mechanism.c (29814B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* 6 * mechanism.c 7 * 8 * This file implements the NSSCKFWMechanism type and methods. 9 */ 10 11 #ifndef CK_T 12 #include "ck.h" 13 #endif /* CK_T */ 14 15 /* 16 * NSSCKFWMechanism 17 * 18 * -- create/destroy -- 19 * nssCKFWMechanism_Create 20 * nssCKFWMechanism_Destroy 21 * 22 * -- implement public accessors -- 23 * nssCKFWMechanism_GetMDMechanism 24 * nssCKFWMechanism_GetParameter 25 * 26 * -- private accessors -- 27 * 28 * -- module fronts -- 29 * nssCKFWMechanism_GetMinKeySize 30 * nssCKFWMechanism_GetMaxKeySize 31 * nssCKFWMechanism_GetInHardware 32 * nssCKFWMechanism_GetCanEncrypt 33 * nssCKFWMechanism_GetCanDecrypt 34 * nssCKFWMechanism_GetCanDigest 35 * nssCKFWMechanism_GetCanSign 36 * nssCKFWMechanism_GetCanSignRecover 37 * nssCKFWMechanism_GetCanVerify 38 * nssCKFWMechanism_GetCanGenerate 39 * nssCKFWMechanism_GetCanGenerateKeyPair 40 * nssCKFWMechanism_GetCanUnwrap 41 * nssCKFWMechanism_GetCanWrap 42 * nssCKFWMechanism_GetCanDerive 43 * nssCKFWMechanism_EncryptInit 44 * nssCKFWMechanism_DecryptInit 45 * nssCKFWMechanism_DigestInit 46 * nssCKFWMechanism_SignInit 47 * nssCKFWMechanism_VerifyInit 48 * nssCKFWMechanism_SignRecoverInit 49 * nssCKFWMechanism_VerifyRecoverInit 50 * nssCKFWMechanism_GenerateKey 51 * nssCKFWMechanism_GenerateKeyPair 52 * nssCKFWMechanism_GetWrapKeyLength 53 * nssCKFWMechanism_WrapKey 54 * nssCKFWMechanism_UnwrapKey 55 * nssCKFWMechanism_DeriveKey 56 */ 57 58 struct NSSCKFWMechanismStr { 59 NSSCKMDMechanism *mdMechanism; 60 NSSCKMDToken *mdToken; 61 NSSCKFWToken *fwToken; 62 NSSCKMDInstance *mdInstance; 63 NSSCKFWInstance *fwInstance; 64 }; 65 66 /* 67 * nssCKFWMechanism_Create 68 * 69 */ 70 NSS_IMPLEMENT NSSCKFWMechanism * 71 nssCKFWMechanism_Create( 72 NSSCKMDMechanism *mdMechanism, 73 NSSCKMDToken *mdToken, 74 NSSCKFWToken *fwToken, 75 NSSCKMDInstance *mdInstance, 76 NSSCKFWInstance *fwInstance) 77 { 78 NSSCKFWMechanism *fwMechanism; 79 80 fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); 81 if (!fwMechanism) { 82 return (NSSCKFWMechanism *)NULL; 83 } 84 fwMechanism->mdMechanism = mdMechanism; 85 fwMechanism->mdToken = mdToken; 86 fwMechanism->fwToken = fwToken; 87 fwMechanism->mdInstance = mdInstance; 88 fwMechanism->fwInstance = fwInstance; 89 return fwMechanism; 90 } 91 92 /* 93 * nssCKFWMechanism_Destroy 94 * 95 */ 96 NSS_IMPLEMENT void 97 nssCKFWMechanism_Destroy( 98 NSSCKFWMechanism *fwMechanism) 99 { 100 /* destroy any fw resources held by nssCKFWMechanism (currently none) */ 101 102 if (fwMechanism->mdMechanism->Destroy) { 103 /* destroys it's parent as well */ 104 fwMechanism->mdMechanism->Destroy( 105 fwMechanism->mdMechanism, 106 fwMechanism, 107 fwMechanism->mdInstance, 108 fwMechanism->fwInstance); 109 } 110 /* if the Destroy function wasn't supplied, then the mechanism is 'static', 111 * and there is nothing to destroy */ 112 return; 113 } 114 115 /* 116 * nssCKFWMechanism_GetMDMechanism 117 * 118 */ 119 NSS_IMPLEMENT NSSCKMDMechanism * 120 nssCKFWMechanism_GetMDMechanism( 121 NSSCKFWMechanism *fwMechanism) 122 { 123 return fwMechanism->mdMechanism; 124 } 125 126 /* 127 * nssCKFWMechanism_GetMinKeySize 128 * 129 */ 130 NSS_IMPLEMENT CK_ULONG 131 nssCKFWMechanism_GetMinKeySize( 132 NSSCKFWMechanism *fwMechanism, 133 CK_RV *pError) 134 { 135 if (!fwMechanism->mdMechanism->GetMinKeySize) { 136 return 0; 137 } 138 139 return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, 140 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 141 fwMechanism->mdInstance, fwMechanism->fwInstance, pError); 142 } 143 144 /* 145 * nssCKFWMechanism_GetMaxKeySize 146 * 147 */ 148 NSS_IMPLEMENT CK_ULONG 149 nssCKFWMechanism_GetMaxKeySize( 150 NSSCKFWMechanism *fwMechanism, 151 CK_RV *pError) 152 { 153 if (!fwMechanism->mdMechanism->GetMaxKeySize) { 154 return 0; 155 } 156 157 return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, 158 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 159 fwMechanism->mdInstance, fwMechanism->fwInstance, pError); 160 } 161 162 /* 163 * nssCKFWMechanism_GetInHardware 164 * 165 */ 166 NSS_IMPLEMENT CK_BBOOL 167 nssCKFWMechanism_GetInHardware( 168 NSSCKFWMechanism *fwMechanism, 169 CK_RV *pError) 170 { 171 if (!fwMechanism->mdMechanism->GetInHardware) { 172 return CK_FALSE; 173 } 174 175 return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, 176 fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, 177 fwMechanism->mdInstance, fwMechanism->fwInstance, pError); 178 } 179 180 /* 181 * the following are determined automatically by which of the cryptographic 182 * functions are defined for this mechanism. 183 */ 184 /* 185 * nssCKFWMechanism_GetCanEncrypt 186 * 187 */ 188 NSS_EXTERN CK_BBOOL 189 nssCKFWMechanism_GetCanEncrypt( 190 NSSCKFWMechanism *fwMechanism, 191 CK_RV *pError) 192 { 193 if (!fwMechanism->mdMechanism->EncryptInit) { 194 return CK_FALSE; 195 } 196 return CK_TRUE; 197 } 198 199 /* 200 * nssCKFWMechanism_GetCanDecrypt 201 * 202 */ 203 NSS_EXTERN CK_BBOOL 204 nssCKFWMechanism_GetCanDecrypt( 205 NSSCKFWMechanism *fwMechanism, 206 CK_RV *pError) 207 { 208 if (!fwMechanism->mdMechanism->DecryptInit) { 209 return CK_FALSE; 210 } 211 return CK_TRUE; 212 } 213 214 /* 215 * nssCKFWMechanism_GetCanDigest 216 * 217 */ 218 NSS_EXTERN CK_BBOOL 219 nssCKFWMechanism_GetCanDigest( 220 NSSCKFWMechanism *fwMechanism, 221 CK_RV *pError) 222 { 223 if (!fwMechanism->mdMechanism->DigestInit) { 224 return CK_FALSE; 225 } 226 return CK_TRUE; 227 } 228 229 /* 230 * nssCKFWMechanism_GetCanSign 231 * 232 */ 233 NSS_EXTERN CK_BBOOL 234 nssCKFWMechanism_GetCanSign( 235 NSSCKFWMechanism *fwMechanism, 236 CK_RV *pError) 237 { 238 if (!fwMechanism->mdMechanism->SignInit) { 239 return CK_FALSE; 240 } 241 return CK_TRUE; 242 } 243 244 /* 245 * nssCKFWMechanism_GetCanSignRecover 246 * 247 */ 248 NSS_EXTERN CK_BBOOL 249 nssCKFWMechanism_GetCanSignRecover( 250 NSSCKFWMechanism *fwMechanism, 251 CK_RV *pError) 252 { 253 if (!fwMechanism->mdMechanism->SignRecoverInit) { 254 return CK_FALSE; 255 } 256 return CK_TRUE; 257 } 258 259 /* 260 * nssCKFWMechanism_GetCanVerify 261 * 262 */ 263 NSS_EXTERN