| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| /* |
| * mechanism.c |
| * |
| * This file implements the NSSCKFWMechanism type and methods. |
| */ |
| |
| #ifndef CK_T |
| #include "ck.h" |
| #endif /* CK_T */ |
| |
| /* |
| * NSSCKFWMechanism |
| * |
| * -- create/destroy -- |
| * nssCKFWMechanism_Create |
| * nssCKFWMechanism_Destroy |
| * |
| * -- implement public accessors -- |
| * nssCKFWMechanism_GetMDMechanism |
| * nssCKFWMechanism_GetParameter |
| * |
| * -- private accessors -- |
| * |
| * -- module fronts -- |
| * nssCKFWMechanism_GetMinKeySize |
| * nssCKFWMechanism_GetMaxKeySize |
| * nssCKFWMechanism_GetInHardware |
| * nssCKFWMechanism_GetCanEncrypt |
| * nssCKFWMechanism_GetCanDecrypt |
| * nssCKFWMechanism_GetCanDigest |
| * nssCKFWMechanism_GetCanSign |
| * nssCKFWMechanism_GetCanSignRecover |
| * nssCKFWMechanism_GetCanVerify |
| * nssCKFWMechanism_GetCanGenerate |
| * nssCKFWMechanism_GetCanGenerateKeyPair |
| * nssCKFWMechanism_GetCanUnwrap |
| * nssCKFWMechanism_GetCanWrap |
| * nssCKFWMechanism_GetCanDerive |
| * nssCKFWMechanism_EncryptInit |
| * nssCKFWMechanism_DecryptInit |
| * nssCKFWMechanism_DigestInit |
| * nssCKFWMechanism_SignInit |
| * nssCKFWMechanism_VerifyInit |
| * nssCKFWMechanism_SignRecoverInit |
| * nssCKFWMechanism_VerifyRecoverInit |
| * nssCKFWMechanism_GenerateKey |
| * nssCKFWMechanism_GenerateKeyPair |
| * nssCKFWMechanism_GetWrapKeyLength |
| * nssCKFWMechanism_WrapKey |
| * nssCKFWMechanism_UnwrapKey |
| * nssCKFWMechanism_DeriveKey |
| */ |
| |
| struct NSSCKFWMechanismStr { |
| NSSCKMDMechanism *mdMechanism; |
| NSSCKMDToken *mdToken; |
| NSSCKFWToken *fwToken; |
| NSSCKMDInstance *mdInstance; |
| NSSCKFWInstance *fwInstance; |
| }; |
| |
| /* |
| * nssCKFWMechanism_Create |
| * |
| */ |
| NSS_IMPLEMENT NSSCKFWMechanism * |
| nssCKFWMechanism_Create( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance) |
| { |
| NSSCKFWMechanism *fwMechanism; |
| |
| fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); |
| if (!fwMechanism) { |
| return (NSSCKFWMechanism *)NULL; |
| } |
| fwMechanism->mdMechanism = mdMechanism; |
| fwMechanism->mdToken = mdToken; |
| fwMechanism->fwToken = fwToken; |
| fwMechanism->mdInstance = mdInstance; |
| fwMechanism->fwInstance = fwInstance; |
| return fwMechanism; |
| } |
| |
| /* |
| * nssCKFWMechanism_Destroy |
| * |
| */ |
| NSS_IMPLEMENT void |
| nssCKFWMechanism_Destroy( |
| NSSCKFWMechanism *fwMechanism) |
| { |
| /* destroy any fw resources held by nssCKFWMechanism (currently none) */ |
| |
| if (fwMechanism->mdMechanism->Destroy) { |
| /* destroys it's parent as well */ |
| fwMechanism->mdMechanism->Destroy( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance); |
| } |
| /* if the Destroy function wasn't supplied, then the mechanism is 'static', |
| * and there is nothing to destroy */ |
| return; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetMDMechanism |
| * |
| */ |
| NSS_IMPLEMENT NSSCKMDMechanism * |
| nssCKFWMechanism_GetMDMechanism( |
| NSSCKFWMechanism *fwMechanism) |
| { |
| return fwMechanism->mdMechanism; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetMinKeySize |
| * |
| */ |
| NSS_IMPLEMENT CK_ULONG |
| nssCKFWMechanism_GetMinKeySize( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->GetMinKeySize) { |
| return 0; |
| } |
| |
| return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, |
| fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, pError); |
| } |
| |
| /* |
| * nssCKFWMechanism_GetMaxKeySize |
| * |
| */ |
| NSS_IMPLEMENT CK_ULONG |
| nssCKFWMechanism_GetMaxKeySize( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->GetMaxKeySize) { |
| return 0; |
| } |
| |
| return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, |
| fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, pError); |
| } |
| |
| /* |
| * nssCKFWMechanism_GetInHardware |
| * |
| */ |
| NSS_IMPLEMENT CK_BBOOL |
| nssCKFWMechanism_GetInHardware( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->GetInHardware) { |
| return CK_FALSE; |
| } |
| |
| return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, |
| fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, pError); |
| } |
| |
| /* |
| * the following are determined automatically by which of the cryptographic |
| * functions are defined for this mechanism. |
| */ |
| /* |
| * nssCKFWMechanism_GetCanEncrypt |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanEncrypt( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->EncryptInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanDecrypt |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanDecrypt( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->DecryptInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanDigest |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanDigest( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->DigestInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanSign |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanSign( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->SignInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanSignRecover |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanSignRecover( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->SignRecoverInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanVerify |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanVerify( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->VerifyInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanVerifyRecover |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanVerifyRecover( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->VerifyRecoverInit) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanGenerate |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanGenerate( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->GenerateKey) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanGenerateKeyPair |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanGenerateKeyPair( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->GenerateKeyPair) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanUnwrap |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanUnwrap( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->UnwrapKey) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanWrap |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanWrap( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->WrapKey) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetCanDerive |
| * |
| */ |
| NSS_EXTERN CK_BBOOL |
| nssCKFWMechanism_GetCanDerive( |
| NSSCKFWMechanism *fwMechanism, |
| CK_RV *pError) |
| { |
| if (!fwMechanism->mdMechanism->DeriveKey) { |
| return CK_FALSE; |
| } |
| return CK_TRUE; |
| } |
| |
| /* |
| * These are the actual crypto operations |
| */ |
| |
| /* |
| * nssCKFWMechanism_EncryptInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_EncryptInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_EncryptDecrypt); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->EncryptInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->EncryptInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_Encrypt, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_EncryptDecrypt); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_DecryptInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_DecryptInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_EncryptDecrypt); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->DecryptInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->DecryptInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_Decrypt, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_EncryptDecrypt); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_DigestInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_DigestInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_Digest); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->DigestInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdOperation = fwMechanism->mdMechanism->DigestInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_Digest, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_Digest); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_SignInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_SignInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_SignVerify); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->SignInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->SignInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_Sign, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_SignVerify); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_VerifyInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_VerifyInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_SignVerify); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->VerifyInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->VerifyInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_Verify, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_SignVerify); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_SignRecoverInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_SignRecoverInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_SignVerify); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->SignRecoverInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->SignRecoverInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_SignRecover, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_SignVerify); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_VerifyRecoverInit |
| * Start an encryption session. |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_VerifyRecoverInit( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM *pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwObject) |
| { |
| NSSCKFWCryptoOperation *fwOperation; |
| NSSCKMDCryptoOperation *mdOperation; |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| CK_RV error = CKR_OK; |
| |
| fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, |
| NSSCKFWCryptoOperationState_SignVerify); |
| if (fwOperation) { |
| return CKR_OPERATION_ACTIVE; |
| } |
| |
| if (!fwMechanism->mdMechanism->VerifyRecoverInit) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = nssCKFWObject_GetMDObject(fwObject); |
| mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdObject, |
| fwObject, |
| &error); |
| if (!mdOperation) { |
| goto loser; |
| } |
| |
| fwOperation = nssCKFWCryptoOperation_Create(mdOperation, |
| mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, |
| fwMechanism->mdInstance, fwMechanism->fwInstance, |
| NSSCKFWCryptoOperationType_VerifyRecover, &error); |
| if (fwOperation) { |
| nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, |
| NSSCKFWCryptoOperationState_SignVerify); |
| } |
| |
| loser: |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_GenerateKey |
| */ |
| NSS_EXTERN NSSCKFWObject * |
| nssCKFWMechanism_GenerateKey( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| NSSCKFWObject *fwObject = NULL; |
| NSSArena *arena; |
| |
| if (!fwMechanism->mdMechanism->GenerateKey) { |
| *pError = CKR_FUNCTION_FAILED; |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); |
| if (!arena) { |
| if (CKR_OK == *pError) { |
| *pError = CKR_GENERAL_ERROR; |
| } |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdObject = fwMechanism->mdMechanism->GenerateKey( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| pTemplate, |
| ulAttributeCount, |
| pError); |
| |
| if (!mdObject) { |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| fwObject = nssCKFWObject_Create(arena, mdObject, |
| fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); |
| |
| return fwObject; |
| } |
| |
| /* |
| * nssCKFWMechanism_GenerateKeyPair |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_GenerateKeyPair( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| CK_ATTRIBUTE_PTR pPublicKeyTemplate, |
| CK_ULONG ulPublicKeyAttributeCount, |
| CK_ATTRIBUTE_PTR pPrivateKeyTemplate, |
| CK_ULONG ulPrivateKeyAttributeCount, |
| NSSCKFWObject **fwPublicKeyObject, |
| NSSCKFWObject **fwPrivateKeyObject) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdPublicKeyObject; |
| NSSCKMDObject *mdPrivateKeyObject; |
| NSSArena *arena; |
| CK_RV error = CKR_OK; |
| |
| if (!fwMechanism->mdMechanism->GenerateKeyPair) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); |
| if (!arena) { |
| if (CKR_OK == error) { |
| error = CKR_GENERAL_ERROR; |
| } |
| return error; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| error = fwMechanism->mdMechanism->GenerateKeyPair( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| pPublicKeyTemplate, |
| ulPublicKeyAttributeCount, |
| pPrivateKeyTemplate, |
| ulPrivateKeyAttributeCount, |
| &mdPublicKeyObject, |
| &mdPrivateKeyObject); |
| |
| if (CKR_OK != error) { |
| return error; |
| } |
| |
| *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, |
| fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); |
| if (!*fwPublicKeyObject) { |
| return error; |
| } |
| *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, |
| fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); |
| |
| return error; |
| } |
| |
| /* |
| * nssCKFWMechanism_GetWrapKeyLength |
| */ |
| NSS_EXTERN CK_ULONG |
| nssCKFWMechanism_GetWrapKeyLength( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwWrappingKeyObject, |
| NSSCKFWObject *fwKeyObject, |
| CK_RV *pError) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdWrappingKeyObject; |
| NSSCKMDObject *mdKeyObject; |
| |
| if (!fwMechanism->mdMechanism->WrapKey) { |
| *pError = CKR_FUNCTION_FAILED; |
| return (CK_ULONG)0; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); |
| mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); |
| return fwMechanism->mdMechanism->GetWrapKeyLength( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdWrappingKeyObject, |
| fwWrappingKeyObject, |
| mdKeyObject, |
| fwKeyObject, |
| pError); |
| } |
| |
| /* |
| * nssCKFWMechanism_WrapKey |
| */ |
| NSS_EXTERN CK_RV |
| nssCKFWMechanism_WrapKey( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwWrappingKeyObject, |
| NSSCKFWObject *fwKeyObject, |
| NSSItem *wrappedKey) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdWrappingKeyObject; |
| NSSCKMDObject *mdKeyObject; |
| |
| if (!fwMechanism->mdMechanism->WrapKey) { |
| return CKR_FUNCTION_FAILED; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); |
| mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); |
| return fwMechanism->mdMechanism->WrapKey( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdWrappingKeyObject, |
| fwWrappingKeyObject, |
| mdKeyObject, |
| fwKeyObject, |
| wrappedKey); |
| } |
| |
| /* |
| * nssCKFWMechanism_UnwrapKey |
| */ |
| NSS_EXTERN NSSCKFWObject * |
| nssCKFWMechanism_UnwrapKey( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwWrappingKeyObject, |
| NSSItem *wrappedKey, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| NSSCKMDObject *mdWrappingKeyObject; |
| NSSCKFWObject *fwObject = NULL; |
| NSSArena *arena; |
| |
| if (!fwMechanism->mdMechanism->UnwrapKey) { |
| /* we could simulate UnwrapKey using Decrypt and Create object, but |
| * 1) it's not clear that would work well, and 2) the low level token |
| * may want to restrict unwrap key for a reason, so just fail it it |
| * can't be done */ |
| *pError = CKR_FUNCTION_FAILED; |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); |
| if (!arena) { |
| if (CKR_OK == *pError) { |
| *pError = CKR_GENERAL_ERROR; |
| } |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); |
| mdObject = fwMechanism->mdMechanism->UnwrapKey( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdWrappingKeyObject, |
| fwWrappingKeyObject, |
| wrappedKey, |
| pTemplate, |
| ulAttributeCount, |
| pError); |
| |
| if (!mdObject) { |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| fwObject = nssCKFWObject_Create(arena, mdObject, |
| fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); |
| |
| return fwObject; |
| } |
| |
| /* |
| * nssCKFWMechanism_DeriveKey |
| */ |
| NSS_EXTERN NSSCKFWObject * |
| nssCKFWMechanism_DeriveKey( |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKFWSession *fwSession, |
| NSSCKFWObject *fwBaseKeyObject, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError) |
| { |
| NSSCKMDSession *mdSession; |
| NSSCKMDObject *mdObject; |
| NSSCKMDObject *mdBaseKeyObject; |
| NSSCKFWObject *fwObject = NULL; |
| NSSArena *arena; |
| |
| if (!fwMechanism->mdMechanism->DeriveKey) { |
| *pError = CKR_FUNCTION_FAILED; |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); |
| if (!arena) { |
| if (CKR_OK == *pError) { |
| *pError = CKR_GENERAL_ERROR; |
| } |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| mdSession = nssCKFWSession_GetMDSession(fwSession); |
| mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); |
| mdObject = fwMechanism->mdMechanism->DeriveKey( |
| fwMechanism->mdMechanism, |
| fwMechanism, |
| pMechanism, |
| mdSession, |
| fwSession, |
| fwMechanism->mdToken, |
| fwMechanism->fwToken, |
| fwMechanism->mdInstance, |
| fwMechanism->fwInstance, |
| mdBaseKeyObject, |
| fwBaseKeyObject, |
| pTemplate, |
| ulAttributeCount, |
| pError); |
| |
| if (!mdObject) { |
| return (NSSCKFWObject *)NULL; |
| } |
| |
| fwObject = nssCKFWObject_Create(arena, mdObject, |
| fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); |
| |
| return fwObject; |
| } |