/security/nss/lib/ckfw/wrap.c

http://github.com/zpao/v8monkey · C · 5708 lines · 4510 code · 658 blank · 540 comment · 640 complexity · 09aec1885d373ac5355d1d8903bec7ae MD5 · raw file

Large files are truncated click here to view the full file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. #ifdef DEBUG
  37. static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.20 $ $Date: 2010/04/03 18:27:29 $";
  38. #endif /* DEBUG */
  39. /*
  40. * wrap.c
  41. *
  42. * This file contains the routines that actually implement the cryptoki
  43. * API, using the internal APIs of the NSS Cryptoki Framework. There is
  44. * one routine here for every cryptoki routine. For linking reasons
  45. * the actual entry points passed back with C_GetFunctionList have to
  46. * exist in one of the Module's source files; however, those are merely
  47. * simple wrappers that call these routines. The intelligence of the
  48. * implementations is here.
  49. */
  50. #ifndef CK_T
  51. #include "ck.h"
  52. #endif /* CK_T */
  53. /*
  54. * NSSCKFWC_Initialize
  55. * NSSCKFWC_Finalize
  56. * NSSCKFWC_GetInfo
  57. * -- NSSCKFWC_GetFunctionList -- see the API insert file
  58. * NSSCKFWC_GetSlotList
  59. * NSSCKFWC_GetSlotInfo
  60. * NSSCKFWC_GetTokenInfo
  61. * NSSCKFWC_WaitForSlotEvent
  62. * NSSCKFWC_GetMechanismList
  63. * NSSCKFWC_GetMechanismInfo
  64. * NSSCKFWC_InitToken
  65. * NSSCKFWC_InitPIN
  66. * NSSCKFWC_SetPIN
  67. * NSSCKFWC_OpenSession
  68. * NSSCKFWC_CloseSession
  69. * NSSCKFWC_CloseAllSessions
  70. * NSSCKFWC_GetSessionInfo
  71. * NSSCKFWC_GetOperationState
  72. * NSSCKFWC_SetOperationState
  73. * NSSCKFWC_Login
  74. * NSSCKFWC_Logout
  75. * NSSCKFWC_CreateObject
  76. * NSSCKFWC_CopyObject
  77. * NSSCKFWC_DestroyObject
  78. * NSSCKFWC_GetObjectSize
  79. * NSSCKFWC_GetAttributeValue
  80. * NSSCKFWC_SetAttributeValue
  81. * NSSCKFWC_FindObjectsInit
  82. * NSSCKFWC_FindObjects
  83. * NSSCKFWC_FindObjectsFinal
  84. * NSSCKFWC_EncryptInit
  85. * NSSCKFWC_Encrypt
  86. * NSSCKFWC_EncryptUpdate
  87. * NSSCKFWC_EncryptFinal
  88. * NSSCKFWC_DecryptInit
  89. * NSSCKFWC_Decrypt
  90. * NSSCKFWC_DecryptUpdate
  91. * NSSCKFWC_DecryptFinal
  92. * NSSCKFWC_DigestInit
  93. * NSSCKFWC_Digest
  94. * NSSCKFWC_DigestUpdate
  95. * NSSCKFWC_DigestKey
  96. * NSSCKFWC_DigestFinal
  97. * NSSCKFWC_SignInit
  98. * NSSCKFWC_Sign
  99. * NSSCKFWC_SignUpdate
  100. * NSSCKFWC_SignFinal
  101. * NSSCKFWC_SignRecoverInit
  102. * NSSCKFWC_SignRecover
  103. * NSSCKFWC_VerifyInit
  104. * NSSCKFWC_Verify
  105. * NSSCKFWC_VerifyUpdate
  106. * NSSCKFWC_VerifyFinal
  107. * NSSCKFWC_VerifyRecoverInit
  108. * NSSCKFWC_VerifyRecover
  109. * NSSCKFWC_DigestEncryptUpdate
  110. * NSSCKFWC_DecryptDigestUpdate
  111. * NSSCKFWC_SignEncryptUpdate
  112. * NSSCKFWC_DecryptVerifyUpdate
  113. * NSSCKFWC_GenerateKey
  114. * NSSCKFWC_GenerateKeyPair
  115. * NSSCKFWC_WrapKey
  116. * NSSCKFWC_UnwrapKey
  117. * NSSCKFWC_DeriveKey
  118. * NSSCKFWC_SeedRandom
  119. * NSSCKFWC_GenerateRandom
  120. * NSSCKFWC_GetFunctionStatus
  121. * NSSCKFWC_CancelFunction
  122. */
  123. /* figure out out locking semantics */
  124. static CK_RV
  125. nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
  126. CryptokiLockingState *pLocking_state) {
  127. int functionCount = 0;
  128. /* parsed according to (PKCS #11 Section 11.4) */
  129. /* no args, the degenerate version of case 1 */
  130. if (!pInitArgs) {
  131. *pLocking_state = SingleThreaded;
  132. return CKR_OK;
  133. }
  134. /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
  135. if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
  136. *pLocking_state = MultiThreaded;
  137. return CKR_OK;
  138. }
  139. if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++;
  140. if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++;
  141. if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++;
  142. if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++;
  143. /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
  144. * explicit case 1 */
  145. if (0 == functionCount) {
  146. *pLocking_state = SingleThreaded;
  147. return CKR_OK;
  148. }
  149. /* OS_LOCKING_OK is not set and functions have been supplied. Since
  150. * ckfw uses nssbase library which explicitly calls NSPR, and since
  151. * there is no way to reliably override these explicit calls to NSPR,
  152. * therefore we can't support applications which have their own threading
  153. * module. Return CKR_CANT_LOCK if they supplied the correct number of
  154. * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
  155. * fail the initialize */
  156. return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
  157. }
  158. static PRInt32 liveInstances;
  159. /*
  160. * NSSCKFWC_Initialize
  161. *
  162. */
  163. NSS_IMPLEMENT CK_RV
  164. NSSCKFWC_Initialize
  165. (
  166. NSSCKFWInstance **pFwInstance,
  167. NSSCKMDInstance *mdInstance,
  168. CK_VOID_PTR pInitArgs
  169. )
  170. {
  171. CK_RV error = CKR_OK;
  172. CryptokiLockingState locking_state;
  173. if( (NSSCKFWInstance **)NULL == pFwInstance ) {
  174. error = CKR_GENERAL_ERROR;
  175. goto loser;
  176. }
  177. if (*pFwInstance) {
  178. error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
  179. goto loser;
  180. }
  181. if (!mdInstance) {
  182. error = CKR_GENERAL_ERROR;
  183. goto loser;
  184. }
  185. error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state);
  186. if( CKR_OK != error ) {
  187. goto loser;
  188. }
  189. *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
  190. if (!*pFwInstance) {
  191. goto loser;
  192. }
  193. PR_ATOMIC_INCREMENT(&liveInstances);
  194. return CKR_OK;
  195. loser:
  196. switch( error ) {
  197. case CKR_ARGUMENTS_BAD:
  198. case CKR_CANT_LOCK:
  199. case CKR_CRYPTOKI_ALREADY_INITIALIZED:
  200. case CKR_FUNCTION_FAILED:
  201. case CKR_GENERAL_ERROR:
  202. case CKR_HOST_MEMORY:
  203. case CKR_NEED_TO_CREATE_THREADS:
  204. break;
  205. default:
  206. case CKR_OK:
  207. error = CKR_GENERAL_ERROR;
  208. break;
  209. }
  210. return error;
  211. }
  212. /*
  213. * NSSCKFWC_Finalize
  214. *
  215. */
  216. NSS_IMPLEMENT CK_RV
  217. NSSCKFWC_Finalize
  218. (
  219. NSSCKFWInstance **pFwInstance
  220. )
  221. {
  222. CK_RV error = CKR_OK;
  223. if( (NSSCKFWInstance **)NULL == pFwInstance ) {
  224. error = CKR_GENERAL_ERROR;
  225. goto loser;
  226. }
  227. if (!*pFwInstance) {
  228. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  229. goto loser;
  230. }
  231. error = nssCKFWInstance_Destroy(*pFwInstance);
  232. /* In any case */
  233. *pFwInstance = (NSSCKFWInstance *)NULL;
  234. loser:
  235. switch( error ) {
  236. PRInt32 remainingInstances;
  237. case CKR_OK:
  238. remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
  239. if (!remainingInstances) {
  240. nssArena_Shutdown();
  241. }
  242. break;
  243. case CKR_CRYPTOKI_NOT_INITIALIZED:
  244. case CKR_FUNCTION_FAILED:
  245. case CKR_GENERAL_ERROR:
  246. case CKR_HOST_MEMORY:
  247. break;
  248. default:
  249. error = CKR_GENERAL_ERROR;
  250. break;
  251. }
  252. /*
  253. * A thread's error stack is automatically destroyed when the thread
  254. * terminates or, for the primordial thread, by PR_Cleanup. On
  255. * Windows with MinGW, the thread private data destructor PR_Free
  256. * registered by this module is actually a thunk for PR_Free defined
  257. * in this module. When the thread that unloads this module terminates
  258. * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
  259. * module. Therefore we need to destroy the error stack before the
  260. * module is unloaded.
