security/nss/lib/ckfw/wrap.c@b8a032363ba2
security/nss/lib/ckfw/wrap.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * wrap.c
7 *
8 * This file contains the routines that actually implement the cryptoki
9 * API, using the internal APIs of the NSS Cryptoki Framework. There is
10 * one routine here for every cryptoki routine. For linking reasons
11 * the actual entry points passed back with C_GetFunctionList have to
12 * exist in one of the Module's source files; however, those are merely
13 * simple wrappers that call these routines. The intelligence of the
14 * implementations is here.
15 */
17 #ifndef CK_T
18 #include "ck.h"
19 #endif /* CK_T */
21 /*
22 * NSSCKFWC_Initialize
23 * NSSCKFWC_Finalize
24 * NSSCKFWC_GetInfo
25 * -- NSSCKFWC_GetFunctionList -- see the API insert file
26 * NSSCKFWC_GetSlotList
27 * NSSCKFWC_GetSlotInfo
28 * NSSCKFWC_GetTokenInfo
29 * NSSCKFWC_WaitForSlotEvent
30 * NSSCKFWC_GetMechanismList
31 * NSSCKFWC_GetMechanismInfo
32 * NSSCKFWC_InitToken
33 * NSSCKFWC_InitPIN
34 * NSSCKFWC_SetPIN
35 * NSSCKFWC_OpenSession
36 * NSSCKFWC_CloseSession
37 * NSSCKFWC_CloseAllSessions
38 * NSSCKFWC_GetSessionInfo
39 * NSSCKFWC_GetOperationState
40 * NSSCKFWC_SetOperationState
41 * NSSCKFWC_Login
42 * NSSCKFWC_Logout
43 * NSSCKFWC_CreateObject
44 * NSSCKFWC_CopyObject
45 * NSSCKFWC_DestroyObject
46 * NSSCKFWC_GetObjectSize
47 * NSSCKFWC_GetAttributeValue
48 * NSSCKFWC_SetAttributeValue
49 * NSSCKFWC_FindObjectsInit
50 * NSSCKFWC_FindObjects
51 * NSSCKFWC_FindObjectsFinal
52 * NSSCKFWC_EncryptInit
53 * NSSCKFWC_Encrypt
54 * NSSCKFWC_EncryptUpdate
55 * NSSCKFWC_EncryptFinal
56 * NSSCKFWC_DecryptInit
57 * NSSCKFWC_Decrypt
58 * NSSCKFWC_DecryptUpdate
59 * NSSCKFWC_DecryptFinal
60 * NSSCKFWC_DigestInit
61 * NSSCKFWC_Digest
62 * NSSCKFWC_DigestUpdate
63 * NSSCKFWC_DigestKey
64 * NSSCKFWC_DigestFinal
65 * NSSCKFWC_SignInit
66 * NSSCKFWC_Sign
67 * NSSCKFWC_SignUpdate
68 * NSSCKFWC_SignFinal
69 * NSSCKFWC_SignRecoverInit
70 * NSSCKFWC_SignRecover
71 * NSSCKFWC_VerifyInit
72 * NSSCKFWC_Verify
73 * NSSCKFWC_VerifyUpdate
74 * NSSCKFWC_VerifyFinal
75 * NSSCKFWC_VerifyRecoverInit
76 * NSSCKFWC_VerifyRecover
77 * NSSCKFWC_DigestEncryptUpdate
78 * NSSCKFWC_DecryptDigestUpdate
79 * NSSCKFWC_SignEncryptUpdate
80 * NSSCKFWC_DecryptVerifyUpdate
81 * NSSCKFWC_GenerateKey
82 * NSSCKFWC_GenerateKeyPair
83 * NSSCKFWC_WrapKey
84 * NSSCKFWC_UnwrapKey
85 * NSSCKFWC_DeriveKey
86 * NSSCKFWC_SeedRandom
87 * NSSCKFWC_GenerateRandom
88 * NSSCKFWC_GetFunctionStatus
89 * NSSCKFWC_CancelFunction
90 */
92 /* figure out out locking semantics */
93 static CK_RV
94 nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
95 CryptokiLockingState *pLocking_state) {
96 int functionCount = 0;
98 /* parsed according to (PKCS #11 Section 11.4) */
99 /* no args, the degenerate version of case 1 */
100 if (!pInitArgs) {
101 *pLocking_state = SingleThreaded;
102 return CKR_OK;
103 }
105 /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
106 if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
107 *pLocking_state = MultiThreaded;
108 return CKR_OK;
109 }
110 if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++;
111 if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++;
112 if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++;
113 if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++;
115 /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
116 * explicit case 1 */
117 if (0 == functionCount) {
118 *pLocking_state = SingleThreaded;
119 return CKR_OK;
120 }
122 /* OS_LOCKING_OK is not set and functions have been supplied. Since
123 * ckfw uses nssbase library which explicitly calls NSPR, and since
124 * there is no way to reliably override these explicit calls to NSPR,
125 * therefore we can't support applications which have their own threading
126 * module. Return CKR_CANT_LOCK if they supplied the correct number of
127 * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
128 * fail the initialize */
129 return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
130 }
132 static PRInt32 liveInstances;
134 /*
135 * NSSCKFWC_Initialize
136 *
137 */
138 NSS_IMPLEMENT CK_RV
139 NSSCKFWC_Initialize
140 (
141 NSSCKFWInstance **pFwInstance,
142 NSSCKMDInstance *mdInstance,
143 CK_VOID_PTR pInitArgs
144 )
145 {
146 CK_RV error = CKR_OK;
147 CryptokiLockingState locking_state;
149 if( (NSSCKFWInstance **)NULL == pFwInstance ) {
150 error = CKR_GENERAL_ERROR;
151 goto loser;
152 }
154 if (*pFwInstance) {
155 error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
156 goto loser;
157 }
159 if (!mdInstance) {
160 error = CKR_GENERAL_ERROR;
161 goto loser;
162 }
164 error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state);
165 if( CKR_OK != error ) {
166 goto loser;
167 }
169 *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
170 if (!*pFwInstance) {
171 goto loser;
172 }
173 PR_ATOMIC_INCREMENT(&liveInstances);
174 return CKR_OK;
176 loser:
177 switch( error ) {
178 case CKR_ARGUMENTS_BAD:
179 case CKR_CANT_LOCK:
180 case CKR_CRYPTOKI_ALREADY_INITIALIZED:
181 case CKR_FUNCTION_FAILED:
182 case CKR_GENERAL_ERROR:
183 case CKR_HOST_MEMORY:
184 case CKR_NEED_TO_CREATE_THREADS:
185 break;
186 default:
187 case CKR_OK:
188 error = CKR_GENERAL_ERROR;
189 break;
190 }
192 return error;
193 }
195 /*
196 * NSSCKFWC_Finalize
197 *
198 */
199 NSS_IMPLEMENT CK_RV
200 NSSCKFWC_Finalize
201 (
202 NSSCKFWInstance **pFwInstance
203 )
204 {
205 CK_RV error = CKR_OK;
207 if( (NSSCKFWInstance **)NULL == pFwInstance ) {
208 error = CKR_GENERAL_ERROR;
209 goto loser;
210 }
212 if (!*pFwInstance) {
213 error = CKR_CRYPTOKI_NOT_INITIALIZED;
214 goto loser;
215 }
217 error = nssCKFWInstance_Destroy(*pFwInstance);
219 /* In any case */
220 *pFwInstance = (NSSCKFWInstance *)NULL;
222 loser:
223 switch( error ) {
224 PRInt32 remainingInstances;
225 case CKR_OK:
226 remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
227 if (!remainingInstances) {
228 nssArena_Shutdown();
229 }
230 break;
231 case CKR_CRYPTOKI_NOT_INITIALIZED:
232 case CKR_FUNCTION_FAILED:
233 case CKR_GENERAL_ERROR:
234 case CKR_HOST_MEMORY:
235 break;
236 default:
237 error = CKR_GENERAL_ERROR;
238 break;
239 }
241 /*
242 * A thread's error stack is automatically destroyed when the thread
243 * terminates or, for the primordial thread, by PR_Cleanup. On
244 * Windows with MinGW, the thread private data destructor PR_Free
245 * registered by this module is actually a thunk for PR_Free defined
246 * in this module. When the thread that unloads this module terminates
247 * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
248 * module. Therefore we need to destroy the error stack before the
249 * module is unloaded.
250 */
251 nss_DestroyErrorStack();
252 return error;
253 }
255 /*
256 * NSSCKFWC_GetInfo
257 *
258 */
259 NSS_IMPLEMENT CK_RV
260 NSSCKFWC_GetInfo
261 (
262 NSSCKFWInstance *fwInstance,
263 CK_INFO_PTR pInfo
264 )
265 {
266 CK_RV error = CKR_OK;
268 if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
269 error = CKR_ARGUMENTS_BAD;
270 goto loser;
271 }
273 /*
274 * A purify error here means a caller error
275 */
276 (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
278 pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
280 error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
281 if( CKR_OK != error ) {
282 goto loser;
283 }
285 pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
287 error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
288 if( CKR_OK != error ) {
289 goto loser;
290 }
292 pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
294 return CKR_OK;
296 loser:
297 switch( error ) {
298 case CKR_CRYPTOKI_NOT_INITIALIZED:
299 case CKR_FUNCTION_FAILED:
300 case CKR_GENERAL_ERROR:
301 case CKR_HOST_MEMORY:
302 break;
303 default:
304 error = CKR_GENERAL_ERROR;
305 break;
306 }
308 return error;
309 }
311 /*
312 * C_GetFunctionList is implemented entirely in the Module's file which
313 * includes the Framework API insert file. It requires no "actual"
314 * NSSCKFW routine.
315 */
317 /*
318 * NSSCKFWC_GetSlotList
319 *
320 */
321 NSS_IMPLEMENT CK_RV
322 NSSCKFWC_GetSlotList
323 (
324 NSSCKFWInstance *fwInstance,
325 CK_BBOOL tokenPresent,
326 CK_SLOT_ID_PTR pSlotList,
327 CK_ULONG_PTR pulCount
328 )
329 {
330 CK_RV error = CKR_OK;
331 CK_ULONG nSlots;
333 if (!fwInstance) {
334 error = CKR_CRYPTOKI_NOT_INITIALIZED;
335 goto loser;
336 }
338 switch( tokenPresent ) {
339 case CK_TRUE:
340 case CK_FALSE:
341 break;
342 default:
343 error = CKR_ARGUMENTS_BAD;
344 goto loser;
345 }
347 if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
348 error = CKR_ARGUMENTS_BAD;
349 goto loser;
350 }
352 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
353 if( (CK_ULONG)0 == nSlots ) {
354 goto loser;
355 }
357 if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
358 *pulCount = nSlots;
359 return CKR_OK;
360 }
362 /*
363 * A purify error here indicates caller error.
364 */
365 (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
367 if( *pulCount < nSlots ) {
368 *pulCount = nSlots;
369 error = CKR_BUFFER_TOO_SMALL;
370 goto loser;
371 } else {
372 CK_ULONG i;
373 *pulCount = nSlots;
375 /*
376 * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
377 * just index one when we need it.
378 */
380 for( i = 0; i < nSlots; i++ ) {
381 pSlotList[i] = i+1;
382 }
384 return CKR_OK;
385 }
387 loser:
388 switch( error ) {
389 case CKR_BUFFER_TOO_SMALL:
390 case CKR_CRYPTOKI_NOT_INITIALIZED:
391 case CKR_FUNCTION_FAILED:
392 case CKR_GENERAL_ERROR:
393 case CKR_HOST_MEMORY:
394 break;
395 default:
396 case CKR_OK:
397 error = CKR_GENERAL_ERROR;
398 break;
399 }
401 return error;
402 }
404 /*
405 * NSSCKFWC_GetSlotInfo
406 *
407 */
408 NSS_IMPLEMENT CK_RV
409 NSSCKFWC_GetSlotInfo
410 (
411 NSSCKFWInstance *fwInstance,
412 CK_SLOT_ID slotID,
413 CK_SLOT_INFO_PTR pInfo
414 )
415 {
416 CK_RV error = CKR_OK;
417 CK_ULONG nSlots;
418 NSSCKFWSlot **slots;
419 NSSCKFWSlot *fwSlot;
421 if (!fwInstance) {
422 error = CKR_CRYPTOKI_NOT_INITIALIZED;
423 goto loser;
424 }
426 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
427 if( (CK_ULONG)0 == nSlots ) {
428 goto loser;
429 }
431 if( (slotID < 1) || (slotID > nSlots) ) {
432 error = CKR_SLOT_ID_INVALID;
433 goto loser;
434 }
436 if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
437 error = CKR_ARGUMENTS_BAD;
438 goto loser;
439 }
441 /*
442 * A purify error here indicates caller error.
443 */
444 (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
446 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
447 if( (NSSCKFWSlot **)NULL == slots ) {
448 goto loser;
449 }
451 fwSlot = slots[ slotID-1 ];
453 error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
454 if( CKR_OK != error ) {
455 goto loser;
456 }
458 error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
459 if( CKR_OK != error ) {
460 goto loser;
461 }
463 if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
464 pInfo->flags |= CKF_TOKEN_PRESENT;
465 }
467 if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
468 pInfo->flags |= CKF_REMOVABLE_DEVICE;
469 }
471 if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
472 pInfo->flags |= CKF_HW_SLOT;
473 }
475 pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
476 pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
478 return CKR_OK;
480 loser:
481 switch( error ) {
482 case CKR_CRYPTOKI_NOT_INITIALIZED:
483 case CKR_DEVICE_ERROR:
484 case CKR_FUNCTION_FAILED:
485 case CKR_GENERAL_ERROR:
486 case CKR_HOST_MEMORY:
487 case CKR_SLOT_ID_INVALID:
488 break;
489 default:
490 case CKR_OK:
491 error = CKR_GENERAL_ERROR;
492 }
494 return error;
495 }
497 /*
498 * NSSCKFWC_GetTokenInfo
499 *
500 */
501 NSS_IMPLEMENT CK_RV
502 NSSCKFWC_GetTokenInfo
503 (
504 NSSCKFWInstance *fwInstance,
505 CK_SLOT_ID slotID,
506 CK_TOKEN_INFO_PTR pInfo
507 )
508 {
509 CK_RV error = CKR_OK;
510 CK_ULONG nSlots;
511 NSSCKFWSlot **slots;
512 NSSCKFWSlot *fwSlot;
513 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
515 if (!fwInstance) {
516 error = CKR_CRYPTOKI_NOT_INITIALIZED;
517 goto loser;
518 }
520 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
521 if( (CK_ULONG)0 == nSlots ) {
522 goto loser;
523 }
525 if( (slotID < 1) || (slotID > nSlots) ) {
526 error = CKR_SLOT_ID_INVALID;
527 goto loser;
528 }
530 if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
531 error = CKR_ARGUMENTS_BAD;
532 goto loser;
533 }
535 /*
536 * A purify error here indicates caller error.
537 */
538 (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
540 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
541 if( (NSSCKFWSlot **)NULL == slots ) {
542 goto loser;
543 }
545 fwSlot = slots[ slotID-1 ];
547 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
548 error = CKR_TOKEN_NOT_PRESENT;
549 goto loser;
550 }
552 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
553 if (!fwToken) {
554 goto loser;
555 }
557 error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
558 if( CKR_OK != error ) {
559 goto loser;
560 }
562 error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
563 if( CKR_OK != error ) {
564 goto loser;
565 }
567 error = nssCKFWToken_GetModel(fwToken, pInfo->model);
568 if( CKR_OK != error ) {
569 goto loser;
570 }
572 error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
573 if( CKR_OK != error ) {
574 goto loser;
575 }
577 if( nssCKFWToken_GetHasRNG(fwToken) ) {
578 pInfo->flags |= CKF_RNG;
579 }
581 if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
582 pInfo->flags |= CKF_WRITE_PROTECTED;
583 }
585 if( nssCKFWToken_GetLoginRequired(fwToken) ) {
586 pInfo->flags |= CKF_LOGIN_REQUIRED;
587 }
589 if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
590 pInfo->flags |= CKF_USER_PIN_INITIALIZED;
591 }
593 if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
594 pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
595 }
597 if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
598 pInfo->flags |= CKF_CLOCK_ON_TOKEN;
599 }
601 if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
602 pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
603 }
605 if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
606 pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
607 }
609 pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
610 pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
611 pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
612 pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
613 pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
614 pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
615 pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
616 pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
617 pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
618 pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
619 pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
620 pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
622 error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
623 if( CKR_OK != error ) {
624 goto loser;
625 }
627 return CKR_OK;
629 loser:
630 switch( error ) {
631 case CKR_DEVICE_REMOVED:
632 case CKR_TOKEN_NOT_PRESENT:
633 if (fwToken)
634 nssCKFWToken_Destroy(fwToken);
635 break;
636 case CKR_CRYPTOKI_NOT_INITIALIZED:
637 case CKR_DEVICE_ERROR:
638 case CKR_DEVICE_MEMORY:
639 case CKR_FUNCTION_FAILED:
640 case CKR_GENERAL_ERROR:
641 case CKR_HOST_MEMORY:
642 case CKR_SLOT_ID_INVALID:
643 case CKR_TOKEN_NOT_RECOGNIZED:
644 break;
645 default:
646 case CKR_OK:
647 error = CKR_GENERAL_ERROR;
648 break;
649 }
651 return error;
652 }
654 /*
655 * NSSCKFWC_WaitForSlotEvent
656 *
657 */
658 NSS_IMPLEMENT CK_RV
659 NSSCKFWC_WaitForSlotEvent
660 (
661 NSSCKFWInstance *fwInstance,
662 CK_FLAGS flags,
663 CK_SLOT_ID_PTR pSlot,
664 CK_VOID_PTR pReserved
665 )
666 {
667 CK_RV error = CKR_OK;
668 CK_ULONG nSlots;
669 CK_BBOOL block;
670 NSSCKFWSlot **slots;
671 NSSCKFWSlot *fwSlot;
672 CK_ULONG i;
674 if (!fwInstance) {
675 error = CKR_CRYPTOKI_NOT_INITIALIZED;
676 goto loser;
677 }
679 if( flags & ~CKF_DONT_BLOCK ) {
680 error = CKR_ARGUMENTS_BAD;
681 goto loser;
682 }
684 block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
686 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
687 if( (CK_ULONG)0 == nSlots ) {
688 goto loser;
689 }
691 if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
692 error = CKR_ARGUMENTS_BAD;
693 goto loser;
694 }
696 if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
697 error = CKR_ARGUMENTS_BAD;
698 goto loser;
699 }
701 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
702 if( (NSSCKFWSlot **)NULL == slots ) {
703 goto loser;
704 }
706 fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
707 if (!fwSlot) {
708 goto loser;
709 }
711 for( i = 0; i < nSlots; i++ ) {
712 if( fwSlot == slots[i] ) {
713 *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
714 return CKR_OK;
715 }
716 }
718 error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
720 loser:
721 switch( error ) {
722 case CKR_CRYPTOKI_NOT_INITIALIZED:
723 case CKR_FUNCTION_FAILED:
724 case CKR_GENERAL_ERROR:
725 case CKR_HOST_MEMORY:
726 case CKR_NO_EVENT:
727 break;
728 default:
729 case CKR_OK:
730 error = CKR_GENERAL_ERROR;
731 break;
732 }
734 return error;
735 }
737 /*
738 * NSSCKFWC_GetMechanismList
739 *
740 */
741 NSS_IMPLEMENT CK_RV
742 NSSCKFWC_GetMechanismList
743 (
744 NSSCKFWInstance *fwInstance,
745 CK_SLOT_ID slotID,
746 CK_MECHANISM_TYPE_PTR pMechanismList,
747 CK_ULONG_PTR pulCount
748 )
749 {
750 CK_RV error = CKR_OK;
751 CK_ULONG nSlots;
752 NSSCKFWSlot **slots;
753 NSSCKFWSlot *fwSlot;
754 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
755 CK_ULONG count;
757 if (!fwInstance) {
758 error = CKR_CRYPTOKI_NOT_INITIALIZED;
759 goto loser;
760 }
762 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
763 if( (CK_ULONG)0 == nSlots ) {
764 goto loser;
765 }
767 if( (slotID < 1) || (slotID > nSlots) ) {
768 error = CKR_SLOT_ID_INVALID;
769 goto loser;
770 }
772 if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
773 error = CKR_ARGUMENTS_BAD;
774 goto loser;
775 }
777 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
778 if( (NSSCKFWSlot **)NULL == slots ) {
779 goto loser;
780 }
782 fwSlot = slots[ slotID-1 ];
784 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
785 error = CKR_TOKEN_NOT_PRESENT;
786 goto loser;
787 }
789 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
790 if (!fwToken) {
791 goto loser;
792 }
794 count = nssCKFWToken_GetMechanismCount(fwToken);
796 if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
797 *pulCount = count;
798 return CKR_OK;
799 }
801 if( *pulCount < count ) {
802 *pulCount = count;
803 error = CKR_BUFFER_TOO_SMALL;
804 goto loser;
805 }
807 /*
808 * A purify error here indicates caller error.
