 *
22 * -- implement public accessors --
23 * nssCKFWMechanism_GetMDMechanism
24 * nssCKFWMechanism_GetParameter
25 *
26 * -- private accessors --
27 *
28 * -- module fronts --
29 * nssCKFWMechanism_GetMinKeySize
30 * nssCKFWMechanism_GetMaxKeySize
31 * nssCKFWMechanism_GetInHardware
32 * nssCKFWMechanism_GetCanEncrypt
33 * nssCKFWMechanism_GetCanDecrypt
34 * nssCKFWMechanism_GetCanDigest
35 * nssCKFWMechanism_GetCanSign
36 * nssCKFWMechanism_GetCanSignRecover
37 * nssCKFWMechanism_GetCanVerify
38 * nssCKFWMechanism_GetCanGenerate
39 * nssCKFWMechanism_GetCanGenerateKeyPair
40 * nssCKFWMechanism_GetCanUnwrap
41 * nssCKFWMechanism_GetCanWrap
42 * nssCKFWMechanism_GetCanDerive
43 * nssCKFWMechanism_EncryptInit
44 * nssCKFWMechanism_DecryptInit
45 * nssCKFWMechanism_DigestInit
46 * nssCKFWMechanism_SignInit
47 * nssCKFWMechanism_VerifyInit
48 * nssCKFWMechanism_SignRecoverInit
49 * nssCKFWMechanism_VerifyRecoverInit
50 * nssCKFWMechanism_GenerateKey
51 * nssCKFWMechanism_GenerateKeyPair
52 * nssCKFWMechanism_GetWrapKeyLength
53 * nssCKFWMechanism_WrapKey
54 * nssCKFWMechanism_UnwrapKey
55 * nssCKFWMechanism_DeriveKey
56 */
59 struct NSSCKFWMechanismStr {
60 NSSCKMDMechanism *mdMechanism;
61 NSSCKMDToken *mdToken;
62 NSSCKFWToken *fwToken;
63 NSSCKMDInstance *mdInstance;
64 NSSCKFWInstance *fwInstance;
65 };
67 /*
68 * nssCKFWMechanism_Create
69 *
70 */
71 NSS_IMPLEMENT NSSCKFWMechanism *
72 nssCKFWMechanism_Create
73 (
74 NSSCKMDMechanism *mdMechanism,
75 NSSCKMDToken *mdToken,
76 NSSCKFWToken *fwToken,
77 NSSCKMDInstance *mdInstance,
78 NSSCKFWInstance *fwInstance
79 )
80 {
81 NSSCKFWMechanism *fwMechanism;
84 fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
85 if (!fwMechanism) {
86 return (NSSCKFWMechanism *)NULL;
87 }
88 fwMechanism->mdMechanism = mdMechanism;
89 fwMechanism->mdToken = mdToken;
90 fwMechanism->fwToken = fwToken;
91 fwMechanism->mdInstance = mdInstance;
92 fwMechanism->fwInstance = fwInstance;
93 return fwMechanism;
94 }
96 /*
97 * nssCKFWMechanism_Destroy
98 *
99 */
100 NSS_IMPLEMENT void
101 nssCKFWMechanism_Destroy
102 (
103 NSSCKFWMechanism *fwMechanism
104 )
105 {
106 /* destroy any fw resources held by nssCKFWMechanism (currently none) */
108 if (!fwMechanism->mdMechanism->Destroy) {
109 /* destroys it's parent as well */
110 fwMechanism->mdMechanism->Destroy(
111 fwMechanism->mdMechanism,
112 fwMechanism,
113 fwMechanism->mdInstance,
114 fwMechanism->fwInstance);
115 }
116 /* if the Destroy function wasn't supplied, then the mechanism is 'static',
117 * and there is nothing to destroy */
118 return;
119 }
121 /*
122 * nssCKFWMechanism_GetMDMechanism
123 *
124 */
125 NSS_IMPLEMENT NSSCKMDMechanism *
126 nssCKFWMechanism_GetMDMechanism
127 (
128 NSSCKFWMechanism *fwMechanism
129 )
130 {
131 return fwMechanism->mdMechanism;
132 }
134 /*
135 * nssCKFWMechanism_GetMinKeySize
136 *
137 */
138 NSS_IMPLEMENT CK_ULONG
139 nssCKFWMechanism_GetMinKeySize
140 (
141 NSSCKFWMechanism *fwMechanism,
142 CK_RV *pError
143 )
144 {
145 if (!fwMechanism->mdMechanism->GetMinKeySize) {
146 return 0;
147 }
149 return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
150 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
151 fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
152 }
154 /*
155 * nssCKFWMechanism_GetMaxKeySize
156 *
157 */
158 NSS_IMPLEMENT CK_ULONG
159 nssCKFWMechanism_GetMaxKeySize
160 (
161 NSSCKFWMechanism *fwMechanism,
162 CK_RV *pError
163 )
164 {
165 if (!fwMechanism->mdMechanism->GetMaxKeySize) {
166 return 0;
167 }
169 return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
170 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
171 fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
172 }
174 /*
175 * nssCKFWMechanism_GetInHardware
176 *
177 */
178 NSS_IMPLEMENT CK_BBOOL
179 nssCKFWMechanism_GetInHardware
180 (
181 NSSCKFWMechanism *fwMechanism,
182 CK_RV *pError
183 )
184 {
185 if (!fwMechanism->mdMechanism->GetInHardware) {
186 return CK_FALSE;
187 }
189 return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
190 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
191 fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
192 }
195 /*
196 * the following are determined automatically by which of the cryptographic
197 * functions are defined for this mechanism.