  261. */
  262. nss_DestroyErrorStack();
  263. return error;
  264. }
  265. /*
  266. * NSSCKFWC_GetInfo
  267. *
  268. */
  269. NSS_IMPLEMENT CK_RV
  270. NSSCKFWC_GetInfo
  271. (
  272. NSSCKFWInstance *fwInstance,
  273. CK_INFO_PTR pInfo
  274. )
  275. {
  276. CK_RV error = CKR_OK;
  277. if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
  278. error = CKR_ARGUMENTS_BAD;
  279. goto loser;
  280. }
  281. /*
  282. * A purify error here means a caller error
  283. */
  284. (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
  285. pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
  286. error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
  287. if( CKR_OK != error ) {
  288. goto loser;
  289. }
  290. pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
  291. error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
  292. if( CKR_OK != error ) {
  293. goto loser;
  294. }
  295. pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
  296. return CKR_OK;
  297. loser:
  298. switch( error ) {
  299. case CKR_CRYPTOKI_NOT_INITIALIZED:
  300. case CKR_FUNCTION_FAILED:
  301. case CKR_GENERAL_ERROR:
  302. case CKR_HOST_MEMORY:
  303. break;
  304. default:
  305. error = CKR_GENERAL_ERROR;
  306. break;
  307. }
  308. return error;
  309. }
  310. /*
  311. * C_GetFunctionList is implemented entirely in the Module's file which
  312. * includes the Framework API insert file. It requires no "actual"
  313. * NSSCKFW routine.
  314. */
  315. /*
  316. * NSSCKFWC_GetSlotList
  317. *
  318. */
  319. NSS_IMPLEMENT CK_RV
  320. NSSCKFWC_GetSlotList
  321. (
  322. NSSCKFWInstance *fwInstance,
  323. CK_BBOOL tokenPresent,
  324. CK_SLOT_ID_PTR pSlotList,
  325. CK_ULONG_PTR pulCount
  326. )
  327. {
  328. CK_RV error = CKR_OK;
  329. CK_ULONG nSlots;
  330. if (!fwInstance) {
  331. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  332. goto loser;
  333. }
  334. switch( tokenPresent ) {
  335. case CK_TRUE:
  336. case CK_FALSE:
  337. break;
  338. default:
  339. error = CKR_ARGUMENTS_BAD;
  340. goto loser;
  341. }
  342. if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
  343. error = CKR_ARGUMENTS_BAD;
  344. goto loser;
  345. }
  346. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  347. if( (CK_ULONG)0 == nSlots ) {
  348. goto loser;
  349. }
  350. if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
  351. *pulCount = nSlots;
  352. return CKR_OK;
  353. }
  354. /*
  355. * A purify error here indicates caller error.
  356. */
  357. (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
  358. if( *pulCount < nSlots ) {
  359. *pulCount = nSlots;
  360. error = CKR_BUFFER_TOO_SMALL;
  361. goto loser;
  362. } else {
  363. CK_ULONG i;
  364. *pulCount = nSlots;
  365. /*
  366. * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
  367. * just index one when we need it.
  368. */
  369. for( i = 0; i < nSlots; i++ ) {
  370. pSlotList[i] = i+1;
  371. }
  372. return CKR_OK;
  373. }
  374. loser:
  375. switch( error ) {
  376. case CKR_BUFFER_TOO_SMALL:
  377. case CKR_CRYPTOKI_NOT_INITIALIZED:
  378. case CKR_FUNCTION_FAILED:
  379. case CKR_GENERAL_ERROR:
  380. case CKR_HOST_MEMORY:
  381. break;
  382. default:
  383. case CKR_OK:
  384. error = CKR_GENERAL_ERROR;
  385. break;
  386. }
  387. return error;
  388. }
  389. /*
  390. * NSSCKFWC_GetSlotInfo
  391. *
  392. */
  393. NSS_IMPLEMENT CK_RV
  394. NSSCKFWC_GetSlotInfo
  395. (
  396. NSSCKFWInstance *fwInstance,
  397. CK_SLOT_ID slotID,
  398. CK_SLOT_INFO_PTR pInfo
  399. )
  400. {
  401. CK_RV error = CKR_OK;
  402. CK_ULONG nSlots;
  403. NSSCKFWSlot **slots;
  404. NSSCKFWSlot *fwSlot;
  405. if (!fwInstance) {
  406. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  407. goto loser;
  408. }
  409. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  410. if( (CK_ULONG)0 == nSlots ) {
  411. goto loser;
  412. }
  413. if( (slotID < 1) || (slotID > nSlots) ) {
  414. error = CKR_SLOT_ID_INVALID;
  415. goto loser;
  416. }
  417. if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
  418. error = CKR_ARGUMENTS_BAD;
  419. goto loser;
  420. }
  421. /*
  422. * A purify error here indicates caller error.
  423. */
  424. (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
  425. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  426. if( (NSSCKFWSlot **)NULL == slots ) {
  427. goto loser;
  428. }
  429. fwSlot = slots[ slotID-1 ];
  430. error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
  431. if( CKR_OK != error ) {
  432. goto loser;
  433. }
  434. error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
  435. if( CKR_OK != error ) {
  436. goto loser;
  437. }
  438. if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  439. pInfo->flags |= CKF_TOKEN_PRESENT;
  440. }
  441. if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
  442. pInfo->flags |= CKF_REMOVABLE_DEVICE;
  443. }
  444. if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
  445. pInfo->flags |= CKF_HW_SLOT;
  446. }
  447. pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
  448. pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
  449. return CKR_OK;
  450. loser:
  451. switch( error ) {
  452. case CKR_CRYPTOKI_NOT_INITIALIZED:
  453. case CKR_DEVICE_ERROR:
  454. case CKR_FUNCTION_FAILED:
  455. case CKR_GENERAL_ERROR:
  456. case CKR_HOST_MEMORY:
  457. case CKR_SLOT_ID_INVALID:
  458. break;
  459. default:
  460. case CKR_OK:
  461. error = CKR_GENERAL_ERROR;
  462. }
  463. return error;
  464. }
  465. /*
  466. * NSSCKFWC_GetTokenInfo
  467. *
  468. */
  469. NSS_IMPLEMENT CK_RV
  470. NSSCKFWC_GetTokenInfo
  471. (
  472. NSSCKFWInstance *fwInstance,
  473. CK_SLOT_ID slotID,
  474. CK_TOKEN_INFO_PTR pInfo
  475. )
  476. {
  477. CK_RV error = CKR_OK;
  478. CK_ULONG nSlots;
  479. NSSCKFWSlot **slots;
  480. NSSCKFWSlot *fwSlot;
  481. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  482. if (!fwInstance) {
  483. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  484. goto loser;
  485. }
  486. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  487. if( (CK_ULONG)0 == nSlots ) {
  488. goto loser;
  489. }
  490. if( (slotID < 1) || (slotID > nSlots) ) {
  491. error = CKR_SLOT_ID_INVALID;
  492. goto loser;
  493. }
  494. if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
  495. error = CKR_ARGUMENTS_BAD;
  496. goto loser;
  497. }
  498. /*
  499. * A purify error here indicates caller error.