809 */
810 (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
812 *pulCount = count;
814 if( 0 != count ) {
815 error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
816 } else {
817 error = CKR_OK;
818 }
820 if( CKR_OK == error ) {
821 return CKR_OK;
822 }
824 loser:
825 switch( error ) {
826 case CKR_DEVICE_REMOVED:
827 case CKR_TOKEN_NOT_PRESENT:
828 if (fwToken)
829 nssCKFWToken_Destroy(fwToken);
830 break;
831 case CKR_ARGUMENTS_BAD:
832 case CKR_BUFFER_TOO_SMALL:
833 case CKR_CRYPTOKI_NOT_INITIALIZED:
834 case CKR_DEVICE_ERROR:
835 case CKR_DEVICE_MEMORY:
836 case CKR_FUNCTION_FAILED:
837 case CKR_GENERAL_ERROR:
838 case CKR_HOST_MEMORY:
839 case CKR_SLOT_ID_INVALID:
840 case CKR_TOKEN_NOT_RECOGNIZED:
841 break;
842 default:
843 case CKR_OK:
844 error = CKR_GENERAL_ERROR;
845 break;
846 }
848 return error;
849 }
851 /*
852 * NSSCKFWC_GetMechanismInfo
853 *
854 */
855 NSS_IMPLEMENT CK_RV
856 NSSCKFWC_GetMechanismInfo
857 (
858 NSSCKFWInstance *fwInstance,
859 CK_SLOT_ID slotID,
860 CK_MECHANISM_TYPE type,
861 CK_MECHANISM_INFO_PTR pInfo
862 )
863 {
864 CK_RV error = CKR_OK;
865 CK_ULONG nSlots;
866 NSSCKFWSlot **slots;
867 NSSCKFWSlot *fwSlot;
868 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
869 NSSCKFWMechanism *fwMechanism;
871 if (!fwInstance) {
872 error = CKR_CRYPTOKI_NOT_INITIALIZED;
873 goto loser;
874 }
876 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
877 if( (CK_ULONG)0 == nSlots ) {
878 goto loser;
879 }
881 if( (slotID < 1) || (slotID > nSlots) ) {
882 error = CKR_SLOT_ID_INVALID;
883 goto loser;
884 }
886 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
887 if( (NSSCKFWSlot **)NULL == slots ) {
888 goto loser;
889 }
891 fwSlot = slots[ slotID-1 ];
893 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
894 error = CKR_TOKEN_NOT_PRESENT;
895 goto loser;
896 }
898 if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
899 error = CKR_ARGUMENTS_BAD;
900 goto loser;
901 }
903 /*
904 * A purify error here indicates caller error.
905 */
906 (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
908 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
909 if (!fwToken) {
910 goto loser;
911 }
913 fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
914 if (!fwMechanism) {
915 goto loser;
916 }
918 pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
919 pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
921 if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) {
922 pInfo->flags |= CKF_HW;
923 }
924 if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) {
925 pInfo->flags |= CKF_ENCRYPT;
926 }
927 if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) {
928 pInfo->flags |= CKF_DECRYPT;
929 }
930 if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) {
931 pInfo->flags |= CKF_DIGEST;
932 }
933 if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) {
934 pInfo->flags |= CKF_SIGN;
935 }
936 if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) {
937 pInfo->flags |= CKF_SIGN_RECOVER;
938 }
939 if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) {
940 pInfo->flags |= CKF_VERIFY;
941 }
942 if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) {
943 pInfo->flags |= CKF_VERIFY_RECOVER;
944 }
945 if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) {
946 pInfo->flags |= CKF_GENERATE;
947 }
948 if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) {
949 pInfo->flags |= CKF_GENERATE_KEY_PAIR;
950 }
951 if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) {
952 pInfo->flags |= CKF_WRAP;
953 }
954 if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) {
955 pInfo->flags |= CKF_UNWRAP;
956 }
957 if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) {
958 pInfo->flags |= CKF_DERIVE;
959 }
960 nssCKFWMechanism_Destroy(fwMechanism);
962 return error;
964 loser:
965 switch( error ) {
966 case CKR_DEVICE_REMOVED:
967 case CKR_TOKEN_NOT_PRESENT:
968 if (fwToken)
969 nssCKFWToken_Destroy(fwToken);
970 break;
971 case CKR_ARGUMENTS_BAD:
972 case CKR_CRYPTOKI_NOT_INITIALIZED:
973 case CKR_DEVICE_ERROR:
974 case CKR_DEVICE_MEMORY:
975 case CKR_FUNCTION_FAILED:
976 case CKR_GENERAL_ERROR:
977 case CKR_HOST_MEMORY:
978 case CKR_MECHANISM_INVALID:
979 case CKR_SLOT_ID_INVALID:
980 case CKR_TOKEN_NOT_RECOGNIZED:
981 break;
982 default:
983 case CKR_OK:
984 error = CKR_GENERAL_ERROR;
985 break;
986 }
988 return error;
989 }
991 /*
992 * NSSCKFWC_InitToken
993 *
994 */
995 NSS_IMPLEMENT CK_RV
996 NSSCKFWC_InitToken
997 (
998 NSSCKFWInstance *fwInstance,
999 CK_SLOT_ID slotID,
1000 CK_CHAR_PTR pPin,
1001 CK_ULONG ulPinLen,
1002 CK_CHAR_PTR pLabel
1003 )
1004 {
1005 CK_RV error = CKR_OK;
1006 CK_ULONG nSlots;
1007 NSSCKFWSlot **slots;
1008 NSSCKFWSlot *fwSlot;
1009 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
1010 NSSItem pin;
1011 NSSUTF8 *label;
1013 if (!fwInstance) {
1014 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1015 goto loser;
1016 }
1018 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
1019 if( (CK_ULONG)0 == nSlots ) {
1020 goto loser;
1021 }
1023 if( (slotID < 1) || (slotID > nSlots) ) {
1024 error = CKR_SLOT_ID_INVALID;
1025 goto loser;
1026 }
1028 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
1029 if( (NSSCKFWSlot **)NULL == slots ) {
1030 goto loser;
1031 }
1033 fwSlot = slots[ slotID-1 ];
1035 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
1036 error = CKR_TOKEN_NOT_PRESENT;
1037 goto loser;
1038 }
1040 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
1041 if (!fwToken) {
1042 goto loser;
1043 }
1045 pin.size = (PRUint32)ulPinLen;
1046 pin.data = (void *)pPin;
1047 label = (NSSUTF8 *)pLabel; /* identity conversion */
1049 error = nssCKFWToken_InitToken(fwToken, &pin, label);
1050 if( CKR_OK != error ) {
1051 goto loser;
1052 }
1054 return CKR_OK;
1056 loser:
1057 switch( error ) {
1058 case CKR_DEVICE_REMOVED:
1059 case CKR_TOKEN_NOT_PRESENT:
1060 if (fwToken)
1061 nssCKFWToken_Destroy(fwToken);
1062 break;
1063 case CKR_ARGUMENTS_BAD:
1064 case CKR_CRYPTOKI_NOT_INITIALIZED:
1065 case CKR_DEVICE_ERROR:
1066 case CKR_DEVICE_MEMORY:
1067 case CKR_FUNCTION_FAILED:
1068 case CKR_GENERAL_ERROR:
1069 case CKR_HOST_MEMORY:
1070 case CKR_PIN_INCORRECT:
1071 case CKR_PIN_LOCKED:
1072 case CKR_SESSION_EXISTS:
1073 case CKR_SLOT_ID_INVALID:
1074 case CKR_TOKEN_NOT_RECOGNIZED:
1075 case CKR_TOKEN_WRITE_PROTECTED:
1076 break;
1077 default:
1078 case CKR_OK:
1079 error = CKR_GENERAL_ERROR;
1080 break;
1081 }
1083 return error;
1084 }
1086 /*
1087 * NSSCKFWC_InitPIN
1088 *
1089 */
1090 NSS_IMPLEMENT CK_RV
1091 NSSCKFWC_InitPIN
1092 (
1093 NSSCKFWInstance *fwInstance,
1094 CK_SESSION_HANDLE hSession,
1095 CK_CHAR_PTR pPin,
1096 CK_ULONG ulPinLen
1097 )
1098 {
1099 CK_RV error = CKR_OK;
1100 NSSCKFWSession *fwSession;
1101 NSSItem pin, *arg;
1103 if (!fwInstance) {
1104 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1105 goto loser;
1106 }
1108 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1109 if (!fwSession) {
1110 error = CKR_SESSION_HANDLE_INVALID;
1111 goto loser;
1112 }
1114 if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
1115 arg = (NSSItem *)NULL;
1116 } else {
1117 arg = &pin;
1118 pin.size = (PRUint32)ulPinLen;
1119 pin.data = (void *)pPin;
1120 }
1122 error = nssCKFWSession_InitPIN(fwSession, arg);
1123 if( CKR_OK != error ) {
1124 goto loser;
1125 }
1127 return CKR_OK;
1129 loser:
1130 switch( error ) {
1131 case CKR_SESSION_CLOSED:
1132 /* destroy session? */
1133 break;
1134 case CKR_DEVICE_REMOVED:
1135 /* (void)nssCKFWToken_Destroy(fwToken); */
1136 break;
1137 case CKR_ARGUMENTS_BAD:
1138 case CKR_CRYPTOKI_NOT_INITIALIZED:
1139 case CKR_DEVICE_ERROR:
1140 case CKR_DEVICE_MEMORY:
1141 case CKR_FUNCTION_FAILED:
1142 case CKR_GENERAL_ERROR:
1143 case CKR_HOST_MEMORY:
1144 case CKR_PIN_INVALID:
1145 case CKR_PIN_LEN_RANGE:
1146 case CKR_SESSION_READ_ONLY:
1147 case CKR_SESSION_HANDLE_INVALID:
1148 case CKR_TOKEN_WRITE_PROTECTED:
1149 case CKR_USER_NOT_LOGGED_IN:
1150 break;
1151 default:
1152 case CKR_OK:
1153 error = CKR_GENERAL_ERROR;
1154 break;
1155 }
1157 return error;
1158 }
1160 /*
1161 * NSSCKFWC_SetPIN
1162 *
1163 */
1164 NSS_IMPLEMENT CK_RV
1165 NSSCKFWC_SetPIN
1166 (
1167 NSSCKFWInstance *fwInstance,
1168 CK_SESSION_HANDLE hSession,
1169 CK_CHAR_PTR pOldPin,
1170 CK_ULONG ulOldLen,
1171 CK_CHAR_PTR pNewPin,
1172 CK_ULONG ulNewLen
1173 )
1174 {
1175 CK_RV error = CKR_OK;
1176 NSSCKFWSession *fwSession;
1177 NSSItem oldPin, newPin, *oldArg, *newArg;
1179 if (!fwInstance) {
1180 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1181 goto loser;
1182 }
1184 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1185 if (!fwSession) {
1186 error = CKR_SESSION_HANDLE_INVALID;
1187 goto loser;
1188 }
1190 if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
1191 oldArg = (NSSItem *)NULL;
1192 } else {
1193 oldArg = &oldPin;
1194 oldPin.size = (PRUint32)ulOldLen;
1195 oldPin.data = (void *)pOldPin;
1196 }
1198 if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
1199 newArg = (NSSItem *)NULL;
1200 } else {
1201 newArg = &newPin;
1202 newPin.size = (PRUint32)ulNewLen;
1203 newPin.data = (void *)pNewPin;
1204 }
1206 error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
1207 if( CKR_OK != error ) {
1208 goto loser;
1209 }
1211 return CKR_OK;
1213 loser:
1214 switch( error ) {
1215 case CKR_SESSION_CLOSED:
1216 /* destroy session? */
1217 break;
1218 case CKR_DEVICE_REMOVED:
1219 /* (void)nssCKFWToken_Destroy(fwToken); */
1220 break;
1221 case CKR_ARGUMENTS_BAD:
1222 case CKR_CRYPTOKI_NOT_INITIALIZED:
1223 case CKR_DEVICE_ERROR:
1224 case CKR_DEVICE_MEMORY:
1225 case CKR_FUNCTION_FAILED:
1226 case CKR_GENERAL_ERROR:
1227 case CKR_HOST_MEMORY:
1228 case CKR_PIN_INCORRECT:
1229 case CKR_PIN_INVALID:
1230 case CKR_PIN_LEN_RANGE:
1231 case CKR_PIN_LOCKED:
1232 case CKR_SESSION_HANDLE_INVALID:
1233 case CKR_SESSION_READ_ONLY:
1234 case CKR_TOKEN_WRITE_PROTECTED:
1235 break;
1236 default:
1237 case CKR_OK:
1238 error = CKR_GENERAL_ERROR;
1239 break;
1240 }
1242 return error;
1243 }
1245 /*
1246 * NSSCKFWC_OpenSession
1247 *
1248 */
1249 NSS_IMPLEMENT CK_RV
1250 NSSCKFWC_OpenSession
1251 (
1252 NSSCKFWInstance *fwInstance,
1253 CK_SLOT_ID slotID,
1254 CK_FLAGS flags,
1255 CK_VOID_PTR pApplication,
1256 CK_NOTIFY Notify,
1257 CK_SESSION_HANDLE_PTR phSession
1258 )
1259 {
1260 CK_RV error = CKR_OK;
1261 CK_ULONG nSlots;
1262 NSSCKFWSlot **slots;
1263 NSSCKFWSlot *fwSlot;
1264 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
1265 NSSCKFWSession *fwSession;
1266 CK_BBOOL rw;
1268 if (!fwInstance) {
1269 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1270 goto loser;
1271 }
1273 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
1274 if( (CK_ULONG)0 == nSlots ) {
1275 goto loser;
1276 }
1278 if( (slotID < 1) || (slotID > nSlots) ) {
1279 error = CKR_SLOT_ID_INVALID;
1280 goto loser;
1281 }
1283 if( flags & CKF_RW_SESSION ) {
1284 rw = CK_TRUE;
1285 } else {
1286 rw = CK_FALSE;
1287 }
1289 if( flags & CKF_SERIAL_SESSION ) {
1290 ;
1291 } else {
1292 error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
1293 goto loser;
1294 }
1296 if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
1297 error = CKR_ARGUMENTS_BAD;
1298 goto loser;
1299 }
1301 if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
1302 error = CKR_ARGUMENTS_BAD;
1303 goto loser;
1304 }
1306 /*
1307 * A purify error here indicates caller error.
1308 */
1309 *phSession = (CK_SESSION_HANDLE)0;
1311 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
1312 if( (NSSCKFWSlot **)NULL == slots ) {
1313 goto loser;
1314 }
1316 fwSlot = slots[ slotID-1 ];
1318 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
1319 error = CKR_TOKEN_NOT_PRESENT;
1320 goto loser;
1321 }
1323 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
1324 if (!fwToken) {
1325 goto loser;
1326 }
1328 fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
1329 Notify, &error);
1330 if (!fwSession) {
1331 goto loser;
1332 }
1334 *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
1335 fwSession, &error);
1336 if( (CK_SESSION_HANDLE)0 == *phSession ) {
1337 goto loser;
1338 }
1340 return CKR_OK;
1342 loser:
1343 switch( error ) {
1344 case CKR_SESSION_CLOSED:
1345 /* destroy session? */
1346 break;
1347 case CKR_DEVICE_REMOVED:
1348 /* (void)nssCKFWToken_Destroy(fwToken); */
1349 break;
1350 case CKR_CRYPTOKI_NOT_INITIALIZED:
1351 case CKR_DEVICE_ERROR:
1352 case CKR_DEVICE_MEMORY:
1353 case CKR_FUNCTION_FAILED:
1354 case CKR_GENERAL_ERROR:
1355 case CKR_HOST_MEMORY:
1356 case CKR_SESSION_COUNT:
1357 case CKR_SESSION_EXISTS:
1358 case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
1359 case CKR_SESSION_READ_WRITE_SO_EXISTS:
1360 case CKR_SLOT_ID_INVALID:
1361 case CKR_TOKEN_NOT_PRESENT:
1362 case CKR_TOKEN_NOT_RECOGNIZED:
1363 case CKR_TOKEN_WRITE_PROTECTED:
1364 break;
1365 default:
1366 case CKR_OK:
1367 error = CKR_GENERAL_ERROR;
1368 break;
1369 }
1371 return error;
1372 }
1374 /*
1375 * NSSCKFWC_CloseSession
1376 *
1377 */
1378 NSS_IMPLEMENT CK_RV
1379 NSSCKFWC_CloseSession
1380 (
1381 NSSCKFWInstance *fwInstance,
1382 CK_SESSION_HANDLE hSession
1383 )
1384 {
1385 CK_RV error = CKR_OK;
1386 NSSCKFWSession *fwSession;
1388 if (!fwInstance) {
1389 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1390 goto loser;
1391 }
1393 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1394 if (!fwSession) {
1395 error = CKR_SESSION_HANDLE_INVALID;
1396 goto loser;
1397 }
1399 nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
1400 error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
1402 if( CKR_OK != error ) {
1403 goto loser;
1404 }
1406 return CKR_OK;
1408 loser:
1409 switch( error ) {
1410 case CKR_SESSION_CLOSED:
1411 /* destroy session? */
1412 break;
1413 case CKR_DEVICE_REMOVED:
1414 /* (void)nssCKFWToken_Destroy(fwToken); */
1415 break;
1416 case CKR_CRYPTOKI_NOT_INITIALIZED:
1417 case CKR_DEVICE_ERROR:
1418 case CKR_DEVICE_MEMORY:
1419 case CKR_FUNCTION_FAILED:
1420 case CKR_GENERAL_ERROR:
1421 case CKR_HOST_MEMORY:
1422 case CKR_SESSION_HANDLE_INVALID:
1423 break;
1424 default:
1425 case CKR_OK:
1426 error = CKR_GENERAL_ERROR;
1427 break;
1428 }
1430 return error;
1431 }
1433 /*
1434 * NSSCKFWC_CloseAllSessions
1435 *
1436 */
1437 NSS_IMPLEMENT CK_RV
1438 NSSCKFWC_CloseAllSessions
1439 (
1440 NSSCKFWInstance *fwInstance,
1441 CK_SLOT_ID slotID
1442 )
1443 {
1444 CK_RV error = CKR_OK;
1445 CK_ULONG nSlots;
1446 NSSCKFWSlot **slots;
1447 NSSCKFWSlot *fwSlot;
1448 NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
1450 if (!fwInstance) {
1451 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1452 goto loser;
1453 }
1455 nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
1456 if( (CK_ULONG)0 == nSlots ) {
1457 goto loser;
1458 }
1460 if( (slotID < 1) || (slotID > nSlots) ) {
1461 error = CKR_SLOT_ID_INVALID;
1462 goto loser;
1463 }
1465 slots = nssCKFWInstance_GetSlots(fwInstance, &error);
1466 if( (NSSCKFWSlot **)NULL == slots ) {
1467 goto loser;
1468 }
1470 fwSlot = slots[ slotID-1 ];
1472 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
1473 error = CKR_TOKEN_NOT_PRESENT;
1474 goto loser;
1475 }
1477 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
1478 if (!fwToken) {
1479 goto loser;
1480 }
1482 error = nssCKFWToken_CloseAllSessions(fwToken);
1483 if( CKR_OK != error ) {
1484 goto loser;
1485 }
1487 return CKR_OK;
1489 loser:
1490 switch( error ) {
1491 case CKR_DEVICE_REMOVED:
1492 /* (void)nssCKFWToken_Destroy(fwToken); */
1493 break;
1494 case CKR_CRYPTOKI_NOT_INITIALIZED:
1495 case CKR_DEVICE_ERROR:
1496 case CKR_DEVICE_MEMORY:
1497 case CKR_FUNCTION_FAILED:
1498 case CKR_GENERAL_ERROR:
1499 case CKR_HOST_MEMORY:
1500 case CKR_SLOT_ID_INVALID:
1501 case CKR_TOKEN_NOT_PRESENT:
1502 break;
1503 default:
1504 case CKR_OK:
1505 error = CKR_GENERAL_ERROR;
1506 break;
1507 }
1509 return error;
1510 }
1512 /*
1513 * NSSCKFWC_GetSessionInfo
1514 *
1515 */
1516 NSS_IMPLEMENT CK_RV
1517 NSSCKFWC_GetSessionInfo
1518 (
1519 NSSCKFWInstance *fwInstance,
1520 CK_SESSION_HANDLE hSession,
1521 CK_SESSION_INFO_PTR pInfo
1522 )
1523 {
1524 CK_RV error = CKR_OK;
1525 NSSCKFWSession *fwSession;
1526 NSSCKFWSlot *fwSlot;
1528 if (!fwInstance) {
1529 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1530 goto loser;
1531 }
1533 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1534 if (!fwSession) {
1535 error = CKR_SESSION_HANDLE_INVALID;
1536 goto loser;
1537 }
1539 if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
1540 error = CKR_ARGUMENTS_BAD;
1541 goto loser;
1542 }
1544 /*
1545 * A purify error here indicates caller error.