198 */
199 /*
200 * nssCKFWMechanism_GetCanEncrypt
201 *
202 */
203 NSS_EXTERN CK_BBOOL
204 nssCKFWMechanism_GetCanEncrypt
205 (
206 NSSCKFWMechanism *fwMechanism,
207 CK_RV *pError
208 )
209 {
210 if (!fwMechanism->mdMechanism->EncryptInit) {
211 return CK_FALSE;
212 }
213 return CK_TRUE;
214 }
216 /*
217 * nssCKFWMechanism_GetCanDecrypt
218 *
219 */
220 NSS_EXTERN CK_BBOOL
221 nssCKFWMechanism_GetCanDecrypt
222 (
223 NSSCKFWMechanism *fwMechanism,
224 CK_RV *pError
225 )
226 {
227 if (!fwMechanism->mdMechanism->DecryptInit) {
228 return CK_FALSE;
229 }
230 return CK_TRUE;
231 }
233 /*
234 * nssCKFWMechanism_GetCanDigest
235 *
236 */
237 NSS_EXTERN CK_BBOOL
238 nssCKFWMechanism_GetCanDigest
239 (
240 NSSCKFWMechanism *fwMechanism,
241 CK_RV *pError
242 )
243 {
244 if (!fwMechanism->mdMechanism->DigestInit) {
245 return CK_FALSE;
246 }
247 return CK_TRUE;
248 }
250 /*
251 * nssCKFWMechanism_GetCanSign
252 *
253 */
254 NSS_EXTERN CK_BBOOL
255 nssCKFWMechanism_GetCanSign
256 (
257 NSSCKFWMechanism *fwMechanism,
258 CK_RV *pError
259 )
260 {
261 if (!fwMechanism->mdMechanism->SignInit) {
262 return CK_FALSE;
263 }
264 return CK_TRUE;
265 }
267 /*
268 * nssCKFWMechanism_GetCanSignRecover
269 *
270 */
271 NSS_EXTERN CK_BBOOL
272 nssCKFWMechanism_GetCanSignRecover
273 (
274 NSSCKFWMechanism *fwMechanism,
275 CK_RV *pError
276 )
277 {
278 if (!fwMechanism->mdMechanism->SignRecoverInit) {
279 return CK_FALSE;
280 }
281 return CK_TRUE;
282 }
284 /*
285 * nssCKFWMechanism_GetCanVerify
286 *
287 */
288 NSS_EXTERN CK_BBOOL
289 nssCKFWMechanism_GetCanVerify
290 (
291 NSSCKFWMechanism *fwMechanism,
292 CK_RV *pError
293 )
294 {
295 if (!fwMechanism->mdMechanism->VerifyInit) {
296 return CK_FALSE;
297 }
298 return CK_TRUE;
299 }
301 /*
302 * nssCKFWMechanism_GetCanVerifyRecover
303 *
304 */
305 NSS_EXTERN CK_BBOOL
306 nssCKFWMechanism_GetCanVerifyRecover
307 (
308 NSSCKFWMechanism *fwMechanism,
309 CK_RV *pError
310 )
311 {
312 if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
313 return CK_FALSE;
314 }
315 return CK_TRUE;
316 }
318 /*
319 * nssCKFWMechanism_GetCanGenerate
320 *
321 */
322 NSS_EXTERN CK_BBOOL
323 nssCKFWMechanism_GetCanGenerate
324 (
325 NSSCKFWMechanism *fwMechanism,
326 CK_RV *pError
327 )
328 {
329 if (!fwMechanism->mdMechanism->GenerateKey) {
330 return CK_FALSE;
331 }
332 return CK_TRUE;
333 }
335 /*
336 * nssCKFWMechanism_GetCanGenerateKeyPair
337 *
338 */
339 NSS_EXTERN CK_BBOOL
340 nssCKFWMechanism_GetCanGenerateKeyPair
341 (
342 NSSCKFWMechanism *fwMechanism,
343 CK_RV *pError
344 )
345 {
346 if (!fwMechanism->mdMechanism->GenerateKeyPair) {