  500. */
  501. (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
  502. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  503. if( (NSSCKFWSlot **)NULL == slots ) {
  504. goto loser;
  505. }
  506. fwSlot = slots[ slotID-1 ];
  507. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  508. error = CKR_TOKEN_NOT_PRESENT;
  509. goto loser;
  510. }
  511. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  512. if (!fwToken) {
  513. goto loser;
  514. }
  515. error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
  516. if( CKR_OK != error ) {
  517. goto loser;
  518. }
  519. error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
  520. if( CKR_OK != error ) {
  521. goto loser;
  522. }
  523. error = nssCKFWToken_GetModel(fwToken, pInfo->model);
  524. if( CKR_OK != error ) {
  525. goto loser;
  526. }
  527. error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
  528. if( CKR_OK != error ) {
  529. goto loser;
  530. }
  531. if( nssCKFWToken_GetHasRNG(fwToken) ) {
  532. pInfo->flags |= CKF_RNG;
  533. }
  534. if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
  535. pInfo->flags |= CKF_WRITE_PROTECTED;
  536. }
  537. if( nssCKFWToken_GetLoginRequired(fwToken) ) {
  538. pInfo->flags |= CKF_LOGIN_REQUIRED;
  539. }
  540. if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
  541. pInfo->flags |= CKF_USER_PIN_INITIALIZED;
  542. }
  543. if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
  544. pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
  545. }
  546. if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
  547. pInfo->flags |= CKF_CLOCK_ON_TOKEN;
  548. }
  549. if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
  550. pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
  551. }
  552. if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
  553. pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
  554. }
  555. pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
  556. pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
  557. pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
  558. pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
  559. pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
  560. pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
  561. pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
  562. pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
  563. pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
  564. pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
  565. pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
  566. pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
  567. error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
  568. if( CKR_OK != error ) {
  569. goto loser;
  570. }
  571. return CKR_OK;
  572. loser:
  573. switch( error ) {
  574. case CKR_DEVICE_REMOVED:
  575. case CKR_TOKEN_NOT_PRESENT:
  576. if (fwToken)
  577. nssCKFWToken_Destroy(fwToken);
  578. break;
  579. case CKR_CRYPTOKI_NOT_INITIALIZED:
  580. case CKR_DEVICE_ERROR:
  581. case CKR_DEVICE_MEMORY:
  582. case CKR_FUNCTION_FAILED:
  583. case CKR_GENERAL_ERROR:
  584. case CKR_HOST_MEMORY:
  585. case CKR_SLOT_ID_INVALID:
  586. case CKR_TOKEN_NOT_RECOGNIZED:
  587. break;
  588. default:
  589. case CKR_OK:
  590. error = CKR_GENERAL_ERROR;
  591. break;
  592. }
  593. return error;
  594. }
  595. /*
  596. * NSSCKFWC_WaitForSlotEvent
  597. *
  598. */
  599. NSS_IMPLEMENT CK_RV
  600. NSSCKFWC_WaitForSlotEvent
  601. (
  602. NSSCKFWInstance *fwInstance,
  603. CK_FLAGS flags,
  604. CK_SLOT_ID_PTR pSlot,
  605. CK_VOID_PTR pReserved
  606. )
  607. {
  608. CK_RV error = CKR_OK;
  609. CK_ULONG nSlots;
  610. CK_BBOOL block;
  611. NSSCKFWSlot **slots;
  612. NSSCKFWSlot *fwSlot;
  613. CK_ULONG i;
  614. if (!fwInstance) {
  615. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  616. goto loser;
  617. }
  618. if( flags & ~CKF_DONT_BLOCK ) {
  619. error = CKR_ARGUMENTS_BAD;
  620. goto loser;
  621. }
  622. block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
  623. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  624. if( (CK_ULONG)0 == nSlots ) {
  625. goto loser;
  626. }
  627. if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
  628. error = CKR_ARGUMENTS_BAD;
  629. goto loser;
  630. }
  631. if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
  632. error = CKR_ARGUMENTS_BAD;
  633. goto loser;
  634. }
  635. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  636. if( (NSSCKFWSlot **)NULL == slots ) {
  637. goto loser;
  638. }
  639. fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
  640. if (!fwSlot) {
  641. goto loser;
  642. }
  643. for( i = 0; i < nSlots; i++ ) {
  644. if( fwSlot == slots[i] ) {
  645. *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
  646. return CKR_OK;
  647. }
  648. }
  649. error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
  650. loser:
  651. switch( error ) {
  652. case CKR_CRYPTOKI_NOT_INITIALIZED:
  653. case CKR_FUNCTION_FAILED:
  654. case CKR_GENERAL_ERROR:
  655. case CKR_HOST_MEMORY:
  656. case CKR_NO_EVENT:
  657. break;
  658. default:
  659. case CKR_OK:
  660. error = CKR_GENERAL_ERROR;
  661. break;
  662. }
  663. return error;
  664. }
  665. /*
  666. * NSSCKFWC_GetMechanismList
  667. *
  668. */
  669. NSS_IMPLEMENT CK_RV
  670. NSSCKFWC_GetMechanismList
  671. (
  672. NSSCKFWInstance *fwInstance,
  673. CK_SLOT_ID slotID,
  674. CK_MECHANISM_TYPE_PTR pMechanismList,
  675. CK_ULONG_PTR pulCount
  676. )
  677. {
  678. CK_RV error = CKR_OK;
  679. CK_ULONG nSlots;
  680. NSSCKFWSlot **slots;
  681. NSSCKFWSlot *fwSlot;
  682. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  683. CK_ULONG count;
  684. if (!fwInstance) {
  685. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  686. goto loser;
  687. }
  688. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  689. if( (CK_ULONG)0 == nSlots ) {
  690. goto loser;
  691. }
  692. if( (slotID < 1) || (slotID > nSlots) ) {
  693. error = CKR_SLOT_ID_INVALID;
  694. goto loser;
  695. }
  696. if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
  697. error = CKR_ARGUMENTS_BAD;
  698. goto loser;
  699. }
  700. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  701. if( (NSSCKFWSlot **)NULL == slots ) {
  702. goto loser;
  703. }
  704. fwSlot = slots[ slotID-1 ];
  705. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  706. error = CKR_TOKEN_NOT_PRESENT;
  707. goto loser;
  708. }
  709. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  710. if (!fwToken) {
  711. goto loser;
  712. }
  713. count = nssCKFWToken_GetMechanismCount(fwToken);
  714. if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
  715. *pulCount = count;
  716. return CKR_OK;
  717. }
  718. if( *pulCount < count ) {
  719. *pulCount = count;
  720. error = CKR_BUFFER_TOO_SMALL;
  721. goto loser;
  722. }
  723. /*
  724. * A purify error here indicates caller error.
  725. */
  726. (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
  727. *pulCount = count;
  728. if( 0 != count ) {
  729. error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
  730. } else {
  731. error = CKR_OK;
  732. }
  733. if( CKR_OK == error ) {
  734. return CKR_OK;
  735. }
  736. loser:
  737. switch( error ) {
  738. case CKR_DEVICE_REMOVED:
  739. case CKR_TOKEN_NOT_PRESENT:
  740. if (fwToken)
  741. nssCKFWToken_Destroy(fwToken);
  742. break;
  743. case CKR_ARGUMENTS_BAD:
  744. case CKR_BUFFER_TOO_SMALL:
  745. case CKR_CRYPTOKI_NOT_INITIALIZED:
  746. case CKR_DEVICE_ERROR:
  747. case CKR_DEVICE_MEMORY:
  748. case CKR_FUNCTION_FAILED:
  749. case CKR_GENERAL_ERROR:
  750. case CKR_HOST_MEMORY:
  751. case CKR_SLOT_ID_INVALID:
  752. case CKR_TOKEN_NOT_RECOGNIZED:
  753. break;
  754. default:
  755. case CKR_OK:
  756. error = CKR_GENERAL_ERROR;
  757. break;
  758. }
  759. return error;
  760. }
  761. /*
  762. * NSSCKFWC_GetMechanismInfo
  763. *
  764. */
  765. NSS_IMPLEMENT CK_RV
  766. NSSCKFWC_GetMechanismInfo
  767. (
  768. NSSCKFWInstance *fwInstance,
  769. CK_SLOT_ID slotID,
  770. CK_MECHANISM_TYPE type,
  771. CK_MECHANISM_INFO_PTR pInfo
  772. )
  773. {
  774. CK_RV error = CKR_OK;
  775. CK_ULONG nSlots;
  776. NSSCKFWSlot **slots;
  777. NSSCKFWSlot *fwSlot;
  778. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  779. NSSCKFWMechanism *fwMechanism;
  780. if (!fwInstance) {
  781. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  782. goto loser;
  783. }
  784. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  785. if( (CK_ULONG)0 == nSlots ) {
  786. goto loser;
  787. }
  788. if( (slotID < 1) || (slotID > nSlots) ) {
  789. error = CKR_SLOT_ID_INVALID;
  790. goto loser;
  791. }
  792. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  793. if( (NSSCKFWSlot **)NULL == slots ) {
  794. goto loser;
  795. }
  796. fwSlot = slots[ slotID-1 ];
  797. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  798. error = CKR_TOKEN_NOT_PRESENT;
  799. goto loser;
  800. }
  801. if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
  802. error = CKR_ARGUMENTS_BAD;
  803. goto loser;
  804. }
  805. /*
  806. * A purify error here indicates caller error.