1546 */
1547 (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
1549 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
1550 if (!fwSlot) {
1551 error = CKR_GENERAL_ERROR;
1552 goto loser;
1553 }
1555 pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
1556 pInfo->state = nssCKFWSession_GetSessionState(fwSession);
1558 if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
1559 pInfo->flags |= CKF_RW_SESSION;
1560 }
1562 pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
1564 pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
1566 return CKR_OK;
1568 loser:
1569 switch( error ) {
1570 case CKR_SESSION_CLOSED:
1571 /* destroy session? */
1572 break;
1573 case CKR_DEVICE_REMOVED:
1574 /* (void)nssCKFWToken_Destroy(fwToken); */
1575 break;
1576 case CKR_CRYPTOKI_NOT_INITIALIZED:
1577 case CKR_DEVICE_ERROR:
1578 case CKR_DEVICE_MEMORY:
1579 case CKR_FUNCTION_FAILED:
1580 case CKR_GENERAL_ERROR:
1581 case CKR_HOST_MEMORY:
1582 case CKR_SESSION_HANDLE_INVALID:
1583 break;
1584 default:
1585 case CKR_OK:
1586 error = CKR_GENERAL_ERROR;
1587 break;
1588 }
1590 return error;
1591 }
1593 /*
1594 * NSSCKFWC_GetOperationState
1595 *
1596 */
1597 NSS_IMPLEMENT CK_RV
1598 NSSCKFWC_GetOperationState
1599 (
1600 NSSCKFWInstance *fwInstance,
1601 CK_SESSION_HANDLE hSession,
1602 CK_BYTE_PTR pOperationState,
1603 CK_ULONG_PTR pulOperationStateLen
1604 )
1605 {
1606 CK_RV error = CKR_OK;
1607 NSSCKFWSession *fwSession;
1608 CK_ULONG len;
1609 NSSItem buf;
1611 if (!fwInstance) {
1612 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1613 goto loser;
1614 }
1616 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1617 if (!fwSession) {
1618 error = CKR_SESSION_HANDLE_INVALID;
1619 goto loser;
1620 }
1622 if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
1623 error = CKR_ARGUMENTS_BAD;
1624 goto loser;
1625 }
1627 len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
1628 if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
1629 goto loser;
1630 }
1632 if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
1633 *pulOperationStateLen = len;
1634 return CKR_OK;
1635 }
1637 if( *pulOperationStateLen < len ) {
1638 *pulOperationStateLen = len;
1639 error = CKR_BUFFER_TOO_SMALL;
1640 goto loser;
1641 }
1643 buf.size = (PRUint32)*pulOperationStateLen;
1644 buf.data = (void *)pOperationState;
1645 *pulOperationStateLen = len;
1646 error = nssCKFWSession_GetOperationState(fwSession, &buf);
1648 if( CKR_OK != error ) {
1649 goto loser;
1650 }
1652 return CKR_OK;
1654 loser:
1655 switch( error ) {
1656 case CKR_SESSION_CLOSED:
1657 /* destroy session? */
1658 break;
1659 case CKR_DEVICE_REMOVED:
1660 /* (void)nssCKFWToken_Destroy(fwToken); */
1661 break;
1662 case CKR_BUFFER_TOO_SMALL:
1663 case CKR_CRYPTOKI_NOT_INITIALIZED:
1664 case CKR_DEVICE_ERROR:
1665 case CKR_DEVICE_MEMORY:
1666 case CKR_FUNCTION_FAILED:
1667 case CKR_GENERAL_ERROR:
1668 case CKR_HOST_MEMORY:
1669 case CKR_OPERATION_NOT_INITIALIZED:
1670 case CKR_SESSION_HANDLE_INVALID:
1671 case CKR_STATE_UNSAVEABLE:
1672 break;
1673 default:
1674 case CKR_OK:
1675 error = CKR_GENERAL_ERROR;
1676 break;
1677 }
1679 return error;
1680 }
1682 /*
1683 * NSSCKFWC_SetOperationState
1684 *
1685 */
1686 NSS_IMPLEMENT CK_RV
1687 NSSCKFWC_SetOperationState
1688 (
1689 NSSCKFWInstance *fwInstance,
1690 CK_SESSION_HANDLE hSession,
1691 CK_BYTE_PTR pOperationState,
1692 CK_ULONG ulOperationStateLen,
1693 CK_OBJECT_HANDLE hEncryptionKey,
1694 CK_OBJECT_HANDLE hAuthenticationKey
1695 )
1696 {
1697 CK_RV error = CKR_OK;
1698 NSSCKFWSession *fwSession;
1699 NSSCKFWObject *eKey;
1700 NSSCKFWObject *aKey;
1701 NSSItem state;
1703 if (!fwInstance) {
1704 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1705 goto loser;
1706 }
1708 if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
1709 error = CKR_ARGUMENTS_BAD;
1710 goto loser;
1711 }
1713 /*
1714 * We could loop through the buffer, to catch any purify errors
1715 * in a place with a "user error" note.
1716 */
1718 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1719 if (!fwSession) {
1720 error = CKR_SESSION_HANDLE_INVALID;
1721 goto loser;
1722 }
1724 if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
1725 eKey = (NSSCKFWObject *)NULL;
1726 } else {
1727 eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
1728 if (!eKey) {
1729 error = CKR_KEY_HANDLE_INVALID;
1730 goto loser;
1731 }
1732 }
1734 if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
1735 aKey = (NSSCKFWObject *)NULL;
1736 } else {
1737 aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
1738 if (!aKey) {
1739 error = CKR_KEY_HANDLE_INVALID;
1740 goto loser;
1741 }
1742 }
1744 state.data = pOperationState;
1745 state.size = ulOperationStateLen;
1747 error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
1748 if( CKR_OK != error ) {
1749 goto loser;
1750 }
1752 return CKR_OK;
1754 loser:
1755 switch( error ) {
1756 case CKR_SESSION_CLOSED:
1757 /* destroy session? */
1758 break;
1759 case CKR_DEVICE_REMOVED:
1760 /* (void)nssCKFWToken_Destroy(fwToken); */
1761 break;
1762 case CKR_CRYPTOKI_NOT_INITIALIZED:
1763 case CKR_DEVICE_ERROR:
1764 case CKR_DEVICE_MEMORY:
1765 case CKR_FUNCTION_FAILED:
1766 case CKR_GENERAL_ERROR:
1767 case CKR_HOST_MEMORY:
1768 case CKR_KEY_CHANGED:
1769 case CKR_KEY_NEEDED:
1770 case CKR_KEY_NOT_NEEDED:
1771 case CKR_SAVED_STATE_INVALID:
1772 case CKR_SESSION_HANDLE_INVALID:
1773 break;
1774 default:
1775 case CKR_OK:
1776 error = CKR_GENERAL_ERROR;
1777 break;
1778 }
1780 return error;
1781 }
1783 /*
1784 * NSSCKFWC_Login
1785 *
1786 */
1787 NSS_IMPLEMENT CK_RV
1788 NSSCKFWC_Login
1789 (
1790 NSSCKFWInstance *fwInstance,
1791 CK_SESSION_HANDLE hSession,
1792 CK_USER_TYPE userType,
1793 CK_CHAR_PTR pPin,
1794 CK_ULONG ulPinLen
1795 )
1796 {
1797 CK_RV error = CKR_OK;
1798 NSSCKFWSession *fwSession;
1799 NSSItem pin, *arg;
1801 if (!fwInstance) {
1802 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1803 goto loser;
1804 }
1806 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1807 if (!fwSession) {
1808 error = CKR_SESSION_HANDLE_INVALID;
1809 goto loser;
1810 }
1812 if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
1813 arg = (NSSItem *)NULL;
1814 } else {
1815 arg = &pin;
1816 pin.size = (PRUint32)ulPinLen;
1817 pin.data = (void *)pPin;
1818 }
1820 error = nssCKFWSession_Login(fwSession, userType, arg);
1821 if( CKR_OK != error ) {
1822 goto loser;
1823 }
1825 return CKR_OK;
1827 loser:
1828 switch( error ) {
1829 case CKR_SESSION_CLOSED:
1830 /* destroy session? */
1831 break;
1832 case CKR_DEVICE_REMOVED:
1833 /* (void)nssCKFWToken_Destroy(fwToken); */
1834 break;
1835 case CKR_CRYPTOKI_NOT_INITIALIZED:
1836 case CKR_DEVICE_ERROR:
1837 case CKR_DEVICE_MEMORY:
1838 case CKR_FUNCTION_FAILED:
1839 case CKR_GENERAL_ERROR:
1840 case CKR_HOST_MEMORY:
1841 case CKR_PIN_EXPIRED:
1842 case CKR_PIN_INCORRECT:
1843 case CKR_PIN_LOCKED:
1844 case CKR_SESSION_HANDLE_INVALID:
1845 case CKR_SESSION_READ_ONLY_EXISTS:
1846 case CKR_USER_ALREADY_LOGGED_IN:
1847 case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
1848 case CKR_USER_PIN_NOT_INITIALIZED:
1849 case CKR_USER_TOO_MANY_TYPES:
1850 case CKR_USER_TYPE_INVALID:
1851 break;
1852 default:
1853 case CKR_OK:
1854 error = CKR_GENERAL_ERROR;
1855 break;
1856 }
1858 return error;
1859 }
1861 /*
1862 * NSSCKFWC_Logout
1863 *
1864 */
1865 NSS_IMPLEMENT CK_RV
1866 NSSCKFWC_Logout
1867 (
1868 NSSCKFWInstance *fwInstance,
1869 CK_SESSION_HANDLE hSession
1870 )
1871 {
1872 CK_RV error = CKR_OK;
1873 NSSCKFWSession *fwSession;
1875 if (!fwInstance) {
1876 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1877 goto loser;
1878 }
1880 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1881 if (!fwSession) {
1882 error = CKR_SESSION_HANDLE_INVALID;
1883 goto loser;
1884 }
1886 error = nssCKFWSession_Logout(fwSession);
1887 if( CKR_OK != error ) {
1888 goto loser;
1889 }
1891 return CKR_OK;
1893 loser:
1894 switch( error ) {
1895 case CKR_SESSION_CLOSED:
1896 /* destroy session? */
1897 break;
1898 case CKR_DEVICE_REMOVED:
1899 /* (void)nssCKFWToken_Destroy(fwToken); */
1900 break;
1901 case CKR_CRYPTOKI_NOT_INITIALIZED:
1902 case CKR_DEVICE_ERROR:
1903 case CKR_DEVICE_MEMORY:
1904 case CKR_FUNCTION_FAILED:
1905 case CKR_GENERAL_ERROR:
1906 case CKR_HOST_MEMORY:
1907 case CKR_SESSION_HANDLE_INVALID:
1908 case CKR_USER_NOT_LOGGED_IN:
1909 break;
1910 default:
1911 case CKR_OK:
1912 error = CKR_GENERAL_ERROR;
1913 break;
1914 }
1916 return error;
1917 }
1919 /*
1920 * NSSCKFWC_CreateObject
1921 *
1922 */
1923 NSS_IMPLEMENT CK_RV
1924 NSSCKFWC_CreateObject
1925 (
1926 NSSCKFWInstance *fwInstance,
1927 CK_SESSION_HANDLE hSession,
1928 CK_ATTRIBUTE_PTR pTemplate,
1929 CK_ULONG ulCount,
1930 CK_OBJECT_HANDLE_PTR phObject
1931 )
1932 {
1933 CK_RV error = CKR_OK;
1934 NSSCKFWSession *fwSession;
1935 NSSCKFWObject *fwObject;
1937 if (!fwInstance) {
1938 error = CKR_CRYPTOKI_NOT_INITIALIZED;
1939 goto loser;
1940 }
1942 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
1943 if (!fwSession) {
1944 error = CKR_SESSION_HANDLE_INVALID;
1945 goto loser;
1946 }
1948 if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
1949 error = CKR_ARGUMENTS_BAD;
1950 goto loser;
1951 }
1953 /*
1954 * A purify error here indicates caller error.
1955 */
1956 *phObject = (CK_OBJECT_HANDLE)0;
1958 fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
1959 ulCount, &error);
1960 if (!fwObject) {
1961 goto loser;
1962 }
1964 *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
1965 if( (CK_OBJECT_HANDLE)0 == *phObject ) {
1966 nssCKFWObject_Destroy(fwObject);
1967 goto loser;
1968 }
1970 return CKR_OK;
1972 loser:
1973 switch( error ) {
1974 case CKR_SESSION_CLOSED:
1975 /* destroy session? */
1976 break;
1977 case CKR_DEVICE_REMOVED:
1978 /* (void)nssCKFWToken_Destroy(fwToken); */
1979 break;
1980 case CKR_ATTRIBUTE_READ_ONLY:
1981 case CKR_ATTRIBUTE_TYPE_INVALID:
1982 case CKR_ATTRIBUTE_VALUE_INVALID:
1983 case CKR_CRYPTOKI_NOT_INITIALIZED:
1984 case CKR_DEVICE_ERROR:
1985 case CKR_DEVICE_MEMORY:
1986 case CKR_FUNCTION_FAILED:
1987 case CKR_GENERAL_ERROR:
1988 case CKR_HOST_MEMORY:
1989 case CKR_SESSION_HANDLE_INVALID:
1990 case CKR_SESSION_READ_ONLY:
1991 case CKR_TEMPLATE_INCOMPLETE:
1992 case CKR_TEMPLATE_INCONSISTENT:
1993 case CKR_TOKEN_WRITE_PROTECTED:
1994 case CKR_USER_NOT_LOGGED_IN:
1995 break;
1996 default:
1997 case CKR_OK:
1998 error = CKR_GENERAL_ERROR;
1999 break;
2000 }
2002 return error;
2003 }
2005 /*
2006 * NSSCKFWC_CopyObject
2007 *
2008 */
2009 NSS_IMPLEMENT CK_RV
2010 NSSCKFWC_CopyObject
2011 (
2012 NSSCKFWInstance *fwInstance,
2013 CK_SESSION_HANDLE hSession,
2014 CK_OBJECT_HANDLE hObject,
2015 CK_ATTRIBUTE_PTR pTemplate,
2016 CK_ULONG ulCount,
2017 CK_OBJECT_HANDLE_PTR phNewObject
2018 )
2019 {
2020 CK_RV error = CKR_OK;
2021 NSSCKFWSession *fwSession;
2022 NSSCKFWObject *fwObject;
2023 NSSCKFWObject *fwNewObject;
2025 if (!fwInstance) {
2026 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2027 goto loser;
2028 }
2030 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2031 if (!fwSession) {
2032 error = CKR_SESSION_HANDLE_INVALID;
2033 goto loser;
2034 }
2036 if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
2037 error = CKR_ARGUMENTS_BAD;
2038 goto loser;
2039 }
2041 /*
2042 * A purify error here indicates caller error.
2043 */
2044 *phNewObject = (CK_OBJECT_HANDLE)0;
2046 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
2047 if (!fwObject) {
2048 error = CKR_OBJECT_HANDLE_INVALID;
2049 goto loser;
2050 }
2052 fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
2053 pTemplate, ulCount, &error);
2054 if (!fwNewObject) {
2055 goto loser;
2056 }
2058 *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
2059 fwNewObject, &error);
2060 if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
2061 nssCKFWObject_Destroy(fwNewObject);
2062 goto loser;
2063 }
2065 return CKR_OK;
2067 loser:
2068 switch( error ) {
2069 case CKR_SESSION_CLOSED:
2070 /* destroy session? */
2071 break;
2072 case CKR_DEVICE_REMOVED:
2073 /* (void)nssCKFWToken_Destroy(fwToken); */
2074 break;
2075 case CKR_ATTRIBUTE_READ_ONLY:
2076 case CKR_ATTRIBUTE_TYPE_INVALID:
2077 case CKR_ATTRIBUTE_VALUE_INVALID:
2078 case CKR_CRYPTOKI_NOT_INITIALIZED:
2079 case CKR_DEVICE_ERROR:
2080 case CKR_DEVICE_MEMORY:
2081 case CKR_FUNCTION_FAILED:
2082 case CKR_GENERAL_ERROR:
2083 case CKR_HOST_MEMORY:
2084 case CKR_OBJECT_HANDLE_INVALID:
2085 case CKR_SESSION_HANDLE_INVALID:
2086 case CKR_SESSION_READ_ONLY:
2087 case CKR_TEMPLATE_INCONSISTENT:
2088 case CKR_TOKEN_WRITE_PROTECTED:
2089 case CKR_USER_NOT_LOGGED_IN:
2090 break;
2091 default:
2092 case CKR_OK:
2093 error = CKR_GENERAL_ERROR;
2094 break;
2095 }
2097 return error;
2098 }
2100 /*
2101 * NSSCKFWC_DestroyObject
2102 *
2103 */
2104 NSS_IMPLEMENT CK_RV
2105 NSSCKFWC_DestroyObject
2106 (
2107 NSSCKFWInstance *fwInstance,
2108 CK_SESSION_HANDLE hSession,
2109 CK_OBJECT_HANDLE hObject
2110 )
2111 {
2112 CK_RV error = CKR_OK;
2113 NSSCKFWSession *fwSession;
2114 NSSCKFWObject *fwObject;
2116 if (!fwInstance) {
2117 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2118 goto loser;
2119 }
2121 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2122 if (!fwSession) {
2123 error = CKR_SESSION_HANDLE_INVALID;
2124 goto loser;
2125 }
2127 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
2128 if (!fwObject) {
2129 error = CKR_OBJECT_HANDLE_INVALID;
2130 goto loser;
2131 }
2133 nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
2134 nssCKFWObject_Destroy(fwObject);
2136 return CKR_OK;
2138 loser:
2139 switch( error ) {
2140 case CKR_SESSION_CLOSED:
2141 /* destroy session? */
2142 break;
2143 case CKR_DEVICE_REMOVED:
2144 /* (void)nssCKFWToken_Destroy(fwToken); */
2145 break;
2146 case CKR_CRYPTOKI_NOT_INITIALIZED:
2147 case CKR_DEVICE_ERROR:
2148 case CKR_DEVICE_MEMORY:
2149 case CKR_FUNCTION_FAILED:
2150 case CKR_GENERAL_ERROR:
2151 case CKR_HOST_MEMORY:
2152 case CKR_OBJECT_HANDLE_INVALID:
2153 case CKR_SESSION_HANDLE_INVALID:
2154 case CKR_SESSION_READ_ONLY:
2155 case CKR_TOKEN_WRITE_PROTECTED:
2156 break;
2157 default:
2158 case CKR_OK:
2159 error = CKR_GENERAL_ERROR;
2160 break;
2161 }
2163 return error;
2164 }
2166 /*
2167 * NSSCKFWC_GetObjectSize
2168 *
2169 */
2170 NSS_IMPLEMENT CK_RV
2171 NSSCKFWC_GetObjectSize
2172 (
2173 NSSCKFWInstance *fwInstance,
2174 CK_SESSION_HANDLE hSession,
2175 CK_OBJECT_HANDLE hObject,
2176 CK_ULONG_PTR pulSize
2177 )
2178 {
2179 CK_RV error = CKR_OK;
2180 NSSCKFWSession *fwSession;
2181 NSSCKFWObject *fwObject;
2183 if (!fwInstance) {
2184 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2185 goto loser;
2186 }
2188 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2189 if (!fwSession) {
2190 error = CKR_SESSION_HANDLE_INVALID;
2191 goto loser;
2192 }
2194 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
2195 if (!fwObject) {
2196 error = CKR_OBJECT_HANDLE_INVALID;
2197 goto loser;
2198 }
2200 if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
2201 error = CKR_ARGUMENTS_BAD;
2202 goto loser;
2203 }
2205 /*
2206 * A purify error here indicates caller error.