CK_BBOOL 264 nssCKFWMechanism_GetCanVerify( 265 NSSCKFWMechanism *fwMechanism, 266 CK_RV *pError) 267 { 268 if (!fwMechanism->mdMechanism->VerifyInit) { 269 return CK_FALSE; 270 } 271 return CK_TRUE; 272 } 273 274 /* 275 * nssCKFWMechanism_GetCanVerifyRecover 276 * 277 */ 278 NSS_EXTERN CK_BBOOL 279 nssCKFWMechanism_GetCanVerifyRecover( 280 NSSCKFWMechanism *fwMechanism, 281 CK_RV *pError) 282 { 283 if (!fwMechanism->mdMechanism->VerifyRecoverInit) { 284 return CK_FALSE; 285 } 286 return CK_TRUE; 287 } 288 289 /* 290 * nssCKFWMechanism_GetCanGenerate 291 * 292 */ 293 NSS_EXTERN CK_BBOOL 294 nssCKFWMechanism_GetCanGenerate( 295 NSSCKFWMechanism *fwMechanism, 296 CK_RV *pError) 297 { 298 if (!fwMechanism->mdMechanism->GenerateKey) { 299 return CK_FALSE; 300 } 301 return CK_TRUE; 302 } 303 304 /* 305 * nssCKFWMechanism_GetCanGenerateKeyPair 306 * 307 */ 308 NSS_EXTERN CK_BBOOL 309 nssCKFWMechanism_GetCanGenerateKeyPair( 310 NSSCKFWMechanism *fwMechanism, 311 CK_RV *pError) 312 { 313 if (!fwMechanism->mdMechanism->GenerateKeyPair) { 314 return CK_FALSE; 315 } 316 return CK_TRUE; 317 } 318 319 /* 320 * nssCKFWMechanism_GetCanUnwrap 321 * 322 */ 323 NSS_EXTERN CK_BBOOL 324 nssCKFWMechanism_GetCanUnwrap( 325 NSSCKFWMechanism *fwMechanism, 326 CK_RV *pError) 327 { 328 if (!fwMechanism->mdMechanism->UnwrapKey) { 329 return CK_FALSE; 330 } 331 return CK_TRUE; 332 } 333 334 /* 335 * nssCKFWMechanism_GetCanWrap 336 * 337 */ 338 NSS_EXTERN CK_BBOOL 339 nssCKFWMechanism_GetCanWrap( 340 NSSCKFWMechanism *fwMechanism, 341 CK_RV *pError) 342 { 343 if (!fwMechanism->mdMechanism->WrapKey) { 344 return CK_FALSE; 345 } 346 return CK_TRUE; 347 } 348 349 /* 350 * nssCKFWMechanism_GetCanDerive 351 * 352 */ 353 NSS_EXTERN CK_BBOOL 354 nssCKFWMechanism_GetCanDerive( 355 NSSCKFWMechanism *fwMechanism, 356 CK_RV *pError) 357 { 358 if (!fwMechanism->mdMechanism->DeriveKey) { 359 return CK_FALSE; 360 } 361 return CK_TRUE; 362 } 363 364 /* 365 * These are the actual crypto operations 366 */ 367 368 /* 369 * nssCKFWMechanism_EncryptInit 370 * Start an encryption session. 371 */ 372 NSS_EXTERN CK_RV 373 nssCKFWMechanism_EncryptInit( 374 NSSCKFWMechanism *fwMechanism, 375 CK_MECHANISM *pMechanism, 376 NSSCKFWSession *fwSession, 377 NSSCKFWObject *fwObject) 378 { 379 NSSCKFWCryptoOperation *fwOperation; 380 NSSCKMDCryptoOperation *mdOperation; 381 NSSCKMDSession *mdSession; 382 NSSCKMDObject *mdObject; 383 CK_RV error = CKR_OK; 384 385 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 386 NSSCKFWCryptoOperationState_EncryptDecrypt); 387 if (fwOperation) { 388 return CKR_OPERATION_ACTIVE; 389 } 390 391 if (!fwMechanism->mdMechanism->EncryptInit) { 392 return CKR_FUNCTION_FAILED; 393 } 394 395 mdSession = nssCKFWSession_GetMDSession(fwSession); 396 mdObject = nssCKFWObject_GetMDObject(fwObject); 397 mdOperation = fwMechanism->mdMechanism->EncryptInit( 398 fwMechanism->mdMechanism, 399 fwMechanism, 400 pMechanism, 401 mdSession, 402 fwSession, 403 fwMechanism->mdToken, 404 fwMechanism->fwToken, 405 fwMechanism->mdInstance, 406 fwMechanism->fwInstance, 