  807. */
  808. (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
  809. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  810. if (!fwToken) {
  811. goto loser;
  812. }
  813. fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
  814. if (!fwMechanism) {
  815. goto loser;
  816. }
  817. pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
  818. pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
  819. if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) {
  820. pInfo->flags |= CKF_HW;
  821. }
  822. if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) {
  823. pInfo->flags |= CKF_ENCRYPT;
  824. }
  825. if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) {
  826. pInfo->flags |= CKF_DECRYPT;
  827. }
  828. if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) {
  829. pInfo->flags |= CKF_DIGEST;
  830. }
  831. if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) {
  832. pInfo->flags |= CKF_SIGN;
  833. }
  834. if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) {
  835. pInfo->flags |= CKF_SIGN_RECOVER;
  836. }
  837. if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) {
  838. pInfo->flags |= CKF_VERIFY;
  839. }
  840. if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) {
  841. pInfo->flags |= CKF_VERIFY_RECOVER;
  842. }
  843. if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) {
  844. pInfo->flags |= CKF_GENERATE;
  845. }
  846. if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) {
  847. pInfo->flags |= CKF_GENERATE_KEY_PAIR;
  848. }
  849. if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) {
  850. pInfo->flags |= CKF_WRAP;
  851. }
  852. if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) {
  853. pInfo->flags |= CKF_UNWRAP;
  854. }
  855. if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) {
  856. pInfo->flags |= CKF_DERIVE;
  857. }
  858. nssCKFWMechanism_Destroy(fwMechanism);
  859. return error;
  860. loser:
  861. switch( error ) {
  862. case CKR_DEVICE_REMOVED:
  863. case CKR_TOKEN_NOT_PRESENT:
  864. if (fwToken)
  865. nssCKFWToken_Destroy(fwToken);
  866. break;
  867. case CKR_ARGUMENTS_BAD:
  868. case CKR_CRYPTOKI_NOT_INITIALIZED:
  869. case CKR_DEVICE_ERROR:
  870. case CKR_DEVICE_MEMORY:
  871. case CKR_FUNCTION_FAILED:
  872. case CKR_GENERAL_ERROR:
  873. case CKR_HOST_MEMORY:
  874. case CKR_MECHANISM_INVALID:
  875. case CKR_SLOT_ID_INVALID:
  876. case CKR_TOKEN_NOT_RECOGNIZED:
  877. break;
  878. default:
  879. case CKR_OK:
  880. error = CKR_GENERAL_ERROR;
  881. break;
  882. }
  883. return error;
  884. }
  885. /*
  886. * NSSCKFWC_InitToken
  887. *
  888. */
  889. NSS_IMPLEMENT CK_RV
  890. NSSCKFWC_InitToken
  891. (
  892. NSSCKFWInstance *fwInstance,
  893. CK_SLOT_ID slotID,
  894. CK_CHAR_PTR pPin,
  895. CK_ULONG ulPinLen,
  896. CK_CHAR_PTR pLabel
  897. )
  898. {
  899. CK_RV error = CKR_OK;
  900. CK_ULONG nSlots;
  901. NSSCKFWSlot **slots;
  902. NSSCKFWSlot *fwSlot;
  903. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  904. NSSItem pin;
  905. NSSUTF8 *label;
  906. if (!fwInstance) {
  907. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  908. goto loser;
  909. }
  910. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  911. if( (CK_ULONG)0 == nSlots ) {
  912. goto loser;
  913. }
  914. if( (slotID < 1) || (slotID > nSlots) ) {
  915. error = CKR_SLOT_ID_INVALID;
  916. goto loser;
  917. }
  918. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  919. if( (NSSCKFWSlot **)NULL == slots ) {
  920. goto loser;
  921. }
  922. fwSlot = slots[ slotID-1 ];
  923. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  924. error = CKR_TOKEN_NOT_PRESENT;
  925. goto loser;
  926. }
  927. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  928. if (!fwToken) {
  929. goto loser;
  930. }
  931. pin.size = (PRUint32)ulPinLen;
  932. pin.data = (void *)pPin;
  933. label = (NSSUTF8 *)pLabel; /* identity conversion */
  934. error = nssCKFWToken_InitToken(fwToken, &pin, label);
  935. if( CKR_OK != error ) {
  936. goto loser;
  937. }
  938. return CKR_OK;
  939. loser:
  940. switch( error ) {
  941. case CKR_DEVICE_REMOVED:
  942. case CKR_TOKEN_NOT_PRESENT:
  943. if (fwToken)
  944. nssCKFWToken_Destroy(fwToken);
  945. break;
  946. case CKR_ARGUMENTS_BAD:
  947. case CKR_CRYPTOKI_NOT_INITIALIZED:
  948. case CKR_DEVICE_ERROR:
  949. case CKR_DEVICE_MEMORY:
  950. case CKR_FUNCTION_FAILED:
  951. case CKR_GENERAL_ERROR:
  952. case CKR_HOST_MEMORY:
  953. case CKR_PIN_INCORRECT:
  954. case CKR_PIN_LOCKED:
  955. case CKR_SESSION_EXISTS:
  956. case CKR_SLOT_ID_INVALID:
  957. case CKR_TOKEN_NOT_RECOGNIZED:
  958. case CKR_TOKEN_WRITE_PROTECTED:
  959. break;
  960. default:
  961. case CKR_OK:
  962. error = CKR_GENERAL_ERROR;
  963. break;
  964. }
  965. return error;
  966. }
  967. /*
  968. * NSSCKFWC_InitPIN
  969. *
  970. */
  971. NSS_IMPLEMENT CK_RV
  972. NSSCKFWC_InitPIN
  973. (
  974. NSSCKFWInstance *fwInstance,
  975. CK_SESSION_HANDLE hSession,
  976. CK_CHAR_PTR pPin,
  977. CK_ULONG ulPinLen
  978. )
  979. {
  980. CK_RV error = CKR_OK;
  981. NSSCKFWSession *fwSession;
  982. NSSItem pin, *arg;
  983. if (!fwInstance) {
  984. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  985. goto loser;
  986. }
  987. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  988. if (!fwSession) {
  989. error = CKR_SESSION_HANDLE_INVALID;
  990. goto loser;
  991. }
  992. if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
  993. arg = (NSSItem *)NULL;
  994. } else {
  995. arg = &pin;
  996. pin.size = (PRUint32)ulPinLen;
  997. pin.data = (void *)pPin;
  998. }
  999. error = nssCKFWSession_InitPIN(fwSession, arg);
  1000. if( CKR_OK != error ) {
  1001. goto loser;
  1002. }
  1003. return CKR_OK;
  1004. loser:
  1005. switch( error ) {
  1006. case CKR_SESSION_CLOSED:
  1007. /* destroy session? */
  1008. break;
  1009. case CKR_DEVICE_REMOVED:
  1010. /* (void)nssCKFWToken_Destroy(fwToken); */
  1011. break;
  1012. case CKR_ARGUMENTS_BAD:
  1013. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1014. case CKR_DEVICE_ERROR:
  1015. case CKR_DEVICE_MEMORY:
  1016. case CKR_FUNCTION_FAILED:
  1017. case CKR_GENERAL_ERROR:
  1018. case CKR_HOST_MEMORY:
  1019. case CKR_PIN_INVALID:
  1020. case CKR_PIN_LEN_RANGE:
  1021. case CKR_SESSION_READ_ONLY:
  1022. case CKR_SESSION_HANDLE_INVALID:
  1023. case CKR_TOKEN_WRITE_PROTECTED:
  1024. case CKR_USER_NOT_LOGGED_IN:
  1025. break;
  1026. default:
  1027. case CKR_OK:
  1028. error = CKR_GENERAL_ERROR;
  1029. break;
  1030. }
  1031. return error;
  1032. }
  1033. /*
  1034. * NSSCKFWC_SetPIN
  1035. *
  1036. */
  1037. NSS_IMPLEMENT CK_RV
  1038. NSSCKFWC_SetPIN
  1039. (
  1040. NSSCKFWInstance *fwInstance,
  1041. CK_SESSION_HANDLE hSession,
  1042. CK_CHAR_PTR pOldPin,
  1043. CK_ULONG ulOldLen,
  1044. CK_CHAR_PTR pNewPin,
  1045. CK_ULONG ulNewLen
  1046. )
  1047. {
  1048. CK_RV error = CKR_OK;
  1049. NSSCKFWSession *fwSession;
  1050. NSSItem oldPin, newPin, *oldArg, *newArg;
  1051. if (!fwInstance) {
  1052. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1053. goto loser;
  1054. }
  1055. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1056. if (!fwSession) {
  1057. error = CKR_SESSION_HANDLE_INVALID;
  1058. goto loser;
  1059. }
  1060. if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
  1061. oldArg = (NSSItem *)NULL;
  1062. } else {
  1063. oldArg = &oldPin;
  1064. oldPin.size = (PRUint32)ulOldLen;
  1065. oldPin.data = (void *)pOldPin;
  1066. }
  1067. if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
  1068. newArg = (NSSItem *)NULL;
  1069. } else {
  1070. newArg = &newPin;
  1071. newPin.size = (PRUint32)ulNewLen;
  1072. newPin.data = (void *)pNewPin;
  1073. }
  1074. error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
  1075. if( CKR_OK != error ) {
  1076. goto loser;
  1077. }
  1078. return CKR_OK;
  1079. loser:
  1080. switch( error ) {
  1081. case CKR_SESSION_CLOSED:
  1082. /* destroy session? */
  1083. break;