2207 */
2208 *pulSize = (CK_ULONG)0;
2210 *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
2211 if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
2212 goto loser;
2213 }
2215 return CKR_OK;
2217 loser:
2218 switch( error ) {
2219 case CKR_SESSION_CLOSED:
2220 /* destroy session? */
2221 break;
2222 case CKR_DEVICE_REMOVED:
2223 /* (void)nssCKFWToken_Destroy(fwToken); */
2224 break;
2225 case CKR_CRYPTOKI_NOT_INITIALIZED:
2226 case CKR_DEVICE_ERROR:
2227 case CKR_DEVICE_MEMORY:
2228 case CKR_FUNCTION_FAILED:
2229 case CKR_GENERAL_ERROR:
2230 case CKR_HOST_MEMORY:
2231 case CKR_INFORMATION_SENSITIVE:
2232 case CKR_OBJECT_HANDLE_INVALID:
2233 case CKR_SESSION_HANDLE_INVALID:
2234 break;
2235 default:
2236 case CKR_OK:
2237 error = CKR_GENERAL_ERROR;
2238 break;
2239 }
2241 return error;
2242 }
2244 /*
2245 * NSSCKFWC_GetAttributeValue
2246 *
2247 */
2248 NSS_IMPLEMENT CK_RV
2249 NSSCKFWC_GetAttributeValue
2250 (
2251 NSSCKFWInstance *fwInstance,
2252 CK_SESSION_HANDLE hSession,
2253 CK_OBJECT_HANDLE hObject,
2254 CK_ATTRIBUTE_PTR pTemplate,
2255 CK_ULONG ulCount
2256 )
2257 {
2258 CK_RV error = CKR_OK;
2259 NSSCKFWSession *fwSession;
2260 NSSCKFWObject *fwObject;
2261 CK_BBOOL sensitive = CK_FALSE;
2262 CK_BBOOL invalid = CK_FALSE;
2263 CK_BBOOL tooSmall = CK_FALSE;
2264 CK_ULONG i;
2266 if (!fwInstance) {
2267 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2268 goto loser;
2269 }
2271 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2272 if (!fwSession) {
2273 error = CKR_SESSION_HANDLE_INVALID;
2274 goto loser;
2275 }
2277 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
2278 if (!fwObject) {
2279 error = CKR_OBJECT_HANDLE_INVALID;
2280 goto loser;
2281 }
2283 if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
2284 error = CKR_ARGUMENTS_BAD;
2285 goto loser;
2286 }
2288 for( i = 0; i < ulCount; i++ ) {
2289 CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
2290 pTemplate[i].type, &error);
2291 if( (CK_ULONG)0 == size ) {
2292 switch( error ) {
2293 case CKR_ATTRIBUTE_SENSITIVE:
2294 case CKR_INFORMATION_SENSITIVE:
2295 sensitive = CK_TRUE;
2296 pTemplate[i].ulValueLen = (CK_ULONG)(-1);
2297 continue;
2298 case CKR_ATTRIBUTE_TYPE_INVALID:
2299 invalid = CK_TRUE;
2300 pTemplate[i].ulValueLen = (CK_ULONG)(-1);
2301 continue;
2302 case CKR_OK:
2303 break;
2304 default:
2305 goto loser;
2306 }
2307 }
2309 if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) {
2310 pTemplate[i].ulValueLen = size;
2311 } else {
2312 NSSItem it, *p;
2314 if( pTemplate[i].ulValueLen < size ) {
2315 tooSmall = CK_TRUE;
2316 continue;
2317 }
2319 it.size = (PRUint32)pTemplate[i].ulValueLen;
2320 it.data = (void *)pTemplate[i].pValue;
2321 p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
2322 (NSSArena *)NULL, &error);
2323 if (!p) {
2324 switch( error ) {
2325 case CKR_ATTRIBUTE_SENSITIVE:
2326 case CKR_INFORMATION_SENSITIVE:
2327 sensitive = CK_TRUE;
2328 pTemplate[i].ulValueLen = (CK_ULONG)(-1);
2329 continue;
2330 case CKR_ATTRIBUTE_TYPE_INVALID:
2331 invalid = CK_TRUE;
2332 pTemplate[i].ulValueLen = (CK_ULONG)(-1);
2333 continue;
2334 default:
2335 goto loser;
2336 }
2337 }
2339 pTemplate[i].ulValueLen = size;
2340 }
2341 }
2343 if( sensitive ) {
2344 error = CKR_ATTRIBUTE_SENSITIVE;
2345 goto loser;
2346 } else if( invalid ) {
2347 error = CKR_ATTRIBUTE_TYPE_INVALID;
2348 goto loser;
2349 } else if( tooSmall ) {
2350 error = CKR_BUFFER_TOO_SMALL;
2351 goto loser;
2352 }
2354 return CKR_OK;
2356 loser:
2357 switch( error ) {
2358 case CKR_SESSION_CLOSED:
2359 /* destroy session? */
2360 break;
2361 case CKR_DEVICE_REMOVED:
2362 /* (void)nssCKFWToken_Destroy(fwToken); */
2363 break;
2364 case CKR_ATTRIBUTE_SENSITIVE:
2365 case CKR_ATTRIBUTE_TYPE_INVALID:
2366 case CKR_BUFFER_TOO_SMALL:
2367 case CKR_CRYPTOKI_NOT_INITIALIZED:
2368 case CKR_DEVICE_ERROR:
2369 case CKR_DEVICE_MEMORY:
2370 case CKR_FUNCTION_FAILED:
2371 case CKR_GENERAL_ERROR:
2372 case CKR_HOST_MEMORY:
2373 case CKR_OBJECT_HANDLE_INVALID:
2374 case CKR_SESSION_HANDLE_INVALID:
2375 break;
2376 default:
2377 case CKR_OK:
2378 error = CKR_GENERAL_ERROR;
2379 break;
2380 }
2382 return error;
2383 }
2385 /*
2386 * NSSCKFWC_SetAttributeValue
2387 *
2388 */
2389 NSS_IMPLEMENT CK_RV
2390 NSSCKFWC_SetAttributeValue
2391 (
2392 NSSCKFWInstance *fwInstance,
2393 CK_SESSION_HANDLE hSession,
2394 CK_OBJECT_HANDLE hObject,
2395 CK_ATTRIBUTE_PTR pTemplate,
2396 CK_ULONG ulCount
2397 )
2398 {
2399 CK_RV error = CKR_OK;
2400 NSSCKFWSession *fwSession;
2401 NSSCKFWObject *fwObject;
2402 CK_ULONG i;
2404 if (!fwInstance) {
2405 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2406 goto loser;
2407 }
2409 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2410 if (!fwSession) {
2411 error = CKR_SESSION_HANDLE_INVALID;
2412 goto loser;
2413 }
2415 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
2416 if (!fwObject) {
2417 error = CKR_OBJECT_HANDLE_INVALID;
2418 goto loser;
2419 }
2421 if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
2422 error = CKR_ARGUMENTS_BAD;
2423 goto loser;
2424 }
2426 for (i=0; i < ulCount; i++) {
2427 NSSItem value;
2429 value.data = pTemplate[i].pValue;
2430 value.size = pTemplate[i].ulValueLen;
2432 error = nssCKFWObject_SetAttribute(fwObject, fwSession,
2433 pTemplate[i].type, &value);
2435 if( CKR_OK != error ) {
2436 goto loser;
2437 }
2438 }
2440 return CKR_OK;
2442 loser:
2443 switch( error ) {
2444 case CKR_SESSION_CLOSED:
2445 /* destroy session? */
2446 break;
2447 case CKR_DEVICE_REMOVED:
2448 /* (void)nssCKFWToken_Destroy(fwToken); */
2449 break;
2450 case CKR_ATTRIBUTE_READ_ONLY:
2451 case CKR_ATTRIBUTE_TYPE_INVALID:
2452 case CKR_ATTRIBUTE_VALUE_INVALID:
2453 case CKR_CRYPTOKI_NOT_INITIALIZED:
2454 case CKR_DEVICE_ERROR:
2455 case CKR_DEVICE_MEMORY:
2456 case CKR_FUNCTION_FAILED:
2457 case CKR_GENERAL_ERROR:
2458 case CKR_HOST_MEMORY:
2459 case CKR_OBJECT_HANDLE_INVALID:
2460 case CKR_SESSION_HANDLE_INVALID:
2461 case CKR_SESSION_READ_ONLY:
2462 case CKR_TEMPLATE_INCONSISTENT:
2463 case CKR_TOKEN_WRITE_PROTECTED:
2464 break;
2465 default:
2466 case CKR_OK:
2467 error = CKR_GENERAL_ERROR;
2468 break;
2469 }
2471 return error;
2472 }
2474 /*
2475 * NSSCKFWC_FindObjectsInit
2476 *
2477 */
2478 NSS_IMPLEMENT CK_RV
2479 NSSCKFWC_FindObjectsInit
2480 (
2481 NSSCKFWInstance *fwInstance,
2482 CK_SESSION_HANDLE hSession,
2483 CK_ATTRIBUTE_PTR pTemplate,
2484 CK_ULONG ulCount
2485 )
2486 {
2487 CK_RV error = CKR_OK;
2488 NSSCKFWSession *fwSession;
2489 NSSCKFWFindObjects *fwFindObjects;
2491 if (!fwInstance) {
2492 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2493 goto loser;
2494 }
2496 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2497 if (!fwSession) {
2498 error = CKR_SESSION_HANDLE_INVALID;
2499 goto loser;
2500 }
2502 if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) {
2503 error = CKR_ARGUMENTS_BAD;
2504 goto loser;
2505 }
2507 fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
2508 if (fwFindObjects) {
2509 error = CKR_OPERATION_ACTIVE;
2510 goto loser;
2511 }
2513 if( CKR_OPERATION_NOT_INITIALIZED != error ) {
2514 goto loser;
2515 }
2517 fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
2518 pTemplate, ulCount, &error);
2519 if (!fwFindObjects) {
2520 goto loser;
2521 }
2523 error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
2525 if( CKR_OK != error ) {
2526 nssCKFWFindObjects_Destroy(fwFindObjects);
2527 goto loser;
2528 }
2530 return CKR_OK;
2532 loser:
2533 switch( error ) {
2534 case CKR_SESSION_CLOSED:
2535 /* destroy session? */
2536 break;
2537 case CKR_DEVICE_REMOVED:
2538 /* (void)nssCKFWToken_Destroy(fwToken); */
2539 break;
2540 case CKR_ATTRIBUTE_TYPE_INVALID:
2541 case CKR_ATTRIBUTE_VALUE_INVALID:
2542 case CKR_CRYPTOKI_NOT_INITIALIZED:
2543 case CKR_DEVICE_ERROR:
2544 case CKR_DEVICE_MEMORY:
2545 case CKR_FUNCTION_FAILED:
2546 case CKR_GENERAL_ERROR:
2547 case CKR_HOST_MEMORY:
2548 case CKR_OPERATION_ACTIVE:
2549 case CKR_SESSION_HANDLE_INVALID:
2550 break;
2551 default:
2552 case CKR_OK:
2553 error = CKR_GENERAL_ERROR;
2554 break;
2555 }
2557 return error;
2558 }
2560 /*
2561 * NSSCKFWC_FindObjects
2562 *
2563 */
2564 NSS_IMPLEMENT CK_RV
2565 NSSCKFWC_FindObjects
2566 (
2567 NSSCKFWInstance *fwInstance,
2568 CK_SESSION_HANDLE hSession,
2569 CK_OBJECT_HANDLE_PTR phObject,
2570 CK_ULONG ulMaxObjectCount,
2571 CK_ULONG_PTR pulObjectCount
2572 )
2573 {
2574 CK_RV error = CKR_OK;
2575 NSSCKFWSession *fwSession;
2576 NSSCKFWFindObjects *fwFindObjects;
2577 CK_ULONG i;
2579 if (!fwInstance) {
2580 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2581 goto loser;
2582 }
2584 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2585 if (!fwSession) {
2586 error = CKR_SESSION_HANDLE_INVALID;
2587 goto loser;
2588 }
2590 if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
2591 error = CKR_ARGUMENTS_BAD;
2592 goto loser;
2593 }
2595 /*
2596 * A purify error here indicates caller error.
2597 */
2598 (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount);
2599 *pulObjectCount = (CK_ULONG)0;
2601 fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
2602 if (!fwFindObjects) {
2603 goto loser;
2604 }
2606 for( i = 0; i < ulMaxObjectCount; i++ ) {
2607 NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects,
2608 NULL, &error);
2609 if (!fwObject) {
2610 break;
2611 }
2613 phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject);
2614 if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
2615 phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
2616 }
2617 if( (CK_OBJECT_HANDLE)0 == phObject[i] ) {
2618 /* This isn't right either, is it? */
2619 nssCKFWObject_Destroy(fwObject);
2620 goto loser;
2621 }
2622 }
2624 *pulObjectCount = i;
2626 return CKR_OK;
2628 loser:
2629 switch( error ) {
2630 case CKR_SESSION_CLOSED:
2631 /* destroy session? */
2632 break;
2633 case CKR_DEVICE_REMOVED:
2634 /* (void)nssCKFWToken_Destroy(fwToken); */
2635 break;
2636 case CKR_CRYPTOKI_NOT_INITIALIZED:
2637 case CKR_DEVICE_ERROR:
2638 case CKR_DEVICE_MEMORY:
2639 case CKR_FUNCTION_FAILED:
2640 case CKR_GENERAL_ERROR:
2641 case CKR_HOST_MEMORY:
2642 case CKR_OPERATION_NOT_INITIALIZED:
2643 case CKR_SESSION_HANDLE_INVALID:
2644 break;
2645 default:
2646 case CKR_OK:
2647 error = CKR_GENERAL_ERROR;
2648 break;
2649 }
2651 return error;
2652 }
2654 /*
2655 * NSSCKFWC_FindObjectsFinal
2656 *
2657 */
2658 NSS_IMPLEMENT CK_RV
2659 NSSCKFWC_FindObjectsFinal
2660 (
2661 NSSCKFWInstance *fwInstance,
2662 CK_SESSION_HANDLE hSession
2663 )
2664 {
2665 CK_RV error = CKR_OK;
2666 NSSCKFWSession *fwSession;
2667 NSSCKFWFindObjects *fwFindObjects;
2669 if (!fwInstance) {
2670 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2671 goto loser;
2672 }
2674 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2675 if (!fwSession) {
2676 error = CKR_SESSION_HANDLE_INVALID;
2677 goto loser;
2678 }
2680 fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
2681 if (!fwFindObjects) {
2682 error = CKR_OPERATION_NOT_INITIALIZED;
2683 goto loser;
2684 }
2686 nssCKFWFindObjects_Destroy(fwFindObjects);
2687 error = nssCKFWSession_SetFWFindObjects(fwSession,
2688 (NSSCKFWFindObjects *)NULL);
2690 if( CKR_OK != error ) {
2691 goto loser;
2692 }
2694 return CKR_OK;
2696 loser:
2697 switch( error ) {
2698 case CKR_SESSION_CLOSED:
2699 /* destroy session? */
2700 break;
2701 case CKR_DEVICE_REMOVED:
2702 /* (void)nssCKFWToken_Destroy(fwToken); */
2703 break;
2704 case CKR_CRYPTOKI_NOT_INITIALIZED:
2705 case CKR_DEVICE_ERROR:
2706 case CKR_DEVICE_MEMORY:
2707 case CKR_FUNCTION_FAILED:
2708 case CKR_GENERAL_ERROR:
2709 case CKR_HOST_MEMORY:
2710 case CKR_OPERATION_NOT_INITIALIZED:
2711 case CKR_SESSION_HANDLE_INVALID:
2712 break;
2713 default:
2714 case CKR_OK:
2715 error = CKR_GENERAL_ERROR;
2716 break;
2717 }
2719 return error;
2720 }
2722 /*
2723 * NSSCKFWC_EncryptInit
2724 *
2725 */
2726 NSS_IMPLEMENT CK_RV
2727 NSSCKFWC_EncryptInit
2728 (
2729 NSSCKFWInstance *fwInstance,
2730 CK_SESSION_HANDLE hSession,
2731 CK_MECHANISM_PTR pMechanism,
2732 CK_OBJECT_HANDLE hKey
2733 )
2734 {
2735 CK_RV error = CKR_OK;
2736 NSSCKFWSession *fwSession;
2737 NSSCKFWObject *fwObject;
2738 NSSCKFWSlot *fwSlot;
2739 NSSCKFWToken *fwToken;
2740 NSSCKFWMechanism *fwMechanism;
2742 if (!fwInstance) {
2743 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2744 goto loser;
2745 }
2747 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2748 if (!fwSession) {
2749 error = CKR_SESSION_HANDLE_INVALID;
2750 goto loser;
2751 }
2753 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
2754 if (!fwObject) {
2755 error = CKR_KEY_HANDLE_INVALID;
2756 goto loser;
2757 }
2759 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
2760 if (!fwSlot) {
2761 error = CKR_GENERAL_ERROR; /* should never happen! */
2762 goto loser;
2763 }
2765 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
2766 error = CKR_TOKEN_NOT_PRESENT;
2767 goto loser;
2768 }
2770 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
2771 if (!fwToken) {
2772 goto loser;
2773 }
2775 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
2776 if (!fwMechanism) {
2777 goto loser;
2778 }
2780 error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism,
2781 fwSession, fwObject);
2783 nssCKFWMechanism_Destroy(fwMechanism);
2785 if (CKR_OK == error) {
2786 return CKR_OK;
2787 }
2789 loser:
2790 /* verify error */
2791 switch( error ) {
2792 case CKR_CRYPTOKI_NOT_INITIALIZED:
2793 case CKR_DEVICE_ERROR:
2794 case CKR_DEVICE_MEMORY:
2795 case CKR_DEVICE_REMOVED:
2796 case CKR_FUNCTION_CANCELED:
2797 case CKR_FUNCTION_FAILED:
2798 case CKR_GENERAL_ERROR:
2799 case CKR_HOST_MEMORY:
2800 case CKR_KEY_FUNCTION_NOT_PERMITTED:
2801 case CKR_KEY_HANDLE_INVALID:
2802 case CKR_KEY_SIZE_RANGE:
2803 case CKR_KEY_TYPE_INCONSISTENT:
2804 case CKR_MECHANISM_INVALID:
2805 case CKR_MECHANISM_PARAM_INVALID:
2806 case CKR_OPERATION_ACTIVE:
2807 case CKR_PIN_EXPIRED:
2808 case CKR_SESSION_CLOSED:
2809 case CKR_SESSION_HANDLE_INVALID:
2810 case CKR_USER_NOT_LOGGED_IN:
2811 break;
2812 default:
2813 case CKR_OK:
2814 error = CKR_GENERAL_ERROR;
2815 break;
2816 }
2817 return error;
2818 }
2820 /*
2821 * NSSCKFWC_Encrypt
2822 *
2823 */
2824 NSS_IMPLEMENT CK_RV
2825 NSSCKFWC_Encrypt
2826 (
2827 NSSCKFWInstance *fwInstance,
2828 CK_SESSION_HANDLE hSession,
2829 CK_BYTE_PTR pData,
2830 CK_ULONG ulDataLen,
2831 CK_BYTE_PTR pEncryptedData,
2832 CK_ULONG_PTR pulEncryptedDataLen
2833 )
2834 {
2835 CK_RV error = CKR_OK;
2836 NSSCKFWSession *fwSession;
2838 if (!fwInstance) {
2839 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2840 goto loser;
2841 }
2843 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2844 if (!fwSession) {
2845 error = CKR_SESSION_HANDLE_INVALID;
2846 goto loser;
2847 }
2849 error = nssCKFWSession_UpdateFinal(fwSession,
2850 NSSCKFWCryptoOperationType_Encrypt,
2851 NSSCKFWCryptoOperationState_EncryptDecrypt,
2852 pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
2854 if (CKR_OK == error) {
2855 return CKR_OK;
2856 }
2858 loser:
2859 /* verify error */
2860 switch( error ) {
2861 case CKR_ARGUMENTS_BAD:
2862 case CKR_BUFFER_TOO_SMALL:
2863 case CKR_CRYPTOKI_NOT_INITIALIZED:
2864 case CKR_DATA_INVALID:
2865 case CKR_DATA_LEN_RANGE:
2866 case CKR_DEVICE_ERROR:
2867 case CKR_DEVICE_MEMORY:
2868 case CKR_DEVICE_REMOVED:
2869 case CKR_FUNCTION_CANCELED:
2870 case CKR_FUNCTION_FAILED:
2871 case CKR_GENERAL_ERROR:
2872 case CKR_HOST_MEMORY:
2873 case CKR_OPERATION_NOT_INITIALIZED:
2874 case CKR_SESSION_HANDLE_INVALID:
2875 case CKR_SESSION_CLOSED:
2876 break;
2877 default:
2878 case CKR_OK:
2879 error = CKR_GENERAL_ERROR;
2880 break;
2881 }
2882 return error;
2883 }
2885 /*
2886 * NSSCKFWC_EncryptUpdate
2887 *
2888 */
2889 NSS_IMPLEMENT CK_RV
2890 NSSCKFWC_EncryptUpdate
2891 (
2892 NSSCKFWInstance *fwInstance,
2893 CK_SESSION_HANDLE hSession,
2894 CK_BYTE_PTR pPart,
2895 CK_ULONG ulPartLen,
2896 CK_BYTE_PTR pEncryptedPart,
2897 CK_ULONG_PTR pulEncryptedPartLen
2898 )
2899 {
2900 CK_RV error = CKR_OK;
2901 NSSCKFWSession *fwSession;
2903 if (!fwInstance) {
2904 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2905 goto loser;
2906 }
2908 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2909 if (!fwSession) {
2910 error = CKR_SESSION_HANDLE_INVALID;
2911 goto loser;
2912 }
2914 error = nssCKFWSession_Update(fwSession,
2915 NSSCKFWCryptoOperationType_Encrypt,
2916 NSSCKFWCryptoOperationState_EncryptDecrypt,
2917 pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
2919 if (CKR_OK == error) {
2920 return CKR_OK;
2921 }
2923 loser:
2924 /* verify error */
2925 switch( error ) {
2926 case CKR_ARGUMENTS_BAD:
2927 case CKR_BUFFER_TOO_SMALL:
2928 case CKR_CRYPTOKI_NOT_INITIALIZED:
2929 case CKR_DATA_LEN_RANGE:
2930 case CKR_DEVICE_ERROR:
2931 case CKR_DEVICE_MEMORY:
2932 case CKR_DEVICE_REMOVED:
2933 case CKR_FUNCTION_CANCELED:
2934 case CKR_FUNCTION_FAILED:
2935 case CKR_GENERAL_ERROR:
2936 case CKR_HOST_MEMORY:
2937 case CKR_OPERATION_NOT_INITIALIZED:
2938 case CKR_SESSION_CLOSED:
2939 case CKR_SESSION_HANDLE_INVALID:
2940 break;
2941 default:
2942 case CKR_OK:
2943 error = CKR_GENERAL_ERROR;
2944 break;
2945 }
2946 return error;
2947 }
2949 /*
2950 * NSSCKFWC_EncryptFinal
2951 *
2952 */
2953 NSS_IMPLEMENT CK_RV
