/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * wrap.c * * This file contains the routines that actually implement the cryptoki * API, using the internal APIs of the NSS Cryptoki Framework. There is * one routine here for every cryptoki routine. For linking reasons * the actual entry points passed back with C_GetFunctionList have to * exist in one of the Module's source files; however, those are merely * simple wrappers that call these routines. The intelligence of the * implementations is here. */ #ifndef CK_T #include "ck.h" #endif /* CK_T */ /* * NSSCKFWC_Initialize * NSSCKFWC_Finalize * NSSCKFWC_GetInfo * -- NSSCKFWC_GetFunctionList -- see the API insert file * NSSCKFWC_GetSlotList * NSSCKFWC_GetSlotInfo * NSSCKFWC_GetTokenInfo * NSSCKFWC_WaitForSlotEvent * NSSCKFWC_GetMechanismList * NSSCKFWC_GetMechanismInfo * NSSCKFWC_InitToken * NSSCKFWC_InitPIN * NSSCKFWC_SetPIN * NSSCKFWC_OpenSession * NSSCKFWC_CloseSession * NSSCKFWC_CloseAllSessions * NSSCKFWC_GetSessionInfo * NSSCKFWC_GetOperationState * NSSCKFWC_SetOperationState * NSSCKFWC_Login * NSSCKFWC_Logout * NSSCKFWC_CreateObject * NSSCKFWC_CopyObject * NSSCKFWC_DestroyObject * NSSCKFWC_GetObjectSize * NSSCKFWC_GetAttributeValue * NSSCKFWC_SetAttributeValue * NSSCKFWC_FindObjectsInit * NSSCKFWC_FindObjects * NSSCKFWC_FindObjectsFinal * NSSCKFWC_EncryptInit * NSSCKFWC_Encrypt * NSSCKFWC_EncryptUpdate * NSSCKFWC_EncryptFinal * NSSCKFWC_DecryptInit * NSSCKFWC_Decrypt * NSSCKFWC_DecryptUpdate * NSSCKFWC_DecryptFinal * NSSCKFWC_DigestInit * NSSCKFWC_Digest * NSSCKFWC_DigestUpdate * NSSCKFWC_DigestKey * NSSCKFWC_DigestFinal * NSSCKFWC_SignInit * NSSCKFWC_Sign * NSSCKFWC_SignUpdate * NSSCKFWC_SignFinal * NSSCKFWC_SignRecoverInit * NSSCKFWC_SignRecover * NSSCKFWC_VerifyInit * NSSCKFWC_Verify * NSSCKFWC_VerifyUpdate * NSSCKFWC_VerifyFinal * NSSCKFWC_VerifyRecoverInit * NSSCKFWC_VerifyRecover * NSSCKFWC_DigestEncryptUpdate * NSSCKFWC_DecryptDigestUpdate * NSSCKFWC_SignEncryptUpdate * NSSCKFWC_DecryptVerifyUpdate * NSSCKFWC_GenerateKey * NSSCKFWC_GenerateKeyPair * NSSCKFWC_WrapKey * NSSCKFWC_UnwrapKey * NSSCKFWC_DeriveKey * NSSCKFWC_SeedRandom * NSSCKFWC_GenerateRandom * NSSCKFWC_GetFunctionStatus * NSSCKFWC_CancelFunction */ /* figure out out locking semantics */ static CK_RV nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, CryptokiLockingState *pLocking_state) { int functionCount = 0; /* parsed according to (PKCS #11 Section 11.4) */ /* no args, the degenerate version of case 1 */ if (!pInitArgs) { *pLocking_state = SingleThreaded; return CKR_OK; } /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ if (pInitArgs->flags & CKF_OS_LOCKING_OK) { *pLocking_state = MultiThreaded; return CKR_OK; } if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; /* CKF_OS_LOCKING_OK is not set, and not functions supplied, * explicit case 1 */ if (0 == functionCount) { *pLocking_state = SingleThreaded; return CKR_OK; } /* OS_LOCKING_OK is not set and functions have been supplied. Since * ckfw uses nssbase library which explicitly calls NSPR, and since * there is no way to reliably override these explicit calls to NSPR, * therefore we can't support applications which have their own threading * module. Return CKR_CANT_LOCK if they supplied the correct number of * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will * fail the initialize */ return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; } static PRInt32 liveInstances; /* * NSSCKFWC_Initialize * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Initialize ( NSSCKFWInstance **pFwInstance, NSSCKMDInstance *mdInstance, CK_VOID_PTR pInitArgs ) { CK_RV error = CKR_OK; CryptokiLockingState locking_state; if( (NSSCKFWInstance **)NULL == pFwInstance ) { error = CKR_GENERAL_ERROR; goto loser; } if (*pFwInstance) { error = CKR_CRYPTOKI_ALREADY_INITIALIZED; goto loser; } if (!mdInstance) { error = CKR_GENERAL_ERROR; goto loser; } error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); if( CKR_OK != error ) { goto loser; } *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); if (!*pFwInstance) { goto loser; } PR_ATOMIC_INCREMENT(&liveInstances); return CKR_OK; loser: switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CANT_LOCK: case CKR_CRYPTOKI_ALREADY_INITIALIZED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_NEED_TO_CREATE_THREADS: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Finalize * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Finalize ( NSSCKFWInstance **pFwInstance ) { CK_RV error = CKR_OK; if( (NSSCKFWInstance **)NULL == pFwInstance ) { error = CKR_GENERAL_ERROR; goto loser; } if (!*pFwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } error = nssCKFWInstance_Destroy(*pFwInstance); /* In any case */ *pFwInstance = (NSSCKFWInstance *)NULL; loser: switch( error ) { PRInt32 remainingInstances; case CKR_OK: remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); if (!remainingInstances) { nssArena_Shutdown(); } break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: break; default: error = CKR_GENERAL_ERROR; break; } /* * A thread's error stack is automatically destroyed when the thread * terminates or, for the primordial thread, by PR_Cleanup. On * Windows with MinGW, the thread private data destructor PR_Free * registered by this module is actually a thunk for PR_Free defined * in this module. When the thread that unloads this module terminates * or calls PR_Cleanup, the thunk for PR_Free is already gone with the * module. Therefore we need to destroy the error stack before the * module is unloaded. */ nss_DestroyErrorStack(); return error; } /* * NSSCKFWC_GetInfo * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetInfo ( NSSCKFWInstance *fwInstance, CK_INFO_PTR pInfo ) { CK_RV error = CKR_OK; if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here means a caller error */ (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); if( CKR_OK != error ) { goto loser; } pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); if( CKR_OK != error ) { goto loser; } pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); return CKR_OK; loser: switch( error ) { case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: break; default: error = CKR_GENERAL_ERROR; break; } return error; } /* * C_GetFunctionList is implemented entirely in the Module's file which * includes the Framework API insert file. It requires no "actual" * NSSCKFW routine. */ /* * NSSCKFWC_GetSlotList * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetSlotList ( NSSCKFWInstance *fwInstance, CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount ) { CK_RV error = CKR_OK; CK_ULONG nSlots; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } switch( tokenPresent ) { case CK_TRUE: case CK_FALSE: break; default: error = CKR_ARGUMENTS_BAD; goto loser; } if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { error = CKR_ARGUMENTS_BAD; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { *pulCount = nSlots; return CKR_OK; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); if( *pulCount < nSlots ) { *pulCount = nSlots; error = CKR_BUFFER_TOO_SMALL; goto loser; } else { CK_ULONG i; *pulCount = nSlots; /* * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we * just index one when we need it. */ for( i = 0; i < nSlots; i++ ) { pSlotList[i] = i+1; } return CKR_OK; } loser: switch( error ) { case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetSlotInfo * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetSlotInfo ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); if( CKR_OK != error ) { goto loser; } error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); if( CKR_OK != error ) { goto loser; } if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { pInfo->flags |= CKF_TOKEN_PRESENT; } if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { pInfo->flags |= CKF_REMOVABLE_DEVICE; } if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { pInfo->flags |= CKF_HW_SLOT; } pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); return CKR_OK; loser: switch( error ) { case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SLOT_ID_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; } return error; } /* * NSSCKFWC_GetTokenInfo * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetTokenInfo ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } error = nssCKFWToken_GetLabel(fwToken, pInfo->label); if( CKR_OK != error ) { goto loser; } error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); if( CKR_OK != error ) { goto loser; } error = nssCKFWToken_GetModel(fwToken, pInfo->model); if( CKR_OK != error ) { goto loser; } error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); if( CKR_OK != error ) { goto loser; } if( nssCKFWToken_GetHasRNG(fwToken) ) { pInfo->flags |= CKF_RNG; } if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { pInfo->flags |= CKF_WRITE_PROTECTED; } if( nssCKFWToken_GetLoginRequired(fwToken) ) { pInfo->flags |= CKF_LOGIN_REQUIRED; } if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { pInfo->flags |= CKF_USER_PIN_INITIALIZED; } if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; } if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { pInfo->flags |= CKF_CLOCK_ON_TOKEN; } if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; } if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; } pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_DEVICE_REMOVED: case CKR_TOKEN_NOT_PRESENT: if (fwToken) nssCKFWToken_Destroy(fwToken); break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_RECOGNIZED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_WaitForSlotEvent * */ NSS_IMPLEMENT CK_RV NSSCKFWC_WaitForSlotEvent ( NSSCKFWInstance *fwInstance, CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved ) { CK_RV error = CKR_OK; CK_ULONG nSlots; CK_BBOOL block; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; CK_ULONG i; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } if( flags & ~CKF_DONT_BLOCK ) { error = CKR_ARGUMENTS_BAD; goto loser; } block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { error = CKR_ARGUMENTS_BAD; goto loser; } if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { error = CKR_ARGUMENTS_BAD; goto loser; } slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); if (!fwSlot) { goto loser; } for( i = 0; i < nSlots; i++ ) { if( fwSlot == slots[i] ) { *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); return CKR_OK; } } error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ loser: switch( error ) { case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_NO_EVENT: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetMechanismList * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetMechanismList ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; CK_ULONG count; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { error = CKR_ARGUMENTS_BAD; goto loser; } slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } count = nssCKFWToken_GetMechanismCount(fwToken); if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { *pulCount = count; return CKR_OK; } if( *pulCount < count ) { *pulCount = count; error = CKR_BUFFER_TOO_SMALL; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); *pulCount = count; if( 0 != count ) { error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); } else { error = CKR_OK; } if( CKR_OK == error ) { return CKR_OK; } loser: switch( error ) { case CKR_DEVICE_REMOVED: case