407 mdObject, 408 fwObject, 409 &error); 410 if (!mdOperation) { 411 goto loser; 412 } 413 414 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 415 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 416 fwMechanism->mdInstance, fwMechanism->fwInstance, 417 NSSCKFWCryptoOperationType_Encrypt, &error); 418 if (fwOperation) { 419 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 420 NSSCKFWCryptoOperationState_EncryptDecrypt); 421 } 422 423 loser: 424 return error; 425 } 426 427 /* 428 * nssCKFWMechanism_DecryptInit 429 * Start an encryption session. 430 */ 431 NSS_EXTERN CK_RV 432 nssCKFWMechanism_DecryptInit( 433 NSSCKFWMechanism *fwMechanism, 434 CK_MECHANISM *pMechanism, 435 NSSCKFWSession *fwSession, 436 NSSCKFWObject *fwObject) 437 { 438 NSSCKFWCryptoOperation *fwOperation; 439 NSSCKMDCryptoOperation *mdOperation; 440 NSSCKMDSession *mdSession; 441 NSSCKMDObject *mdObject; 442 CK_RV error = CKR_OK; 443 444 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 445 NSSCKFWCryptoOperationState_EncryptDecrypt); 446 if (fwOperation) { 447 return CKR_OPERATION_ACTIVE; 448 } 449 450 if (!fwMechanism->mdMechanism->DecryptInit) { 451 return CKR_FUNCTION_FAILED; 452 } 453 454 mdSession = nssCKFWSession_GetMDSession(fwSession); 455 mdObject = nssCKFWObject_GetMDObject(fwObject); 456 mdOperation = fwMechanism->mdMechanism->DecryptInit( 457 fwMechanism->mdMechanism, 458 fwMechanism, 459 pMechanism, 460 mdSession, 461 fwSession, 462 fwMechanism->mdToken, 463 fwMechanism->fwToken, 464 fwMechanism->mdInstance, 465 fwMechanism->fwInstance, 466 mdObject, 467 fwObject, 468 &error); 469 if (!mdOperation) { 470 goto loser; 471 } 472 473 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 474 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 475 fwMechanism->mdInstance, fwMechanism->fwInstance, 476 NSSCKFWCryptoOperationType_Decrypt, &error); 477 if (fwOperation) { 478 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 479 NSSCKFWCryptoOperationState_EncryptDecrypt); 480 } 481 482 loser: 483 return error; 484 } 485 486 /* 487 * nssCKFWMechanism_DigestInit 488 * Start an encryption session. 489 */ 490 NSS_EXTERN CK_RV 491 nssCKFWMechanism_DigestInit( 492 NSSCKFWMechanism *fwMechanism, 493 CK_MECHANISM *pMechanism, 494 NSSCKFWSession *fwSession) 495 { 496 NSSCKFWCryptoOperation *fwOperation; 497 NSSCKMDCryptoOperation *mdOperation; 498 NSSCKMDSession *mdSession; 499 CK_RV error = CKR_OK; 500 501 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 502 NSSCKFWCryptoOperationState_Digest); 503 if (fwOperation) { 504 return CKR_OPERATION_ACTIVE; 505 } 506 507 if (!fwMechanism->mdMechanism->DigestInit) { 508 return CKR_FUNCTION_FAILED; 509 } 510 511 mdSession = nssCKFWSession_GetMDSession(fwSession); 512 mdOperation = fwMechanism->mdMechanism->DigestInit( 513 fwMechanism->mdMechanism, 514 fwMechanism, 515 pMechanism, 516 mdSession, 517 fwSession, 518 fwMechanism->mdToken, 519 fwMechanism->fwToken, 520 fwMechanism->mdInstance, 521 fwMechanism->fwInstance, 522 &error); 523 if (!mdOperation) { 524 goto loser; 525 } 526 527 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 528 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 529 fwMechanism->mdInstance, fwMechanism->fwInstance, 530 NSSCKFWCryptoOperationType_Digest, &error); 531 if (fwOperation) { 532 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 533 NSSCKFWCryptoOperationState_Digest); 534 } 535 536 loser: 537 return error; 538 } 539 540 /* 541 * nssCKFWMechanism_SignInit 542 * Start an encryption session. 