michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /* michael@0: * wrap.c michael@0: * michael@0: * This file contains the routines that actually implement the cryptoki michael@0: * API, using the internal APIs of the NSS Cryptoki Framework. There is michael@0: * one routine here for every cryptoki routine. For linking reasons michael@0: * the actual entry points passed back with C_GetFunctionList have to michael@0: * exist in one of the Module's source files; however, those are merely michael@0: * simple wrappers that call these routines. The intelligence of the michael@0: * implementations is here. michael@0: */ michael@0: michael@0: #ifndef CK_T michael@0: #include "ck.h" michael@0: #endif /* CK_T */ michael@0: michael@0: /* michael@0: * NSSCKFWC_Initialize michael@0: * NSSCKFWC_Finalize michael@0: * NSSCKFWC_GetInfo michael@0: * -- NSSCKFWC_GetFunctionList -- see the API insert file michael@0: * NSSCKFWC_GetSlotList michael@0: * NSSCKFWC_GetSlotInfo michael@0: * NSSCKFWC_GetTokenInfo michael@0: * NSSCKFWC_WaitForSlotEvent michael@0: * NSSCKFWC_GetMechanismList michael@0: * NSSCKFWC_GetMechanismInfo michael@0: * NSSCKFWC_InitToken michael@0: * NSSCKFWC_InitPIN michael@0: * NSSCKFWC_SetPIN michael@0: * NSSCKFWC_OpenSession michael@0: * NSSCKFWC_CloseSession michael@0: * NSSCKFWC_CloseAllSessions michael@0: * NSSCKFWC_GetSessionInfo michael@0: * NSSCKFWC_GetOperationState michael@0: * NSSCKFWC_SetOperationState michael@0: * NSSCKFWC_Login michael@0: * NSSCKFWC_Logout michael@0: * NSSCKFWC_CreateObject michael@0: * NSSCKFWC_CopyObject michael@0: * NSSCKFWC_DestroyObject michael@0: * NSSCKFWC_GetObjectSize michael@0: * NSSCKFWC_GetAttributeValue michael@0: * NSSCKFWC_SetAttributeValue michael@0: * NSSCKFWC_FindObjectsInit michael@0: * NSSCKFWC_FindObjects michael@0: * NSSCKFWC_FindObjectsFinal michael@0: * NSSCKFWC_EncryptInit michael@0: * NSSCKFWC_Encrypt michael@0: * NSSCKFWC_EncryptUpdate michael@0: * NSSCKFWC_EncryptFinal michael@0: * NSSCKFWC_DecryptInit michael@0: * NSSCKFWC_Decrypt michael@0: * NSSCKFWC_DecryptUpdate michael@0: * NSSCKFWC_DecryptFinal michael@0: * NSSCKFWC_DigestInit michael@0: * NSSCKFWC_Digest michael@0: * NSSCKFWC_DigestUpdate michael@0: * NSSCKFWC_DigestKey michael@0: * NSSCKFWC_DigestFinal michael@0: * NSSCKFWC_SignInit michael@0: * NSSCKFWC_Sign michael@0: * NSSCKFWC_SignUpdate michael@0: * NSSCKFWC_SignFinal michael@0: * NSSCKFWC_SignRecoverInit michael@0: * NSSCKFWC_SignRecover michael@0: * NSSCKFWC_VerifyInit michael@0: * NSSCKFWC_Verify michael@0: * NSSCKFWC_VerifyUpdate michael@0: * NSSCKFWC_VerifyFinal michael@0: * NSSCKFWC_VerifyRecoverInit michael@0: * NSSCKFWC_VerifyRecover michael@0: * NSSCKFWC_DigestEncryptUpdate michael@0: * NSSCKFWC_DecryptDigestUpdate michael@0: * NSSCKFWC_SignEncryptUpdate michael@0: * NSSCKFWC_DecryptVerifyUpdate michael@0: * NSSCKFWC_GenerateKey michael@0: * NSSCKFWC_GenerateKeyPair michael@0: * NSSCKFWC_WrapKey michael@0: * NSSCKFWC_UnwrapKey michael@0: * NSSCKFWC_DeriveKey michael@0: * NSSCKFWC_SeedRandom michael@0: * NSSCKFWC_GenerateRandom michael@0: * NSSCKFWC_GetFunctionStatus michael@0: * NSSCKFWC_CancelFunction michael@0: */ michael@0: michael@0: /* figure out out locking semantics */ michael@0: static CK_RV michael@0: nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, michael@0: CryptokiLockingState *pLocking_state) { michael@0: int functionCount = 0; michael@0: michael@0: /* parsed according to (PKCS #11 Section 11.4) */ michael@0: /* no args, the degenerate version of case 1 */ michael@0: if (!pInitArgs) { michael@0: *pLocking_state = SingleThreaded; michael@0: return CKR_OK; michael@0: } michael@0: michael@0: /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ michael@0: if (pInitArgs->flags & CKF_OS_LOCKING_OK) { michael@0: *pLocking_state = MultiThreaded; michael@0: return CKR_OK; michael@0: } michael@0: if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; michael@0: if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; michael@0: if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; michael@0: if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; michael@0: michael@0: /* CKF_OS_LOCKING_OK is not set, and not functions supplied, michael@0: * explicit case 1 */ michael@0: if (0 == functionCount) { michael@0: *pLocking_state = SingleThreaded; michael@0: return CKR_OK; michael@0: } michael@0: michael@0: /* OS_LOCKING_OK is not set and functions have been supplied. Since michael@0: * ckfw uses nssbase library which explicitly calls NSPR, and since michael@0: * there is no way to reliably override these explicit calls to NSPR, michael@0: * therefore we can't support applications which have their own threading michael@0: * module. Return CKR_CANT_LOCK if they supplied the correct number of michael@0: * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will michael@0: * fail the initialize */ michael@0: return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; michael@0: } michael@0: michael@0: static PRInt32 liveInstances; michael@0: michael@0: /* michael@0: * NSSCKFWC_Initialize michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Initialize michael@0: ( michael@0: NSSCKFWInstance **pFwInstance, michael@0: NSSCKMDInstance *mdInstance, michael@0: CK_VOID_PTR pInitArgs michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CryptokiLockingState locking_state; michael@0: michael@0: if( (NSSCKFWInstance **)NULL == pFwInstance ) { michael@0: error = CKR_GENERAL_ERROR; michael@0: goto loser; michael@0: } michael@0: michael@0: if (*pFwInstance) { michael@0: error = CKR_CRYPTOKI_ALREADY_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: if (!mdInstance) { michael@0: error = CKR_GENERAL_ERROR; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); michael@0: if (!*pFwInstance) { michael@0: goto loser; michael@0: } michael@0: PR_ATOMIC_INCREMENT(&liveInstances); michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CANT_LOCK: michael@0: case CKR_CRYPTOKI_ALREADY_INITIALIZED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_NEED_TO_CREATE_THREADS: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Finalize michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Finalize michael@0: ( michael@0: NSSCKFWInstance **pFwInstance michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: michael@0: if( (NSSCKFWInstance **)NULL == pFwInstance ) { michael@0: error = CKR_GENERAL_ERROR; michael@0: goto loser; michael@0: } michael@0: michael@0: if (!*pFwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWInstance_Destroy(*pFwInstance); michael@0: michael@0: /* In any case */ michael@0: *pFwInstance = (NSSCKFWInstance *)NULL; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: PRInt32 remainingInstances; michael@0: case CKR_OK: michael@0: remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); michael@0: if (!remainingInstances) { michael@0: nssArena_Shutdown(); michael@0: } michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: break; michael@0: default: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: /* michael@0: * A thread's error stack is automatically destroyed when the thread michael@0: * terminates or, for the primordial thread, by PR_Cleanup. On michael@0: * Windows with MinGW, the thread private data destructor PR_Free michael@0: * registered by this module is actually a thunk for PR_Free defined michael@0: * in this module. When the thread that unloads this module terminates michael@0: * or calls PR_Cleanup, the thunk for PR_Free is already gone with the michael@0: * module. Therefore we need to destroy the error stack before the michael@0: * module is unloaded. michael@0: */ michael@0: nss_DestroyErrorStack(); michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetInfo michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetInfo michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_INFO_PTR pInfo michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: michael@0: if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here means a caller error michael@0: */ michael@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); michael@0: michael@0: pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); michael@0: michael@0: error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); michael@0: michael@0: error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: break; michael@0: default: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * C_GetFunctionList is implemented entirely in the Module's file which michael@0: * includes the Framework API insert file. It requires no "actual" michael@0: * NSSCKFW routine. michael@0: */ michael@0: michael@0: /* michael@0: * NSSCKFWC_GetSlotList michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetSlotList michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_BBOOL tokenPresent, michael@0: CK_SLOT_ID_PTR pSlotList, michael@0: CK_ULONG_PTR pulCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: switch( tokenPresent ) { michael@0: case CK_TRUE: michael@0: case CK_FALSE: michael@0: break; michael@0: default: michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { michael@0: *pulCount = nSlots; michael@0: return CKR_OK; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); michael@0: michael@0: if( *pulCount < nSlots ) { michael@0: *pulCount = nSlots; michael@0: error = CKR_BUFFER_TOO_SMALL; michael@0: goto loser; michael@0: } else { michael@0: CK_ULONG i; michael@0: *pulCount = nSlots; michael@0: michael@0: /* michael@0: * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we michael@0: * just index one when we need it. michael@0: */ michael@0: michael@0: for( i = 0; i < nSlots; i++ ) { michael@0: pSlotList[i] = i+1; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetSlotInfo michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetSlotInfo michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_SLOT_INFO_PTR pInfo michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: pInfo->flags |= CKF_TOKEN_PRESENT; michael@0: } michael@0: michael@0: if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { michael@0: pInfo->flags |= CKF_REMOVABLE_DEVICE; michael@0: } michael@0: michael@0: if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { michael@0: pInfo->flags |= CKF_HW_SLOT; michael@0: } michael@0: michael@0: pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); michael@0: pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SLOT_ID_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetTokenInfo michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetTokenInfo michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_TOKEN_INFO_PTR pInfo michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWToken_GetLabel(fwToken, pInfo->label); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWToken_GetModel(fwToken, pInfo->model); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetHasRNG(fwToken) ) { michael@0: pInfo->flags |= CKF_RNG; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { michael@0: pInfo->flags |= CKF_WRITE_PROTECTED; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetLoginRequired(fwToken) ) { michael@0: pInfo->flags |= CKF_LOGIN_REQUIRED; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { michael@0: pInfo->flags |= CKF_USER_PIN_INITIALIZED; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { michael@0: pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { michael@0: pInfo->flags |= CKF_CLOCK_ON_TOKEN; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { michael@0: pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; michael@0: } michael@0: michael@0: if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { michael@0: pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; michael@0: } michael@0: michael@0: pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); michael@0: pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); michael@0: pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); michael@0: pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); michael@0: pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); michael@0: pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); michael@0: pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); michael@0: pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); michael@0: pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); michael@0: pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); michael@0: pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); michael@0: pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); michael@0: michael@0: error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: if (fwToken) michael@0: nssCKFWToken_Destroy(fwToken); michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_RECOGNIZED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_WaitForSlotEvent michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_WaitForSlotEvent michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_FLAGS flags, michael@0: CK_SLOT_ID_PTR pSlot, michael@0: CK_VOID_PTR pReserved michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: CK_BBOOL block; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: CK_ULONG i; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: if( flags & ~CKF_DONT_BLOCK ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); michael@0: if (!fwSlot) { michael@0: goto loser; michael@0: } michael@0: michael@0: for( i = 0; i < nSlots; i++ ) { michael@0: if( fwSlot == slots[i] ) { michael@0: *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); michael@0: return CKR_OK; michael@0: } michael@0: } michael@0: michael@0: error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_NO_EVENT: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetMechanismList michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetMechanismList michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_MECHANISM_TYPE_PTR pMechanismList, michael@0: CK_ULONG_PTR pulCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: CK_ULONG count; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: count = nssCKFWToken_GetMechanismCount(fwToken); michael@0: michael@0: if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { michael@0: *pulCount = count; michael@0: return CKR_OK; michael@0: } michael@0: michael@0: if( *pulCount < count ) { michael@0: *pulCount = count; michael@0: error = CKR_BUFFER_TOO_SMALL; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); michael@0: michael@0: *pulCount = count; michael@0: michael@0: if( 0 != count ) { michael@0: error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); michael@0: } else { michael@0: error = CKR_OK; michael@0: } michael@0: michael@0: if( CKR_OK == error ) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: if (fwToken) michael@0: nssCKFWToken_Destroy(fwToken); michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_RECOGNIZED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetMechanismInfo michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetMechanismInfo michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_MECHANISM_TYPE