  1084. case CKR_DEVICE_REMOVED:
  1085. /* (void)nssCKFWToken_Destroy(fwToken); */
  1086. break;
  1087. case CKR_ARGUMENTS_BAD:
  1088. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1089. case CKR_DEVICE_ERROR:
  1090. case CKR_DEVICE_MEMORY:
  1091. case CKR_FUNCTION_FAILED:
  1092. case CKR_GENERAL_ERROR:
  1093. case CKR_HOST_MEMORY:
  1094. case CKR_PIN_INCORRECT:
  1095. case CKR_PIN_INVALID:
  1096. case CKR_PIN_LEN_RANGE:
  1097. case CKR_PIN_LOCKED:
  1098. case CKR_SESSION_HANDLE_INVALID:
  1099. case CKR_SESSION_READ_ONLY:
  1100. case CKR_TOKEN_WRITE_PROTECTED:
  1101. break;
  1102. default:
  1103. case CKR_OK:
  1104. error = CKR_GENERAL_ERROR;
  1105. break;
  1106. }
  1107. return error;
  1108. }
  1109. /*
  1110. * NSSCKFWC_OpenSession
  1111. *
  1112. */
  1113. NSS_IMPLEMENT CK_RV
  1114. NSSCKFWC_OpenSession
  1115. (
  1116. NSSCKFWInstance *fwInstance,
  1117. CK_SLOT_ID slotID,
  1118. CK_FLAGS flags,
  1119. CK_VOID_PTR pApplication,
  1120. CK_NOTIFY Notify,
  1121. CK_SESSION_HANDLE_PTR phSession
  1122. )
  1123. {
  1124. CK_RV error = CKR_OK;
  1125. CK_ULONG nSlots;
  1126. NSSCKFWSlot **slots;
  1127. NSSCKFWSlot *fwSlot;
  1128. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  1129. NSSCKFWSession *fwSession;
  1130. CK_BBOOL rw;
  1131. if (!fwInstance) {
  1132. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1133. goto loser;
  1134. }
  1135. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  1136. if( (CK_ULONG)0 == nSlots ) {
  1137. goto loser;
  1138. }
  1139. if( (slotID < 1) || (slotID > nSlots) ) {
  1140. error = CKR_SLOT_ID_INVALID;
  1141. goto loser;
  1142. }
  1143. if( flags & CKF_RW_SESSION ) {
  1144. rw = CK_TRUE;
  1145. } else {
  1146. rw = CK_FALSE;
  1147. }
  1148. if( flags & CKF_SERIAL_SESSION ) {
  1149. ;
  1150. } else {
  1151. error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
  1152. goto loser;
  1153. }
  1154. if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
  1155. error = CKR_ARGUMENTS_BAD;
  1156. goto loser;
  1157. }
  1158. if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
  1159. error = CKR_ARGUMENTS_BAD;
  1160. goto loser;
  1161. }
  1162. /*
  1163. * A purify error here indicates caller error.
  1164. */
  1165. *phSession = (CK_SESSION_HANDLE)0;
  1166. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  1167. if( (NSSCKFWSlot **)NULL == slots ) {
  1168. goto loser;
  1169. }
  1170. fwSlot = slots[ slotID-1 ];
  1171. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  1172. error = CKR_TOKEN_NOT_PRESENT;
  1173. goto loser;
  1174. }
  1175. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  1176. if (!fwToken) {
  1177. goto loser;
  1178. }
  1179. fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
  1180. Notify, &error);
  1181. if (!fwSession) {
  1182. goto loser;
  1183. }
  1184. *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
  1185. fwSession, &error);
  1186. if( (CK_SESSION_HANDLE)0 == *phSession ) {
  1187. goto loser;
  1188. }
  1189. return CKR_OK;
  1190. loser:
  1191. switch( error ) {
  1192. case CKR_SESSION_CLOSED:
  1193. /* destroy session? */
  1194. break;
  1195. case CKR_DEVICE_REMOVED:
  1196. /* (void)nssCKFWToken_Destroy(fwToken); */
  1197. break;
  1198. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1199. case CKR_DEVICE_ERROR:
  1200. case CKR_DEVICE_MEMORY:
  1201. case CKR_FUNCTION_FAILED:
  1202. case CKR_GENERAL_ERROR:
  1203. case CKR_HOST_MEMORY:
  1204. case CKR_SESSION_COUNT:
  1205. case CKR_SESSION_EXISTS:
  1206. case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
  1207. case CKR_SESSION_READ_WRITE_SO_EXISTS:
  1208. case CKR_SLOT_ID_INVALID:
  1209. case CKR_TOKEN_NOT_PRESENT:
  1210. case CKR_TOKEN_NOT_RECOGNIZED:
  1211. case CKR_TOKEN_WRITE_PROTECTED:
  1212. break;
  1213. default:
  1214. case CKR_OK:
  1215. error = CKR_GENERAL_ERROR;
  1216. break;
  1217. }
  1218. return error;
  1219. }
  1220. /*
  1221. * NSSCKFWC_CloseSession
  1222. *
  1223. */
  1224. NSS_IMPLEMENT CK_RV
  1225. NSSCKFWC_CloseSession
  1226. (
  1227. NSSCKFWInstance *fwInstance,
  1228. CK_SESSION_HANDLE hSession
  1229. )
  1230. {
  1231. CK_RV error = CKR_OK;
  1232. NSSCKFWSession *fwSession;
  1233. if (!fwInstance) {
  1234. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1235. goto loser;
  1236. }
  1237. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1238. if (!fwSession) {
  1239. error = CKR_SESSION_HANDLE_INVALID;
  1240. goto loser;
  1241. }
  1242. nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
  1243. error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
  1244. if( CKR_OK != error ) {
  1245. goto loser;
  1246. }
  1247. return CKR_OK;
  1248. loser:
  1249. switch( error ) {
  1250. case CKR_SESSION_CLOSED:
  1251. /* destroy session? */
  1252. break;
  1253. case CKR_DEVICE_REMOVED:
  1254. /* (void)nssCKFWToken_Destroy(fwToken); */
  1255. break;
  1256. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1257. case CKR_DEVICE_ERROR:
  1258. case CKR_DEVICE_MEMORY:
  1259. case CKR_FUNCTION_FAILED:
  1260. case CKR_GENERAL_ERROR:
  1261. case CKR_HOST_MEMORY:
  1262. case CKR_SESSION_HANDLE_INVALID:
  1263. break;
  1264. default:
  1265. case CKR_OK:
  1266. error = CKR_GENERAL_ERROR;
  1267. break;
  1268. }
  1269. return error;
  1270. }
  1271. /*
  1272. * NSSCKFWC_CloseAllSessions
  1273. *
  1274. */
  1275. NSS_IMPLEMENT CK_RV
  1276. NSSCKFWC_CloseAllSessions
  1277. (
  1278. NSSCKFWInstance *fwInstance,
  1279. CK_SLOT_ID slotID
  1280. )
  1281. {
  1282. CK_RV error = CKR_OK;
  1283. CK_ULONG nSlots;
  1284. NSSCKFWSlot **slots;
  1285. NSSCKFWSlot *fwSlot;
  1286. NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  1287. if (!fwInstance) {
  1288. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1289. goto loser;
  1290. }
  1291. nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  1292. if( (CK_ULONG)0 == nSlots ) {
  1293. goto loser;
  1294. }
  1295. if( (slotID < 1) || (slotID > nSlots) ) {
  1296. error = CKR_SLOT_ID_INVALID;
  1297. goto loser;
  1298. }
  1299. slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  1300. if( (NSSCKFWSlot **)NULL == slots ) {
  1301. goto loser;
  1302. }
  1303. fwSlot = slots[ slotID-1 ];
  1304. if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
  1305. error = CKR_TOKEN_NOT_PRESENT;
  1306. goto loser;
  1307. }
  1308. fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  1309. if (!fwToken) {
  1310. goto loser;
  1311. }
  1312. error = nssCKFWToken_CloseAllSessions(fwToken);
  1313. if( CKR_OK != error ) {
  1314. goto loser;
  1315. }
  1316. return CKR_OK;
  1317. loser:
  1318. switch( error ) {
  1319. case CKR_DEVICE_REMOVED:
  1320. /* (void)nssCKFWToken_Destroy(fwToken); */
  1321. break;
  1322. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1323. case CKR_DEVICE_ERROR:
  1324. case CKR_DEVICE_MEMORY:
  1325. case CKR_FUNCTION_FAILED:
  1326. case CKR_GENERAL_ERROR:
  1327. case CKR_HOST_MEMORY:
  1328. case CKR_SLOT_ID_INVALID:
  1329. case CKR_TOKEN_NOT_PRESENT:
  1330. break;
  1331. default:
  1332. case CKR_OK:
  1333. error = CKR_GENERAL_ERROR;
  1334. break;
  1335. }
  1336. return error;
  1337. }
  1338. /*
  1339. * NSSCKFWC_GetSessionInfo
  1340. *
  1341. */
  1342. NSS_IMPLEMENT CK_RV
  1343. NSSCKFWC_GetSessionInfo
  1344. (
  1345. NSSCKFWInstance *fwInstance,
  1346. CK_SESSION_HANDLE hSession,
  1347. CK_SESSION_INFO_PTR pInfo
  1348. )
  1349. {
  1350. CK_RV error = CKR_OK;
  1351. NSSCKFWSession *fwSession;
  1352. NSSCKFWSlot *fwSlot;
  1353. if (!fwInstance) {
  1354. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1355. goto loser;
  1356. }
  1357. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1358. if (!fwSession) {
  1359. error = CKR_SESSION_HANDLE_INVALID;
  1360. goto loser;
  1361. }
  1362. if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
  1363. error = CKR_ARGUMENTS_BAD;
  1364. goto loser;
  1365. }
  1366. /*
  1367. * A purify error here indicates caller error.