347 return CK_FALSE;
348 }
349 return CK_TRUE;
350 }
352 /*
353 * nssCKFWMechanism_GetCanUnwrap
354 *
355 */
356 NSS_EXTERN CK_BBOOL
357 nssCKFWMechanism_GetCanUnwrap
358 (
359 NSSCKFWMechanism *fwMechanism,
360 CK_RV *pError
361 )
362 {
363 if (!fwMechanism->mdMechanism->UnwrapKey) {
364 return CK_FALSE;
365 }
366 return CK_TRUE;
367 }
369 /*
370 * nssCKFWMechanism_GetCanWrap
371 *
372 */
373 NSS_EXTERN CK_BBOOL
374 nssCKFWMechanism_GetCanWrap
375 (
376 NSSCKFWMechanism *fwMechanism,
377 CK_RV *pError
378 )
379 {
380 if (!fwMechanism->mdMechanism->WrapKey) {
381 return CK_FALSE;
382 }
383 return CK_TRUE;
384 }
386 /*
387 * nssCKFWMechanism_GetCanDerive
388 *
389 */
390 NSS_EXTERN CK_BBOOL
391 nssCKFWMechanism_GetCanDerive
392 (
393 NSSCKFWMechanism *fwMechanism,
394 CK_RV *pError
395 )
396 {
397 if (!fwMechanism->mdMechanism->DeriveKey) {
398 return CK_FALSE;
399 }
400 return CK_TRUE;
401 }
403 /*
404 * These are the actual crypto operations
405 */
407 /*
408 * nssCKFWMechanism_EncryptInit
409 * Start an encryption session.
410 */
411 NSS_EXTERN CK_RV
412 nssCKFWMechanism_EncryptInit
413 (
414 NSSCKFWMechanism *fwMechanism,
415 CK_MECHANISM *pMechanism,
416 NSSCKFWSession *fwSession,
417 NSSCKFWObject *fwObject
418 )
419 {
420 NSSCKFWCryptoOperation *fwOperation;
421 NSSCKMDCryptoOperation *mdOperation;
422 NSSCKMDSession *mdSession;
423 NSSCKMDObject *mdObject;
424 CK_RV error = CKR_OK;
427 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
428 NSSCKFWCryptoOperationState_EncryptDecrypt);
429 if (fwOperation) {
430 return CKR_OPERATION_ACTIVE;
431 }
433 if (!fwMechanism->mdMechanism->EncryptInit) {
434 return CKR_FUNCTION_FAILED;
435 }
437 mdSession = nssCKFWSession_GetMDSession(fwSession);
438 mdObject = nssCKFWObject_GetMDObject(fwObject);
439 mdOperation = fwMechanism->mdMechanism->EncryptInit(
440 fwMechanism->mdMechanism,
441 fwMechanism,
442 pMechanism,
443 mdSession,
444 fwSession,
445 fwMechanism->mdToken,
446 fwMechanism->fwToken,
447 fwMechanism->mdInstance,
448 fwMechanism->fwInstance,
449 mdObject,
450 fwObject,
451 &error
452 );
453 if (!mdOperation) {
454 goto loser;
455 }
457 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
458 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
459 fwMechanism->mdInstance, fwMechanism->fwInstance,
460 NSSCKFWCryptoOperationType_Encrypt, &error);
461 if (fwOperation) {
462 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
463 NSSCKFWCryptoOperationState_EncryptDecrypt);
464 }
466 loser:
467 return error;
468 }
470 /*
471 * nssCKFWMechanism_DecryptInit
472 * Start an encryption session.