2954 NSSCKFWC_EncryptFinal
2955 (
2956 NSSCKFWInstance *fwInstance,
2957 CK_SESSION_HANDLE hSession,
2958 CK_BYTE_PTR pLastEncryptedPart,
2959 CK_ULONG_PTR pulLastEncryptedPartLen
2960 )
2961 {
2962 CK_RV error = CKR_OK;
2963 NSSCKFWSession *fwSession;
2965 if (!fwInstance) {
2966 error = CKR_CRYPTOKI_NOT_INITIALIZED;
2967 goto loser;
2968 }
2970 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
2971 if (!fwSession) {
2972 error = CKR_SESSION_HANDLE_INVALID;
2973 goto loser;
2974 }
2976 error = nssCKFWSession_Final(fwSession,
2977 NSSCKFWCryptoOperationType_Encrypt,
2978 NSSCKFWCryptoOperationState_EncryptDecrypt,
2979 pLastEncryptedPart, pulLastEncryptedPartLen);
2981 if (CKR_OK == error) {
2982 return CKR_OK;
2983 }
2985 loser:
2986 /* verify error */
2987 switch( error ) {
2988 case CKR_ARGUMENTS_BAD:
2989 case CKR_BUFFER_TOO_SMALL:
2990 case CKR_CRYPTOKI_NOT_INITIALIZED:
2991 case CKR_DATA_LEN_RANGE:
2992 case CKR_DEVICE_ERROR:
2993 case CKR_DEVICE_MEMORY:
2994 case CKR_DEVICE_REMOVED:
2995 case CKR_FUNCTION_CANCELED:
2996 case CKR_FUNCTION_FAILED:
2997 case CKR_GENERAL_ERROR:
2998 case CKR_HOST_MEMORY:
2999 case CKR_OPERATION_NOT_INITIALIZED:
3000 case CKR_SESSION_CLOSED:
3001 case CKR_SESSION_HANDLE_INVALID:
3002 break;
3003 default:
3004 case CKR_OK:
3005 error = CKR_GENERAL_ERROR;
3006 break;
3007 }
3008 return error;
3009 }
3011 /*
3012 * NSSCKFWC_DecryptInit
3013 *
3014 */
3015 NSS_IMPLEMENT CK_RV
3016 NSSCKFWC_DecryptInit
3017 (
3018 NSSCKFWInstance *fwInstance,
3019 CK_SESSION_HANDLE hSession,
3020 CK_MECHANISM_PTR pMechanism,
3021 CK_OBJECT_HANDLE hKey
3022 )
3023 {
3024 CK_RV error = CKR_OK;
3025 NSSCKFWSession *fwSession;
3026 NSSCKFWObject *fwObject;
3027 NSSCKFWSlot *fwSlot;
3028 NSSCKFWToken *fwToken;
3029 NSSCKFWMechanism *fwMechanism;
3031 if (!fwInstance) {
3032 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3033 goto loser;
3034 }
3036 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3037 if (!fwSession) {
3038 error = CKR_SESSION_HANDLE_INVALID;
3039 goto loser;
3040 }
3042 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
3043 if (!fwObject) {
3044 error = CKR_KEY_HANDLE_INVALID;
3045 goto loser;
3046 }
3048 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
3049 if (!fwSlot) {
3050 error = CKR_GENERAL_ERROR; /* should never happen! */
3051 goto loser;
3052 }
3054 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
3055 error = CKR_TOKEN_NOT_PRESENT;
3056 goto loser;
3057 }
3059 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
3060 if (!fwToken) {
3061 goto loser;
3062 }
3064 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
3065 if (!fwMechanism) {
3066 goto loser;
3067 }
3069 error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism,
3070 fwSession, fwObject);
3071 nssCKFWMechanism_Destroy(fwMechanism);
3073 if (CKR_OK == error) {
3074 return CKR_OK;
3075 }
3077 loser:
3078 /* verify error */
3079 switch( error ) {
3080 case CKR_ARGUMENTS_BAD:
3081 case CKR_CRYPTOKI_NOT_INITIALIZED:
3082 case CKR_DEVICE_ERROR:
3083 case CKR_DEVICE_MEMORY:
3084 case CKR_DEVICE_REMOVED:
3085 case CKR_FUNCTION_CANCELED:
3086 case CKR_FUNCTION_FAILED:
3087 case CKR_GENERAL_ERROR:
3088 case CKR_HOST_MEMORY:
3089 case CKR_KEY_FUNCTION_NOT_PERMITTED:
3090 case CKR_KEY_HANDLE_INVALID:
3091 case CKR_KEY_SIZE_RANGE:
3092 case CKR_KEY_TYPE_INCONSISTENT:
3093 case CKR_MECHANISM_INVALID:
3094 case CKR_MECHANISM_PARAM_INVALID:
3095 case CKR_OPERATION_ACTIVE:
3096 case CKR_PIN_EXPIRED:
3097 case CKR_SESSION_CLOSED:
3098 case CKR_SESSION_HANDLE_INVALID:
3099 case CKR_USER_NOT_LOGGED_IN:
3100 break;
3101 default:
3102 case CKR_OK:
3103 error = CKR_GENERAL_ERROR;
3104 break;
3105 }
3106 return error;
3107 }
3109 /*
3110 * NSSCKFWC_Decrypt
3111 *
3112 */
3113 NSS_IMPLEMENT CK_RV
3114 NSSCKFWC_Decrypt
3115 (
3116 NSSCKFWInstance *fwInstance,
3117 CK_SESSION_HANDLE hSession,
3118 CK_BYTE_PTR pEncryptedData,
3119 CK_ULONG ulEncryptedDataLen,
3120 CK_BYTE_PTR pData,
3121 CK_ULONG_PTR pulDataLen
3122 )
3123 {
3124 CK_RV error = CKR_OK;
3125 NSSCKFWSession *fwSession;
3127 if (!fwInstance) {
3128 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3129 goto loser;
3130 }
3132 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3133 if (!fwSession) {
3134 error = CKR_SESSION_HANDLE_INVALID;
3135 goto loser;
3136 }
3138 error = nssCKFWSession_UpdateFinal(fwSession,
3139 NSSCKFWCryptoOperationType_Decrypt,
3140 NSSCKFWCryptoOperationState_EncryptDecrypt,
3141 pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
3143 if (CKR_OK == error) {
3144 return CKR_OK;
3145 }
3147 loser:
3148 /* verify error */
3149 switch( error ) {
3150 case CKR_ARGUMENTS_BAD:
3151 case CKR_BUFFER_TOO_SMALL:
3152 case CKR_CRYPTOKI_NOT_INITIALIZED:
3153 case CKR_DEVICE_ERROR:
3154 case CKR_DEVICE_MEMORY:
3155 case CKR_DEVICE_REMOVED:
3156 case CKR_ENCRYPTED_DATA_INVALID:
3157 case CKR_ENCRYPTED_DATA_LEN_RANGE:
3158 case CKR_FUNCTION_CANCELED:
3159 case CKR_FUNCTION_FAILED:
3160 case CKR_GENERAL_ERROR:
3161 case CKR_HOST_MEMORY:
3162 case CKR_OPERATION_NOT_INITIALIZED:
3163 case CKR_SESSION_CLOSED:
3164 case CKR_SESSION_HANDLE_INVALID:
3165 case CKR_USER_NOT_LOGGED_IN:
3166 break;
3167 case CKR_DATA_LEN_RANGE:
3168 error = CKR_ENCRYPTED_DATA_LEN_RANGE;
3169 break;
3170 case CKR_DATA_INVALID:
3171 error = CKR_ENCRYPTED_DATA_INVALID;
3172 break;
3173 default:
3174 case CKR_OK:
3175 error = CKR_GENERAL_ERROR;
3176 break;
3177 }
3178 return error;
3179 }
3181 /*
3182 * NSSCKFWC_DecryptUpdate
3183 *
3184 */
3185 NSS_IMPLEMENT CK_RV
3186 NSSCKFWC_DecryptUpdate
3187 (
3188 NSSCKFWInstance *fwInstance,
3189 CK_SESSION_HANDLE hSession,
3190 CK_BYTE_PTR pEncryptedPart,
3191 CK_ULONG ulEncryptedPartLen,
3192 CK_BYTE_PTR pPart,
3193 CK_ULONG_PTR pulPartLen
3194 )
3195 {
3196 CK_RV error = CKR_OK;
3197 NSSCKFWSession *fwSession;
3199 if (!fwInstance) {
3200 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3201 goto loser;
3202 }
3204 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3205 if (!fwSession) {
3206 error = CKR_SESSION_HANDLE_INVALID;
3207 goto loser;
3208 }
3210 error = nssCKFWSession_Update(fwSession,
3211 NSSCKFWCryptoOperationType_Decrypt,
3212 NSSCKFWCryptoOperationState_EncryptDecrypt,
3213 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
3215 if (CKR_OK == error) {
3216 return CKR_OK;
3217 }
3219 loser:
3220 /* verify error */
3221 switch( error ) {
3222 case CKR_ARGUMENTS_BAD:
3223 case CKR_BUFFER_TOO_SMALL:
3224 case CKR_CRYPTOKI_NOT_INITIALIZED:
3225 case CKR_DEVICE_ERROR:
3226 case CKR_DEVICE_MEMORY:
3227 case CKR_DEVICE_REMOVED:
3228 case CKR_ENCRYPTED_DATA_INVALID:
3229 case CKR_ENCRYPTED_DATA_LEN_RANGE:
3230 case CKR_FUNCTION_CANCELED:
3231 case CKR_FUNCTION_FAILED:
3232 case CKR_GENERAL_ERROR:
3233 case CKR_HOST_MEMORY:
3234 case CKR_OPERATION_NOT_INITIALIZED:
3235 case CKR_SESSION_CLOSED:
3236 case CKR_SESSION_HANDLE_INVALID:
3237 case CKR_USER_NOT_LOGGED_IN:
3238 break;
3239 case CKR_DATA_LEN_RANGE:
3240 error = CKR_ENCRYPTED_DATA_LEN_RANGE;
3241 break;
3242 case CKR_DATA_INVALID:
3243 error = CKR_ENCRYPTED_DATA_INVALID;
3244 break;
3245 default:
3246 case CKR_OK:
3247 error = CKR_GENERAL_ERROR;
3248 break;
3249 }
3250 return error;
3251 }
3253 /*
3254 * NSSCKFWC_DecryptFinal
3255 *
3256 */
3257 NSS_IMPLEMENT CK_RV
3258 NSSCKFWC_DecryptFinal
3259 (
3260 NSSCKFWInstance *fwInstance,
3261 CK_SESSION_HANDLE hSession,
3262 CK_BYTE_PTR pLastPart,
3263 CK_ULONG_PTR pulLastPartLen
3264 )
3265 {
3266 CK_RV error = CKR_OK;
3267 NSSCKFWSession *fwSession;
3269 if (!fwInstance) {
3270 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3271 goto loser;
3272 }
3274 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3275 if (!fwSession) {
3276 error = CKR_SESSION_HANDLE_INVALID;
3277 goto loser;
3278 }
3280 error = nssCKFWSession_Final(fwSession,
3281 NSSCKFWCryptoOperationType_Decrypt,
3282 NSSCKFWCryptoOperationState_EncryptDecrypt,
3283 pLastPart, pulLastPartLen);
3285 if (CKR_OK == error) {
3286 return CKR_OK;
3287 }
3289 loser:
3290 /* verify error */
3291 switch( error ) {
3292 case CKR_ARGUMENTS_BAD:
3293 case CKR_BUFFER_TOO_SMALL:
3294 case CKR_CRYPTOKI_NOT_INITIALIZED:
3295 case CKR_DEVICE_ERROR:
3296 case CKR_DEVICE_MEMORY:
3297 case CKR_DEVICE_REMOVED:
3298 case CKR_FUNCTION_FAILED:
3299 case CKR_FUNCTION_CANCELED:
3300 case CKR_ENCRYPTED_DATA_INVALID:
3301 case CKR_ENCRYPTED_DATA_LEN_RANGE:
3302 case CKR_GENERAL_ERROR:
3303 case CKR_HOST_MEMORY:
3304 case CKR_OPERATION_NOT_INITIALIZED:
3305 case CKR_SESSION_CLOSED:
3306 case CKR_SESSION_HANDLE_INVALID:
3307 case CKR_USER_NOT_LOGGED_IN:
3308 break;
3309 case CKR_DATA_LEN_RANGE:
3310 error = CKR_ENCRYPTED_DATA_LEN_RANGE;
3311 break;
3312 case CKR_DATA_INVALID:
3313 error = CKR_ENCRYPTED_DATA_INVALID;
3314 break;
3315 default:
3316 case CKR_OK:
3317 error = CKR_GENERAL_ERROR;
3318 break;
3319 }
3320 return error;
3321 }
3323 /*
3324 * NSSCKFWC_DigestInit
3325 *
3326 */
3327 NSS_IMPLEMENT CK_RV
3328 NSSCKFWC_DigestInit
3329 (
3330 NSSCKFWInstance *fwInstance,
3331 CK_SESSION_HANDLE hSession,
3332 CK_MECHANISM_PTR pMechanism
3333 )
3334 {
3335 CK_RV error = CKR_OK;
3336 NSSCKFWSession *fwSession;
3337 NSSCKFWSlot *fwSlot;
3338 NSSCKFWToken *fwToken;
3339 NSSCKFWMechanism *fwMechanism;
3341 if (!fwInstance) {
3342 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3343 goto loser;
3344 }
3346 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3347 if (!fwSession) {
3348 error = CKR_SESSION_HANDLE_INVALID;
3349 goto loser;
3350 }
3352 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
3353 if (!fwSlot) {
3354 error = CKR_GENERAL_ERROR; /* should never happen! */
3355 goto loser;
3356 }
3358 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
3359 error = CKR_TOKEN_NOT_PRESENT;
3360 goto loser;
3361 }
3363 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
3364 if (!fwToken) {
3365 goto loser;
3366 }
3368 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
3369 if (!fwMechanism) {
3370 goto loser;
3371 }
3373 error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession);
3375 nssCKFWMechanism_Destroy(fwMechanism);
3377 if (CKR_OK == error) {
3378 return CKR_OK;
3379 }
3381 loser:
3382 /* verify error */
3383 switch( error ) {
3384 case CKR_ARGUMENTS_BAD:
3385 case CKR_CRYPTOKI_NOT_INITIALIZED:
3386 case CKR_DEVICE_ERROR:
3387 case CKR_DEVICE_MEMORY:
3388 case CKR_DEVICE_REMOVED:
3389 case CKR_FUNCTION_CANCELED:
3390 case CKR_FUNCTION_FAILED:
3391 case CKR_GENERAL_ERROR:
3392 case CKR_HOST_MEMORY:
3393 case CKR_MECHANISM_INVALID:
3394 case CKR_MECHANISM_PARAM_INVALID:
3395 case CKR_OPERATION_ACTIVE:
3396 case CKR_PIN_EXPIRED:
3397 case CKR_SESSION_CLOSED:
3398 case CKR_SESSION_HANDLE_INVALID:
3399 case CKR_USER_NOT_LOGGED_IN:
3400 break;
3401 default:
3402 case CKR_OK:
3403 error = CKR_GENERAL_ERROR;
3404 break;
3405 }
3406 return error;
3407 }
3409 /*
3410 * NSSCKFWC_Digest
3411 *
3412 */
3413 NSS_IMPLEMENT CK_RV
3414 NSSCKFWC_Digest
3415 (
3416 NSSCKFWInstance *fwInstance,
3417 CK_SESSION_HANDLE hSession,
3418 CK_BYTE_PTR pData,
3419 CK_ULONG ulDataLen,
3420 CK_BYTE_PTR pDigest,
3421 CK_ULONG_PTR pulDigestLen
3422 )
3423 {
3424 CK_RV error = CKR_OK;
3425 NSSCKFWSession *fwSession;
3427 if (!fwInstance) {
3428 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3429 goto loser;
3430 }
3432 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3433 if (!fwSession) {
3434 error = CKR_SESSION_HANDLE_INVALID;
3435 goto loser;
3436 }
3438 error = nssCKFWSession_UpdateFinal(fwSession,
3439 NSSCKFWCryptoOperationType_Digest,
3440 NSSCKFWCryptoOperationState_Digest,
3441 pData, ulDataLen, pDigest, pulDigestLen);
3443 if (CKR_OK == error) {
3444 return CKR_OK;
3445 }
3447 loser:
3448 /* verify error */
3449 switch( error ) {
3450 case CKR_ARGUMENTS_BAD:
3451 case CKR_BUFFER_TOO_SMALL:
3452 case CKR_CRYPTOKI_NOT_INITIALIZED:
3453 case CKR_DEVICE_ERROR:
3454 case CKR_DEVICE_MEMORY:
3455 case CKR_DEVICE_REMOVED:
3456 case CKR_FUNCTION_CANCELED:
3457 case CKR_FUNCTION_FAILED:
3458 case CKR_GENERAL_ERROR:
3459 case CKR_HOST_MEMORY:
3460 case CKR_OPERATION_NOT_INITIALIZED:
3461 case CKR_SESSION_CLOSED:
3462 case CKR_SESSION_HANDLE_INVALID:
3463 break;
3464 default:
3465 case CKR_OK:
3466 error = CKR_GENERAL_ERROR;
3467 break;
3468 }
3469 return error;
3470 }
3472 /*
3473 * NSSCKFWC_DigestUpdate
3474 *
3475 */
3476 NSS_IMPLEMENT CK_RV
3477 NSSCKFWC_DigestUpdate
3478 (
3479 NSSCKFWInstance *fwInstance,
3480 CK_SESSION_HANDLE hSession,
3481 CK_BYTE_PTR pData,
3482 CK_ULONG ulDataLen
3483 )
3484 {
3485 CK_RV error = CKR_OK;
3486 NSSCKFWSession *fwSession;
3488 if (!fwInstance) {
3489 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3490 goto loser;
3491 }
3493 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3494 if (!fwSession) {
3495 error = CKR_SESSION_HANDLE_INVALID;
3496 goto loser;
3497 }
3499 error = nssCKFWSession_DigestUpdate(fwSession,
3500 NSSCKFWCryptoOperationType_Digest,
3501 NSSCKFWCryptoOperationState_Digest,
3502 pData, ulDataLen);
3504 if (CKR_OK == error) {
3505 return CKR_OK;
3506 }
3508 loser:
3509 /* verify error */
3510 switch( error ) {
3511 case CKR_ARGUMENTS_BAD:
3512 case CKR_CRYPTOKI_NOT_INITIALIZED:
3513 case CKR_DEVICE_ERROR:
3514 case CKR_DEVICE_MEMORY:
3515 case CKR_DEVICE_REMOVED:
3516 case CKR_FUNCTION_CANCELED:
3517 case CKR_FUNCTION_FAILED:
3518 case CKR_GENERAL_ERROR:
3519 case CKR_HOST_MEMORY:
3520 case CKR_OPERATION_NOT_INITIALIZED:
3521 case CKR_SESSION_CLOSED:
3522 case CKR_SESSION_HANDLE_INVALID:
3523 break;
3524 default:
3525 case CKR_OK:
3526 error = CKR_GENERAL_ERROR;
3527 break;
3528 }
3529 return error;
3530 }
3532 /*
3533 * NSSCKFWC_DigestKey
3534 *
3535 */
3536 NSS_IMPLEMENT CK_RV
3537 NSSCKFWC_DigestKey
3538 (
3539 NSSCKFWInstance *fwInstance,
3540 CK_SESSION_HANDLE hSession,
3541 CK_OBJECT_HANDLE hKey
3542 )
3543 {
3544 CK_RV error = CKR_OK;
3545 NSSCKFWSession *fwSession;
3546 NSSCKFWObject *fwObject;
3548 if (!fwInstance) {
3549 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3550 goto loser;
3551 }
3553 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3554 if (!fwSession) {
3555 error = CKR_SESSION_HANDLE_INVALID;
3556 goto loser;
3557 }
3559 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
3560 if (!fwObject) {
3561 error = CKR_KEY_HANDLE_INVALID;
3562 goto loser;
3563 }
3565 error = nssCKFWSession_DigestKey(fwSession, fwObject);
3567 if (CKR_OK == error) {
3568 return CKR_OK;
3569 }
3571 loser:
3572 /* verify error */
3573 switch( error ) {
3574 case CKR_CRYPTOKI_NOT_INITIALIZED:
3575 case CKR_DEVICE_ERROR:
3576 case CKR_DEVICE_MEMORY:
3577 case CKR_DEVICE_REMOVED:
3578 case CKR_FUNCTION_CANCELED:
3579 case CKR_FUNCTION_FAILED:
3580 case CKR_GENERAL_ERROR:
3581 case CKR_HOST_MEMORY:
3582 case CKR_KEY_HANDLE_INVALID:
3583 case CKR_KEY_INDIGESTIBLE:
3584 case CKR_KEY_SIZE_RANGE:
3585 case CKR_OPERATION_NOT_INITIALIZED:
3586 case CKR_SESSION_CLOSED:
3587 case CKR_SESSION_HANDLE_INVALID:
3588 break;
3589 default:
3590 case CKR_OK:
3591 error = CKR_GENERAL_ERROR;
3592 break;
3593 }
3594 return error;
3595 }
3597 /*
3598 * NSSCKFWC_DigestFinal
3599 *
3600 */
3601 NSS_IMPLEMENT CK_RV
3602 NSSCKFWC_DigestFinal
3603 (
3604 NSSCKFWInstance *fwInstance,
3605 CK_SESSION_HANDLE hSession,
3606 CK_BYTE_PTR pDigest,
3607 CK_ULONG_PTR pulDigestLen
3608 )
3609 {
3610 CK_RV error = CKR_OK;
3611 NSSCKFWSession *fwSession;
3613 if (!fwInstance) {
3614 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3615 goto loser;
3616 }
3618 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3619 if (!fwSession) {
3620 error = CKR_SESSION_HANDLE_INVALID;
3621 goto loser;
3622 }
3624 error = nssCKFWSession_Final(fwSession,
3625 NSSCKFWCryptoOperationType_Digest,
3626 NSSCKFWCryptoOperationState_Digest,
3627 pDigest, pulDigestLen);
3629 if (CKR_OK == error) {
3630 return CKR_OK;
3631 }
3633 loser:
3634 /* verify error */
3635 switch( error ) {
3636 case CKR_ARGUMENTS_BAD:
3637 case CKR_BUFFER_TOO_SMALL:
3638 case CKR_CRYPTOKI_NOT_INITIALIZED:
3639 case CKR_DEVICE_ERROR:
3640 case CKR_DEVICE_MEMORY:
3641 case CKR_DEVICE_REMOVED:
3642 case CKR_FUNCTION_CANCELED:
3643 case CKR_FUNCTION_FAILED:
3644 case CKR_GENERAL_ERROR:
3645 case CKR_HOST_MEMORY:
3646 case CKR_OPERATION_NOT_INITIALIZED:
3647 case CKR_SESSION_CLOSED:
3648 case CKR_SESSION_HANDLE_INVALID:
3649 break;
3650 default:
3651 case CKR_OK:
3652 error = CKR_GENERAL_ERROR;
3653 break;
3654 }
3655 return error;
3656 }
3658 /*
3659 * NSSCKFWC_SignInit
3660 *
3661 */
3662 NSS_IMPLEMENT CK_RV
3663 NSSCKFWC_SignInit
3664 (
3665 NSSCKFWInstance *fwInstance,
3666 CK_SESSION_HANDLE hSession,
3667 CK_MECHANISM_PTR pMechanism,
3668 CK_OBJECT_HANDLE hKey
3669 )
3670 {
3671 CK_RV error = CKR_OK;
3672 NSSCKFWSession *fwSession;
3673 NSSCKFWObject *fwObject;
3674 NSSCKFWSlot *fwSlot;
3675 NSSCKFWToken *fwToken;
3676 NSSCKFWMechanism *fwMechanism;
3678 if (!fwInstance) {
3679 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3680 goto loser;
3681 }
3683 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3684 if (!fwSession) {
3685 error = CKR_SESSION_HANDLE_INVALID;
3686 goto loser;
3687 }
3689 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
3690 if (!fwObject) {
3691 error = CKR_KEY_HANDLE_INVALID;
3692 goto loser;