543 */ 544 NSS_EXTERN CK_RV 545 nssCKFWMechanism_SignInit( 546 NSSCKFWMechanism *fwMechanism, 547 CK_MECHANISM *pMechanism, 548 NSSCKFWSession *fwSession, 549 NSSCKFWObject *fwObject) 550 { 551 NSSCKFWCryptoOperation *fwOperation; 552 NSSCKMDCryptoOperation *mdOperation; 553 NSSCKMDSession *mdSession; 554 NSSCKMDObject *mdObject; 555 CK_RV error = CKR_OK; 556 557 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 558 NSSCKFWCryptoOperationState_SignVerify); 559 if (fwOperation) { 560 return CKR_OPERATION_ACTIVE; 561 } 562 563 if (!fwMechanism->mdMechanism->SignInit) { 564 return CKR_FUNCTION_FAILED; 565 } 566 567 mdSession = nssCKFWSession_GetMDSession(fwSession); 568 mdObject = nssCKFWObject_GetMDObject(fwObject); 569 mdOperation = fwMechanism->mdMechanism->SignInit( 570 fwMechanism->mdMechanism, 571 fwMechanism, 572 pMechanism, 573 mdSession, 574 fwSession, 575 fwMechanism->mdToken, 576 fwMechanism->fwToken, 577 fwMechanism->mdInstance, 578 fwMechanism->fwInstance, 579 mdObject, 580 fwObject, 581 &error); 582 if (!mdOperation) { 583 goto loser; 584 } 585 586 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 587 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 588 fwMechanism->mdInstance, fwMechanism->fwInstance, 589 NSSCKFWCryptoOperationType_Sign, &error); 590 if (fwOperation) { 591 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 592 NSSCKFWCryptoOperationState_SignVerify); 593 } 594 595 loser: 596 return error; 597 } 598 599 /* 600 * nssCKFWMechanism_VerifyInit 601 * Start an encryption session. 602 */ 603 NSS_EXTERN CK_RV 604 nssCKFWMechanism_VerifyInit( 605 NSSCKFWMechanism *fwMechanism, 606 CK_MECHANISM *pMechanism, 607 NSSCKFWSession *fwSession, 608 NSSCKFWObject *fwObject) 609 { 610 NSSCKFWCryptoOperation *fwOperation; 611 NSSCKMDCryptoOperation *mdOperation; 612 NSSCKMDSession *mdSession; 613 NSSCKMDObject *mdObject; 614 CK_RV error = CKR_OK; 615 616 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 617 NSSCKFWCryptoOperationState_SignVerify); 618 if (fwOperation) { 619 return CKR_OPERATION_ACTIVE; 620 } 621 622 if (!fwMechanism->mdMechanism->VerifyInit) { 623 return CKR_FUNCTION_FAILED; 624 } 625 626 mdSession = nssCKFWSession_GetMDSession(fwSession); 627 mdObject = nssCKFWObject_GetMDObject(fwObject); 628 mdOperation = fwMechanism->mdMechanism->VerifyInit( 629 fwMechanism->mdMechanism, 630 fwMechanism, 631 pMechanism, 632 mdSession, 633 fwSession, 634 fwMechanism->mdToken, 635 fwMechanism->fwToken, 636 fwMechanism->mdInstance, 637 fwMechanism->fwInstance, 638 mdObject, 639 fwObject, 640 &error); 641 if (!mdOperation) { 642 goto loser; 