473 */
474 NSS_EXTERN CK_RV
475 nssCKFWMechanism_DecryptInit
476 (
477 NSSCKFWMechanism *fwMechanism,
478 CK_MECHANISM *pMechanism,
479 NSSCKFWSession *fwSession,
480 NSSCKFWObject *fwObject
481 )
482 {
483 NSSCKFWCryptoOperation *fwOperation;
484 NSSCKMDCryptoOperation *mdOperation;
485 NSSCKMDSession *mdSession;
486 NSSCKMDObject *mdObject;
487 CK_RV error = CKR_OK;
490 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
491 NSSCKFWCryptoOperationState_EncryptDecrypt);
492 if (fwOperation) {
493 return CKR_OPERATION_ACTIVE;
494 }
496 if (!fwMechanism->mdMechanism->DecryptInit) {
497 return CKR_FUNCTION_FAILED;
498 }
500 mdSession = nssCKFWSession_GetMDSession(fwSession);
501 mdObject = nssCKFWObject_GetMDObject(fwObject);
502 mdOperation = fwMechanism->mdMechanism->DecryptInit(
503 fwMechanism->mdMechanism,
504 fwMechanism,
505 pMechanism,
506 mdSession,
507 fwSession,
508 fwMechanism->mdToken,
509 fwMechanism->fwToken,
510 fwMechanism->mdInstance,
511 fwMechanism->fwInstance,
512 mdObject,
513 fwObject,
514 &error
515 );
516 if (!mdOperation) {
517 goto loser;
518 }
520 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
521 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
522 fwMechanism->mdInstance, fwMechanism->fwInstance,
523 NSSCKFWCryptoOperationType_Decrypt, &error);
524 if (fwOperation) {
525 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
526 NSSCKFWCryptoOperationState_EncryptDecrypt);
527 }
529 loser:
530 return error;
531 }
533 /*
534 * nssCKFWMechanism_DigestInit
535 * Start an encryption session.
536 */
537 NSS_EXTERN CK_RV
538 nssCKFWMechanism_DigestInit
539 (
540 NSSCKFWMechanism *fwMechanism,
541 CK_MECHANISM *pMechanism,
542 NSSCKFWSession *fwSession
543 )
544 {
545 NSSCKFWCryptoOperation *fwOperation;
546 NSSCKMDCryptoOperation *mdOperation;
547 NSSCKMDSession *mdSession;
548 CK_RV error = CKR_OK;
551 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
552 NSSCKFWCryptoOperationState_Digest);
553 if (fwOperation) {
554 return CKR_OPERATION_ACTIVE;
555 }
557 if (!fwMechanism->mdMechanism->DigestInit) {
558 return CKR_FUNCTION_FAILED;
559 }
561 mdSession = nssCKFWSession_GetMDSession(fwSession);
562 mdOperation = fwMechanism->mdMechanism->DigestInit(
563 fwMechanism->mdMechanism,
564 fwMechanism,
565 pMechanism,
566 mdSession,
567 fwSession,
568 fwMechanism->mdToken,
569 fwMechanism->fwToken,
570 fwMechanism->mdInstance,
571 fwMechanism->fwInstance,
572 &error
573 );
574 if (!mdOperation) {
575 goto loser;
576 }
578 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
579 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
580 fwMechanism->mdInstance, fwMechanism->fwInstance,
581 NSSCKFWCryptoOperationType_Digest, &error);
582 if (fwOperation) {
583 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
584 NSSCKFWCryptoOperationState_Digest);
585 }
587 loser:
588 return error;
589 }
591 /*
592 * nssCKFWMechanism_SignInit
593 * Start an encryption session.
594 */
595 NSS_EXTERN CK_RV
596 nssCKFWMechanism_SignInit
597 (
598 NSSCKFWMechanism *fwMechanism,
599 CK_MECHANISM *pMechanism,
600 NSSCKFWSession *fwSession,
601 NSSCKFWObject *fwObject
602 )
603 {
604 NSSCKFWCryptoOperation *fwOperation;
605 NSSCKMDCryptoOperation *mdOperation;
606 NSSCKMDSession *mdSession;
607 NSSCKMDObject *mdObject;
608 CK_RV error = CKR_OK;
611 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
612 NSSCKFWCryptoOperationState_SignVerify);
613 if (fwOperation) {
614 return CKR_OPERATION_ACTIVE;
615 }
617 if (!fwMechanism->mdMechanism->SignInit) {
618 return CKR_FUNCTION_FAILED;
619 }
621 mdSession = nssCKFWSession_GetMDSession(fwSession);
622 mdObject = nssCKFWObject_GetMDObject(fwObject);
623 mdOperation = fwMechanism->mdMechanism->SignInit(
624 fwMechanism->mdMechanism,
625 fwMechanism,
626 pMechanism,
627 mdSession,
628 fwSession,
629 fwMechanism->mdToken,
630 fwMechanism->fwToken,
631 fwMechanism->mdInstance,
632 fwMechanism->fwInstance,
633 mdObject,
634 fwObject,
635 &error
636 );
637 if (!mdOperation) {
638 goto loser;
639 }
641 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
642 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
643 fwMechanism->mdInstance, fwMechanism->fwInstance,
644 NSSCKFWCryptoOperationType_Sign, &error);
645 if (fwOperation) {
646 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
647 NSSCKFWCryptoOperationState_SignVerify);
648 }
650 loser:
651 return error;
652 }
654 /*
655 * nssCKFWMechanism_VerifyInit
656 * Start an encryption session.
