/*
* nssCKFWMechanism_VerifyRecoverInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
nssCKFWMechanism_VerifyRecoverInit
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM *pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwObject
)
{
NSSCKFWCryptoOperation *fwOperation;
NSSCKMDCryptoOperation *mdOperation;
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
CK_RV error = CKR_OK;
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
return CKR_FUNCTION_FAILED;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdObject = nssCKFWObject_GetMDObject(fwObject);
mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdObject,
fwObject,
&error
);
if (!mdOperation) {
goto loser;
}
fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_VerifyRecover, &error);
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
loser:
return error;
}
/*
* nssCKFWMechanism_DeriveKey
*/
NSS_EXTERN NSSCKFWObject *
nssCKFWMechanism_DeriveKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwBaseKeyObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
NSSCKMDObject *mdBaseKeyObject;
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if (!fwMechanism->mdMechanism->DeriveKey) {
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWObject *)NULL;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
mdObject = fwMechanism->mdMechanism->DeriveKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdBaseKeyObject,
fwBaseKeyObject,
pTemplate,
ulAttributeCount,
pError);
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
fwObject = nssCKFWObject_Create(arena, mdObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
return fwObject;
}
/*
* nssCKFWMechanism_GetWrapKeyLength
*/
NSS_EXTERN CK_ULONG
nssCKFWMechanism_GetWrapKeyLength
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSCKFWObject *fwKeyObject,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if (!fwMechanism->mdMechanism->WrapKey) {
*pError = CKR_FUNCTION_FAILED;
return (CK_ULONG) 0;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
return fwMechanism->mdMechanism->GetWrapKeyLength(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
mdKeyObject,
fwKeyObject,
pError);
}
/*
* nssCKFWMechanism_WrapKey
*/
NSS_EXTERN CK_RV
nssCKFWMechanism_WrapKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSCKFWObject *fwKeyObject,
NSSItem *wrappedKey
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if (!fwMechanism->mdMechanism->WrapKey) {
return CKR_FUNCTION_FAILED;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
return fwMechanism->mdMechanism->WrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
mdKeyObject,
fwKeyObject,
wrappedKey);
}
/*
* nssCKFWFindObjects_Create
*
*/
NSS_EXTERN NSSCKFWFindObjects *
nssCKFWFindObjects_Create
(
NSSCKFWSession *fwSession,
NSSCKFWToken *fwToken,
NSSCKFWInstance *fwInstance,
NSSCKMDFindObjects *mdFindObjects1,
NSSCKMDFindObjects *mdFindObjects2,
CK_RV *pError
)
{
NSSCKFWFindObjects *fwFindObjects = NULL;
NSSCKMDSession *mdSession;
NSSCKMDToken *mdToken;
NSSCKMDInstance *mdInstance;
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdToken = nssCKFWToken_GetMDToken(fwToken);
mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
if (!fwFindObjects) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
fwFindObjects->mdfo1 = mdFindObjects1;
fwFindObjects->mdfo2 = mdFindObjects2;
fwFindObjects->fwSession = fwSession;
fwFindObjects->mdSession = mdSession;
fwFindObjects->fwToken = fwToken;
fwFindObjects->mdToken = mdToken;
fwFindObjects->fwInstance = fwInstance;
fwFindObjects->mdInstance = mdInstance;
fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
if (!fwFindObjects->mutex) {
goto loser;
}
#ifdef DEBUG
*pError = findObjects_add_pointer(fwFindObjects);
if( CKR_OK != *pError ) {
goto loser;
}
#endif /* DEBUG */
return fwFindObjects;
loser:
if( fwFindObjects ) {
if( NULL != mdFindObjects1 ) {
if( NULL != mdFindObjects1->Final ) {
fwFindObjects->mdFindObjects = mdFindObjects1;
mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession,
fwSession, mdToken, fwToken, mdInstance, fwInstance);
}
}
if( NULL != mdFindObjects2 ) {
if( NULL != mdFindObjects2->Final ) {
fwFindObjects->mdFindObjects = mdFindObjects2;
mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession,
fwSession, mdToken, fwToken, mdInstance, fwInstance);
}
}
nss_ZFreeIf(fwFindObjects);
}
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWFindObjects *)NULL;
}
/*
* nssCKFWMechanism_GenerateKeyPair
*/
NSS_EXTERN CK_RV
nssCKFWMechanism_GenerateKeyPair
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
NSSCKFWObject **fwPublicKeyObject,
NSSCKFWObject **fwPrivateKeyObject
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdPublicKeyObject;
NSSCKMDObject *mdPrivateKeyObject;
NSSArena *arena;
CK_RV error = CKR_OK;
if (!fwMechanism->mdMechanism->GenerateKeyPair) {
return CKR_FUNCTION_FAILED;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
if (!arena) {
if (CKR_OK == error) {
error = CKR_GENERAL_ERROR;
}
return error;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
error = fwMechanism->mdMechanism->GenerateKeyPair(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
pPublicKeyTemplate,
ulPublicKeyAttributeCount,
pPrivateKeyTemplate,
ulPrivateKeyAttributeCount,
&mdPublicKeyObject,
&mdPrivateKeyObject);
if (CKR_OK != error) {
return error;
}
*fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
if (!*fwPublicKeyObject) {
return error;
}
*fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
return error;
}
/*
* nssCKFWMechanism_UnwrapKey
*/
NSS_EXTERN NSSCKFWObject *
nssCKFWMechanism_UnwrapKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSItem *wrappedKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if (!fwMechanism->mdMechanism->UnwrapKey) {
/* we could simulate UnwrapKey using Decrypt and Create object, but
* 1) it's not clear that would work well, and 2) the low level token
* may want to restrict unwrap key for a reason, so just fail it it
* can't be done */
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWObject *)NULL;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdObject = fwMechanism->mdMechanism->UnwrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
wrappedKey,
pTemplate,
ulAttributeCount,
pError);
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
fwObject = nssCKFWObject_Create(arena, mdObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
return fwObject;
}
/*
* nssCKFWObject_Create
*
*/
NSS_IMPLEMENT NSSCKFWObject *
nssCKFWObject_Create
(
NSSArena *arena,
NSSCKMDObject *mdObject,
NSSCKFWSession *fwSession,
NSSCKFWToken *fwToken,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
{
NSSCKFWObject *fwObject;
nssCKFWHash *mdObjectHash;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
return (NSSCKFWObject *)NULL;
}
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
*pError = CKR_ARGUMENTS_BAD;
return (NSSCKFWObject *)NULL;
}
#endif /* NSSDEBUG */
if( (NSSCKFWToken *)NULL == fwToken ) {
*pError = CKR_ARGUMENTS_BAD;
return (NSSCKFWObject *)NULL;
}
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
if( (nssCKFWHash *)NULL == mdObjectHash ) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWObject *)NULL;
}
if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) {
fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject);
return fwObject;
}
fwObject = nss_ZNEW(arena, NSSCKFWObject);
if( (NSSCKFWObject *)NULL == fwObject ) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWObject *)NULL;
}
fwObject->arena = arena;
fwObject->mdObject = mdObject;
fwObject->fwSession = fwSession;
if( (NSSCKFWSession *)NULL != fwSession ) {
fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
}
fwObject->fwToken = fwToken;
fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken);
fwObject->fwInstance = fwInstance;
fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if( (NSSCKFWMutex *)NULL == fwObject->mutex ) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWObject *)NULL;
}
*pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject);
if( CKR_OK != *pError ) {
nss_ZFreeIf(fwObject);
return (NSSCKFWObject *)NULL;
}
#ifdef DEBUG
*pError = object_add_pointer(fwObject);
if( CKR_OK != *pError ) {
nssCKFWHash_Remove(mdObjectHash, mdObject);
nss_ZFreeIf(fwObject);
return (NSSCKFWObject *)NULL;
}
#endif /* DEBUG */
*pError = CKR_OK;
return fwObject;
}