3693 }
3695 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
3696 if (!fwSlot) {
3697 error = CKR_GENERAL_ERROR; /* should never happen! */
3698 goto loser;
3699 }
3701 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
3702 error = CKR_TOKEN_NOT_PRESENT;
3703 goto loser;
3704 }
3706 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
3707 if (!fwToken) {
3708 goto loser;
3709 }
3711 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
3712 if (!fwMechanism) {
3713 goto loser;
3714 }
3716 error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession,
3717 fwObject);
3719 nssCKFWMechanism_Destroy(fwMechanism);
3721 if (CKR_OK == error) {
3722 return CKR_OK;
3723 }
3725 loser:
3726 /* verify error */
3727 switch( error ) {
3728 case CKR_ARGUMENTS_BAD:
3729 case CKR_CRYPTOKI_NOT_INITIALIZED:
3730 case CKR_DEVICE_ERROR:
3731 case CKR_DEVICE_MEMORY:
3732 case CKR_DEVICE_REMOVED:
3733 case CKR_FUNCTION_CANCELED:
3734 case CKR_FUNCTION_FAILED:
3735 case CKR_GENERAL_ERROR:
3736 case CKR_HOST_MEMORY:
3737 case CKR_KEY_FUNCTION_NOT_PERMITTED:
3738 case CKR_KEY_HANDLE_INVALID:
3739 case CKR_KEY_SIZE_RANGE:
3740 case CKR_KEY_TYPE_INCONSISTENT:
3741 case CKR_MECHANISM_INVALID:
3742 case CKR_MECHANISM_PARAM_INVALID:
3743 case CKR_OPERATION_ACTIVE:
3744 case CKR_PIN_EXPIRED:
3745 case CKR_SESSION_CLOSED:
3746 case CKR_SESSION_HANDLE_INVALID:
3747 case CKR_USER_NOT_LOGGED_IN:
3748 break;
3749 default:
3750 case CKR_OK:
3751 error = CKR_GENERAL_ERROR;
3752 break;
3753 }
3754 return error;
3755 }
3757 /*
3758 * NSSCKFWC_Sign
3759 *
3760 */
3761 NSS_IMPLEMENT CK_RV
3762 NSSCKFWC_Sign
3763 (
3764 NSSCKFWInstance *fwInstance,
3765 CK_SESSION_HANDLE hSession,
3766 CK_BYTE_PTR pData,
3767 CK_ULONG ulDataLen,
3768 CK_BYTE_PTR pSignature,
3769 CK_ULONG_PTR pulSignatureLen
3770 )
3771 {
3772 CK_RV error = CKR_OK;
3773 NSSCKFWSession *fwSession;
3775 if (!fwInstance) {
3776 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3777 goto loser;
3778 }
3780 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3781 if (!fwSession) {
3782 error = CKR_SESSION_HANDLE_INVALID;
3783 goto loser;
3784 }
3786 error = nssCKFWSession_UpdateFinal(fwSession,
3787 NSSCKFWCryptoOperationType_Sign,
3788 NSSCKFWCryptoOperationState_SignVerify,
3789 pData, ulDataLen, pSignature, pulSignatureLen);
3791 if (CKR_OK == error) {
3792 return CKR_OK;
3793 }
3795 loser:
3796 /* verify error */
3797 switch( error ) {
3798 case CKR_ARGUMENTS_BAD:
3799 case CKR_BUFFER_TOO_SMALL:
3800 case CKR_CRYPTOKI_NOT_INITIALIZED:
3801 case CKR_DATA_INVALID:
3802 case CKR_DATA_LEN_RANGE:
3803 case CKR_DEVICE_ERROR:
3804 case CKR_DEVICE_MEMORY:
3805 case CKR_DEVICE_REMOVED:
3806 case CKR_FUNCTION_CANCELED:
3807 case CKR_FUNCTION_FAILED:
3808 case CKR_GENERAL_ERROR:
3809 case CKR_HOST_MEMORY:
3810 case CKR_OPERATION_NOT_INITIALIZED:
3811 case CKR_SESSION_CLOSED:
3812 case CKR_SESSION_HANDLE_INVALID:
3813 case CKR_USER_NOT_LOGGED_IN:
3814 case CKR_FUNCTION_REJECTED:
3815 break;
3816 default:
3817 case CKR_OK:
3818 error = CKR_GENERAL_ERROR;
3819 break;
3820 }
3821 return error;
3822 }
3824 /*
3825 * NSSCKFWC_SignUpdate
3826 *
3827 */
3828 NSS_IMPLEMENT CK_RV
3829 NSSCKFWC_SignUpdate
3830 (
3831 NSSCKFWInstance *fwInstance,
3832 CK_SESSION_HANDLE hSession,
3833 CK_BYTE_PTR pPart,
3834 CK_ULONG ulPartLen
3835 )
3836 {
3837 CK_RV error = CKR_OK;
3838 NSSCKFWSession *fwSession;
3840 if (!fwInstance) {
3841 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3842 goto loser;
3843 }
3845 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3846 if (!fwSession) {
3847 error = CKR_SESSION_HANDLE_INVALID;
3848 goto loser;
3849 }
3851 error = nssCKFWSession_DigestUpdate(fwSession,
3852 NSSCKFWCryptoOperationType_Sign,
3853 NSSCKFWCryptoOperationState_SignVerify,
3854 pPart, ulPartLen);
3856 if (CKR_OK == error) {
3857 return CKR_OK;
3858 }
3860 loser:
3861 /* verify error */
3862 switch( error ) {
3863 case CKR_ARGUMENTS_BAD:
3864 case CKR_CRYPTOKI_NOT_INITIALIZED:
3865 case CKR_DATA_LEN_RANGE:
3866 case CKR_DEVICE_ERROR:
3867 case CKR_DEVICE_MEMORY:
3868 case CKR_DEVICE_REMOVED:
3869 case CKR_FUNCTION_CANCELED:
3870 case CKR_FUNCTION_FAILED:
3871 case CKR_GENERAL_ERROR:
3872 case CKR_HOST_MEMORY:
3873 case CKR_OPERATION_NOT_INITIALIZED:
3874 case CKR_SESSION_CLOSED:
3875 case CKR_SESSION_HANDLE_INVALID:
3876 case CKR_USER_NOT_LOGGED_IN:
3877 break;
3878 default:
3879 case CKR_OK:
3880 error = CKR_GENERAL_ERROR;
3881 break;
3882 }
3883 return error;
3884 }
3886 /*
3887 * NSSCKFWC_SignFinal
3888 *
3889 */
3890 NSS_IMPLEMENT CK_RV
3891 NSSCKFWC_SignFinal
3892 (
3893 NSSCKFWInstance *fwInstance,
3894 CK_SESSION_HANDLE hSession,
3895 CK_BYTE_PTR pSignature,
3896 CK_ULONG_PTR pulSignatureLen
3897 )
3898 {
3899 CK_RV error = CKR_OK;
3900 NSSCKFWSession *fwSession;
3902 if (!fwInstance) {
3903 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3904 goto loser;
3905 }
3907 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3908 if (!fwSession) {
3909 error = CKR_SESSION_HANDLE_INVALID;
3910 goto loser;
3911 }
3913 error = nssCKFWSession_Final(fwSession,
3914 NSSCKFWCryptoOperationType_Sign,
3915 NSSCKFWCryptoOperationState_SignVerify,
3916 pSignature, pulSignatureLen);
3918 if (CKR_OK == error) {
3919 return CKR_OK;
3920 }
3922 loser:
3923 /* verify error */
3924 switch( error ) {
3925 case CKR_ARGUMENTS_BAD:
3926 case CKR_BUFFER_TOO_SMALL:
3927 case CKR_CRYPTOKI_NOT_INITIALIZED:
3928 case CKR_DATA_LEN_RANGE:
3929 case CKR_DEVICE_ERROR:
3930 case CKR_DEVICE_MEMORY:
3931 case CKR_DEVICE_REMOVED:
3932 case CKR_FUNCTION_CANCELED:
3933 case CKR_FUNCTION_FAILED:
3934 case CKR_GENERAL_ERROR:
3935 case CKR_HOST_MEMORY:
3936 case CKR_OPERATION_NOT_INITIALIZED:
3937 case CKR_SESSION_CLOSED:
3938 case CKR_SESSION_HANDLE_INVALID:
3939 case CKR_USER_NOT_LOGGED_IN:
3940 case CKR_FUNCTION_REJECTED:
3941 break;
3942 default:
3943 case CKR_OK:
3944 error = CKR_GENERAL_ERROR;
3945 break;
3946 }
3947 return error;
3948 }
3950 /*
3951 * NSSCKFWC_SignRecoverInit
3952 *
3953 */
3954 NSS_IMPLEMENT CK_RV
3955 NSSCKFWC_SignRecoverInit
3956 (
3957 NSSCKFWInstance *fwInstance,
3958 CK_SESSION_HANDLE hSession,
3959 CK_MECHANISM_PTR pMechanism,
3960 CK_OBJECT_HANDLE hKey
3961 )
3962 {
3963 CK_RV error = CKR_OK;
3964 NSSCKFWSession *fwSession;
3965 NSSCKFWObject *fwObject;
3966 NSSCKFWSlot *fwSlot;
3967 NSSCKFWToken *fwToken;
3968 NSSCKFWMechanism *fwMechanism;
3970 if (!fwInstance) {
3971 error = CKR_CRYPTOKI_NOT_INITIALIZED;
3972 goto loser;
3973 }
3975 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
3976 if (!fwSession) {
3977 error = CKR_SESSION_HANDLE_INVALID;
3978 goto loser;
3979 }
3981 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
3982 if (!fwObject) {
3983 error = CKR_KEY_HANDLE_INVALID;
3984 goto loser;
3985 }
3987 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
3988 if (!fwSlot) {
3989 error = CKR_GENERAL_ERROR; /* should never happen! */
3990 goto loser;
3991 }
3993 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
3994 error = CKR_TOKEN_NOT_PRESENT;
3995 goto loser;
3996 }
3998 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
3999 if (!fwToken) {
4000 goto loser;
4001 }
4003 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
4004 if (!fwMechanism) {
4005 goto loser;
4006 }
4008 error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession,
4009 fwObject);
4011 nssCKFWMechanism_Destroy(fwMechanism);
4013 if (CKR_OK == error) {
4014 return CKR_OK;
4015 }
4017 loser:
4018 /* verify error */
4019 switch( error ) {
4020 case CKR_ARGUMENTS_BAD:
4021 case CKR_CRYPTOKI_NOT_INITIALIZED:
4022 case CKR_DEVICE_ERROR:
4023 case CKR_DEVICE_MEMORY:
4024 case CKR_DEVICE_REMOVED:
4025 case CKR_FUNCTION_CANCELED:
4026 case CKR_FUNCTION_FAILED:
4027 case CKR_GENERAL_ERROR:
4028 case CKR_HOST_MEMORY:
4029 case CKR_KEY_FUNCTION_NOT_PERMITTED:
4030 case CKR_KEY_HANDLE_INVALID:
4031 case CKR_KEY_SIZE_RANGE:
4032 case CKR_KEY_TYPE_INCONSISTENT:
4033 case CKR_MECHANISM_INVALID:
4034 case CKR_MECHANISM_PARAM_INVALID:
4035 case CKR_OPERATION_ACTIVE:
4036 case CKR_PIN_EXPIRED:
4037 case CKR_SESSION_CLOSED:
4038 case CKR_SESSION_HANDLE_INVALID:
4039 case CKR_USER_NOT_LOGGED_IN:
4040 break;
4041 default:
4042 case CKR_OK:
4043 error = CKR_GENERAL_ERROR;
4044 break;
4045 }
4046 return error;
4047 }
4049 /*
4050 * NSSCKFWC_SignRecover
4051 *
4052 */
4053 NSS_IMPLEMENT CK_RV
4054 NSSCKFWC_SignRecover
4055 (
4056 NSSCKFWInstance *fwInstance,
4057 CK_SESSION_HANDLE hSession,
4058 CK_BYTE_PTR pData,
4059 CK_ULONG ulDataLen,
4060 CK_BYTE_PTR pSignature,
4061 CK_ULONG_PTR pulSignatureLen
4062 )
4063 {
4064 CK_RV error = CKR_OK;
4065 NSSCKFWSession *fwSession;
4067 if (!fwInstance) {
4068 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4069 goto loser;
4070 }
4072 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4073 if (!fwSession) {
4074 error = CKR_SESSION_HANDLE_INVALID;
4075 goto loser;
4076 }
4078 error = nssCKFWSession_UpdateFinal(fwSession,
4079 NSSCKFWCryptoOperationType_SignRecover,
4080 NSSCKFWCryptoOperationState_SignVerify,
4081 pData, ulDataLen, pSignature, pulSignatureLen);
4083 if (CKR_OK == error) {
4084 return CKR_OK;
4085 }
4087 loser:
4088 /* verify error */
4089 switch( error ) {
4090 case CKR_ARGUMENTS_BAD:
4091 case CKR_BUFFER_TOO_SMALL:
4092 case CKR_CRYPTOKI_NOT_INITIALIZED:
4093 case CKR_DATA_INVALID:
4094 case CKR_DATA_LEN_RANGE:
4095 case CKR_DEVICE_ERROR:
4096 case CKR_DEVICE_MEMORY:
4097 case CKR_DEVICE_REMOVED:
4098 case CKR_FUNCTION_CANCELED:
4099 case CKR_FUNCTION_FAILED:
4100 case CKR_GENERAL_ERROR:
4101 case CKR_HOST_MEMORY:
4102 case CKR_OPERATION_NOT_INITIALIZED:
4103 case CKR_SESSION_CLOSED:
4104 case CKR_SESSION_HANDLE_INVALID:
4105 case CKR_USER_NOT_LOGGED_IN:
4106 break;
4107 default:
4108 case CKR_OK:
4109 error = CKR_GENERAL_ERROR;
4110 break;
4111 }
4112 return error;
4113 }
4115 /*
4116 * NSSCKFWC_VerifyInit
4117 *
4118 */
4119 NSS_IMPLEMENT CK_RV
4120 NSSCKFWC_VerifyInit
4121 (
4122 NSSCKFWInstance *fwInstance,
4123 CK_SESSION_HANDLE hSession,
4124 CK_MECHANISM_PTR pMechanism,
4125 CK_OBJECT_HANDLE hKey
4126 )
4127 {
4128 CK_RV error = CKR_OK;
4129 NSSCKFWSession *fwSession;
4130 NSSCKFWObject *fwObject;
4131 NSSCKFWSlot *fwSlot;
4132 NSSCKFWToken *fwToken;
4133 NSSCKFWMechanism *fwMechanism;
4135 if (!fwInstance) {
4136 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4137 goto loser;
4138 }
4140 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4141 if (!fwSession) {
4142 error = CKR_SESSION_HANDLE_INVALID;
4143 goto loser;
4144 }
4146 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
4147 if (!fwObject) {
4148 error = CKR_KEY_HANDLE_INVALID;
4149 goto loser;
4150 }
4152 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
4153 if (!fwSlot) {
4154 error = CKR_GENERAL_ERROR; /* should never happen! */
4155 goto loser;
4156 }
4158 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
4159 error = CKR_TOKEN_NOT_PRESENT;
4160 goto loser;
4161 }
4163 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
4164 if (!fwToken) {
4165 goto loser;
4166 }
4168 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
4169 if (!fwMechanism) {
4170 goto loser;
4171 }
4173 error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession,
4174 fwObject);
4176 nssCKFWMechanism_Destroy(fwMechanism);
4178 if (CKR_OK == error) {
4179 return CKR_OK;
4180 }
4182 loser:
4183 /* verify error */
4184 switch( error ) {
4185 case CKR_ARGUMENTS_BAD:
4186 case CKR_CRYPTOKI_NOT_INITIALIZED:
4187 case CKR_DEVICE_ERROR:
4188 case CKR_DEVICE_MEMORY:
4189 case CKR_DEVICE_REMOVED:
4190 case CKR_FUNCTION_CANCELED:
4191 case CKR_FUNCTION_FAILED:
4192 case CKR_GENERAL_ERROR:
4193 case CKR_HOST_MEMORY:
4194 case CKR_KEY_FUNCTION_NOT_PERMITTED:
4195 case CKR_KEY_HANDLE_INVALID:
4196 case CKR_KEY_SIZE_RANGE:
4197 case CKR_KEY_TYPE_INCONSISTENT:
4198 case CKR_MECHANISM_INVALID:
4199 case CKR_MECHANISM_PARAM_INVALID:
4200 case CKR_OPERATION_ACTIVE:
4201 case CKR_PIN_EXPIRED:
4202 case CKR_SESSION_CLOSED:
4203 case CKR_SESSION_HANDLE_INVALID:
4204 case CKR_USER_NOT_LOGGED_IN:
4205 break;
4206 default:
4207 case CKR_OK:
4208 error = CKR_GENERAL_ERROR;
4209 break;
4210 }
4211 return error;
4212 }
4214 /*
4215 * NSSCKFWC_Verify
4216 *
4217 */
4218 NSS_IMPLEMENT CK_RV
4219 NSSCKFWC_Verify
4220 (
4221 NSSCKFWInstance *fwInstance,
4222 CK_SESSION_HANDLE hSession,
4223 CK_BYTE_PTR pData,
4224 CK_ULONG ulDataLen,
4225 CK_BYTE_PTR pSignature,
4226 CK_ULONG ulSignatureLen
4227 )
4228 {
4229 CK_RV error = CKR_OK;
4230 NSSCKFWSession *fwSession;
4232 if (!fwInstance) {
4233 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4234 goto loser;
4235 }
4237 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4238 if (!fwSession) {
4239 error = CKR_SESSION_HANDLE_INVALID;
4240 goto loser;
4241 }
4243 error = nssCKFWSession_UpdateFinal(fwSession,
4244 NSSCKFWCryptoOperationType_Verify,
4245 NSSCKFWCryptoOperationState_SignVerify,
4246 pData, ulDataLen, pSignature, &ulSignatureLen);
4248 if (CKR_OK == error) {
4249 return CKR_OK;
4250 }
4252 loser:
4253 /* verify error */
4254 switch( error ) {
4255 case CKR_ARGUMENTS_BAD:
4256 case CKR_CRYPTOKI_NOT_INITIALIZED:
4257 case CKR_DATA_INVALID:
4258 case CKR_DATA_LEN_RANGE:
4259 case CKR_DEVICE_ERROR:
4260 case CKR_DEVICE_MEMORY:
4261 case CKR_DEVICE_REMOVED:
4262 case CKR_FUNCTION_CANCELED:
4263 case CKR_FUNCTION_FAILED:
4264 case CKR_GENERAL_ERROR:
4265 case CKR_HOST_MEMORY:
4266 case CKR_OPERATION_NOT_INITIALIZED:
4267 case CKR_SESSION_CLOSED:
4268 case CKR_SESSION_HANDLE_INVALID:
4269 case CKR_SIGNATURE_INVALID:
4270 case CKR_SIGNATURE_LEN_RANGE:
4271 break;
4272 default:
4273 case CKR_OK:
4274 error = CKR_GENERAL_ERROR;
4275 break;
4276 }
4277 return error;
4278 }
4280 /*
4281 * NSSCKFWC_VerifyUpdate
4282 *
4283 */
4284 NSS_IMPLEMENT CK_RV
4285 NSSCKFWC_VerifyUpdate
4286 (
4287 NSSCKFWInstance *fwInstance,
4288 CK_SESSION_HANDLE hSession,
4289 CK_BYTE_PTR pPart,
4290 CK_ULONG ulPartLen
4291 )
4292 {
4293 CK_RV error = CKR_OK;
4294 NSSCKFWSession *fwSession;
4296 if (!fwInstance) {
4297 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4298 goto loser;
4299 }
4301 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4302 if (!fwSession) {
4303 error = CKR_SESSION_HANDLE_INVALID;
4304 goto loser;
4305 }
4307 error = nssCKFWSession_DigestUpdate(fwSession,
4308 NSSCKFWCryptoOperationType_Verify,
4309 NSSCKFWCryptoOperationState_SignVerify,
4310 pPart, ulPartLen);
4312 if (CKR_OK == error) {
4313 return CKR_OK;
4314 }
4316 loser:
4317 /* verify error */
4318 switch( error ) {
4319 case CKR_ARGUMENTS_BAD:
4320 case CKR_CRYPTOKI_NOT_INITIALIZED:
4321 case CKR_DATA_LEN_RANGE:
4322 case CKR_DEVICE_ERROR:
4323 case CKR_DEVICE_MEMORY:
4324 case CKR_DEVICE_REMOVED:
4325 case CKR_FUNCTION_CANCELED:
4326 case CKR_FUNCTION_FAILED:
4327 case CKR_GENERAL_ERROR:
4328 case CKR_HOST_MEMORY:
4329 case CKR_OPERATION_NOT_INITIALIZED:
4330 case CKR_SESSION_CLOSED:
4331 case CKR_SESSION_HANDLE_INVALID:
4332 break;
4333 default:
4334 case CKR_OK:
4335 error = CKR_GENERAL_ERROR;
4336 break;
4337 }
4338 return error;
4339 }
4341 /*
4342 * NSSCKFWC_VerifyFinal
4343 *
4344 */
4345 NSS_IMPLEMENT CK_RV
4346 NSSCKFWC_VerifyFinal
4347 (
4348 NSSCKFWInstance *fwInstance,
4349 CK_SESSION_HANDLE hSession,
4350 CK_BYTE_PTR pSignature,
4351 CK_ULONG ulSignatureLen
4352 )
4353 {
4354 CK_RV error = CKR_OK;
4355 NSSCKFWSession *fwSession;
4357 if (!fwInstance) {
4358 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4359 goto loser;
4360 }
4362 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4363 if (!fwSession) {
4364 error = CKR_SESSION_HANDLE_INVALID;
4365 goto loser;
4366 }
4368 error = nssCKFWSession_Final(fwSession,
4369 NSSCKFWCryptoOperationType_Verify,
4370 NSSCKFWCryptoOperationState_SignVerify,
4371 pSignature, &ulSignatureLen);
4373 if (CKR_OK == error) {
4374 return CKR_OK;
4375 }
4377 loser:
4378 /* verify error */
4379 switch( error ) {
4380 case CKR_ARGUMENTS_BAD:
4381 case CKR_CRYPTOKI_NOT_INITIALIZED:
4382 case CKR_DATA_LEN_RANGE:
4383 case CKR_DEVICE_ERROR:
4384 case CKR_DEVICE_MEMORY:
4385 case CKR_DEVICE_REMOVED:
4386 case CKR_FUNCTION_CANCELED:
4387 case CKR_FUNCTION_FAILED:
4388 case CKR_GENERAL_ERROR:
4389 case CKR_HOST_MEMORY:
4390 case CKR_OPERATION_NOT_INITIALIZED:
4391 case CKR_SESSION_CLOSED:
4392 case CKR_SESSION_HANDLE_INVALID:
4393 case CKR_SIGNATURE_INVALID:
4394 case CKR_SIGNATURE_LEN_RANGE:
4395 break;
4396 default:
4397 case CKR_OK:
4398 error = CKR_GENERAL_ERROR;
4399 break;
4400 }
4401 return error;
4402 }
4404 /*
4405 * NSSCKFWC_VerifyRecoverInit
4406 *
4407 */
4408 NSS_IMPLEMENT CK_RV
4409 NSSCKFWC_VerifyRecoverInit
4410 (
4411 NSSCKFWInstance *fwInstance,
4412 CK_SESSION_HANDLE hSession,
4413 CK_MECHANISM_PTR pMechanism,
4414 CK_OBJECT_HANDLE hKey
4415 )
4416 {
4417 CK_RV error = CKR_OK;
4418 NSSCKFWSession *fwSession;
4419 NSSCKFWObject *fwObject;
4420 NSSCKFWSlot *fwSlot;
4421 NSSCKFWToken *fwToken;
4422 NSSCKFWMechanism *fwMechanism;
4424 if (!fwInstance) {
4425 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4426 goto loser;
4427 }
4429 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4430 if (!fwSession) {
4431 error = CKR_SESSION_HANDLE_INVALID;
4432 goto loser;
4433 }