657 */
658 NSS_EXTERN CK_RV
659 nssCKFWMechanism_VerifyInit
660 (
661 NSSCKFWMechanism *fwMechanism,
662 CK_MECHANISM *pMechanism,
663 NSSCKFWSession *fwSession,
664 NSSCKFWObject *fwObject
665 )
666 {
667 NSSCKFWCryptoOperation *fwOperation;
668 NSSCKMDCryptoOperation *mdOperation;
669 NSSCKMDSession *mdSession;
670 NSSCKMDObject *mdObject;
671 CK_RV error = CKR_OK;
674 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
675 NSSCKFWCryptoOperationState_SignVerify);
676 if (fwOperation) {
677 return CKR_OPERATION_ACTIVE;
678 }
680 if (!fwMechanism->mdMechanism->VerifyInit) {
681 return CKR_FUNCTION_FAILED;
682 }
684 mdSession = nssCKFWSession_GetMDSession(fwSession);
685 mdObject = nssCKFWObject_GetMDObject(fwObject);
686 mdOperation = fwMechanism->mdMechanism->VerifyInit(
687 fwMechanism->mdMechanism,
688 fwMechanism,
689 pMechanism,
690 mdSession,
691 fwSession,
692 fwMechanism->mdToken,
693 fwMechanism->fwToken,
694 fwMechanism->mdInstance,
695 fwMechanism->fwInstance,
696 mdObject,
697 fwObject,
698 &error
699 );
700 if (!mdOperation) {
701 goto loser;
702 }
704 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
705 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
706 fwMechanism->mdInstance, fwMechanism->fwInstance,
707 NSSCKFWCryptoOperationType_Verify, &error);
708 if (fwOperation) {
709 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
710 NSSCKFWCryptoOperationState_SignVerify);
711 }
713 loser:
714 return error;
715 }
717 /*
718 * nssCKFWMechanism_SignRecoverInit
719 * Start an encryption session.
720 */
721 NSS_EXTERN CK_RV
722 nssCKFWMechanism_SignRecoverInit
723 (
724 NSSCKFWMechanism *fwMechanism,
725 CK_MECHANISM *pMechanism,
726 NSSCKFWSession *fwSession,
727 NSSCKFWObject *fwObject
728 )
729 {
730 NSSCKFWCryptoOperation *fwOperation;
731 NSSCKMDCryptoOperation *mdOperation;
732 NSSCKMDSession *mdSession;
733 NSSCKMDObject *mdObject;
734 CK_RV error = CKR_OK;
737 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
738 NSSCKFWCryptoOperationState_SignVerify);
739 if (fwOperation) {
740 return CKR_OPERATION_ACTIVE;
741 }
743 if (!fwMechanism->mdMechanism->SignRecoverInit) {
744 return CKR_FUNCTION_FAILED;
745 }
747 mdSession = nssCKFWSession_GetMDSession(fwSession);
748 mdObject = nssCKFWObject_GetMDObject(fwObject);
749 mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
750 fwMechanism->mdMechanism,
751 fwMechanism,
752 pMechanism,
753 mdSession,
754 fwSession,
755 fwMechanism->mdToken,
756 fwMechanism->fwToken,
757 fwMechanism->mdInstance,
758 fwMechanism->fwInstance,
759 mdObject,
760 fwObject,
761 &error
762 );
763 if (!mdOperation) {
764 goto loser;
765 }
767 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
768 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
769 fwMechanism->mdInstance, fwMechanism->fwInstance,
770 NSSCKFWCryptoOperationType_SignRecover, &error);
771 if (fwOperation) {
772 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
773 NSSCKFWCryptoOperationState_SignVerify);
774 }
776 loser:
777 return error;
778 }
780 /*
781 * nssCKFWMechanism_VerifyRecoverInit
782 * Start an encryption session.