  1368. */
  1369. (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
  1370. fwSlot = nssCKFWSession_GetFWSlot(fwSession);
  1371. if (!fwSlot) {
  1372. error = CKR_GENERAL_ERROR;
  1373. goto loser;
  1374. }
  1375. pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
  1376. pInfo->state = nssCKFWSession_GetSessionState(fwSession);
  1377. if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
  1378. pInfo->flags |= CKF_RW_SESSION;
  1379. }
  1380. pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
  1381. pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
  1382. return CKR_OK;
  1383. loser:
  1384. switch( error ) {
  1385. case CKR_SESSION_CLOSED:
  1386. /* destroy session? */
  1387. break;
  1388. case CKR_DEVICE_REMOVED:
  1389. /* (void)nssCKFWToken_Destroy(fwToken); */
  1390. break;
  1391. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1392. case CKR_DEVICE_ERROR:
  1393. case CKR_DEVICE_MEMORY:
  1394. case CKR_FUNCTION_FAILED:
  1395. case CKR_GENERAL_ERROR:
  1396. case CKR_HOST_MEMORY:
  1397. case CKR_SESSION_HANDLE_INVALID:
  1398. break;
  1399. default:
  1400. case CKR_OK:
  1401. error = CKR_GENERAL_ERROR;
  1402. break;
  1403. }
  1404. return error;
  1405. }
  1406. /*
  1407. * NSSCKFWC_GetOperationState
  1408. *
  1409. */
  1410. NSS_IMPLEMENT CK_RV
  1411. NSSCKFWC_GetOperationState
  1412. (
  1413. NSSCKFWInstance *fwInstance,
  1414. CK_SESSION_HANDLE hSession,
  1415. CK_BYTE_PTR pOperationState,
  1416. CK_ULONG_PTR pulOperationStateLen
  1417. )
  1418. {
  1419. CK_RV error = CKR_OK;
  1420. NSSCKFWSession *fwSession;
  1421. CK_ULONG len;
  1422. NSSItem buf;
  1423. if (!fwInstance) {
  1424. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1425. goto loser;
  1426. }
  1427. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1428. if (!fwSession) {
  1429. error = CKR_SESSION_HANDLE_INVALID;
  1430. goto loser;
  1431. }
  1432. if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
  1433. error = CKR_ARGUMENTS_BAD;
  1434. goto loser;
  1435. }
  1436. len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
  1437. if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
  1438. goto loser;
  1439. }
  1440. if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
  1441. *pulOperationStateLen = len;
  1442. return CKR_OK;
  1443. }
  1444. if( *pulOperationStateLen < len ) {
  1445. *pulOperationStateLen = len;
  1446. error = CKR_BUFFER_TOO_SMALL;
  1447. goto loser;
  1448. }
  1449. buf.size = (PRUint32)*pulOperationStateLen;
  1450. buf.data = (void *)pOperationState;
  1451. *pulOperationStateLen = len;
  1452. error = nssCKFWSession_GetOperationState(fwSession, &buf);
  1453. if( CKR_OK != error ) {
  1454. goto loser;
  1455. }
  1456. return CKR_OK;
  1457. loser:
  1458. switch( error ) {
  1459. case CKR_SESSION_CLOSED:
  1460. /* destroy session? */
  1461. break;
  1462. case CKR_DEVICE_REMOVED:
  1463. /* (void)nssCKFWToken_Destroy(fwToken); */
  1464. break;
  1465. case CKR_BUFFER_TOO_SMALL:
  1466. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1467. case CKR_DEVICE_ERROR:
  1468. case CKR_DEVICE_MEMORY:
  1469. case CKR_FUNCTION_FAILED:
  1470. case CKR_GENERAL_ERROR:
  1471. case CKR_HOST_MEMORY:
  1472. case CKR_OPERATION_NOT_INITIALIZED:
  1473. case CKR_SESSION_HANDLE_INVALID:
  1474. case CKR_STATE_UNSAVEABLE:
  1475. break;
  1476. default:
  1477. case CKR_OK:
  1478. error = CKR_GENERAL_ERROR;
  1479. break;
  1480. }
  1481. return error;
  1482. }
  1483. /*
  1484. * NSSCKFWC_SetOperationState
  1485. *
  1486. */
  1487. NSS_IMPLEMENT CK_RV
  1488. NSSCKFWC_SetOperationState
  1489. (
  1490. NSSCKFWInstance *fwInstance,
  1491. CK_SESSION_HANDLE hSession,
  1492. CK_BYTE_PTR pOperationState,
  1493. CK_ULONG ulOperationStateLen,
  1494. CK_OBJECT_HANDLE hEncryptionKey,
  1495. CK_OBJECT_HANDLE hAuthenticationKey
  1496. )
  1497. {
  1498. CK_RV error = CKR_OK;
  1499. NSSCKFWSession *fwSession;
  1500. NSSCKFWObject *eKey;
  1501. NSSCKFWObject *aKey;
  1502. NSSItem state;
  1503. if (!fwInstance) {
  1504. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1505. goto loser;
  1506. }
  1507. if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
  1508. error = CKR_ARGUMENTS_BAD;
  1509. goto loser;
  1510. }
  1511. /*
  1512. * We could loop through the buffer, to catch any purify errors
  1513. * in a place with a "user error" note.