643 } 644 645 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 646 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 647 fwMechanism->mdInstance, fwMechanism->fwInstance, 648 NSSCKFWCryptoOperationType_Verify, &error); 649 if (fwOperation) { 650 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 651 NSSCKFWCryptoOperationState_SignVerify); 652 } 653 654 loser: 655 return error; 656 } 657 658 /* 659 * nssCKFWMechanism_SignRecoverInit 660 * Start an encryption session. 661 */ 662 NSS_EXTERN CK_RV 663 nssCKFWMechanism_SignRecoverInit( 664 NSSCKFWMechanism *fwMechanism, 665 CK_MECHANISM *pMechanism, 666 NSSCKFWSession *fwSession, 667 NSSCKFWObject *fwObject) 668 { 669 NSSCKFWCryptoOperation *fwOperation; 670 NSSCKMDCryptoOperation *mdOperation; 671 NSSCKMDSession *mdSession; 672 NSSCKMDObject *mdObject; 673 CK_RV error = CKR_OK; 674 675 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 676 NSSCKFWCryptoOperationState_SignVerify); 677 if (fwOperation) { 678 return CKR_OPERATION_ACTIVE; 679 } 680 681 if (!fwMechanism->mdMechanism->SignRecoverInit) { 682 return CKR_FUNCTION_FAILED; 683 } 684 685 mdSession = nssCKFWSession_GetMDSession(fwSession); 686 mdObject = nssCKFWObject_GetMDObject(fwObject); 687 mdOperation = fwMechanism->mdMechanism->SignRecoverInit( 688 fwMechanism->mdMechanism, 689 fwMechanism, 690 pMechanism, 691 mdSession, 692 fwSession, 693 fwMechanism->mdToken, 694 fwMechanism->fwToken, 695 fwMechanism->mdInstance, 696 fwMechanism->fwInstance, 697 mdObject, 698 fwObject, 699 &error); 700 if (!mdOperation) { 701 goto loser; 702 } 703 704 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 705 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 706 fwMechanism->mdInstance, fwMechanism->fwInstance, 707 NSSCKFWCryptoOperationType_SignRecover, &error); 708 if (fwOperation) { 709 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 710 NSSCKFWCryptoOperationState_SignVerify); 711 } 712 713 loser: 714 return error; 715 } 716 717 /* 718 * nssCKFWMechanism_VerifyRecoverInit 719 * Start an encryption session. 720 */ 721 NSS_EXTERN CK_RV 722 nssCKFWMechanism_VerifyRecoverInit( 723 NSSCKFWMechanism *fwMechanism, 724 CK_MECHANISM *pMechanism, 725 NSSCKFWSession *fwSession, 726 NSSCKFWObject *fwObject) 727 { 728 NSSCKFWCryptoOperation *fwOperation; 729 NSSCKMDCryptoOperation *mdOperation; 730 NSSCKMDSession *mdSession; 731 NSSCKMDObject *mdObject; 732 CK_RV error = CKR_OK; 733 734 fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, 735 NSSCKFWCryptoOperationState_SignVerify); 736 if (fwOperation) { 737 return CKR_OPERATION_ACTIVE; 738 } 739 740 if (!fwMechanism->mdMechanism->VerifyRecoverInit) { 741 return CKR_FUNCTION_FAILED; 742 } 743 744 mdSession = nssCKFWSession_GetMDSession(fwSession); 745 mdObject = nssCKFWObject_GetMDObject(fwObject); 746 mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( 747 fwMechanism->mdMechanism, 748 fwMechanism, 749 pMechanism, 750 mdSession, 751 fwSession, 752 fwMechanism->mdToken, 753 fwMechanism->fwToken, 754 fwMechanism->mdInstance, 755 fwMechanism->fwInstance, 