783 */
784 NSS_EXTERN CK_RV
785 nssCKFWMechanism_VerifyRecoverInit
786 (
787 NSSCKFWMechanism *fwMechanism,
788 CK_MECHANISM *pMechanism,
789 NSSCKFWSession *fwSession,
790 NSSCKFWObject *fwObject
791 )
792 {
793 NSSCKFWCryptoOperation *fwOperation;
794 NSSCKMDCryptoOperation *mdOperation;
795 NSSCKMDSession *mdSession;
796 NSSCKMDObject *mdObject;
797 CK_RV error = CKR_OK;
800 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
801 NSSCKFWCryptoOperationState_SignVerify);
802 if (fwOperation) {
803 return CKR_OPERATION_ACTIVE;
804 }
806 if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
807 return CKR_FUNCTION_FAILED;
808 }
810 mdSession = nssCKFWSession_GetMDSession(fwSession);
811 mdObject = nssCKFWObject_GetMDObject(fwObject);
812 mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
813 fwMechanism->mdMechanism,
814 fwMechanism,
815 pMechanism,
816 mdSession,
817 fwSession,
818 fwMechanism->mdToken,
819 fwMechanism->fwToken,
820 fwMechanism->mdInstance,
821 fwMechanism->fwInstance,
822 mdObject,
823 fwObject,
824 &error
825 );
826 if (!mdOperation) {
827 goto loser;
828 }
830 fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
831 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
832 fwMechanism->mdInstance, fwMechanism->fwInstance,
833 NSSCKFWCryptoOperationType_VerifyRecover, &error);
834 if (fwOperation) {
835 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
836 NSSCKFWCryptoOperationState_SignVerify);
837 }
839 loser:
840 return error;
841 }
843 /*
844 * nssCKFWMechanism_GenerateKey
845 */
846 NSS_EXTERN NSSCKFWObject *
847 nssCKFWMechanism_GenerateKey
848 (
849 NSSCKFWMechanism *fwMechanism,
850 CK_MECHANISM_PTR pMechanism,
851 NSSCKFWSession *fwSession,
852 CK_ATTRIBUTE_PTR pTemplate,
853 CK_ULONG ulAttributeCount,
854 CK_RV *pError
855 )
856 {
857 NSSCKMDSession *mdSession;
858 NSSCKMDObject *mdObject;
859 NSSCKFWObject *fwObject = NULL;
860 NSSArena *arena;
862 if (!fwMechanism->mdMechanism->GenerateKey) {
863 *pError = CKR_FUNCTION_FAILED;
864 return (NSSCKFWObject *)NULL;
865 }
867 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
868 if (!arena) {
869 if (CKR_OK == *pError) {
870 *pError = CKR_GENERAL_ERROR;
871 }
872 return (NSSCKFWObject *)NULL;
873 }
875 mdSession = nssCKFWSession_GetMDSession(fwSession);
876 mdObject = fwMechanism->mdMechanism->GenerateKey(
877 fwMechanism->mdMechanism,
878 fwMechanism,
879 pMechanism,
880 mdSession,
881 fwSession,
882 fwMechanism->mdToken,
883 fwMechanism->fwToken,
884 fwMechanism->mdInstance,
885 fwMechanism->fwInstance,
886 pTemplate,
887 ulAttributeCount,
888 pError);
890 if (!mdObject) {
891 return (NSSCKFWObject *)NULL;
892 }
894 fwObject = nssCKFWObject_Create(arena, mdObject,
895 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
897 return fwObject;
898 }
900 /*
901 * nssCKFWMechanism_GenerateKeyPair
902 */
903 NSS_EXTERN CK_RV
904 nssCKFWMechanism_GenerateKeyPair
905 (
906 NSSCKFWMechanism *fwMechanism,
907 CK_MECHANISM_PTR pMechanism,
908 NSSCKFWSession *fwSession,
909 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
910 CK_ULONG ulPublicKeyAttributeCount,
911 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
912 CK_ULONG ulPrivateKeyAttributeCount,
913 NSSCKFWObject **fwPublicKeyObject,
914 NSSCKFWObject **fwPrivateKeyObject
915 )
916 {
917 NSSCKMDSession *mdSession;