  1514. */
  1515. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1516. if (!fwSession) {
  1517. error = CKR_SESSION_HANDLE_INVALID;
  1518. goto loser;
  1519. }
  1520. if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
  1521. eKey = (NSSCKFWObject *)NULL;
  1522. } else {
  1523. eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
  1524. if (!eKey) {
  1525. error = CKR_KEY_HANDLE_INVALID;
  1526. goto loser;
  1527. }
  1528. }
  1529. if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
  1530. aKey = (NSSCKFWObject *)NULL;
  1531. } else {
  1532. aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
  1533. if (!aKey) {
  1534. error = CKR_KEY_HANDLE_INVALID;
  1535. goto loser;
  1536. }
  1537. }
  1538. state.data = pOperationState;
  1539. state.size = ulOperationStateLen;
  1540. error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
  1541. if( CKR_OK != error ) {
  1542. goto loser;
  1543. }
  1544. return CKR_OK;
  1545. loser:
  1546. switch( error ) {
  1547. case CKR_SESSION_CLOSED:
  1548. /* destroy session? */
  1549. break;
  1550. case CKR_DEVICE_REMOVED:
  1551. /* (void)nssCKFWToken_Destroy(fwToken); */
  1552. break;
  1553. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1554. case CKR_DEVICE_ERROR:
  1555. case CKR_DEVICE_MEMORY:
  1556. case CKR_FUNCTION_FAILED:
  1557. case CKR_GENERAL_ERROR:
  1558. case CKR_HOST_MEMORY:
  1559. case CKR_KEY_CHANGED:
  1560. case CKR_KEY_NEEDED:
  1561. case CKR_KEY_NOT_NEEDED:
  1562. case CKR_SAVED_STATE_INVALID:
  1563. case CKR_SESSION_HANDLE_INVALID:
  1564. break;
  1565. default:
  1566. case CKR_OK:
  1567. error = CKR_GENERAL_ERROR;
  1568. break;
  1569. }
  1570. return error;
  1571. }
  1572. /*
  1573. * NSSCKFWC_Login
  1574. *
  1575. */
  1576. NSS_IMPLEMENT CK_RV
  1577. NSSCKFWC_Login
  1578. (
  1579. NSSCKFWInstance *fwInstance,
  1580. CK_SESSION_HANDLE hSession,
  1581. CK_USER_TYPE userType,
  1582. CK_CHAR_PTR pPin,
  1583. CK_ULONG ulPinLen
  1584. )
  1585. {
  1586. CK_RV error = CKR_OK;
  1587. NSSCKFWSession *fwSession;
  1588. NSSItem pin, *arg;
  1589. if (!fwInstance) {
  1590. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1591. goto loser;
  1592. }
  1593. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1594. if (!fwSession) {
  1595. error = CKR_SESSION_HANDLE_INVALID;
  1596. goto loser;
  1597. }
  1598. if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
  1599. arg = (NSSItem *)NULL;
  1600. } else {
  1601. arg = &pin;
  1602. pin.size = (PRUint32)ulPinLen;
  1603. pin.data = (void *)pPin;
  1604. }
  1605. error = nssCKFWSession_Login(fwSession, userType, arg);
  1606. if( CKR_OK != error ) {
  1607. goto loser;
  1608. }
  1609. return CKR_OK;
  1610. loser:
  1611. switch( error ) {
  1612. case CKR_SESSION_CLOSED:
  1613. /* destroy session? */
  1614. break;
  1615. case CKR_DEVICE_REMOVED:
  1616. /* (void)nssCKFWToken_Destroy(fwToken); */
  1617. break;
  1618. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1619. case CKR_DEVICE_ERROR:
  1620. case CKR_DEVICE_MEMORY:
  1621. case CKR_FUNCTION_FAILED:
  1622. case CKR_GENERAL_ERROR:
  1623. case CKR_HOST_MEMORY:
  1624. case CKR_PIN_EXPIRED:
  1625. case CKR_PIN_INCORRECT:
  1626. case CKR_PIN_LOCKED:
  1627. case CKR_SESSION_HANDLE_INVALID:
  1628. case CKR_SESSION_READ_ONLY_EXISTS:
  1629. case CKR_USER_ALREADY_LOGGED_IN:
  1630. case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
  1631. case CKR_USER_PIN_NOT_INITIALIZED:
  1632. case CKR_USER_TOO_MANY_TYPES:
  1633. case CKR_USER_TYPE_INVALID:
  1634. break;
  1635. default:
  1636. case CKR_OK:
  1637. error = CKR_GENERAL_ERROR;
  1638. break;
  1639. }
  1640. return error;
  1641. }
  1642. /*
  1643. * NSSCKFWC_Logout
  1644. *
  1645. */
  1646. NSS_IMPLEMENT CK_RV
  1647. NSSCKFWC_Logout
  1648. (
  1649. NSSCKFWInstance *fwInstance,
  1650. CK_SESSION_HANDLE hSession
  1651. )
  1652. {
  1653. CK_RV error = CKR_OK;
  1654. NSSCKFWSession *fwSession;
  1655. if (!fwInstance) {
  1656. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1657. goto loser;
  1658. }
  1659. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1660. if (!fwSession) {
  1661. error = CKR_SESSION_HANDLE_INVALID;
  1662. goto loser;
  1663. }
  1664. error = nssCKFWSession_Logout(fwSession);
  1665. if( CKR_OK != error ) {
  1666. goto loser;
  1667. }
  1668. return CKR_OK;
  1669. loser:
  1670. switch( error ) {
  1671. case CKR_SESSION_CLOSED:
  1672. /* destroy session? */
  1673. break;
  1674. case CKR_DEVICE_REMOVED:
  1675. /* (void)nssCKFWToken_Destroy(fwToken); */
  1676. break;
  1677. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1678. case CKR_DEVICE_ERROR:
  1679. case CKR_DEVICE_MEMORY:
  1680. case CKR_FUNCTION_FAILED:
  1681. case CKR_GENERAL_ERROR:
  1682. case CKR_HOST_MEMORY:
  1683. case CKR_SESSION_HANDLE_INVALID:
  1684. case CKR_USER_NOT_LOGGED_IN:
  1685. break;
  1686. default:
  1687. case CKR_OK:
  1688. error = CKR_GENERAL_ERROR;
  1689. break;
  1690. }
  1691. return error;
  1692. }
  1693. /*
  1694. * NSSCKFWC_CreateObject
  1695. *
  1696. */
  1697. NSS_IMPLEMENT CK_RV
  1698. NSSCKFWC_CreateObject
  1699. (
  1700. NSSCKFWInstance *fwInstance,
  1701. CK_SESSION_HANDLE hSession,
  1702. CK_ATTRIBUTE_PTR pTemplate,
  1703. CK_ULONG ulCount,
  1704. CK_OBJECT_HANDLE_PTR phObject
  1705. )
  1706. {
  1707. CK_RV error = CKR_OK;
  1708. NSSCKFWSession *fwSession;
  1709. NSSCKFWObject *fwObject;
  1710. if (!fwInstance) {
  1711. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1712. goto loser;
  1713. }
  1714. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1715. if (!fwSession) {
  1716. error = CKR_SESSION_HANDLE_INVALID;
  1717. goto loser;
  1718. }
  1719. if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
  1720. error = CKR_ARGUMENTS_BAD;
  1721. goto loser;
  1722. }
  1723. /*
  1724. * A purify error here indicates caller error.
  1725. */
  1726. *phObject = (CK_OBJECT_HANDLE)0;
  1727. fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
  1728. ulCount, &error);
  1729. if (!fwObject) {
  1730. goto loser;
  1731. }
  1732. *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
  1733. if( (CK_OBJECT_HANDLE)0 == *phObject ) {
  1734. nssCKFWObject_Destroy(fwObject);
  1735. goto loser;
  1736. }
  1737. return CKR_OK;
  1738. loser:
  1739. switch( error ) {
  1740. case CKR_SESSION_CLOSED:
  1741. /* destroy session? */
  1742. break;
  1743. case CKR_DEVICE_REMOVED:
  1744. /* (void)nssCKFWToken_Destroy(fwToken); */
  1745. break;
  1746. case CKR_ATTRIBUTE_READ_ONLY:
  1747. case CKR_ATTRIBUTE_TYPE_INVALID:
  1748. case CKR_ATTRIBUTE_VALUE_INVALID:
  1749. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1750. case CKR_DEVICE_ERROR:
  1751. case CKR_DEVICE_MEMORY:
  1752. case CKR_FUNCTION_FAILED:
  1753. case CKR_GENERAL_ERROR:
  1754. case CKR_HOST_MEMORY:
  1755. case CKR_SESSION_HANDLE_INVALID:
  1756. case CKR_SESSION_READ_ONLY:
  1757. case CKR_TEMPLATE_INCOMPLETE:
  1758. case CKR_TEMPLATE_INCONSISTENT:
  1759. case CKR_TOKEN_WRITE_PROTECTED:
  1760. case CKR_USER_NOT_LOGGED_IN:
  1761. break;
  1762. default:
  1763. case CKR_OK:
  1764. error = CKR_GENERAL_ERROR;
  1765. break;
  1766. }
  1767. return error;
  1768. }
  1769. /*
  1770. * NSSCKFWC_CopyObject
  1771. *
  1772. */
  1773. NSS_IMPLEMENT CK_RV
  1774. NSSCKFWC_CopyObject
  1775. (
  1776. NSSCKFWInstance *fwInstance,
  1777. CK_SESSION_HANDLE hSession,
  1778. CK_OBJECT_HANDLE hObject,
  1779. CK_ATTRIBUTE_PTR pTemplate,
  1780. CK_ULONG ulCount,
  1781. CK_OBJECT_HANDLE_PTR phNewObject
  1782. )
  1783. {
  1784. CK_RV error = CKR_OK;
  1785. NSSCKFWSession *fwSession;
  1786. NSSCKFWObject *fwObject;
  1787. NSSCKFWObject *fwNewObject;
  1788. if (!fwInstance) {
  1789. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1790. goto loser;
  1791. }
  1792. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1793. if (!fwSession) {
  1794. error = CKR_SESSION_HANDLE_INVALID;
  1795. goto loser;
  1796. }
  1797. if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
  1798. error = CKR_ARGUMENTS_BAD;
  1799. goto loser;
  1800. }
  1801. /*
  1802. * A purify error here indicates caller error.
