/* * nssCKFWMechanism_VerifyRecoverInit * Start an encryption session. */ NSS_EXTERN CK_RV nssCKFWMechanism_VerifyRecoverInit ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM *pMechanism, NSSCKFWSession *fwSession, NSSCKFWObject *fwObject ) { NSSCKFWCryptoOperation *fwOperation; NSSCKMDCryptoOperation *mdOperation; NSSCKMDSession *mdSession; NSSCKMDObject *mdObject; CK_RV error = CKR_OK; fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, NSSCKFWCryptoOperationState_SignVerify); if (fwOperation) { return CKR_OPERATION_ACTIVE; } if (!fwMechanism->mdMechanism->VerifyRecoverInit) { return CKR_FUNCTION_FAILED; } mdSession = nssCKFWSession_GetMDSession(fwSession); mdObject = nssCKFWObject_GetMDObject(fwObject); mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, mdObject, fwObject, &error ); if (!mdOperation) { goto loser; } fwOperation = nssCKFWCryptoOperation_Create(mdOperation, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, NSSCKFWCryptoOperationType_VerifyRecover, &error); if (fwOperation) { nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, NSSCKFWCryptoOperationState_SignVerify); } loser: return error; }
/* * nssCKFWMechanism_DeriveKey */ NSS_EXTERN NSSCKFWObject * nssCKFWMechanism_DeriveKey ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM_PTR pMechanism, NSSCKFWSession *fwSession, NSSCKFWObject *fwBaseKeyObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError ) { NSSCKMDSession *mdSession; NSSCKMDObject *mdObject; NSSCKMDObject *mdBaseKeyObject; NSSCKFWObject *fwObject = NULL; NSSArena *arena; if (!fwMechanism->mdMechanism->DeriveKey) { *pError = CKR_FUNCTION_FAILED; return (NSSCKFWObject *)NULL; } arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); if (!arena) { if (CKR_OK == *pError) { *pError = CKR_GENERAL_ERROR; } return (NSSCKFWObject *)NULL; } mdSession = nssCKFWSession_GetMDSession(fwSession); mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); mdObject = fwMechanism->mdMechanism->DeriveKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, mdBaseKeyObject, fwBaseKeyObject, pTemplate, ulAttributeCount, pError); if (!mdObject) { return (NSSCKFWObject *)NULL; } fwObject = nssCKFWObject_Create(arena, mdObject, fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); return fwObject; }
/* * nssCKFWMechanism_GetWrapKeyLength */ NSS_EXTERN CK_ULONG nssCKFWMechanism_GetWrapKeyLength ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM_PTR pMechanism, NSSCKFWSession *fwSession, NSSCKFWObject *fwWrappingKeyObject, NSSCKFWObject *fwKeyObject, CK_RV *pError ) { NSSCKMDSession *mdSession; NSSCKMDObject *mdWrappingKeyObject; NSSCKMDObject *mdKeyObject; if (!fwMechanism->mdMechanism->WrapKey) { *pError = CKR_FUNCTION_FAILED; return (CK_ULONG) 0; } mdSession = nssCKFWSession_GetMDSession(fwSession); mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); return fwMechanism->mdMechanism->GetWrapKeyLength( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, mdWrappingKeyObject, fwWrappingKeyObject, mdKeyObject, fwKeyObject, pError); }
/* * nssCKFWMechanism_WrapKey */ NSS_EXTERN CK_RV nssCKFWMechanism_WrapKey ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM_PTR pMechanism, NSSCKFWSession *fwSession, NSSCKFWObject *fwWrappingKeyObject, NSSCKFWObject *fwKeyObject, NSSItem *wrappedKey ) { NSSCKMDSession *mdSession; NSSCKMDObject *mdWrappingKeyObject; NSSCKMDObject *mdKeyObject; if (!fwMechanism->mdMechanism->WrapKey) { return CKR_FUNCTION_FAILED; } mdSession = nssCKFWSession_GetMDSession(fwSession); mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); return fwMechanism->mdMechanism->WrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, mdWrappingKeyObject, fwWrappingKeyObject, mdKeyObject, fwKeyObject, wrappedKey); }
/* * nssCKFWFindObjects_Create * */ NSS_EXTERN NSSCKFWFindObjects * nssCKFWFindObjects_Create ( NSSCKFWSession *fwSession, NSSCKFWToken *fwToken, NSSCKFWInstance *fwInstance, NSSCKMDFindObjects *mdFindObjects1, NSSCKMDFindObjects *mdFindObjects2, CK_RV *pError ) { NSSCKFWFindObjects *fwFindObjects = NULL; NSSCKMDSession *mdSession; NSSCKMDToken *mdToken; NSSCKMDInstance *mdInstance; mdSession = nssCKFWSession_GetMDSession(fwSession); mdToken = nssCKFWToken_GetMDToken(fwToken); mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); if (!fwFindObjects) { *pError = CKR_HOST_MEMORY; goto loser; } fwFindObjects->mdfo1 = mdFindObjects1; fwFindObjects->mdfo2 = mdFindObjects2; fwFindObjects->fwSession = fwSession; fwFindObjects->mdSession = mdSession; fwFindObjects->fwToken = fwToken; fwFindObjects->mdToken = mdToken; fwFindObjects->fwInstance = fwInstance; fwFindObjects->mdInstance = mdInstance; fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); if (!fwFindObjects->mutex) { goto loser; } #ifdef DEBUG *pError = findObjects_add_pointer(fwFindObjects); if( CKR_OK != *pError ) { goto loser; } #endif /* DEBUG */ return fwFindObjects; loser: if( fwFindObjects ) { if( NULL != mdFindObjects1 ) { if( NULL != mdFindObjects1->Final ) { fwFindObjects->mdFindObjects = mdFindObjects1; mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, fwSession, mdToken, fwToken, mdInstance, fwInstance); } } if( NULL != mdFindObjects2 ) { if( NULL != mdFindObjects2->Final ) { fwFindObjects->mdFindObjects = mdFindObjects2; mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, fwSession, mdToken, fwToken, mdInstance, fwInstance); } } nss_ZFreeIf(fwFindObjects); } if( CKR_OK == *pError ) { *pError = CKR_GENERAL_ERROR; } return (NSSCKFWFindObjects *)NULL; }