918 NSSCKMDObject *mdPublicKeyObject;
919 NSSCKMDObject *mdPrivateKeyObject;
920 NSSArena *arena;
921 CK_RV error = CKR_OK;
923 if (!fwMechanism->mdMechanism->GenerateKeyPair) {
924 return CKR_FUNCTION_FAILED;
925 }
927 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
928 if (!arena) {
929 if (CKR_OK == error) {
930 error = CKR_GENERAL_ERROR;
931 }
932 return error;
933 }
935 mdSession = nssCKFWSession_GetMDSession(fwSession);
936 error = fwMechanism->mdMechanism->GenerateKeyPair(
937 fwMechanism->mdMechanism,
938 fwMechanism,
939 pMechanism,
940 mdSession,
941 fwSession,
942 fwMechanism->mdToken,
943 fwMechanism->fwToken,
944 fwMechanism->mdInstance,
945 fwMechanism->fwInstance,
946 pPublicKeyTemplate,
947 ulPublicKeyAttributeCount,
948 pPrivateKeyTemplate,
949 ulPrivateKeyAttributeCount,
950 &mdPublicKeyObject,
951 &mdPrivateKeyObject);
953 if (CKR_OK != error) {
954 return error;
955 }
957 *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
958 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
959 if (!*fwPublicKeyObject) {
960 return error;
961 }
962 *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
963 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
965 return error;
966 }
968 /*
969 * nssCKFWMechanism_GetWrapKeyLength
970 */
971 NSS_EXTERN CK_ULONG
972 nssCKFWMechanism_GetWrapKeyLength
973 (
974 NSSCKFWMechanism *fwMechanism,
975 CK_MECHANISM_PTR pMechanism,
976 NSSCKFWSession *fwSession,
977 NSSCKFWObject *fwWrappingKeyObject,
978 NSSCKFWObject *fwKeyObject,
979 CK_RV *pError
980 )
981 {
982 NSSCKMDSession *mdSession;
983 NSSCKMDObject *mdWrappingKeyObject;
984 NSSCKMDObject *mdKeyObject;
986 if (!fwMechanism->mdMechanism->WrapKey) {
987 *pError = CKR_FUNCTION_FAILED;
988 return (CK_ULONG) 0;
989 }
991 mdSession = nssCKFWSession_GetMDSession(fwSession);
992 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
993 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
994 return fwMechanism->mdMechanism->GetWrapKeyLength(
995 fwMechanism->mdMechanism,
996 fwMechanism,
997 pMechanism,
998 mdSession,
999 fwSession,
1000 fwMechanism->mdToken,
1001 fwMechanism->fwToken,
1002 fwMechanism->mdInstance,
1003 fwMechanism->fwInstance,
1004 mdWrappingKeyObject,
1005 fwWrappingKeyObject,
1006 mdKeyObject,
1007 fwKeyObject,
1008 pError);
1009 }
1011 /*
1012 * nssCKFWMechanism_WrapKey
1013 */
1014 NSS_EXTERN CK_RV
1015 nssCKFWMechanism_WrapKey
1016 (
1017 NSSCKFWMechanism *fwMechanism,
1018 CK_MECHANISM_PTR pMechanism,
1019 NSSCKFWSession *fwSession,
1020 NSSCKFWObject *fwWrappingKeyObject,
1021 NSSCKFWObject *fwKeyObject,
1022 NSSItem *wrappedKey
1023 )
1024 {
1025 NSSCKMDSession *mdSession;
1026 NSSCKMDObject *mdWrappingKeyObject;
1027 NSSCKMDObject *mdKeyObject;
1029 if (!fwMechanism->mdMechanism->WrapKey) {
1030 return CKR_FUNCTION_FAILED;
1031 }
1033 mdSession = nssCKFWSession_GetMDSession(fwSession);
1034 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
1035 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
1036 return fwMechanism->mdMechanism->WrapKey(
1037 fwMechanism->mdMechanism,
1038 fwMechanism,
1039 pMechanism,
1040 mdSession,
1041 fwSession,
1042 fwMechanism->mdToken,
1043 fwMechanism->fwToken,
1044 fwMechanism->mdInstance,
1045 fwMechanism->fwInstance,
1046 mdWrappingKeyObject,
1047 fwWrappingKeyObject,
1048 mdKeyObject,
1049 fwKeyObject,
1050 wrappedKey);