4435 fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
4436 if (!fwObject) {
4437 error = CKR_KEY_HANDLE_INVALID;
4438 goto loser;
4439 }
4441 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
4442 if (!fwSlot) {
4443 error = CKR_GENERAL_ERROR; /* should never happen! */
4444 goto loser;
4445 }
4447 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
4448 error = CKR_TOKEN_NOT_PRESENT;
4449 goto loser;
4450 }
4452 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
4453 if (!fwToken) {
4454 goto loser;
4455 }
4457 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
4458 if (!fwMechanism) {
4459 goto loser;
4460 }
4462 error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism,
4463 fwSession, fwObject);
4465 nssCKFWMechanism_Destroy(fwMechanism);
4467 if (CKR_OK == error) {
4468 return CKR_OK;
4469 }
4471 loser:
4472 /* verify error */
4473 switch( error ) {
4474 case CKR_ARGUMENTS_BAD:
4475 case CKR_CRYPTOKI_NOT_INITIALIZED:
4476 case CKR_DEVICE_ERROR:
4477 case CKR_DEVICE_MEMORY:
4478 case CKR_DEVICE_REMOVED:
4479 case CKR_FUNCTION_CANCELED:
4480 case CKR_FUNCTION_FAILED:
4481 case CKR_GENERAL_ERROR:
4482 case CKR_HOST_MEMORY:
4483 case CKR_KEY_FUNCTION_NOT_PERMITTED:
4484 case CKR_KEY_HANDLE_INVALID:
4485 case CKR_KEY_SIZE_RANGE:
4486 case CKR_KEY_TYPE_INCONSISTENT:
4487 case CKR_MECHANISM_INVALID:
4488 case CKR_MECHANISM_PARAM_INVALID:
4489 case CKR_OPERATION_ACTIVE:
4490 case CKR_PIN_EXPIRED:
4491 case CKR_SESSION_HANDLE_INVALID:
4492 case CKR_SESSION_CLOSED:
4493 case CKR_USER_NOT_LOGGED_IN:
4494 break;
4495 default:
4496 case CKR_OK:
4497 error = CKR_GENERAL_ERROR;
4498 break;
4499 }
4500 return error;
4501 }
4503 /*
4504 * NSSCKFWC_VerifyRecover
4505 *
4506 */
4507 NSS_IMPLEMENT CK_RV
4508 NSSCKFWC_VerifyRecover
4509 (
4510 NSSCKFWInstance *fwInstance,
4511 CK_SESSION_HANDLE hSession,
4512 CK_BYTE_PTR pSignature,
4513 CK_ULONG ulSignatureLen,
4514 CK_BYTE_PTR pData,
4515 CK_ULONG_PTR pulDataLen
4516 )
4517 {
4518 CK_RV error = CKR_OK;
4519 NSSCKFWSession *fwSession;
4521 if (!fwInstance) {
4522 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4523 goto loser;
4524 }
4526 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4527 if (!fwSession) {
4528 error = CKR_SESSION_HANDLE_INVALID;
4529 goto loser;
4530 }
4532 error = nssCKFWSession_UpdateFinal(fwSession,
4533 NSSCKFWCryptoOperationType_VerifyRecover,
4534 NSSCKFWCryptoOperationState_SignVerify,
4535 pSignature, ulSignatureLen, pData, pulDataLen);
4536 if (CKR_OK == error) {
4537 return CKR_OK;
4538 }
4539 loser:
4540 /* verify error */
4541 switch( error ) {
4542 case CKR_ARGUMENTS_BAD:
4543 case CKR_BUFFER_TOO_SMALL:
4544 case CKR_CRYPTOKI_NOT_INITIALIZED:
4545 case CKR_DATA_INVALID:
4546 case CKR_DATA_LEN_RANGE:
4547 case CKR_DEVICE_ERROR:
4548 case CKR_DEVICE_MEMORY:
4549 case CKR_DEVICE_REMOVED:
4550 case CKR_FUNCTION_CANCELED:
4551 case CKR_FUNCTION_FAILED:
4552 case CKR_GENERAL_ERROR:
4553 case CKR_HOST_MEMORY:
4554 case CKR_OPERATION_NOT_INITIALIZED:
4555 case CKR_SESSION_CLOSED:
4556 case CKR_SESSION_HANDLE_INVALID:
4557 case CKR_SIGNATURE_INVALID:
4558 case CKR_SIGNATURE_LEN_RANGE:
4559 break;
4560 default:
4561 case CKR_OK:
4562 error = CKR_GENERAL_ERROR;
4563 break;
4564 }
4565 return error;
4566 }
4568 /*
4569 * NSSCKFWC_DigestEncryptUpdate
4570 *
4571 */
4572 NSS_IMPLEMENT CK_RV
4573 NSSCKFWC_DigestEncryptUpdate
4574 (
4575 NSSCKFWInstance *fwInstance,
4576 CK_SESSION_HANDLE hSession,
4577 CK_BYTE_PTR pPart,
4578 CK_ULONG ulPartLen,
4579 CK_BYTE_PTR pEncryptedPart,
4580 CK_ULONG_PTR pulEncryptedPartLen
4581 )
4582 {
4583 CK_RV error = CKR_OK;
4584 NSSCKFWSession *fwSession;
4586 if (!fwInstance) {
4587 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4588 goto loser;
4589 }
4591 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4592 if (!fwSession) {
4593 error = CKR_SESSION_HANDLE_INVALID;
4594 goto loser;
4595 }
4597 error = nssCKFWSession_UpdateCombo(fwSession,
4598 NSSCKFWCryptoOperationType_Encrypt,
4599 NSSCKFWCryptoOperationType_Digest,
4600 NSSCKFWCryptoOperationState_Digest,
4601 pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
4603 if (CKR_OK == error) {
4604 return CKR_OK;
4605 }
4607 loser:
4608 /* verify error */
4609 switch( error ) {
4610 case CKR_ARGUMENTS_BAD:
4611 case CKR_BUFFER_TOO_SMALL:
4612 case CKR_CRYPTOKI_NOT_INITIALIZED:
4613 case CKR_DATA_LEN_RANGE:
4614 case CKR_DEVICE_ERROR:
4615 case CKR_DEVICE_MEMORY:
4616 case CKR_DEVICE_REMOVED:
4617 case CKR_FUNCTION_CANCELED:
4618 case CKR_FUNCTION_FAILED:
4619 case CKR_GENERAL_ERROR:
4620 case CKR_HOST_MEMORY:
4621 case CKR_OPERATION_NOT_INITIALIZED:
4622 case CKR_SESSION_CLOSED:
4623 case CKR_SESSION_HANDLE_INVALID:
4624 break;
4625 default:
4626 case CKR_OK:
4627 error = CKR_GENERAL_ERROR;
4628 break;
4629 }
4630 return error;
4631 }
4633 /*
4634 * NSSCKFWC_DecryptDigestUpdate
4635 *
4636 */
4637 NSS_IMPLEMENT CK_RV
4638 NSSCKFWC_DecryptDigestUpdate
4639 (
4640 NSSCKFWInstance *fwInstance,
4641 CK_SESSION_HANDLE hSession,
4642 CK_BYTE_PTR pEncryptedPart,
4643 CK_ULONG ulEncryptedPartLen,
4644 CK_BYTE_PTR pPart,
4645 CK_ULONG_PTR pulPartLen
4646 )
4647 {
4648 CK_RV error = CKR_OK;
4649 NSSCKFWSession *fwSession;
4651 if (!fwInstance) {
4652 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4653 goto loser;
4654 }
4656 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4657 if (!fwSession) {
4658 error = CKR_SESSION_HANDLE_INVALID;
4659 goto loser;
4660 }
4662 error = nssCKFWSession_UpdateCombo(fwSession,
4663 NSSCKFWCryptoOperationType_Decrypt,
4664 NSSCKFWCryptoOperationType_Digest,
4665 NSSCKFWCryptoOperationState_Digest,
4666 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
4668 if (CKR_OK == error) {
4669 return CKR_OK;
4670 }
4672 loser:
4673 /* verify error */
4674 switch( error ) {
4675 case CKR_ARGUMENTS_BAD:
4676 case CKR_BUFFER_TOO_SMALL:
4677 case CKR_CRYPTOKI_NOT_INITIALIZED:
4678 case CKR_DEVICE_ERROR:
4679 case CKR_DEVICE_MEMORY:
4680 case CKR_DEVICE_REMOVED:
4681 case CKR_ENCRYPTED_DATA_INVALID:
4682 case CKR_ENCRYPTED_DATA_LEN_RANGE:
4683 case CKR_FUNCTION_CANCELED:
4684 case CKR_FUNCTION_FAILED:
4685 case CKR_GENERAL_ERROR:
4686 case CKR_HOST_MEMORY:
4687 case CKR_OPERATION_NOT_INITIALIZED:
4688 case CKR_SESSION_CLOSED:
4689 case CKR_SESSION_HANDLE_INVALID:
4690 break;
4691 case CKR_DATA_INVALID:
4692 error = CKR_ENCRYPTED_DATA_INVALID;
4693 break;
4694 case CKR_DATA_LEN_RANGE:
4695 error = CKR_ENCRYPTED_DATA_LEN_RANGE;
4696 break;
4697 default:
4698 case CKR_OK:
4699 error = CKR_GENERAL_ERROR;
4700 break;
4701 }
4702 return error;
4703 }
4705 /*
4706 * NSSCKFWC_SignEncryptUpdate
4707 *
4708 */
4709 NSS_IMPLEMENT CK_RV
4710 NSSCKFWC_SignEncryptUpdate
4711 (
4712 NSSCKFWInstance *fwInstance,
4713 CK_SESSION_HANDLE hSession,
4714 CK_BYTE_PTR pPart,
4715 CK_ULONG ulPartLen,
4716 CK_BYTE_PTR pEncryptedPart,
4717 CK_ULONG_PTR pulEncryptedPartLen
4718 )
4719 {
4720 CK_RV error = CKR_OK;
4721 NSSCKFWSession *fwSession;
4723 if (!fwInstance) {
4724 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4725 goto loser;
4726 }
4728 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4729 if (!fwSession) {
4730 error = CKR_SESSION_HANDLE_INVALID;
4731 goto loser;
4732 }
4734 error = nssCKFWSession_UpdateCombo(fwSession,
4735 NSSCKFWCryptoOperationType_Encrypt,
4736 NSSCKFWCryptoOperationType_Sign,
4737 NSSCKFWCryptoOperationState_SignVerify,
4738 pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
4740 if (CKR_OK == error) {
4741 return CKR_OK;
4742 }
4744 loser:
4745 /* verify error */
4746 switch( error ) {
4747 case CKR_ARGUMENTS_BAD:
4748 case CKR_BUFFER_TOO_SMALL:
4749 case CKR_CRYPTOKI_NOT_INITIALIZED:
4750 case CKR_DATA_LEN_RANGE:
4751 case CKR_DEVICE_ERROR:
4752 case CKR_DEVICE_MEMORY:
4753 case CKR_DEVICE_REMOVED:
4754 case CKR_FUNCTION_CANCELED:
4755 case CKR_FUNCTION_FAILED:
4756 case CKR_GENERAL_ERROR:
4757 case CKR_HOST_MEMORY:
4758 case CKR_OPERATION_NOT_INITIALIZED:
4759 case CKR_SESSION_CLOSED:
4760 case CKR_SESSION_HANDLE_INVALID:
4761 case CKR_USER_NOT_LOGGED_IN:
4762 break;
4763 default:
4764 case CKR_OK:
4765 error = CKR_GENERAL_ERROR;
4766 break;
4767 }
4768 return error;
4769 }
4771 /*
4772 * NSSCKFWC_DecryptVerifyUpdate
4773 *
4774 */
4775 NSS_IMPLEMENT CK_RV
4776 NSSCKFWC_DecryptVerifyUpdate
4777 (
4778 NSSCKFWInstance *fwInstance,
4779 CK_SESSION_HANDLE hSession,
4780 CK_BYTE_PTR pEncryptedPart,
4781 CK_ULONG ulEncryptedPartLen,
4782 CK_BYTE_PTR pPart,
4783 CK_ULONG_PTR pulPartLen
4784 )
4785 {
4786 CK_RV error = CKR_OK;
4787 NSSCKFWSession *fwSession;
4789 if (!fwInstance) {
4790 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4791 goto loser;
4792 }
4794 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4795 if (!fwSession) {
4796 error = CKR_SESSION_HANDLE_INVALID;
4797 goto loser;
4798 }
4800 error = nssCKFWSession_UpdateCombo(fwSession,
4801 NSSCKFWCryptoOperationType_Decrypt,
4802 NSSCKFWCryptoOperationType_Verify,
4803 NSSCKFWCryptoOperationState_SignVerify,
4804 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
4806 if (CKR_OK == error) {
4807 return CKR_OK;
4808 }
4810 loser:
4811 /* verify error */
4812 switch( error ) {
4813 case CKR_ARGUMENTS_BAD:
4814 case CKR_BUFFER_TOO_SMALL:
4815 case CKR_CRYPTOKI_NOT_INITIALIZED:
4816 case CKR_DATA_LEN_RANGE:
4817 case CKR_DEVICE_ERROR:
4818 case CKR_DEVICE_MEMORY:
4819 case CKR_DEVICE_REMOVED:
4820 case CKR_ENCRYPTED_DATA_INVALID:
4821 case CKR_ENCRYPTED_DATA_LEN_RANGE:
4822 case CKR_FUNCTION_CANCELED:
4823 case CKR_FUNCTION_FAILED:
4824 case CKR_GENERAL_ERROR:
4825 case CKR_HOST_MEMORY:
4826 case CKR_OPERATION_NOT_INITIALIZED:
4827 case CKR_SESSION_CLOSED:
4828 case CKR_SESSION_HANDLE_INVALID:
4829 break;
4830 case CKR_DATA_INVALID:
4831 error = CKR_ENCRYPTED_DATA_INVALID;
4832 break;
4833 default:
4834 case CKR_OK:
4835 error = CKR_GENERAL_ERROR;
4836 break;
4837 }
4838 return error;
4839 }
4841 /*
4842 * NSSCKFWC_GenerateKey
4843 *
4844 */
4845 NSS_IMPLEMENT CK_RV
4846 NSSCKFWC_GenerateKey
4847 (
4848 NSSCKFWInstance *fwInstance,
4849 CK_SESSION_HANDLE hSession,
4850 CK_MECHANISM_PTR pMechanism,
4851 CK_ATTRIBUTE_PTR pTemplate,
4852 CK_ULONG ulCount,
4853 CK_OBJECT_HANDLE_PTR phKey
4854 )
4855 {
4856 CK_RV error = CKR_OK;
4857 NSSCKFWSession *fwSession;
4858 NSSCKFWObject *fwObject;
4859 NSSCKFWSlot *fwSlot;
4860 NSSCKFWToken *fwToken;
4861 NSSCKFWMechanism *fwMechanism;
4863 if (!fwInstance) {
4864 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4865 goto loser;
4866 }
4868 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4869 if (!fwSession) {
4870 error = CKR_SESSION_HANDLE_INVALID;
4871 goto loser;
4872 }
4874 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
4875 if (!fwSlot) {
4876 error = CKR_GENERAL_ERROR; /* should never happen! */
4877 goto loser;
4878 }
4880 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
4881 error = CKR_TOKEN_NOT_PRESENT;
4882 goto loser;
4883 }
4885 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
4886 if (!fwToken) {
4887 goto loser;
4888 }
4890 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
4891 if (!fwMechanism) {
4892 goto loser;
4893 }
4895 fwObject = nssCKFWMechanism_GenerateKey(
4896 fwMechanism,
4897 pMechanism,
4898 fwSession,
4899 pTemplate,
4900 ulCount,
4901 &error);
4903 nssCKFWMechanism_Destroy(fwMechanism);
4904 if (!fwObject) {
4905 goto loser;
4906 }
4907 *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
4909 if (CKR_OK == error) {
4910 return CKR_OK;
4911 }
4913 loser:
4914 /* verify error */
4915 switch( error ) {
4916 case CKR_ARGUMENTS_BAD:
4917 case CKR_ATTRIBUTE_READ_ONLY:
4918 case CKR_ATTRIBUTE_TYPE_INVALID:
4919 case CKR_ATTRIBUTE_VALUE_INVALID:
4920 case CKR_CRYPTOKI_NOT_INITIALIZED:
4921 case CKR_DEVICE_ERROR:
4922 case CKR_DEVICE_MEMORY:
4923 case CKR_DEVICE_REMOVED:
4924 case CKR_FUNCTION_CANCELED:
4925 case CKR_FUNCTION_FAILED:
4926 case CKR_GENERAL_ERROR:
4927 case CKR_HOST_MEMORY:
4928 case CKR_MECHANISM_INVALID:
4929 case CKR_MECHANISM_PARAM_INVALID:
4930 case CKR_OPERATION_ACTIVE:
4931 case CKR_PIN_EXPIRED:
4932 case CKR_SESSION_CLOSED:
4933 case CKR_SESSION_HANDLE_INVALID:
4934 case CKR_SESSION_READ_ONLY:
4935 case CKR_TEMPLATE_INCOMPLETE:
4936 case CKR_TEMPLATE_INCONSISTENT:
4937 case CKR_TOKEN_WRITE_PROTECTED:
4938 case CKR_USER_NOT_LOGGED_IN:
4939 break;
4940 default:
4941 case CKR_OK:
4942 error = CKR_GENERAL_ERROR;
4943 break;
4944 }
4945 return error;
4946 }
4948 /*
4949 * NSSCKFWC_GenerateKeyPair
4950 *
4951 */
4952 NSS_IMPLEMENT CK_RV
4953 NSSCKFWC_GenerateKeyPair
4954 (
4955 NSSCKFWInstance *fwInstance,
4956 CK_SESSION_HANDLE hSession,
4957 CK_MECHANISM_PTR pMechanism,
4958 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
4959 CK_ULONG ulPublicKeyAttributeCount,
4960 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
4961 CK_ULONG ulPrivateKeyAttributeCount,
4962 CK_OBJECT_HANDLE_PTR phPublicKey,
4963 CK_OBJECT_HANDLE_PTR phPrivateKey
4964 )
4965 {
4966 CK_RV error = CKR_OK;
4967 NSSCKFWSession *fwSession;
4968 NSSCKFWObject *fwPrivateKeyObject;
4969 NSSCKFWObject *fwPublicKeyObject;
4970 NSSCKFWSlot *fwSlot;
4971 NSSCKFWToken *fwToken;
4972 NSSCKFWMechanism *fwMechanism;
4974 if (!fwInstance) {
4975 error = CKR_CRYPTOKI_NOT_INITIALIZED;
4976 goto loser;
4977 }
4979 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
4980 if (!fwSession) {
4981 error = CKR_SESSION_HANDLE_INVALID;
4982 goto loser;
4983 }
4985 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
4986 if (!fwSlot) {
4987 error = CKR_GENERAL_ERROR; /* should never happen! */
4988 goto loser;
4989 }
4991 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
4992 error = CKR_TOKEN_NOT_PRESENT;
4993 goto loser;
4994 }
4996 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
4997 if (!fwToken) {
4998 goto loser;
4999 }
5001 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
5002 if (!fwMechanism) {
5003 goto loser;
5004 }
5006 error= nssCKFWMechanism_GenerateKeyPair(
5007 fwMechanism,
5008 pMechanism,
5009 fwSession,
5010 pPublicKeyTemplate,
5011 ulPublicKeyAttributeCount,
5012 pPublicKeyTemplate,
5013 ulPublicKeyAttributeCount,
5014 &fwPublicKeyObject,
5015 &fwPrivateKeyObject);
5017 nssCKFWMechanism_Destroy(fwMechanism);
5018 if (CKR_OK != error) {
5019 goto loser;
5020 }
5021 *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
5022 fwPublicKeyObject,
5023 &error);
5024 if (CKR_OK != error) {
5025 goto loser;
5026 }
5027 *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
5028 fwPrivateKeyObject,
5029 &error);
5030 if (CKR_OK == error) {
5031 return CKR_OK;
5032 }
5034 loser:
5035 /* verify error */
5036 switch( error ) {
5037 case CKR_ARGUMENTS_BAD:
5038 case CKR_ATTRIBUTE_READ_ONLY:
5039 case CKR_ATTRIBUTE_TYPE_INVALID:
5040 case CKR_ATTRIBUTE_VALUE_INVALID:
5041 case CKR_CRYPTOKI_NOT_INITIALIZED:
5042 case CKR_DEVICE_ERROR:
5043 case CKR_DEVICE_MEMORY:
5044 case CKR_DEVICE_REMOVED:
5045 case CKR_DOMAIN_PARAMS_INVALID:
5046 case CKR_FUNCTION_CANCELED:
5047 case CKR_FUNCTION_FAILED:
5048 case CKR_GENERAL_ERROR:
5049 case CKR_HOST_MEMORY:
5050 case CKR_MECHANISM_INVALID:
5051 case CKR_MECHANISM_PARAM_INVALID:
5052 case CKR_OPERATION_ACTIVE:
5053 case CKR_PIN_EXPIRED:
5054 case CKR_SESSION_CLOSED:
5055 case CKR_SESSION_HANDLE_INVALID:
5056 case CKR_SESSION_READ_ONLY:
5057 case CKR_TEMPLATE_INCOMPLETE:
5058 case CKR_TEMPLATE_INCONSISTENT:
5059 case CKR_TOKEN_WRITE_PROTECTED:
5060 case CKR_USER_NOT_LOGGED_IN:
5061 break;
5062 default:
5063 case CKR_OK:
5064 error = CKR_GENERAL_ERROR;
5065 break;
5066 }
5067 return error;
5068 }
5070 /*
5071 * NSSCKFWC_WrapKey
5072 *
5073 */
5074 NSS_IMPLEMENT CK_RV
5075 NSSCKFWC_WrapKey
5076 (
5077 NSSCKFWInstance *fwInstance,
5078 CK_SESSION_HANDLE hSession,
5079 CK_MECHANISM_PTR pMechanism,
5080 CK_OBJECT_HANDLE hWrappingKey,
5081 CK_OBJECT_HANDLE hKey,
5082 CK_BYTE_PTR pWrappedKey,
5083 CK_ULONG_PTR pulWrappedKeyLen
5084 )
5085 {
5086 CK_RV error = CKR_OK;
5087 NSSCKFWSession *fwSession;
5088 NSSCKFWObject *fwKeyObject;
5089 NSSCKFWObject *fwWrappingKeyObject;
5090 NSSCKFWSlot *fwSlot;
5091 NSSCKFWToken *fwToken;
5092 NSSCKFWMechanism *fwMechanism;
5093 NSSItem wrappedKey;
5094 CK_ULONG wrappedKeyLength = 0;
5096 if (!fwInstance) {
5097 error = CKR_CRYPTOKI_NOT_INITIALIZED;
5098 goto loser;
5099 }
5101 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
5102 if (!fwSession) {
5103 error = CKR_SESSION_HANDLE_INVALID;
5104 goto loser;
5105 }
5107 fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
5108 hWrappingKey);
5109 if (!fwWrappingKeyObject) {
5110 error = CKR_WRAPPING_KEY_HANDLE_INVALID;
5111 goto loser;
5112 }
5114 fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
5115 if (!fwKeyObject) {
5116 error = CKR_KEY_HANDLE_INVALID;
5117 goto loser;
5118 }
5120 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
5121 if (!fwSlot) {
5122 error = CKR_GENERAL_ERROR; /* should never happen! */
5123 goto loser;
5124 }
5126 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
5127 error = CKR_TOKEN_NOT_PRESENT;
5128 goto loser;
5129 }
5131 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
5132 if (!fwToken) {
5133 goto loser;
5134 }
5136 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
5137 if (!fwMechanism) {
5138 goto loser;
5139 }
5141 /*
5142 * first get the length...