type, michael@0: CK_MECHANISM_INFO_PTR pInfo michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); michael@0: pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); michael@0: michael@0: if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_HW; michael@0: } michael@0: if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_ENCRYPT; michael@0: } michael@0: if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_DECRYPT; michael@0: } michael@0: if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_DIGEST; michael@0: } michael@0: if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_SIGN; michael@0: } michael@0: if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_SIGN_RECOVER; michael@0: } michael@0: if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_VERIFY; michael@0: } michael@0: if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_VERIFY_RECOVER; michael@0: } michael@0: if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_GENERATE; michael@0: } michael@0: if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_GENERATE_KEY_PAIR; michael@0: } michael@0: if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_WRAP; michael@0: } michael@0: if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_UNWRAP; michael@0: } michael@0: if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { michael@0: pInfo->flags |= CKF_DERIVE; michael@0: } michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: return error; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: if (fwToken) michael@0: nssCKFWToken_Destroy(fwToken); michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_RECOGNIZED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_InitToken michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_InitToken michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_CHAR_PTR pPin, michael@0: CK_ULONG ulPinLen, michael@0: CK_CHAR_PTR pLabel michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: NSSItem pin; michael@0: NSSUTF8 *label; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: pin.size = (PRUint32)ulPinLen; michael@0: pin.data = (void *)pPin; michael@0: label = (NSSUTF8 *)pLabel; /* identity conversion */ michael@0: michael@0: error = nssCKFWToken_InitToken(fwToken, &pin, label); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: if (fwToken) michael@0: nssCKFWToken_Destroy(fwToken); michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_PIN_INCORRECT: michael@0: case CKR_PIN_LOCKED: michael@0: case CKR_SESSION_EXISTS: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_RECOGNIZED: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_InitPIN michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_InitPIN michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_CHAR_PTR pPin, michael@0: CK_ULONG ulPinLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSItem pin, *arg; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { michael@0: arg = (NSSItem *)NULL; michael@0: } else { michael@0: arg = &pin; michael@0: pin.size = (PRUint32)ulPinLen; michael@0: pin.data = (void *)pPin; michael@0: } michael@0: michael@0: error = nssCKFWSession_InitPIN(fwSession, arg); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_PIN_INVALID: michael@0: case CKR_PIN_LEN_RANGE: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SetPIN michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SetPIN michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_CHAR_PTR pOldPin, michael@0: CK_ULONG ulOldLen, michael@0: CK_CHAR_PTR pNewPin, michael@0: CK_ULONG ulNewLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSItem oldPin, newPin, *oldArg, *newArg; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { michael@0: oldArg = (NSSItem *)NULL; michael@0: } else { michael@0: oldArg = &oldPin; michael@0: oldPin.size = (PRUint32)ulOldLen; michael@0: oldPin.data = (void *)pOldPin; michael@0: } michael@0: michael@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { michael@0: newArg = (NSSItem *)NULL; michael@0: } else { michael@0: newArg = &newPin; michael@0: newPin.size = (PRUint32)ulNewLen; michael@0: newPin.data = (void *)pNewPin; michael@0: } michael@0: michael@0: error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_PIN_INCORRECT: michael@0: case CKR_PIN_INVALID: michael@0: case CKR_PIN_LEN_RANGE: michael@0: case CKR_PIN_LOCKED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_OpenSession michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_OpenSession michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID, michael@0: CK_FLAGS flags, michael@0: CK_VOID_PTR pApplication, michael@0: CK_NOTIFY Notify, michael@0: CK_SESSION_HANDLE_PTR phSession michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: NSSCKFWSession *fwSession; michael@0: CK_BBOOL rw; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( flags & CKF_RW_SESSION ) { michael@0: rw = CK_TRUE; michael@0: } else { michael@0: rw = CK_FALSE; michael@0: } michael@0: michael@0: if( flags & CKF_SERIAL_SESSION ) { michael@0: ; michael@0: } else { michael@0: error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; michael@0: goto loser; michael@0: } michael@0: michael@0: if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: *phSession = (CK_SESSION_HANDLE)0; michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, michael@0: Notify, &error); michael@0: if (!fwSession) { michael@0: goto loser; michael@0: } michael@0: michael@0: *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, michael@0: fwSession, &error); michael@0: if( (CK_SESSION_HANDLE)0 == *phSession ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SESSION_COUNT: michael@0: case CKR_SESSION_EXISTS: michael@0: case CKR_SESSION_PARALLEL_NOT_SUPPORTED: michael@0: case CKR_SESSION_READ_WRITE_SO_EXISTS: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: case CKR_TOKEN_NOT_RECOGNIZED: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_CloseSession michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_CloseSession michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); michael@0: error = nssCKFWSession_Destroy(fwSession, CK_TRUE); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_CloseAllSessions michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_CloseAllSessions michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SLOT_ID slotID michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: CK_ULONG nSlots; michael@0: NSSCKFWSlot **slots; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); michael@0: if( (CK_ULONG)0 == nSlots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (slotID < 1) || (slotID > nSlots) ) { michael@0: error = CKR_SLOT_ID_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: slots = nssCKFWInstance_GetSlots(fwInstance, &error); michael@0: if( (NSSCKFWSlot **)NULL == slots ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = slots[ slotID-1 ]; michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWToken_CloseAllSessions(fwToken); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SLOT_ID_INVALID: michael@0: case CKR_TOKEN_NOT_PRESENT: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetSessionInfo michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetSessionInfo michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_SESSION_INFO_PTR pInfo michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWSlot *fwSlot; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; michael@0: goto loser; michael@0: } michael@0: michael@0: pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); michael@0: pInfo->state = nssCKFWSession_GetSessionState(fwSession); michael@0: michael@0: if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { michael@0: pInfo->flags |= CKF_RW_SESSION; michael@0: } michael@0: michael@0: pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ michael@0: michael@0: pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetOperationState michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetOperationState michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pOperationState, michael@0: CK_ULONG_PTR pulOperationStateLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: CK_ULONG len; michael@0: NSSItem buf; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: len = nssCKFWSession_GetOperationStateLen(fwSession, &error); michael@0: if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { michael@0: *pulOperationStateLen = len; michael@0: return CKR_OK; michael@0: } michael@0: michael@0: if( *pulOperationStateLen < len ) { michael@0: *pulOperationStateLen = len; michael@0: error = CKR_BUFFER_TOO_SMALL; michael@0: goto loser; michael@0: } michael@0: michael@0: buf.size = (PRUint32)*pulOperationStateLen; michael@0: buf.data = (void *)pOperationState; michael@0: *pulOperationStateLen = len; michael@0: error = nssCKFWSession_GetOperationState(fwSession, &buf); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_STATE_UNSAVEABLE: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SetOperationState michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SetOperationState michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pOperationState, michael@0: CK_ULONG ulOperationStateLen, michael@0: CK_OBJECT_HANDLE hEncryptionKey, michael@0: CK_OBJECT_HANDLE hAuthenticationKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *eKey; michael@0: NSSCKFWObject *aKey; michael@0: NSSItem state; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * We could loop through the buffer, to catch any purify errors michael@0: * in a place with a "user error" note. michael@0: */ michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { michael@0: eKey = (NSSCKFWObject *)NULL; michael@0: } else { michael@0: eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); michael@0: if (!eKey) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { michael@0: aKey = (NSSCKFWObject *)NULL; michael@0: } else { michael@0: aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); michael@0: if (!aKey) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: state.data = pOperationState; michael@0: state.size = ulOperationStateLen; michael@0: michael@0: error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_CHANGED: michael@0: case CKR_KEY_NEEDED: michael@0: case CKR_KEY_NOT_NEEDED: michael@0: case CKR_SAVED_STATE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Login michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Login michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_USER_TYPE userType, michael@0: CK_CHAR_PTR pPin, michael@0: CK_ULONG ulPinLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSItem pin, *arg; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { michael@0: arg = (NSSItem *)NULL; michael@0: } else { michael@0: arg = &pin; michael@0: pin.size = (PRUint32)ulPinLen; michael@0: pin.data = (void *)pPin; michael@0: } michael@0: michael@0: error = nssCKFWSession_Login(fwSession, userType, arg); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_PIN_INCORRECT: michael@0: case CKR_PIN_LOCKED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY_EXISTS: michael@0: case CKR_USER_ALREADY_LOGGED_IN: michael@0: case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: michael@0: case CKR_USER_PIN_NOT_INITIALIZED: michael@0: case CKR_USER_TOO_MANY_TYPES: michael@0: case CKR_USER_TYPE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Logout michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Logout michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Logout(fwSession); michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_CreateObject michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_CreateObject michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount, michael@0: CK_OBJECT_HANDLE_PTR phObject michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: *phObject = (CK_OBJECT_HANDLE)0; michael@0: michael@0: fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, michael@0: ulCount, &error); michael@0: if (!fwObject) { michael@0: goto loser; michael@0: } michael@0: michael@0: *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); michael@0: if( (CK_OBJECT_HANDLE)0 == *phObject ) { michael@0: nssCKFWObject_Destroy(fwObject); michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCOMPLETE: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_CopyObject michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_CopyObject michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hObject, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount, michael@0: CK_OBJECT_HANDLE_PTR phNewObject michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWObject *fwNewObject; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: *phNewObject = (CK_OBJECT_HANDLE)0; michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); michael@0: if (!fwObject) { michael@0: error = CKR_OBJECT_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, michael@0: pTemplate, ulCount, &error); michael@0: if (!fwNewObject) { michael@0: goto loser; michael@0: } michael@0: michael@0: *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, michael@0: fwNewObject, &error); michael@0: if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { michael@0: nssCKFWObject_Destroy(fwNewObject); michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OBJECT_HANDLE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DestroyObject michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DestroyObject michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hObject michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); michael@0: if (!fwObject) { michael@0: error = CKR_OBJECT_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); michael@0: nssCKFWObject_Destroy(fwObject); michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OBJECT_HANDLE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetObjectSize michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetObjectSize michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hObject, michael@0: CK_ULONG_PTR pulSize michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); michael@0: if (!fwObject) { michael@0: error = CKR_OBJECT_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: *pulSize = (CK_ULONG)0; michael@0: michael@0: *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); michael@0: if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_INFORMATION_SENSITIVE: michael@0: case CKR_OBJECT_HANDLE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetAttributeValue michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetAttributeValue michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hObject, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: CK_BBOOL sensitive = CK_FALSE; michael@0: CK_BBOOL invalid = CK_FALSE; michael@0: CK_BBOOL tooSmall = CK_FALSE; michael@0: CK_ULONG i; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); michael@0: if (!fwObject) { michael@0: error = CKR_OBJECT_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: for( i = 0; i < ulCount; i++ ) { michael@0: CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, michael@0: pTemplate[i].type, &error); michael@0: if( (CK_ULONG)0 == size ) { michael@0: switch( error ) { michael@0: case CKR_ATTRIBUTE_SENSITIVE: michael@0: case CKR_INFORMATION_SENSITIVE: michael@0: sensitive = CK_TRUE; michael@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); michael@0: continue; michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: invalid = CK_TRUE; michael@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); michael@0: continue; michael@0: case CKR_OK: michael@0: break; michael@0: default: michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { michael@0: pTemplate[i].ulValueLen = size; michael@0: } else { michael@0: NSSItem it, *p; michael@0: michael@0: if( pTemplate[i].ulValueLen < size ) { michael@0: tooSmall = CK_TRUE; michael@0: continue; michael@0: } michael@0: michael@0: it.size = (PRUint32)pTemplate[i].ulValueLen; michael@0: it.data = (void *)pTemplate[i].pValue; michael@0: p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, michael@0: (NSSArena *)NULL, &error); michael@0: if (!p) { michael@0: switch( error ) { michael@0: case CKR_ATTRIBUTE_SENSITIVE: michael@0: case CKR_INFORMATION_SENSITIVE: michael@0: sensitive = CK_TRUE; michael@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); michael@0: continue; michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: invalid = CK_TRUE; michael@0: pTemplate[i].ulValueLen = (CK_ULONG)(-1); michael@0: continue; michael@0: default: michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: pTemplate[i].ulValueLen = size; michael@0: } michael@0: } michael@0: michael@0: if( sensitive ) { michael@0: error = CKR_ATTRIBUTE_SENSITIVE; michael@0: goto loser; michael@0: } else if( invalid ) { michael@0: error = CKR_ATTRIBUTE_TYPE_INVALID; michael@0: goto loser; michael@0: } else if( tooSmall ) { michael@0: error = CKR_BUFFER_TOO_SMALL; michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ATTRIBUTE_SENSITIVE: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OBJECT_HANDLE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SetAttributeValue michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SetAttributeValue michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hObject, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: CK_ULONG i; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); michael@0: if (!fwObject) { michael@0: error = CKR_OBJECT_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: for (i=0; i < ulCount; i++) { michael@0: NSSItem value; michael@0: michael@0: value.data = pTemplate[i].pValue; michael@0: value.size = pTemplate[i].ulValueLen; michael@0: michael@0: error = nssCKFWObject_SetAttribute(fwObject, fwSession, michael@0: pTemplate[i].type, &value); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OBJECT_HANDLE_INVALID: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_FindObjectsInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_FindObjectsInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWFindObjects *fwFindObjects; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); michael@0: if (fwFindObjects) { michael@0: error = CKR_OPERATION_ACTIVE; michael@0: goto loser; michael@0: } michael@0: michael@0: if( CKR_OPERATION_NOT_INITIALIZED != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, michael@0: pTemplate, ulCount, &error); michael@0: if (!fwFindObjects) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); michael@0: michael@0: if( CKR_OK != error ) { michael@0: nssCKFWFindObjects_Destroy(fwFindObjects); michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_FindObjects michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_FindObjects michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE_PTR phObject, michael@0: CK_ULONG ulMaxObjectCount, michael@0: CK_ULONG_PTR pulObjectCount michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWFindObjects *fwFindObjects; michael@0: CK_ULONG i; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); michael@0: *pulObjectCount = (CK_ULONG)0; michael@0: michael@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); michael@0: if (!fwFindObjects) { michael@0: goto loser; michael@0: } michael@0: michael@0: for( i = 0; i < ulMaxObjectCount; i++ ) { michael@0: NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, michael@0: NULL, &error); michael@0: if (!fwObject) { michael@0: break; michael@0: } michael@0: michael@0: phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); michael@0: if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { michael@0: phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); michael@0: } michael@0: if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { michael@0: /* This isn't right either, is it? */ michael@0: nssCKFWObject_Destroy(fwObject); michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: *pulObjectCount = i; michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_FindObjectsFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_FindObjectsFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWFindObjects *fwFindObjects; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); michael@0: if (!fwFindObjects) { michael@0: error = CKR_OPERATION_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: nssCKFWFindObjects_Destroy(fwFindObjects); michael@0: error = nssCKFWSession_SetFWFindObjects(fwSession, michael@0: (NSSCKFWFindObjects *)NULL); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_EncryptInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_EncryptInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, michael@0: fwSession, fwObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Encrypt michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Encrypt michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen, michael@0: CK_BYTE_PTR pEncryptedData, michael@0: CK_ULONG_PTR pulEncryptedDataLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_Encrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_INVALID: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_CLOSED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_EncryptUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_EncryptUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG ulPartLen, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG_PTR pulEncryptedPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Update(fwSession, michael@0: NSSCKFWCryptoOperationType_Encrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_EncryptFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_EncryptFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pLastEncryptedPart, michael@0: CK_ULONG_PTR pulLastEncryptedPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Final(fwSession, michael@0: NSSCKFWCryptoOperationType_Encrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pLastEncryptedPart, pulLastEncryptedPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DecryptInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DecryptInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, michael@0: fwSession, fwObject); michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Decrypt michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Decrypt michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pEncryptedData, michael@0: CK_ULONG ulEncryptedDataLen, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG_PTR pulDataLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_Decrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: case CKR_DATA_LEN_RANGE: michael@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; michael@0: break; michael@0: case CKR_DATA_INVALID: michael@0: error = CKR_ENCRYPTED_DATA_INVALID; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DecryptUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DecryptUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG ulEncryptedPartLen, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG_PTR pulPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Update(fwSession, michael@0: NSSCKFWCryptoOperationType_Decrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: case CKR_DATA_LEN_RANGE: michael@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; michael@0: break; michael@0: case CKR_DATA_INVALID: michael@0: error = CKR_ENCRYPTED_DATA_INVALID; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DecryptFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DecryptFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pLastPart, michael@0: CK_ULONG_PTR pulLastPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Final(fwSession, michael@0: NSSCKFWCryptoOperationType_Decrypt, michael@0: NSSCKFWCryptoOperationState_EncryptDecrypt, michael@0: pLastPart, pulLastPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: case CKR_DATA_LEN_RANGE: michael@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; michael@0: break; michael@0: case CKR_DATA_INVALID: michael@0: error = CKR_ENCRYPTED_DATA_INVALID; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DigestInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DigestInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Digest michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Digest michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen, michael@0: CK_BYTE_PTR pDigest, michael@0: CK_ULONG_PTR pulDigestLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_Digest, michael@0: NSSCKFWCryptoOperationState_Digest, michael@0: pData, ulDataLen, pDigest, pulDigestLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DigestUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DigestUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_DigestUpdate(fwSession, michael@0: NSSCKFWCryptoOperationType_Digest, michael@0: NSSCKFWCryptoOperationState_Digest, michael@0: pData, ulDataLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DigestKey michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DigestKey michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_DigestKey(fwSession, fwObject); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_INDIGESTIBLE: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DigestFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DigestFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pDigest, michael@0: CK_ULONG_PTR pulDigestLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Final(fwSession, michael@0: NSSCKFWCryptoOperationType_Digest, michael@0: NSSCKFWCryptoOperationState_Digest, michael@0: pDigest, pulDigestLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, michael@0: fwObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Sign michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Sign michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG_PTR pulSignatureLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_Sign, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pData, ulDataLen, pSignature, pulSignatureLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_INVALID: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: case CKR_FUNCTION_REJECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG ulPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_DigestUpdate(fwSession, michael@0: NSSCKFWCryptoOperationType_Sign, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pPart, ulPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG_PTR pulSignatureLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Final(fwSession, michael@0: NSSCKFWCryptoOperationType_Sign, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pSignature, pulSignatureLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: case CKR_FUNCTION_REJECTED: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignRecoverInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignRecoverInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, michael@0: fwObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignRecover michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignRecover michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG_PTR pulSignatureLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_SignRecover, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pData, ulDataLen, pSignature, pulSignatureLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_INVALID: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_VerifyInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_VerifyInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, michael@0: fwObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_Verify michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_Verify michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG ulDataLen, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG ulSignatureLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_Verify, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pData, ulDataLen, pSignature, &ulSignatureLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_INVALID: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SIGNATURE_INVALID: michael@0: case CKR_SIGNATURE_LEN_RANGE: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_VerifyUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_VerifyUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG ulPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_DigestUpdate(fwSession, michael@0: NSSCKFWCryptoOperationType_Verify, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pPart, ulPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_VerifyFinal michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_VerifyFinal michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG ulSignatureLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_Final(fwSession, michael@0: NSSCKFWCryptoOperationType_Verify, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pSignature, &ulSignatureLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SIGNATURE_INVALID: michael@0: case CKR_SIGNATURE_LEN_RANGE: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_VerifyRecoverInit michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_VerifyRecoverInit michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, michael@0: fwSession, fwObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_FUNCTION_NOT_PERMITTED: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_VerifyRecover michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_VerifyRecover michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pSignature, michael@0: CK_ULONG ulSignatureLen, michael@0: CK_BYTE_PTR pData, michael@0: CK_ULONG_PTR pulDataLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateFinal(fwSession, michael@0: NSSCKFWCryptoOperationType_VerifyRecover, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pSignature, ulSignatureLen, pData, pulDataLen); michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_INVALID: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SIGNATURE_INVALID: michael@0: case CKR_SIGNATURE_LEN_RANGE: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DigestEncryptUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DigestEncryptUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG ulPartLen, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG_PTR pulEncryptedPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateCombo(fwSession, michael@0: NSSCKFWCryptoOperationType_Encrypt, michael@0: NSSCKFWCryptoOperationType_Digest, michael@0: NSSCKFWCryptoOperationState_Digest, michael@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DecryptDigestUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DecryptDigestUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG ulEncryptedPartLen, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG_PTR pulPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateCombo(fwSession, michael@0: NSSCKFWCryptoOperationType_Decrypt, michael@0: NSSCKFWCryptoOperationType_Digest, michael@0: NSSCKFWCryptoOperationState_Digest, michael@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: case CKR_DATA_INVALID: michael@0: error = CKR_ENCRYPTED_DATA_INVALID; michael@0: break; michael@0: case CKR_DATA_LEN_RANGE: michael@0: error = CKR_ENCRYPTED_DATA_LEN_RANGE; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SignEncryptUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SignEncryptUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG ulPartLen, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG_PTR pulEncryptedPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateCombo(fwSession, michael@0: NSSCKFWCryptoOperationType_Encrypt, michael@0: NSSCKFWCryptoOperationType_Sign, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DecryptVerifyUpdate michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DecryptVerifyUpdate michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pEncryptedPart, michael@0: CK_ULONG ulEncryptedPartLen, michael@0: CK_BYTE_PTR pPart, michael@0: CK_ULONG_PTR pulPartLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: error = nssCKFWSession_UpdateCombo(fwSession, michael@0: NSSCKFWCryptoOperationType_Decrypt, michael@0: NSSCKFWCryptoOperationType_Verify, michael@0: NSSCKFWCryptoOperationState_SignVerify, michael@0: pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DATA_LEN_RANGE: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_NOT_INITIALIZED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: break; michael@0: case CKR_DATA_INVALID: michael@0: error = CKR_ENCRYPTED_DATA_INVALID; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GenerateKey michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GenerateKey michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulCount, michael@0: CK_OBJECT_HANDLE_PTR phKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWMechanism_GenerateKey( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: pTemplate, michael@0: ulCount, michael@0: &error); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: if (!fwObject) { michael@0: goto loser; michael@0: } michael@0: *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCOMPLETE: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GenerateKeyPair michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GenerateKeyPair michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_ATTRIBUTE_PTR pPublicKeyTemplate, michael@0: CK_ULONG ulPublicKeyAttributeCount, michael@0: CK_ATTRIBUTE_PTR pPrivateKeyTemplate, michael@0: CK_ULONG ulPrivateKeyAttributeCount, michael@0: CK_OBJECT_HANDLE_PTR phPublicKey, michael@0: CK_OBJECT_HANDLE_PTR phPrivateKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwPrivateKeyObject; michael@0: NSSCKFWObject *fwPublicKeyObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: error= nssCKFWMechanism_GenerateKeyPair( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: pPublicKeyTemplate, michael@0: ulPublicKeyAttributeCount, michael@0: pPublicKeyTemplate, michael@0: ulPublicKeyAttributeCount, michael@0: &fwPublicKeyObject, michael@0: &fwPrivateKeyObject); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: if (CKR_OK != error) { michael@0: goto loser; michael@0: } michael@0: *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, michael@0: fwPublicKeyObject, michael@0: &error); michael@0: if (CKR_OK != error) { michael@0: goto loser; michael@0: } michael@0: *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, michael@0: fwPrivateKeyObject, michael@0: &error); michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_DOMAIN_PARAMS_INVALID: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCOMPLETE: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_WrapKey michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_WrapKey michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hWrappingKey, michael@0: CK_OBJECT_HANDLE hKey, michael@0: CK_BYTE_PTR pWrappedKey, michael@0: CK_ULONG_PTR pulWrappedKeyLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwKeyObject; michael@0: NSSCKFWObject *fwWrappingKeyObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: NSSItem wrappedKey; michael@0: CK_ULONG wrappedKeyLength = 0; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, michael@0: hWrappingKey); michael@0: if (!fwWrappingKeyObject) { michael@0: error = CKR_WRAPPING_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); michael@0: if (!fwKeyObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * first get the length... michael@0: */ michael@0: wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: fwWrappingKeyObject, michael@0: fwKeyObject, michael@0: &error); michael@0: if ((CK_ULONG) 0 == wrappedKeyLength) { michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: goto loser; michael@0: } michael@0: if ((CK_BYTE_PTR)NULL == pWrappedKey) { michael@0: *pulWrappedKeyLen = wrappedKeyLength; michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: return CKR_OK; michael@0: } michael@0: if (wrappedKeyLength > *pulWrappedKeyLen) { michael@0: *pulWrappedKeyLen = wrappedKeyLength; michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: error = CKR_BUFFER_TOO_SMALL; michael@0: goto loser; michael@0: } michael@0: michael@0: michael@0: wrappedKey.data = pWrappedKey; michael@0: wrappedKey.size = wrappedKeyLength; michael@0: michael@0: error = nssCKFWMechanism_WrapKey( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: fwWrappingKeyObject, michael@0: fwKeyObject, michael@0: &wrappedKey); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: *pulWrappedKeyLen = wrappedKey.size; michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_NOT_WRAPPABLE: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_UNEXTRACTABLE: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_WRAPPING_KEY_HANDLE_INVALID: michael@0: case CKR_WRAPPING_KEY_SIZE_RANGE: michael@0: case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: michael@0: break; michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_UnwrapKey michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_UnwrapKey michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hUnwrappingKey, michael@0: CK_BYTE_PTR pWrappedKey, michael@0: CK_ULONG ulWrappedKeyLen, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulAttributeCount, michael@0: CK_OBJECT_HANDLE_PTR phKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWObject *fwWrappingKeyObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: NSSItem wrappedKey; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, michael@0: hUnwrappingKey); michael@0: if (!fwWrappingKeyObject) { michael@0: error = CKR_WRAPPING_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: wrappedKey.data = pWrappedKey; michael@0: wrappedKey.size = ulWrappedKeyLen; michael@0: michael@0: fwObject = nssCKFWMechanism_UnwrapKey( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: fwWrappingKeyObject, michael@0: &wrappedKey, michael@0: pTemplate, michael@0: ulAttributeCount, michael@0: &error); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: if (!fwObject) { michael@0: goto loser; michael@0: } michael@0: *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_BUFFER_TOO_SMALL: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_DOMAIN_PARAMS_INVALID: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCOMPLETE: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_UNWRAPPING_KEY_HANDLE_INVALID: michael@0: case CKR_UNWRAPPING_KEY_SIZE_RANGE: michael@0: case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: case CKR_WRAPPED_KEY_INVALID: michael@0: case CKR_WRAPPED_KEY_LEN_RANGE: michael@0: break; michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; michael@0: break; michael@0: case CKR_KEY_SIZE_RANGE: michael@0: error = CKR_UNWRAPPING_KEY_SIZE_RANGE; michael@0: break; michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; michael@0: break; michael@0: case CKR_ENCRYPTED_DATA_INVALID: michael@0: error = CKR_WRAPPED_KEY_INVALID; michael@0: break; michael@0: case CKR_ENCRYPTED_DATA_LEN_RANGE: michael@0: error = CKR_WRAPPED_KEY_LEN_RANGE; michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_DeriveKey michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_DeriveKey michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_MECHANISM_PTR pMechanism, michael@0: CK_OBJECT_HANDLE hBaseKey, michael@0: CK_ATTRIBUTE_PTR pTemplate, michael@0: CK_ULONG ulAttributeCount, michael@0: CK_OBJECT_HANDLE_PTR phKey michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSCKFWObject *fwObject; michael@0: NSSCKFWObject *fwBaseKeyObject; michael@0: NSSCKFWSlot *fwSlot; michael@0: NSSCKFWToken *fwToken; michael@0: NSSCKFWMechanism *fwMechanism; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); michael@0: if (!fwBaseKeyObject) { michael@0: error = CKR_KEY_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSlot = nssCKFWSession_GetFWSlot(fwSession); michael@0: if (!fwSlot) { michael@0: error = CKR_GENERAL_ERROR; /* should never happen! */ michael@0: goto loser; michael@0: } michael@0: michael@0: if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { michael@0: error = CKR_TOKEN_NOT_PRESENT; michael@0: goto loser; michael@0: } michael@0: michael@0: fwToken = nssCKFWSlot_GetToken(fwSlot, &error); michael@0: if (!fwToken) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); michael@0: if (!fwMechanism) { michael@0: goto loser; michael@0: } michael@0: michael@0: fwObject = nssCKFWMechanism_DeriveKey( michael@0: fwMechanism, michael@0: pMechanism, michael@0: fwSession, michael@0: fwBaseKeyObject, michael@0: pTemplate, michael@0: ulAttributeCount, michael@0: &error); michael@0: michael@0: nssCKFWMechanism_Destroy(fwMechanism); michael@0: if (!fwObject) { michael@0: goto loser; michael@0: } michael@0: *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); michael@0: michael@0: if (CKR_OK == error) { michael@0: return CKR_OK; michael@0: } michael@0: michael@0: loser: michael@0: /* verify error */ michael@0: switch( error ) { michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_ATTRIBUTE_READ_ONLY: michael@0: case CKR_ATTRIBUTE_TYPE_INVALID: michael@0: case CKR_ATTRIBUTE_VALUE_INVALID: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_DEVICE_REMOVED: michael@0: case CKR_DOMAIN_PARAMS_INVALID: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_KEY_HANDLE_INVALID: michael@0: case CKR_KEY_SIZE_RANGE: michael@0: case CKR_KEY_TYPE_INCONSISTENT: michael@0: case CKR_MECHANISM_INVALID: michael@0: case CKR_MECHANISM_PARAM_INVALID: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_PIN_EXPIRED: michael@0: case CKR_SESSION_CLOSED: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_SESSION_READ_ONLY: michael@0: case CKR_TEMPLATE_INCOMPLETE: michael@0: case CKR_TEMPLATE_INCONSISTENT: michael@0: case CKR_TOKEN_WRITE_PROTECTED: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_SeedRandom michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_SeedRandom michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pSeed, michael@0: CK_ULONG ulSeedLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSItem seed; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* We could read through the buffer in a Purify trap */ michael@0: michael@0: seed.size = (PRUint32)ulSeedLen; michael@0: seed.data = (void *)pSeed; michael@0: michael@0: error = nssCKFWSession_SeedRandom(fwSession, &seed); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_RANDOM_SEED_NOT_SUPPORTED: michael@0: case CKR_RANDOM_NO_RNG: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GenerateRandom michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GenerateRandom michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession, michael@0: CK_BYTE_PTR pRandomData, michael@0: CK_ULONG ulRandomLen michael@0: ) michael@0: { michael@0: CK_RV error = CKR_OK; michael@0: NSSCKFWSession *fwSession; michael@0: NSSItem buffer; michael@0: michael@0: if (!fwInstance) { michael@0: error = CKR_CRYPTOKI_NOT_INITIALIZED; michael@0: goto loser; michael@0: } michael@0: michael@0: fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); michael@0: if (!fwSession) { michael@0: error = CKR_SESSION_HANDLE_INVALID; michael@0: goto loser; michael@0: } michael@0: michael@0: if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { michael@0: error = CKR_ARGUMENTS_BAD; michael@0: goto loser; michael@0: } michael@0: michael@0: /* michael@0: * A purify error here indicates caller error. michael@0: */ michael@0: (void)nsslibc_memset(pRandomData, 0, ulRandomLen); michael@0: michael@0: buffer.size = (PRUint32)ulRandomLen; michael@0: buffer.data = (void *)pRandomData; michael@0: michael@0: error = nssCKFWSession_GetRandom(fwSession, &buffer); michael@0: michael@0: if( CKR_OK != error ) { michael@0: goto loser; michael@0: } michael@0: michael@0: return CKR_OK; michael@0: michael@0: loser: michael@0: switch( error ) { michael@0: case CKR_SESSION_CLOSED: michael@0: /* destroy session? */ michael@0: break; michael@0: case CKR_DEVICE_REMOVED: michael@0: /* (void)nssCKFWToken_Destroy(fwToken); */ michael@0: break; michael@0: case CKR_ARGUMENTS_BAD: michael@0: case CKR_CRYPTOKI_NOT_INITIALIZED: michael@0: case CKR_DEVICE_ERROR: michael@0: case CKR_DEVICE_MEMORY: michael@0: case CKR_FUNCTION_CANCELED: michael@0: case CKR_FUNCTION_FAILED: michael@0: case CKR_GENERAL_ERROR: michael@0: case CKR_HOST_MEMORY: michael@0: case CKR_OPERATION_ACTIVE: michael@0: case CKR_RANDOM_NO_RNG: michael@0: case CKR_SESSION_HANDLE_INVALID: michael@0: case CKR_USER_NOT_LOGGED_IN: michael@0: break; michael@0: default: michael@0: case CKR_OK: michael@0: error = CKR_GENERAL_ERROR; michael@0: break; michael@0: } michael@0: michael@0: return error; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_GetFunctionStatus michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_GetFunctionStatus michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession michael@0: ) michael@0: { michael@0: return CKR_FUNCTION_NOT_PARALLEL; michael@0: } michael@0: michael@0: /* michael@0: * NSSCKFWC_CancelFunction michael@0: * michael@0: */ michael@0: NSS_IMPLEMENT CK_RV michael@0: NSSCKFWC_CancelFunction michael@0: ( michael@0: NSSCKFWInstance *fwInstance, michael@0: CK_SESSION_HANDLE hSession michael@0: ) michael@0: { michael@0: return CKR_FUNCTION_NOT_PARALLEL; michael@0: }