/* * nssCKFWMechanism_GenerateKeyPair */ NSS_EXTERN CK_RV nssCKFWMechanism_GenerateKeyPair ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM_PTR pMechanism, NSSCKFWSession *fwSession, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, NSSCKFWObject **fwPublicKeyObject, NSSCKFWObject **fwPrivateKeyObject ) { NSSCKMDSession *mdSession; NSSCKMDObject *mdPublicKeyObject; NSSCKMDObject *mdPrivateKeyObject; NSSArena *arena; CK_RV error = CKR_OK; if (!fwMechanism->mdMechanism->GenerateKeyPair) { return CKR_FUNCTION_FAILED; } arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); if (!arena) { if (CKR_OK == error) { error = CKR_GENERAL_ERROR; } return error; } mdSession = nssCKFWSession_GetMDSession(fwSession); error = fwMechanism->mdMechanism->GenerateKeyPair( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, &mdPublicKeyObject, &mdPrivateKeyObject); if (CKR_OK != error) { return error; } *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); if (!*fwPublicKeyObject) { return error; } *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); return error; }
/* * nssCKFWMechanism_UnwrapKey */ NSS_EXTERN NSSCKFWObject * nssCKFWMechanism_UnwrapKey ( NSSCKFWMechanism *fwMechanism, CK_MECHANISM_PTR pMechanism, NSSCKFWSession *fwSession, NSSCKFWObject *fwWrappingKeyObject, NSSItem *wrappedKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError ) { NSSCKMDSession *mdSession; NSSCKMDObject *mdObject; NSSCKMDObject *mdWrappingKeyObject; NSSCKFWObject *fwObject = NULL; NSSArena *arena; if (!fwMechanism->mdMechanism->UnwrapKey) { /* we could simulate UnwrapKey using Decrypt and Create object, but * 1) it's not clear that would work well, and 2) the low level token * may want to restrict unwrap key for a reason, so just fail it it * can't be done */ *pError = CKR_FUNCTION_FAILED; return (NSSCKFWObject *)NULL; } arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); if (!arena) { if (CKR_OK == *pError) { *pError = CKR_GENERAL_ERROR; } return (NSSCKFWObject *)NULL; } mdSession = nssCKFWSession_GetMDSession(fwSession); mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); mdObject = fwMechanism->mdMechanism->UnwrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, mdWrappingKeyObject, fwWrappingKeyObject, wrappedKey, pTemplate, ulAttributeCount, pError); if (!mdObject) { return (NSSCKFWObject *)NULL; } fwObject = nssCKFWObject_Create(arena, mdObject, fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); return fwObject; }
/* * nssCKFWObject_Create * */ NSS_IMPLEMENT NSSCKFWObject * nssCKFWObject_Create ( NSSArena *arena, NSSCKMDObject *mdObject, NSSCKFWSession *fwSession, NSSCKFWToken *fwToken, NSSCKFWInstance *fwInstance, CK_RV *pError ) { NSSCKFWObject *fwObject; nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG if( (CK_RV *)NULL == pError ) { return (NSSCKFWObject *)NULL; } if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { *pError = CKR_ARGUMENTS_BAD; return (NSSCKFWObject *)NULL; } #endif /* NSSDEBUG */ if( (NSSCKFWToken *)NULL == fwToken ) { *pError = CKR_ARGUMENTS_BAD; return (NSSCKFWObject *)NULL; } mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); if( (nssCKFWHash *)NULL == mdObjectHash ) { *pError = CKR_GENERAL_ERROR; return (NSSCKFWObject *)NULL; } if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) { fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); return fwObject; } fwObject = nss_ZNEW(arena, NSSCKFWObject); if( (NSSCKFWObject *)NULL == fwObject ) { *pError = CKR_HOST_MEMORY; return (NSSCKFWObject *)NULL; } fwObject->arena = arena; fwObject->mdObject = mdObject; fwObject->fwSession = fwSession; if( (NSSCKFWSession *)NULL != fwSession ) { fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); } fwObject->fwToken = fwToken; fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); fwObject->fwInstance = fwInstance; fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); if( (NSSCKFWMutex *)NULL == fwObject->mutex ) { if( CKR_OK == *pError ) { *pError = CKR_GENERAL_ERROR; } return (NSSCKFWObject *)NULL; } *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); if( CKR_OK != *pError ) { nss_ZFreeIf(fwObject); return (NSSCKFWObject *)NULL; } #ifdef DEBUG *pError = object_add_pointer(fwObject); if( CKR_OK != *pError ) { nssCKFWHash_Remove(mdObjectHash, mdObject); nss_ZFreeIf(fwObject); return (NSSCKFWObject *)NULL; } #endif /* DEBUG */ *pError = CKR_OK; return fwObject; }