1051 }
1053 /*
1054 * nssCKFWMechanism_UnwrapKey
1055 */
1056 NSS_EXTERN NSSCKFWObject *
1057 nssCKFWMechanism_UnwrapKey
1058 (
1059 NSSCKFWMechanism *fwMechanism,
1060 CK_MECHANISM_PTR pMechanism,
1061 NSSCKFWSession *fwSession,
1062 NSSCKFWObject *fwWrappingKeyObject,
1063 NSSItem *wrappedKey,
1064 CK_ATTRIBUTE_PTR pTemplate,
1065 CK_ULONG ulAttributeCount,
1066 CK_RV *pError
1067 )
1068 {
1069 NSSCKMDSession *mdSession;
1070 NSSCKMDObject *mdObject;
1071 NSSCKMDObject *mdWrappingKeyObject;
1072 NSSCKFWObject *fwObject = NULL;
1073 NSSArena *arena;
1075 if (!fwMechanism->mdMechanism->UnwrapKey) {
1076 /* we could simulate UnwrapKey using Decrypt and Create object, but
1077 * 1) it's not clear that would work well, and 2) the low level token
1078 * may want to restrict unwrap key for a reason, so just fail it it
1079 * can't be done */
1080 *pError = CKR_FUNCTION_FAILED;
1081 return (NSSCKFWObject *)NULL;
1082 }
1084 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
1085 if (!arena) {
1086 if (CKR_OK == *pError) {
1087 *pError = CKR_GENERAL_ERROR;
1088 }
1089 return (NSSCKFWObject *)NULL;
1090 }
1092 mdSession = nssCKFWSession_GetMDSession(fwSession);
1093 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
1094 mdObject = fwMechanism->mdMechanism->UnwrapKey(
1095 fwMechanism->mdMechanism,
1096 fwMechanism,
1097 pMechanism,
1098 mdSession,
1099 fwSession,
1100 fwMechanism->mdToken,
1101 fwMechanism->fwToken,
1102 fwMechanism->mdInstance,
1103 fwMechanism->fwInstance,
1104 mdWrappingKeyObject,
1105 fwWrappingKeyObject,
1106 wrappedKey,
1107 pTemplate,
1108 ulAttributeCount,
1109 pError);
1111 if (!mdObject) {
1112 return (NSSCKFWObject *)NULL;
1113 }
1115 fwObject = nssCKFWObject_Create(arena, mdObject,
1116 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
1118 return fwObject;
1119 }
1121 /*
1122 * nssCKFWMechanism_DeriveKey
1123 */
1124 NSS_EXTERN NSSCKFWObject *
1125 nssCKFWMechanism_DeriveKey
1126 (
1127 NSSCKFWMechanism *fwMechanism,
1128 CK_MECHANISM_PTR pMechanism,
1129 NSSCKFWSession *fwSession,
1130 NSSCKFWObject *fwBaseKeyObject,
1131 CK_ATTRIBUTE_PTR pTemplate,
1132 CK_ULONG ulAttributeCount,
1133 CK_RV *pError
1134 )
1135 {
1136 NSSCKMDSession *mdSession;
1137 NSSCKMDObject *mdObject;
1138 NSSCKMDObject *mdBaseKeyObject;
1139 NSSCKFWObject *fwObject = NULL;
1140 NSSArena *arena;
1142 if (!fwMechanism->mdMechanism->DeriveKey) {
1143 *pError = CKR_FUNCTION_FAILED;
1144 return (NSSCKFWObject *)NULL;
1145 }
1147 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
1148 if (!arena) {
1149 if (CKR_OK == *pError) {
1150 *pError = CKR_GENERAL_ERROR;
1151 }
1152 return (NSSCKFWObject *)NULL;
1153 }
1155 mdSession = nssCKFWSession_GetMDSession(fwSession);
1156 mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
1157 mdObject = fwMechanism->mdMechanism->DeriveKey(
1158 fwMechanism->mdMechanism,
1159 fwMechanism,
1160 pMechanism,
1161 mdSession,
1162 fwSession,
1163 fwMechanism->mdToken,
1164 fwMechanism->fwToken,
1165 fwMechanism->mdInstance,
1166 fwMechanism->fwInstance,
1167 mdBaseKeyObject,
1168 fwBaseKeyObject,
1169 pTemplate,
1170 ulAttributeCount,
1171 pError);
1173 if (!mdObject) {
1174 return (NSSCKFWObject *)NULL;
1175 }
1177 fwObject = nssCKFWObject_Create(arena, mdObject,
1178 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
1180 return fwObject;
1181 }