  1803. */
  1804. *phNewObject = (CK_OBJECT_HANDLE)0;
  1805. fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
  1806. if (!fwObject) {
  1807. error = CKR_OBJECT_HANDLE_INVALID;
  1808. goto loser;
  1809. }
  1810. fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
  1811. pTemplate, ulCount, &error);
  1812. if (!fwNewObject) {
  1813. goto loser;
  1814. }
  1815. *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
  1816. fwNewObject, &error);
  1817. if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
  1818. nssCKFWObject_Destroy(fwNewObject);
  1819. goto loser;
  1820. }
  1821. return CKR_OK;
  1822. loser:
  1823. switch( error ) {
  1824. case CKR_SESSION_CLOSED:
  1825. /* destroy session? */
  1826. break;
  1827. case CKR_DEVICE_REMOVED:
  1828. /* (void)nssCKFWToken_Destroy(fwToken); */
  1829. break;
  1830. case CKR_ATTRIBUTE_READ_ONLY:
  1831. case CKR_ATTRIBUTE_TYPE_INVALID:
  1832. case CKR_ATTRIBUTE_VALUE_INVALID:
  1833. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1834. case CKR_DEVICE_ERROR:
  1835. case CKR_DEVICE_MEMORY:
  1836. case CKR_FUNCTION_FAILED:
  1837. case CKR_GENERAL_ERROR:
  1838. case CKR_HOST_MEMORY:
  1839. case CKR_OBJECT_HANDLE_INVALID:
  1840. case CKR_SESSION_HANDLE_INVALID:
  1841. case CKR_SESSION_READ_ONLY:
  1842. case CKR_TEMPLATE_INCONSISTENT:
  1843. case CKR_TOKEN_WRITE_PROTECTED:
  1844. case CKR_USER_NOT_LOGGED_IN:
  1845. break;
  1846. default:
  1847. case CKR_OK:
  1848. error = CKR_GENERAL_ERROR;
  1849. break;
  1850. }
  1851. return error;
  1852. }
  1853. /*
  1854. * NSSCKFWC_DestroyObject
  1855. *
  1856. */
  1857. NSS_IMPLEMENT CK_RV
  1858. NSSCKFWC_DestroyObject
  1859. (
  1860. NSSCKFWInstance *fwInstance,
  1861. CK_SESSION_HANDLE hSession,
  1862. CK_OBJECT_HANDLE hObject
  1863. )
  1864. {
  1865. CK_RV error = CKR_OK;
  1866. NSSCKFWSession *fwSession;
  1867. NSSCKFWObject *fwObject;
  1868. if (!fwInstance) {
  1869. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1870. goto loser;
  1871. }
  1872. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1873. if (!fwSession) {
  1874. error = CKR_SESSION_HANDLE_INVALID;
  1875. goto loser;
  1876. }
  1877. fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
  1878. if (!fwObject) {
  1879. error = CKR_OBJECT_HANDLE_INVALID;
  1880. goto loser;
  1881. }
  1882. nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
  1883. nssCKFWObject_Destroy(fwObject);
  1884. return CKR_OK;
  1885. loser:
  1886. switch( error ) {
  1887. case CKR_SESSION_CLOSED:
  1888. /* destroy session? */
  1889. break;
  1890. case CKR_DEVICE_REMOVED:
  1891. /* (void)nssCKFWToken_Destroy(fwToken); */
  1892. break;
  1893. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1894. case CKR_DEVICE_ERROR:
  1895. case CKR_DEVICE_MEMORY:
  1896. case CKR_FUNCTION_FAILED:
  1897. case CKR_GENERAL_ERROR:
  1898. case CKR_HOST_MEMORY:
  1899. case CKR_OBJECT_HANDLE_INVALID:
  1900. case CKR_SESSION_HANDLE_INVALID:
  1901. case CKR_SESSION_READ_ONLY:
  1902. case CKR_TOKEN_WRITE_PROTECTED:
  1903. break;
  1904. default:
  1905. case CKR_OK:
  1906. error = CKR_GENERAL_ERROR;
  1907. break;
  1908. }
  1909. return error;
  1910. }
  1911. /*
  1912. * NSSCKFWC_GetObjectSize
  1913. *
  1914. */
  1915. NSS_IMPLEMENT CK_RV
  1916. NSSCKFWC_GetObjectSize
  1917. (
  1918. NSSCKFWInstance *fwInstance,
  1919. CK_SESSION_HANDLE hSession,
  1920. CK_OBJECT_HANDLE hObject,
  1921. CK_ULONG_PTR pulSize
  1922. )
  1923. {
  1924. CK_RV error = CKR_OK;
  1925. NSSCKFWSession *fwSession;
  1926. NSSCKFWObject *fwObject;
  1927. if (!fwInstance) {
  1928. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  1929. goto loser;
  1930. }
  1931. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  1932. if (!fwSession) {
  1933. error = CKR_SESSION_HANDLE_INVALID;
  1934. goto loser;
  1935. }
  1936. fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
  1937. if (!fwObject) {
  1938. error = CKR_OBJECT_HANDLE_INVALID;
  1939. goto loser;
  1940. }
  1941. if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
  1942. error = CKR_ARGUMENTS_BAD;
  1943. goto loser;
  1944. }
  1945. /*
  1946. * A purify error here indicates caller error.
  1947. */
  1948. *pulSize = (CK_ULONG)0;
  1949. *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
  1950. if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
  1951. goto loser;
  1952. }
  1953. return CKR_OK;
  1954. loser:
  1955. switch( error ) {
  1956. case CKR_SESSION_CLOSED:
  1957. /* destroy session? */
  1958. break;
  1959. case CKR_DEVICE_REMOVED:
  1960. /* (void)nssCKFWToken_Destroy(fwToken); */
  1961. break;
  1962. case CKR_CRYPTOKI_NOT_INITIALIZED:
  1963. case CKR_DEVICE_ERROR:
  1964. case CKR_DEVICE_MEMORY:
  1965. case CKR_FUNCTION_FAILED:
  1966. case CKR_GENERAL_ERROR:
  1967. case CKR_HOST_MEMORY:
  1968. case CKR_INFORMATION_SENSITIVE:
  1969. case CKR_OBJECT_HANDLE_INVALID:
  1970. case CKR_SESSION_HANDLE_INVALID:
  1971. break;
  1972. default:
  1973. case CKR_OK:
  1974. error = CKR_GENERAL_ERROR;
  1975. break;
  1976. }
  1977. return error;
  1978. }
  1979. /*
  1980. * NSSCKFWC_GetAttributeValue
  1981. *
  1982. */
  1983. NSS_IMPLEMENT CK_RV
  1984. NSSCKFWC_GetAttributeValue
  1985. (
  1986. NSSCKFWInstance *fwInstance,
  1987. CK_SESSION_HANDLE hSession,
  1988. CK_OBJECT_HANDLE hObject,
  1989. CK_ATTRIBUTE_PTR pTemplate,
  1990. CK_ULONG ulCount
  1991. )
  1992. {
  1993. CK_RV error = CKR_OK;
  1994. NSSCKFWSession *fwSession;
  1995. NSSCKFWObject *fwObject;
  1996. CK_BBOOL sensitive = CK_FALSE;
  1997. CK_BBOOL invalid = CK_FALSE;
  1998. CK_BBOOL tooSmall = CK_FALSE;
  1999. CK_ULONG i;
  2000. if (!fwInstance) {
  2001. error = CKR_CRYPTOKI_NOT_INITIALIZED;
  2002. goto loser;
  2003. }
  2004. fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  2005. if (!fwSession) {
  2006. error = CKR_SESSION_HANDLE_INVALID;
  2007. goto loser;
  2008. }
  2009. fwObject = nssCKFWInstance_ResolveObjectHand