CKR_TOKEN_NOT_PRESENT: if (fwToken) nssCKFWToken_Destroy(fwToken); break; case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_RECOGNIZED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetMechanismInfo * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetMechanismInfo ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); if (!fwMechanism) { goto loser; } pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { pInfo->flags |= CKF_HW; } if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { pInfo->flags |= CKF_ENCRYPT; } if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { pInfo->flags |= CKF_DECRYPT; } if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { pInfo->flags |= CKF_DIGEST; } if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { pInfo->flags |= CKF_SIGN; } if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { pInfo->flags |= CKF_SIGN_RECOVER; } if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { pInfo->flags |= CKF_VERIFY; } if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { pInfo->flags |= CKF_VERIFY_RECOVER; } if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { pInfo->flags |= CKF_GENERATE; } if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { pInfo->flags |= CKF_GENERATE_KEY_PAIR; } if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { pInfo->flags |= CKF_WRAP; } if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { pInfo->flags |= CKF_UNWRAP; } if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { pInfo->flags |= CKF_DERIVE; } nssCKFWMechanism_Destroy(fwMechanism); return error; loser: switch( error ) { case CKR_DEVICE_REMOVED: case CKR_TOKEN_NOT_PRESENT: if (fwToken) nssCKFWToken_Destroy(fwToken); break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_MECHANISM_INVALID: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_RECOGNIZED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_InitToken * */ NSS_IMPLEMENT CK_RV NSSCKFWC_InitToken ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_CHAR_PTR pPin, CK_ULONG ulPinLen, CK_CHAR_PTR pLabel ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; NSSItem pin; NSSUTF8 *label; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } pin.size = (PRUint32)ulPinLen; pin.data = (void *)pPin; label = (NSSUTF8 *)pLabel; /* identity conversion */ error = nssCKFWToken_InitToken(fwToken, &pin, label); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_DEVICE_REMOVED: case CKR_TOKEN_NOT_PRESENT: if (fwToken) nssCKFWToken_Destroy(fwToken); break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_PIN_INCORRECT: case CKR_PIN_LOCKED: case CKR_SESSION_EXISTS: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_RECOGNIZED: case CKR_TOKEN_WRITE_PROTECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_InitPIN * */ NSS_IMPLEMENT CK_RV NSSCKFWC_InitPIN ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSItem pin, *arg; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { arg = (NSSItem *)NULL; } else { arg = &pin; pin.size = (PRUint32)ulPinLen; pin.data = (void *)pPin; } error = nssCKFWSession_InitPIN(fwSession, arg); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_PIN_INVALID: case CKR_PIN_LEN_RANGE: case CKR_SESSION_READ_ONLY: case CKR_SESSION_HANDLE_INVALID: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SetPIN * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SetPIN ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSItem oldPin, newPin, *oldArg, *newArg; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { oldArg = (NSSItem *)NULL; } else { oldArg = &oldPin; oldPin.size = (PRUint32)ulOldLen; oldPin.data = (void *)pOldPin; } if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { newArg = (NSSItem *)NULL; } else { newArg = &newPin; newPin.size = (PRUint32)ulNewLen; newPin.data = (void *)pNewPin; } error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_PIN_INCORRECT: case CKR_PIN_INVALID: case CKR_PIN_LEN_RANGE: case CKR_PIN_LOCKED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TOKEN_WRITE_PROTECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_OpenSession * */ NSS_IMPLEMENT CK_RV NSSCKFWC_OpenSession ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; NSSCKFWSession *fwSession; CK_BBOOL rw; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } if( flags & CKF_RW_SESSION ) { rw = CK_TRUE; } else { rw = CK_FALSE; } if( flags & CKF_SERIAL_SESSION ) { ; } else { error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; goto loser; } if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { error = CKR_ARGUMENTS_BAD; goto loser; } if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ *phSession = (CK_SESSION_HANDLE)0; slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, Notify, &error); if (!fwSession) { goto loser; } *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, fwSession, &error); if( (CK_SESSION_HANDLE)0 == *phSession ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SESSION_COUNT: case CKR_SESSION_EXISTS: case CKR_SESSION_PARALLEL_NOT_SUPPORTED: case CKR_SESSION_READ_WRITE_SO_EXISTS: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_PRESENT: case CKR_TOKEN_NOT_RECOGNIZED: case CKR_TOKEN_WRITE_PROTECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_CloseSession * */ NSS_IMPLEMENT CK_RV NSSCKFWC_CloseSession ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); error = nssCKFWSession_Destroy(fwSession, CK_TRUE); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_CloseAllSessions * */ NSS_IMPLEMENT CK_RV NSSCKFWC_CloseAllSessions ( NSSCKFWInstance *fwInstance, CK_SLOT_ID slotID ) { CK_RV error = CKR_OK; CK_ULONG nSlots; NSSCKFWSlot **slots; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); if( (CK_ULONG)0 == nSlots ) { goto loser; } if( (slotID < 1) || (slotID > nSlots) ) { error = CKR_SLOT_ID_INVALID; goto loser; } slots = nssCKFWInstance_GetSlots(fwInstance, &error); if( (NSSCKFWSlot **)NULL == slots ) { goto loser; } fwSlot = slots[ slotID-1 ]; if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } error = nssCKFWToken_CloseAllSessions(fwToken); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SLOT_ID_INVALID: case CKR_TOKEN_NOT_PRESENT: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetSessionInfo * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetSessionInfo ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWSlot *fwSlot; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; goto loser; } pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); pInfo->state = nssCKFWSession_GetSessionState(fwSession); if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { pInfo->flags |= CKF_RW_SESSION; } pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetOperationState * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetOperationState ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; CK_ULONG len; NSSItem buf; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { error = CKR_ARGUMENTS_BAD; goto loser; } len = nssCKFWSession_GetOperationStateLen(fwSession, &error); if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { goto loser; } if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { *pulOperationStateLen = len; return CKR_OK; } if( *pulOperationStateLen < len ) { *pulOperationStateLen = len; error = CKR_BUFFER_TOO_SMALL; goto loser; } buf.size = (PRUint32)*pulOperationStateLen; buf.data = (void *)pOperationState; *pulOperationStateLen = len; error = nssCKFWSession_GetOperationState(fwSession, &buf); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_HANDLE_INVALID: case CKR_STATE_UNSAVEABLE: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SetOperationState * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SetOperationState ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *eKey; NSSCKFWObject *aKey; NSSItem state; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * We could loop through the buffer, to catch any purify errors * in a place with a "user error" note. */ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { eKey = (NSSCKFWObject *)NULL; } else { eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); if (!eKey) { error = CKR_KEY_HANDLE_INVALID; goto loser; } } if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { aKey = (NSSCKFWObject *)NULL; } else { aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); if (!aKey) { error = CKR_KEY_HANDLE_INVALID; goto loser; } } state.data = pOperationState; state.size = ulOperationStateLen; error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_CHANGED: case CKR_KEY_NEEDED: case CKR_KEY_NOT_NEEDED: case CKR_SAVED_STATE_INVALID: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Login * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Login ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSItem pin, *arg; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { arg = (NSSItem *)NULL; } else { arg = &pin; pin.size = (PRUint32)ulPinLen; pin.data = (void *)pPin; } error = nssCKFWSession_Login(fwSession, userType, arg); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_PIN_EXPIRED: case CKR_PIN_INCORRECT: case CKR_PIN_LOCKED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY_EXISTS: case CKR_USER_ALREADY_LOGGED_IN: case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: case CKR_USER_PIN_NOT_INITIALIZED: case CKR_USER_TOO_MANY_TYPES: case CKR_USER_TYPE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Logout * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Logout ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Logout(fwSession); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_CreateObject * */ NSS_IMPLEMENT CK_RV NSSCKFWC_CreateObject ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ *phObject = (CK_OBJECT_HANDLE)0; fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, ulCount, &error); if (!fwObject) { goto loser; } *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); if( (CK_OBJECT_HANDLE)0 == *phObject ) { nssCKFWObject_Destroy(fwObject); goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCOMPLETE: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_CopyObject * */ NSS_IMPLEMENT CK_RV NSSCKFWC_CopyObject ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWObject *fwNewObject; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ *phNewObject = (CK_OBJECT_HANDLE)0; fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); if (!fwObject) { error = CKR_OBJECT_HANDLE_INVALID; goto loser; } fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, pTemplate, ulCount, &error); if (!fwNewObject) { goto loser; } *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwNewObject, &error); if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { nssCKFWObject_Destroy(fwNewObject); goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OBJECT_HANDLE_INVALID: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DestroyObject * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DestroyObject ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); if (!fwObject) { error = CKR_OBJECT_HANDLE_INVALID; goto loser; } nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); nssCKFWObject_Destroy(fwObject); return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OBJECT_HANDLE_INVALID: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TOKEN_WRITE_PROTECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetObjectSize * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetObjectSize ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); if (!fwObject) { error = CKR_OBJECT_HANDLE_INVALID; goto loser; } if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ *pulSize = (CK_ULONG)0; *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_INFORMATION_SENSITIVE: case CKR_OBJECT_HANDLE_INVALID: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetAttributeValue * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetAttributeValue ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; CK_BBOOL sensitive = CK_FALSE; CK_BBOOL invalid = CK_FALSE; CK_BBOOL tooSmall = CK_FALSE; CK_ULONG i; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); if (!fwObject) { error = CKR_OBJECT_HANDLE_INVALID; goto loser; } if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { error = CKR_ARGUMENTS_BAD; goto loser; } for( i = 0; i < ulCount; i++ ) { CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, pTemplate[i].type, &error); if( (CK_ULONG)0 == size ) { switch( error ) { case CKR_ATTRIBUTE_SENSITIVE: case CKR_INFORMATION_SENSITIVE: sensitive = CK_TRUE; pTemplate[i].ulValueLen = (CK_ULONG)(-1); continue; case CKR_ATTRIBUTE_TYPE_INVALID: invalid = CK_TRUE; pTemplate[i].ulValueLen = (CK_ULONG)(-1); continue; case CKR_OK: break; default: goto loser; } } if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { pTemplate[i].ulValueLen = size; } else { NSSItem it, *p; if( pTemplate[i].ulValueLen < size ) { tooSmall = CK_TRUE; continue; } it.size = (PRUint32)pTemplate[i].ulValueLen; it.data = (void *)pTemplate[i].pValue; p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, (NSSArena *)NULL, &error); if (!p) { switch( error ) { case CKR_ATTRIBUTE_SENSITIVE: case CKR_INFORMATION_SENSITIVE: sensitive = CK_TRUE; pTemplate[i].ulValueLen = (CK_ULONG)(-1); continue; case CKR_ATTRIBUTE_TYPE_INVALID: invalid = CK_TRUE; pTemplate[i].ulValueLen = (CK_ULONG)(-1); continue; default: goto loser; } } pTemplate[i].ulValueLen = size; } } if( sensitive ) { error = CKR_ATTRIBUTE_SENSITIVE; goto loser; } else if( invalid ) { error = CKR_ATTRIBUTE_TYPE_INVALID; goto loser; } else if( tooSmall ) { error = CKR_BUFFER_TOO_SMALL; goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ATTRIBUTE_SENSITIVE: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OBJECT_HANDLE_INVALID: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SetAttributeValue * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SetAttributeValue ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; CK_ULONG i; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); if (!fwObject) { error = CKR_OBJECT_HANDLE_INVALID; goto loser; } if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { error = CKR_ARGUMENTS_BAD; goto loser; } for (i=0; i < ulCount; i++) { NSSItem value; value.data = pTemplate[i].pValue; value.size = pTemplate[i].ulValueLen; error = nssCKFWObject_SetAttribute(fwObject, fwSession, pTemplate[i].type, &value); if( CKR_OK != error ) { goto loser; } } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OBJECT_HANDLE_INVALID: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_FindObjectsInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_FindObjectsInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWFindObjects *fwFindObjects; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { error = CKR_ARGUMENTS_BAD; goto loser; } fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); if (fwFindObjects) { error = CKR_OPERATION_ACTIVE; goto loser; } if( CKR_OPERATION_NOT_INITIALIZED != error ) { goto loser; } fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, pTemplate, ulCount, &error); if (!fwFindObjects) { goto loser; } error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); if( CKR_OK != error ) { nssCKFWFindObjects_Destroy(fwFindObjects); goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_ACTIVE: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_FindObjects * */ NSS_IMPLEMENT CK_RV NSSCKFWC_FindObjects ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWFindObjects *fwFindObjects; CK_ULONG i; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); *pulObjectCount = (CK_ULONG)0; fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); if (!fwFindObjects) { goto loser; } for( i = 0; i < ulMaxObjectCount; i++ ) { NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, NULL, &error); if (!fwObject) { break; } phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); } if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { /* This isn't right either, is it? */ nssCKFWObject_Destroy(fwObject); goto loser; } } *pulObjectCount = i; return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_FindObjectsFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_FindObjectsFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWFindObjects *fwFindObjects; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); if (!fwFindObjects) { error = CKR_OPERATION_NOT_INITIALIZED; goto loser; } nssCKFWFindObjects_Destroy(fwFindObjects); error = nssCKFWSession_SetFWFindObjects(fwSession, (NSSCKFWFindObjects *)NULL); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_EncryptInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_EncryptInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Encrypt * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Encrypt ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_Encrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_INVALID: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_CLOSED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_EncryptUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_EncryptUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Update(fwSession, NSSCKFWCryptoOperationType_Encrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_EncryptFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_EncryptFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Final(fwSession, NSSCKFWCryptoOperationType_Encrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pLastEncryptedPart, pulLastEncryptedPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DecryptInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DecryptInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Decrypt * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Decrypt ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_Decrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_ENCRYPTED_DATA_INVALID: case CKR_ENCRYPTED_DATA_LEN_RANGE: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; case CKR_DATA_LEN_RANGE: error = CKR_ENCRYPTED_DATA_LEN_RANGE; break; case CKR_DATA_INVALID: error = CKR_ENCRYPTED_DATA_INVALID; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DecryptUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DecryptUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Update(fwSession, NSSCKFWCryptoOperationType_Decrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_ENCRYPTED_DATA_INVALID: case CKR_ENCRYPTED_DATA_LEN_RANGE: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; case CKR_DATA_LEN_RANGE: error = CKR_ENCRYPTED_DATA_LEN_RANGE; break; case CKR_DATA_INVALID: error = CKR_ENCRYPTED_DATA_INVALID; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DecryptFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DecryptFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Final(fwSession, NSSCKFWCryptoOperationType_Decrypt, NSSCKFWCryptoOperationState_EncryptDecrypt, pLastPart, pulLastPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_FAILED: case CKR_FUNCTION_CANCELED: case CKR_ENCRYPTED_DATA_INVALID: case CKR_ENCRYPTED_DATA_LEN_RANGE: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; case CKR_DATA_LEN_RANGE: error = CKR_ENCRYPTED_DATA_LEN_RANGE; break; case CKR_DATA_INVALID: error = CKR_ENCRYPTED_DATA_INVALID; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DigestInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DigestInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Digest * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Digest ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_Digest, NSSCKFWCryptoOperationState_Digest, pData, ulDataLen, pDigest, pulDigestLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DigestUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DigestUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_DigestUpdate(fwSession, NSSCKFWCryptoOperationType_Digest, NSSCKFWCryptoOperationState_Digest, pData, ulDataLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DigestKey * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DigestKey ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } error = nssCKFWSession_DigestKey(fwSession, fwObject); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_INDIGESTIBLE: case CKR_KEY_SIZE_RANGE: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DigestFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DigestFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Final(fwSession, NSSCKFWCryptoOperationType_Digest, NSSCKFWCryptoOperationState_Digest, pDigest, pulDigestLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Sign * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Sign ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_Sign, NSSCKFWCryptoOperationState_SignVerify, pData, ulDataLen, pSignature, pulSignatureLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_INVALID: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: case CKR_FUNCTION_REJECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_DigestUpdate(fwSession, NSSCKFWCryptoOperationType_Sign, NSSCKFWCryptoOperationState_SignVerify, pPart, ulPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Final(fwSession, NSSCKFWCryptoOperationType_Sign, NSSCKFWCryptoOperationState_SignVerify, pSignature, pulSignatureLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: case CKR_FUNCTION_REJECTED: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignRecoverInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignRecoverInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignRecover * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignRecover ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_SignRecover, NSSCKFWCryptoOperationState_SignVerify, pData, ulDataLen, pSignature, pulSignatureLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_INVALID: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_VerifyInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_VerifyInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_Verify * */ NSS_IMPLEMENT CK_RV NSSCKFWC_Verify ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_Verify, NSSCKFWCryptoOperationState_SignVerify, pData, ulDataLen, pSignature, &ulSignatureLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_INVALID: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SIGNATURE_INVALID: case CKR_SIGNATURE_LEN_RANGE: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_VerifyUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_VerifyUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_DigestUpdate(fwSession, NSSCKFWCryptoOperationType_Verify, NSSCKFWCryptoOperationState_SignVerify, pPart, ulPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_VerifyFinal * */ NSS_IMPLEMENT CK_RV NSSCKFWC_VerifyFinal ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_Final(fwSession, NSSCKFWCryptoOperationType_Verify, NSSCKFWCryptoOperationState_SignVerify, pSignature, &ulSignatureLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SIGNATURE_INVALID: case