756 mdObject, 757 fwObject, 758 &error); 759 if (!mdOperation) { 760 goto loser; 761 } 762 763 fwOperation = nssCKFWCryptoOperation_Create(mdOperation, 764 mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, 765 fwMechanism->mdInstance, fwMechanism->fwInstance, 766 NSSCKFWCryptoOperationType_VerifyRecover, &error); 767 if (fwOperation) { 768 nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, 769 NSSCKFWCryptoOperationState_SignVerify); 770 } 771 772 loser: 773 return error; 774 } 775 776 /* 777 * nssCKFWMechanism_GenerateKey 778 */ 779 NSS_EXTERN NSSCKFWObject * 780 nssCKFWMechanism_GenerateKey( 781 NSSCKFWMechanism *fwMechanism, 782 CK_MECHANISM_PTR pMechanism, 783 NSSCKFWSession *fwSession, 784 CK_ATTRIBUTE_PTR pTemplate, 785 CK_ULONG ulAttributeCount, 786 CK_RV *pError) 787 { 788 NSSCKMDSession *mdSession; 789 NSSCKMDObject *mdObject; 790 NSSCKFWObject *fwObject = NULL; 791 NSSArena *arena; 792 793 if (!fwMechanism->mdMechanism->GenerateKey) { 794 *pError = CKR_FUNCTION_FAILED; 795 return (NSSCKFWObject *)NULL; 796 } 797 798 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); 799 if (!arena) { 800 if (CKR_OK == *pError) { 801 *pError = CKR_GENERAL_ERROR; 802 } 803 return (NSSCKFWObject *)NULL; 804 } 805 806 mdSession = nssCKFWSession_GetMDSession(fwSession); 807 mdObject = fwMechanism->mdMechanism->GenerateKey( 808 fwMechanism->mdMechanism, 809 fwMechanism, 810 pMechanism, 811 mdSession, 812 fwSession, 813 fwMechanism->mdToken, 814 fwMechanism->fwToken, 815 fwMechanism->mdInstance, 816 fwMechanism->fwInstance, 817 pTemplate, 818 ulAttributeCount, 819 pError); 820 821 if (!mdObject) { 822 return (NSSCKFWObject *)NULL; 823 } 824 825 fwObject = nssCKFWObject_Create(arena, mdObject, 826 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); 827 828 return fwObject; 829 } 830 831 /* 832 * nssCKFWMechanism_GenerateKeyPair 833 */ 834 NSS_EXTERN CK_RV 835 nssCKFWMechanism_GenerateKeyPair( 836 NSSCKFWMechanism *fwMechanism, 837 CK_MECHANISM_PTR pMechanism, 838 NSSCKFWSession *fwSession, 839 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 840 CK_ULONG ulPublicKeyAttributeCount, 841 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 842 CK_ULONG ulPrivateKeyAttributeCount, 843 NSSCKFWObject **fwPublicKeyObject, 844 NSSCKFWObject **fwPrivateKeyObject) 845 { 846 NSSCKMDSession *mdSession; 847 NSSCKMDObject *mdPublicKeyObject; 848 NSSCKMDObject *mdPrivateKeyObject; 849 NSSArena *arena; 850 CK_RV error = CKR_OK; 851 852 if (!fwMechanism->mdMechanism->GenerateKeyPair) { 853 return CKR_FUNCTION_FAILED; 854 } 855 856 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); 857 if (!arena) { 858 if (CKR_OK == error) { 859 error = CKR_GENERAL_ERROR; 860 } 861 return error; 862 } 863 864 mdSession = nssCKFWSession_GetMDSession(fwSession); 865 error = fwMechanism->mdMechanism->GenerateKeyPair( 866 fwMechanism->mdMechanism, 867 fwMechanism, 868 pMechanism, 869 mdSession, 870 fwSession, 871 fwMechanism->mdToken, 872 fwMechanism->fwToken, 873 fwMechanism->mdInstance, 874 fwMechanism->fwInstance, 875 pPublicKeyTemplate, 876 ulPublicKeyAttributeCount, 877 pPrivateKeyTemplate, 878 ulPrivateKeyAttributeCount, 879 &mdPublicKeyObject, 880 &mdPrivateKeyObject); 881 882 if (CKR_OK != error) { 883 return error; 884 } 885 886 *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, 887 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); 888 if (!