5143 */
5144 wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength(
5145 fwMechanism,
5146 pMechanism,
5147 fwSession,
5148 fwWrappingKeyObject,
5149 fwKeyObject,
5150 &error);
5151 if ((CK_ULONG) 0 == wrappedKeyLength) {
5152 nssCKFWMechanism_Destroy(fwMechanism);
5153 goto loser;
5154 }
5155 if ((CK_BYTE_PTR)NULL == pWrappedKey) {
5156 *pulWrappedKeyLen = wrappedKeyLength;
5157 nssCKFWMechanism_Destroy(fwMechanism);
5158 return CKR_OK;
5159 }
5160 if (wrappedKeyLength > *pulWrappedKeyLen) {
5161 *pulWrappedKeyLen = wrappedKeyLength;
5162 nssCKFWMechanism_Destroy(fwMechanism);
5163 error = CKR_BUFFER_TOO_SMALL;
5164 goto loser;
5165 }
5168 wrappedKey.data = pWrappedKey;
5169 wrappedKey.size = wrappedKeyLength;
5171 error = nssCKFWMechanism_WrapKey(
5172 fwMechanism,
5173 pMechanism,
5174 fwSession,
5175 fwWrappingKeyObject,
5176 fwKeyObject,
5177 &wrappedKey);
5179 nssCKFWMechanism_Destroy(fwMechanism);
5180 *pulWrappedKeyLen = wrappedKey.size;
5182 if (CKR_OK == error) {
5183 return CKR_OK;
5184 }
5186 loser:
5187 /* verify error */
5188 switch( error ) {
5189 case CKR_ARGUMENTS_BAD:
5190 case CKR_BUFFER_TOO_SMALL:
5191 case CKR_CRYPTOKI_NOT_INITIALIZED:
5192 case CKR_DEVICE_ERROR:
5193 case CKR_DEVICE_MEMORY:
5194 case CKR_DEVICE_REMOVED:
5195 case CKR_FUNCTION_CANCELED:
5196 case CKR_FUNCTION_FAILED:
5197 case CKR_GENERAL_ERROR:
5198 case CKR_HOST_MEMORY:
5199 case CKR_KEY_HANDLE_INVALID:
5200 case CKR_KEY_NOT_WRAPPABLE:
5201 case CKR_KEY_SIZE_RANGE:
5202 case CKR_KEY_UNEXTRACTABLE:
5203 case CKR_MECHANISM_INVALID:
5204 case CKR_MECHANISM_PARAM_INVALID:
5205 case CKR_OPERATION_ACTIVE:
5206 case CKR_PIN_EXPIRED:
5207 case CKR_SESSION_CLOSED:
5208 case CKR_SESSION_HANDLE_INVALID:
5209 case CKR_WRAPPING_KEY_HANDLE_INVALID:
5210 case CKR_WRAPPING_KEY_SIZE_RANGE:
5211 case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
5212 break;
5213 case CKR_KEY_TYPE_INCONSISTENT:
5214 error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
5215 break;
5216 default:
5217 case CKR_OK:
5218 error = CKR_GENERAL_ERROR;
5219 break;
5220 }
5221 return error;
5222 }
5224 /*
5225 * NSSCKFWC_UnwrapKey
5226 *
5227 */
5228 NSS_IMPLEMENT CK_RV
5229 NSSCKFWC_UnwrapKey
5230 (
5231 NSSCKFWInstance *fwInstance,
5232 CK_SESSION_HANDLE hSession,
5233 CK_MECHANISM_PTR pMechanism,
5234 CK_OBJECT_HANDLE hUnwrappingKey,
5235 CK_BYTE_PTR pWrappedKey,
5236 CK_ULONG ulWrappedKeyLen,
5237 CK_ATTRIBUTE_PTR pTemplate,
5238 CK_ULONG ulAttributeCount,
5239 CK_OBJECT_HANDLE_PTR phKey
5240 )
5241 {
5242 CK_RV error = CKR_OK;
5243 NSSCKFWSession *fwSession;
5244 NSSCKFWObject *fwObject;
5245 NSSCKFWObject *fwWrappingKeyObject;
5246 NSSCKFWSlot *fwSlot;
5247 NSSCKFWToken *fwToken;
5248 NSSCKFWMechanism *fwMechanism;
5249 NSSItem wrappedKey;
5251 if (!fwInstance) {
5252 error = CKR_CRYPTOKI_NOT_INITIALIZED;
5253 goto loser;
5254 }
5256 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
5257 if (!fwSession) {
5258 error = CKR_SESSION_HANDLE_INVALID;
5259 goto loser;
5260 }
5262 fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
5263 hUnwrappingKey);
5264 if (!fwWrappingKeyObject) {
5265 error = CKR_WRAPPING_KEY_HANDLE_INVALID;
5266 goto loser;
5267 }
5269 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
5270 if (!fwSlot) {
5271 error = CKR_GENERAL_ERROR; /* should never happen! */
5272 goto loser;
5273 }
5275 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
5276 error = CKR_TOKEN_NOT_PRESENT;
5277 goto loser;
5278 }
5280 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
5281 if (!fwToken) {
5282 goto loser;
5283 }
5285 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
5286 if (!fwMechanism) {
5287 goto loser;
5288 }
5290 wrappedKey.data = pWrappedKey;
5291 wrappedKey.size = ulWrappedKeyLen;
5293 fwObject = nssCKFWMechanism_UnwrapKey(
5294 fwMechanism,
5295 pMechanism,
5296 fwSession,
5297 fwWrappingKeyObject,
5298 &wrappedKey,
5299 pTemplate,
5300 ulAttributeCount,
5301 &error);
5303 nssCKFWMechanism_Destroy(fwMechanism);
5304 if (!fwObject) {
5305 goto loser;
5306 }
5307 *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
5309 if (CKR_OK == error) {
5310 return CKR_OK;
5311 }
5313 loser:
5314 /* verify error */
5315 switch( error ) {
5316 case CKR_ARGUMENTS_BAD:
5317 case CKR_ATTRIBUTE_READ_ONLY:
5318 case CKR_ATTRIBUTE_TYPE_INVALID:
5319 case CKR_ATTRIBUTE_VALUE_INVALID:
5320 case CKR_BUFFER_TOO_SMALL:
5321 case CKR_CRYPTOKI_NOT_INITIALIZED:
5322 case CKR_DEVICE_ERROR:
5323 case CKR_DEVICE_MEMORY:
5324 case CKR_DEVICE_REMOVED:
5325 case CKR_DOMAIN_PARAMS_INVALID:
5326 case CKR_FUNCTION_CANCELED:
5327 case CKR_FUNCTION_FAILED:
5328 case CKR_GENERAL_ERROR:
5329 case CKR_HOST_MEMORY:
5330 case CKR_MECHANISM_INVALID:
5331 case CKR_MECHANISM_PARAM_INVALID:
5332 case CKR_OPERATION_ACTIVE:
5333 case CKR_PIN_EXPIRED:
5334 case CKR_SESSION_CLOSED:
5335 case CKR_SESSION_HANDLE_INVALID:
5336 case CKR_SESSION_READ_ONLY:
5337 case CKR_TEMPLATE_INCOMPLETE:
5338 case CKR_TEMPLATE_INCONSISTENT:
5339 case CKR_TOKEN_WRITE_PROTECTED:
5340 case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
5341 case CKR_UNWRAPPING_KEY_SIZE_RANGE:
5342 case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
5343 case CKR_USER_NOT_LOGGED_IN:
5344 case CKR_WRAPPED_KEY_INVALID:
5345 case CKR_WRAPPED_KEY_LEN_RANGE:
5346 break;
5347 case CKR_KEY_HANDLE_INVALID:
5348 error = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
5349 break;
5350 case CKR_KEY_SIZE_RANGE:
5351 error = CKR_UNWRAPPING_KEY_SIZE_RANGE;
5352 break;
5353 case CKR_KEY_TYPE_INCONSISTENT:
5354 error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
5355 break;
5356 case CKR_ENCRYPTED_DATA_INVALID:
5357 error = CKR_WRAPPED_KEY_INVALID;
5358 break;
5359 case CKR_ENCRYPTED_DATA_LEN_RANGE:
5360 error = CKR_WRAPPED_KEY_LEN_RANGE;
5361 break;
5362 default:
5363 case CKR_OK:
5364 error = CKR_GENERAL_ERROR;
5365 break;
5366 }
5367 return error;
5368 }
5370 /*
5371 * NSSCKFWC_DeriveKey
5372 *
5373 */
5374 NSS_IMPLEMENT CK_RV
5375 NSSCKFWC_DeriveKey
5376 (
5377 NSSCKFWInstance *fwInstance,
5378 CK_SESSION_HANDLE hSession,
5379 CK_MECHANISM_PTR pMechanism,
5380 CK_OBJECT_HANDLE hBaseKey,
5381 CK_ATTRIBUTE_PTR pTemplate,
5382 CK_ULONG ulAttributeCount,
5383 CK_OBJECT_HANDLE_PTR phKey
5384 )
5385 {
5386 CK_RV error = CKR_OK;
5387 NSSCKFWSession *fwSession;
5388 NSSCKFWObject *fwObject;
5389 NSSCKFWObject *fwBaseKeyObject;
5390 NSSCKFWSlot *fwSlot;
5391 NSSCKFWToken *fwToken;
5392 NSSCKFWMechanism *fwMechanism;
5394 if (!fwInstance) {
5395 error = CKR_CRYPTOKI_NOT_INITIALIZED;
5396 goto loser;
5397 }
5399 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
5400 if (!fwSession) {
5401 error = CKR_SESSION_HANDLE_INVALID;
5402 goto loser;
5403 }
5405 fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey);
5406 if (!fwBaseKeyObject) {
5407 error = CKR_KEY_HANDLE_INVALID;
5408 goto loser;
5409 }
5411 fwSlot = nssCKFWSession_GetFWSlot(fwSession);
5412 if (!fwSlot) {
5413 error = CKR_GENERAL_ERROR; /* should never happen! */
5414 goto loser;
5415 }
5417 if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
5418 error = CKR_TOKEN_NOT_PRESENT;
5419 goto loser;
5420 }
5422 fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
5423 if (!fwToken) {
5424 goto loser;
5425 }
5427 fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
5428 if (!fwMechanism) {
5429 goto loser;
5430 }
5432 fwObject = nssCKFWMechanism_DeriveKey(
5433 fwMechanism,
5434 pMechanism,
5435 fwSession,
5436 fwBaseKeyObject,
5437 pTemplate,
5438 ulAttributeCount,
5439 &error);
5441 nssCKFWMechanism_Destroy(fwMechanism);
5442 if (!fwObject) {
5443 goto loser;
5444 }
5445 *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
5447 if (CKR_OK == error) {
5448 return CKR_OK;
5449 }
5451 loser:
5452 /* verify error */
5453 switch( error ) {
5454 case CKR_ARGUMENTS_BAD:
5455 case CKR_ATTRIBUTE_READ_ONLY:
5456 case CKR_ATTRIBUTE_TYPE_INVALID:
5457 case CKR_ATTRIBUTE_VALUE_INVALID:
5458 case CKR_CRYPTOKI_NOT_INITIALIZED:
5459 case CKR_DEVICE_ERROR:
5460 case CKR_DEVICE_MEMORY:
5461 case CKR_DEVICE_REMOVED:
5462 case CKR_DOMAIN_PARAMS_INVALID:
5463 case CKR_FUNCTION_CANCELED:
5464 case CKR_FUNCTION_FAILED:
5465 case CKR_GENERAL_ERROR:
5466 case CKR_HOST_MEMORY:
5467 case CKR_KEY_HANDLE_INVALID:
5468 case CKR_KEY_SIZE_RANGE:
5469 case CKR_KEY_TYPE_INCONSISTENT:
5470 case CKR_MECHANISM_INVALID:
5471 case CKR_MECHANISM_PARAM_INVALID:
5472 case CKR_OPERATION_ACTIVE:
5473 case CKR_PIN_EXPIRED:
5474 case CKR_SESSION_CLOSED:
5475 case CKR_SESSION_HANDLE_INVALID:
5476 case CKR_SESSION_READ_ONLY:
5477 case CKR_TEMPLATE_INCOMPLETE:
5478 case CKR_TEMPLATE_INCONSISTENT:
5479 case CKR_TOKEN_WRITE_PROTECTED:
5480 case CKR_USER_NOT_LOGGED_IN:
5481 break;
5482 default:
5483 case CKR_OK:
5484 error = CKR_GENERAL_ERROR;
5485 break;
5486 }
5487 return error;
5488 }
5490 /*
5491 * NSSCKFWC_SeedRandom
5492 *
5493 */
5494 NSS_IMPLEMENT CK_RV
5495 NSSCKFWC_SeedRandom
5496 (
5497 NSSCKFWInstance *fwInstance,
5498 CK_SESSION_HANDLE hSession,
5499 CK_BYTE_PTR pSeed,
5500 CK_ULONG ulSeedLen
5501 )
5502 {
5503 CK_RV error = CKR_OK;
5504 NSSCKFWSession *fwSession;
5505 NSSItem seed;
5507 if (!fwInstance) {
5508 error = CKR_CRYPTOKI_NOT_INITIALIZED;
5509 goto loser;
5510 }
5512 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
5513 if (!fwSession) {
5514 error = CKR_SESSION_HANDLE_INVALID;
5515 goto loser;
5516 }
5518 if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) {
5519 error = CKR_ARGUMENTS_BAD;
5520 goto loser;
5521 }
5523 /* We could read through the buffer in a Purify trap */
5525 seed.size = (PRUint32)ulSeedLen;
5526 seed.data = (void *)pSeed;
5528 error = nssCKFWSession_SeedRandom(fwSession, &seed);
5530 if( CKR_OK != error ) {
5531 goto loser;
5532 }
5534 return CKR_OK;
5536 loser:
5537 switch( error ) {
5538 case CKR_SESSION_CLOSED:
5539 /* destroy session? */
5540 break;
5541 case CKR_DEVICE_REMOVED:
5542 /* (void)nssCKFWToken_Destroy(fwToken); */
5543 break;
5544 case CKR_ARGUMENTS_BAD:
5545 case CKR_CRYPTOKI_NOT_INITIALIZED:
5546 case CKR_DEVICE_ERROR:
5547 case CKR_DEVICE_MEMORY:
5548 case CKR_FUNCTION_CANCELED:
5549 case CKR_FUNCTION_FAILED:
5550 case CKR_GENERAL_ERROR:
5551 case CKR_HOST_MEMORY:
5552 case CKR_OPERATION_ACTIVE:
5553 case CKR_RANDOM_SEED_NOT_SUPPORTED:
5554 case CKR_RANDOM_NO_RNG:
5555 case CKR_SESSION_HANDLE_INVALID:
5556 case CKR_USER_NOT_LOGGED_IN:
5557 break;
5558 default:
5559 case CKR_OK:
5560 error = CKR_GENERAL_ERROR;
5561 break;
5562 }
5564 return error;
5565 }
5567 /*
5568 * NSSCKFWC_GenerateRandom
5569 *
5570 */
5571 NSS_IMPLEMENT CK_RV
5572 NSSCKFWC_GenerateRandom
5573 (
5574 NSSCKFWInstance *fwInstance,
5575 CK_SESSION_HANDLE hSession,
5576 CK_BYTE_PTR pRandomData,
5577 CK_ULONG ulRandomLen
5578 )
5579 {
5580 CK_RV error = CKR_OK;
5581 NSSCKFWSession *fwSession;
5582 NSSItem buffer;
5584 if (!fwInstance) {
5585 error = CKR_CRYPTOKI_NOT_INITIALIZED;
5586 goto loser;
5587 }
5589 fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
5590 if (!fwSession) {
5591 error = CKR_SESSION_HANDLE_INVALID;
5592 goto loser;
5593 }
5595 if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) {
5596 error = CKR_ARGUMENTS_BAD;
5597 goto loser;
5598 }
5600 /*
5601 * A purify error here indicates caller error.
5602 */
5603 (void)nsslibc_memset(pRandomData, 0, ulRandomLen);
5605 buffer.size = (PRUint32)ulRandomLen;
5606 buffer.data = (void *)pRandomData;
5608 error = nssCKFWSession_GetRandom(fwSession, &buffer);
5610 if( CKR_OK != error ) {
5611 goto loser;
5612 }
5614 return CKR_OK;
5616 loser:
5617 switch( error ) {
5618 case CKR_SESSION_CLOSED:
5619 /* destroy session? */
5620 break;
5621 case CKR_DEVICE_REMOVED:
5622 /* (void)nssCKFWToken_Destroy(fwToken); */
5623 break;
5624 case CKR_ARGUMENTS_BAD:
5625 case CKR_CRYPTOKI_NOT_INITIALIZED:
5626 case CKR_DEVICE_ERROR:
5627 case CKR_DEVICE_MEMORY:
5628 case CKR_FUNCTION_CANCELED:
5629 case CKR_FUNCTION_FAILED:
5630 case CKR_GENERAL_ERROR:
5631 case CKR_HOST_MEMORY:
5632 case CKR_OPERATION_ACTIVE:
5633 case CKR_RANDOM_NO_RNG:
5634 case CKR_SESSION_HANDLE_INVALID:
5635 case CKR_USER_NOT_LOGGED_IN:
5636 break;
5637 default:
5638 case CKR_OK:
5639 error = CKR_GENERAL_ERROR;
5640 break;
5641 }
5643 return error;
5644 }
5646 /*
5647 * NSSCKFWC_GetFunctionStatus
5648 *
5649 */
5650 NSS_IMPLEMENT CK_RV
5651 NSSCKFWC_GetFunctionStatus
5652 (
5653 NSSCKFWInstance *fwInstance,
5654 CK_SESSION_HANDLE hSession
5655 )
5656 {
5657 return CKR_FUNCTION_NOT_PARALLEL;
5658 }
5660 /*
5661 * NSSCKFWC_CancelFunction
5662 *
5663 */
5664 NSS_IMPLEMENT CK_RV
5665 NSSCKFWC_CancelFunction
5666 (
5667 NSSCKFWInstance *fwInstance,
5668 CK_SESSION_HANDLE hSession
5669 )
5670 {
5671 return CKR_FUNCTION_NOT_PARALLEL;
5672 }