CKR_SIGNATURE_LEN_RANGE: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_VerifyRecoverInit * */ NSS_IMPLEMENT CK_RV NSSCKFWC_VerifyRecoverInit ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, fwSession, fwObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_CLOSED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_VerifyRecover * */ NSS_IMPLEMENT CK_RV NSSCKFWC_VerifyRecover ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateFinal(fwSession, NSSCKFWCryptoOperationType_VerifyRecover, NSSCKFWCryptoOperationState_SignVerify, pSignature, ulSignatureLen, pData, pulDataLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_INVALID: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SIGNATURE_INVALID: case CKR_SIGNATURE_LEN_RANGE: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DigestEncryptUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DigestEncryptUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateCombo(fwSession, NSSCKFWCryptoOperationType_Encrypt, NSSCKFWCryptoOperationType_Digest, NSSCKFWCryptoOperationState_Digest, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DecryptDigestUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DecryptDigestUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateCombo(fwSession, NSSCKFWCryptoOperationType_Decrypt, NSSCKFWCryptoOperationType_Digest, NSSCKFWCryptoOperationState_Digest, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_ENCRYPTED_DATA_INVALID: case CKR_ENCRYPTED_DATA_LEN_RANGE: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; case CKR_DATA_INVALID: error = CKR_ENCRYPTED_DATA_INVALID; break; case CKR_DATA_LEN_RANGE: error = CKR_ENCRYPTED_DATA_LEN_RANGE; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SignEncryptUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SignEncryptUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateCombo(fwSession, NSSCKFWCryptoOperationType_Encrypt, NSSCKFWCryptoOperationType_Sign, NSSCKFWCryptoOperationState_SignVerify, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DecryptVerifyUpdate * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DecryptVerifyUpdate ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } error = nssCKFWSession_UpdateCombo(fwSession, NSSCKFWCryptoOperationType_Decrypt, NSSCKFWCryptoOperationType_Verify, NSSCKFWCryptoOperationState_SignVerify, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DATA_LEN_RANGE: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_ENCRYPTED_DATA_INVALID: case CKR_ENCRYPTED_DATA_LEN_RANGE: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_NOT_INITIALIZED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: break; case CKR_DATA_INVALID: error = CKR_ENCRYPTED_DATA_INVALID; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GenerateKey * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GenerateKey ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } fwObject = nssCKFWMechanism_GenerateKey( fwMechanism, pMechanism, fwSession, pTemplate, ulCount, &error); nssCKFWMechanism_Destroy(fwMechanism); if (!fwObject) { goto loser; } *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCOMPLETE: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GenerateKeyPair * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GenerateKeyPair ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwPrivateKeyObject; NSSCKFWObject *fwPublicKeyObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } error= nssCKFWMechanism_GenerateKeyPair( fwMechanism, pMechanism, fwSession, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPublicKeyTemplate, ulPublicKeyAttributeCount, &fwPublicKeyObject, &fwPrivateKeyObject); nssCKFWMechanism_Destroy(fwMechanism); if (CKR_OK != error) { goto loser; } *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwPublicKeyObject, &error); if (CKR_OK != error) { goto loser; } *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwPrivateKeyObject, &error); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_DOMAIN_PARAMS_INVALID: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCOMPLETE: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_WrapKey * */ NSS_IMPLEMENT CK_RV NSSCKFWC_WrapKey ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwKeyObject; NSSCKFWObject *fwWrappingKeyObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; NSSItem wrappedKey; CK_ULONG wrappedKeyLength = 0; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hWrappingKey); if (!fwWrappingKeyObject) { error = CKR_WRAPPING_KEY_HANDLE_INVALID; goto loser; } fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); if (!fwKeyObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } /* * first get the length... */ wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( fwMechanism, pMechanism, fwSession, fwWrappingKeyObject, fwKeyObject, &error); if ((CK_ULONG) 0 == wrappedKeyLength) { nssCKFWMechanism_Destroy(fwMechanism); goto loser; } if ((CK_BYTE_PTR)NULL == pWrappedKey) { *pulWrappedKeyLen = wrappedKeyLength; nssCKFWMechanism_Destroy(fwMechanism); return CKR_OK; } if (wrappedKeyLength > *pulWrappedKeyLen) { *pulWrappedKeyLen = wrappedKeyLength; nssCKFWMechanism_Destroy(fwMechanism); error = CKR_BUFFER_TOO_SMALL; goto loser; } wrappedKey.data = pWrappedKey; wrappedKey.size = wrappedKeyLength; error = nssCKFWMechanism_WrapKey( fwMechanism, pMechanism, fwSession, fwWrappingKeyObject, fwKeyObject, &wrappedKey); nssCKFWMechanism_Destroy(fwMechanism); *pulWrappedKeyLen = wrappedKey.size; if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_NOT_WRAPPABLE: case CKR_KEY_SIZE_RANGE: case CKR_KEY_UNEXTRACTABLE: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_WRAPPING_KEY_HANDLE_INVALID: case CKR_WRAPPING_KEY_SIZE_RANGE: case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: break; case CKR_KEY_TYPE_INCONSISTENT: error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_UnwrapKey * */ NSS_IMPLEMENT CK_RV NSSCKFWC_UnwrapKey ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWObject *fwWrappingKeyObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; NSSItem wrappedKey; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hUnwrappingKey); if (!fwWrappingKeyObject) { error = CKR_WRAPPING_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } wrappedKey.data = pWrappedKey; wrappedKey.size = ulWrappedKeyLen; fwObject = nssCKFWMechanism_UnwrapKey( fwMechanism, pMechanism, fwSession, fwWrappingKeyObject, &wrappedKey, pTemplate, ulAttributeCount, &error); nssCKFWMechanism_Destroy(fwMechanism); if (!fwObject) { goto loser; } *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_BUFFER_TOO_SMALL: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_DOMAIN_PARAMS_INVALID: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCOMPLETE: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_UNWRAPPING_KEY_HANDLE_INVALID: case CKR_UNWRAPPING_KEY_SIZE_RANGE: case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: case CKR_USER_NOT_LOGGED_IN: case CKR_WRAPPED_KEY_INVALID: case CKR_WRAPPED_KEY_LEN_RANGE: break; case CKR_KEY_HANDLE_INVALID: error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; break; case CKR_KEY_SIZE_RANGE: error = CKR_UNWRAPPING_KEY_SIZE_RANGE; break; case CKR_KEY_TYPE_INCONSISTENT: error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; break; case CKR_ENCRYPTED_DATA_INVALID: error = CKR_WRAPPED_KEY_INVALID; break; case CKR_ENCRYPTED_DATA_LEN_RANGE: error = CKR_WRAPPED_KEY_LEN_RANGE; break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_DeriveKey * */ NSS_IMPLEMENT CK_RV NSSCKFWC_DeriveKey ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSCKFWObject *fwObject; NSSCKFWObject *fwBaseKeyObject; NSSCKFWSlot *fwSlot; NSSCKFWToken *fwToken; NSSCKFWMechanism *fwMechanism; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); if (!fwBaseKeyObject) { error = CKR_KEY_HANDLE_INVALID; goto loser; } fwSlot = nssCKFWSession_GetFWSlot(fwSession); if (!fwSlot) { error = CKR_GENERAL_ERROR; /* should never happen! */ goto loser; } if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { error = CKR_TOKEN_NOT_PRESENT; goto loser; } fwToken = nssCKFWSlot_GetToken(fwSlot, &error); if (!fwToken) { goto loser; } fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); if (!fwMechanism) { goto loser; } fwObject = nssCKFWMechanism_DeriveKey( fwMechanism, pMechanism, fwSession, fwBaseKeyObject, pTemplate, ulAttributeCount, &error); nssCKFWMechanism_Destroy(fwMechanism); if (!fwObject) { goto loser; } *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); if (CKR_OK == error) { return CKR_OK; } loser: /* verify error */ switch( error ) { case CKR_ARGUMENTS_BAD: case CKR_ATTRIBUTE_READ_ONLY: case CKR_ATTRIBUTE_TYPE_INVALID: case CKR_ATTRIBUTE_VALUE_INVALID: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_DEVICE_REMOVED: case CKR_DOMAIN_PARAMS_INVALID: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_KEY_HANDLE_INVALID: case CKR_KEY_SIZE_RANGE: case CKR_KEY_TYPE_INCONSISTENT: case CKR_MECHANISM_INVALID: case CKR_MECHANISM_PARAM_INVALID: case CKR_OPERATION_ACTIVE: case CKR_PIN_EXPIRED: case CKR_SESSION_CLOSED: case CKR_SESSION_HANDLE_INVALID: case CKR_SESSION_READ_ONLY: case CKR_TEMPLATE_INCOMPLETE: case CKR_TEMPLATE_INCONSISTENT: case CKR_TOKEN_WRITE_PROTECTED: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_SeedRandom * */ NSS_IMPLEMENT CK_RV NSSCKFWC_SeedRandom ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSItem seed; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* We could read through the buffer in a Purify trap */ seed.size = (PRUint32)ulSeedLen; seed.data = (void *)pSeed; error = nssCKFWSession_SeedRandom(fwSession, &seed); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_ACTIVE: case CKR_RANDOM_SEED_NOT_SUPPORTED: case CKR_RANDOM_NO_RNG: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GenerateRandom * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GenerateRandom ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen ) { CK_RV error = CKR_OK; NSSCKFWSession *fwSession; NSSItem buffer; if (!fwInstance) { error = CKR_CRYPTOKI_NOT_INITIALIZED; goto loser; } fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); if (!fwSession) { error = CKR_SESSION_HANDLE_INVALID; goto loser; } if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { error = CKR_ARGUMENTS_BAD; goto loser; } /* * A purify error here indicates caller error. */ (void)nsslibc_memset(pRandomData, 0, ulRandomLen); buffer.size = (PRUint32)ulRandomLen; buffer.data = (void *)pRandomData; error = nssCKFWSession_GetRandom(fwSession, &buffer); if( CKR_OK != error ) { goto loser; } return CKR_OK; loser: switch( error ) { case CKR_SESSION_CLOSED: /* destroy session? */ break; case CKR_DEVICE_REMOVED: /* (void)nssCKFWToken_Destroy(fwToken); */ break; case CKR_ARGUMENTS_BAD: case CKR_CRYPTOKI_NOT_INITIALIZED: case CKR_DEVICE_ERROR: case CKR_DEVICE_MEMORY: case CKR_FUNCTION_CANCELED: case CKR_FUNCTION_FAILED: case CKR_GENERAL_ERROR: case CKR_HOST_MEMORY: case CKR_OPERATION_ACTIVE: case CKR_RANDOM_NO_RNG: case CKR_SESSION_HANDLE_INVALID: case CKR_USER_NOT_LOGGED_IN: break; default: case CKR_OK: error = CKR_GENERAL_ERROR; break; } return error; } /* * NSSCKFWC_GetFunctionStatus * */ NSS_IMPLEMENT CK_RV NSSCKFWC_GetFunctionStatus ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession ) { return CKR_FUNCTION_NOT_PARALLEL; } /* * NSSCKFWC_CancelFunction * */ NSS_IMPLEMENT CK_RV NSSCKFWC_CancelFunction ( NSSCKFWInstance *fwInstance, CK_SESSION_HANDLE hSession ) { return CKR_FUNCTION_NOT_PARALLEL; }