/*
* nssCKFWMechanism_VerifyRecoverInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
nssCKFWMechanism_VerifyRecoverInit
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM *pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwObject
)
{
NSSCKFWCryptoOperation *fwOperation;
NSSCKMDCryptoOperation *mdOperation;
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
CK_RV error = CKR_OK;
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
return CKR_FUNCTION_FAILED;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdObject = nssCKFWObject_GetMDObject(fwObject);
mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdObject,
fwObject,
&error
);
if (!mdOperation) {
goto loser;
}
fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_VerifyRecover, &error);
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
loser:
return error;
}
/*
* nssCKFWMechanism_DeriveKey
*/
NSS_EXTERN NSSCKFWObject *
nssCKFWMechanism_DeriveKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwBaseKeyObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
NSSCKMDObject *mdBaseKeyObject;
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if (!fwMechanism->mdMechanism->DeriveKey) {
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWObject *)NULL;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
mdObject = fwMechanism->mdMechanism->DeriveKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdBaseKeyObject,
fwBaseKeyObject,
pTemplate,
ulAttributeCount,
pError);
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
fwObject = nssCKFWObject_Create(arena, mdObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
return fwObject;
}
/*
* nssCKFWMechanism_GetWrapKeyLength
*/
NSS_EXTERN CK_ULONG
nssCKFWMechanism_GetWrapKeyLength
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSCKFWObject *fwKeyObject,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if (!fwMechanism->mdMechanism->WrapKey) {
*pError = CKR_FUNCTION_FAILED;
return (CK_ULONG) 0;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
return fwMechanism->mdMechanism->GetWrapKeyLength(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
mdKeyObject,
fwKeyObject,
pError);
}
/*
* nssCKFWMechanism_WrapKey
*/
NSS_EXTERN CK_RV
nssCKFWMechanism_WrapKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSCKFWObject *fwKeyObject,
NSSItem *wrappedKey
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if (!fwMechanism->mdMechanism->WrapKey) {
return CKR_FUNCTION_FAILED;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
return fwMechanism->mdMechanism->WrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
mdKeyObject,
fwKeyObject,
wrappedKey);
}
/*
* NSSCKFWObject_GetMDObject
*
*/
NSS_IMPLEMENT NSSCKMDObject *
NSSCKFWObject_GetMDObject
(
NSSCKFWObject *fwObject
)
{
#ifdef DEBUG
if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
return (NSSCKMDObject *)NULL;
}
#endif /* DEBUG */
return nssCKFWObject_GetMDObject(fwObject);
}
/*
* nssCKFWCryptoOperation_DigestKey
*/
NSS_EXTERN CK_RV
nssCKFWCryptoOperation_DigestKey
(
NSSCKFWCryptoOperation *fwOperation,
NSSCKFWObject *fwObject /* Key */
)
{
NSSCKMDObject *mdObject;
if ((void *) NULL == (void *)fwOperation->mdOperation->DigestKey) {
return CKR_FUNCTION_FAILED;
}
mdObject = nssCKFWObject_GetMDObject(fwObject);
return fwOperation->mdOperation->DigestKey(
fwOperation->mdOperation,
fwOperation,
fwOperation->mdToken,
fwOperation->fwToken,
fwOperation->mdInstance,
fwOperation->fwInstance,
mdObject,
fwObject);
}
/*
* nssCKFWMechanism_UnwrapKey
*/
NSS_EXTERN NSSCKFWObject *
nssCKFWMechanism_UnwrapKey
(
NSSCKFWMechanism *fwMechanism,
CK_MECHANISM_PTR pMechanism,
NSSCKFWSession *fwSession,
NSSCKFWObject *fwWrappingKeyObject,
NSSItem *wrappedKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
{
NSSCKMDSession *mdSession;
NSSCKMDObject *mdObject;
NSSCKMDObject *mdWrappingKeyObject;
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if (!fwMechanism->mdMechanism->UnwrapKey) {
/* we could simulate UnwrapKey using Decrypt and Create object, but
* 1) it's not clear that would work well, and 2) the low level token
* may want to restrict unwrap key for a reason, so just fail it it
* can't be done */
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
return (NSSCKFWObject *)NULL;
}
mdSession = nssCKFWSession_GetMDSession(fwSession);
mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
mdObject = fwMechanism->mdMechanism->UnwrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
mdSession,
fwSession,
fwMechanism->mdToken,
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
mdWrappingKeyObject,
fwWrappingKeyObject,
wrappedKey,
pTemplate,
ulAttributeCount,
pError);
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
fwObject = nssCKFWObject_Create(arena, mdObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
return fwObject;
}