*fwPublicKeyObject) { 889 return error; 890 } 891 *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, 892 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); 893 894 return error; 895 } 896 897 /* 898 * nssCKFWMechanism_GetWrapKeyLength 899 */ 900 NSS_EXTERN CK_ULONG 901 nssCKFWMechanism_GetWrapKeyLength( 902 NSSCKFWMechanism *fwMechanism, 903 CK_MECHANISM_PTR pMechanism, 904 NSSCKFWSession *fwSession, 905 NSSCKFWObject *fwWrappingKeyObject, 906 NSSCKFWObject *fwKeyObject, 907 CK_RV *pError) 908 { 909 NSSCKMDSession *mdSession; 910 NSSCKMDObject *mdWrappingKeyObject; 911 NSSCKMDObject *mdKeyObject; 912 913 if (!fwMechanism->mdMechanism->WrapKey) { 914 *pError = CKR_FUNCTION_FAILED; 915 return (CK_ULONG)0; 916 } 917 918 mdSession = nssCKFWSession_GetMDSession(fwSession); 919 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); 920 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); 921 return fwMechanism->mdMechanism->GetWrapKeyLength( 922 fwMechanism->mdMechanism, 923 fwMechanism, 924 pMechanism, 925 mdSession, 926 fwSession, 927 fwMechanism->mdToken, 928 fwMechanism->fwToken, 929 fwMechanism->mdInstance, 930 fwMechanism->fwInstance, 931 mdWrappingKeyObject, 932 fwWrappingKeyObject, 933 mdKeyObject, 934 fwKeyObject, 935 pError); 936 } 937 938 /* 939 * nssCKFWMechanism_WrapKey 940 */ 941 NSS_EXTERN CK_RV 942 nssCKFWMechanism_WrapKey( 943 NSSCKFWMechanism *fwMechanism, 944 CK_MECHANISM_PTR pMechanism, 945 NSSCKFWSession *fwSession, 946 NSSCKFWObject *fwWrappingKeyObject, 947 NSSCKFWObject *fwKeyObject, 948 NSSItem *wrappedKey) 949 { 950 NSSCKMDSession *mdSession; 951 NSSCKMDObject *mdWrappingKeyObject; 952 NSSCKMDObject *mdKeyObject; 953 954 if (!fwMechanism->mdMechanism->WrapKey) { 955 return CKR_FUNCTION_FAILED; 956 } 957 958 mdSession = nssCKFWSession_GetMDSession(fwSession); 959 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); 960 mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); 961 return fwMechanism->mdMechanism->WrapKey( 962 fwMechanism->mdMechanism, 963 fwMechanism, 964 pMechanism, 965 mdSession, 966 fwSession, 967 fwMechanism->mdToken, 968 fwMechanism->fwToken, 969 fwMechanism->mdInstance, 970 fwMechanism->fwInstance, 971 mdWrappingKeyObject, 972 fwWrappingKeyObject, 973 mdKeyObject, 974 fwKeyObject, 975 wrappedKey); 976 } 977 978 /* 979 * nssCKFWMechanism_UnwrapKey 980 */ 981 NSS_EXTERN NSSCKFWObject * 982 nssCKFWMechanism_UnwrapKey( 983 NSSCKFWMechanism *fwMechanism, 984 CK_MECHANISM_PTR pMechanism, 985 NSSCKFWSession *fwSession, 986 NSSCKFWObject *fwWrappingKeyObject, 987 NSSItem *wrappedKey, 988 CK_ATTRIBUTE_PTR pTemplate, 989 CK_ULONG ulAttributeCount, 990 CK_RV *pError) 991 { 992 NSSCKMDSession *mdSession; 993 NSSCKMDObject *mdObject; 994 NSSCKMDObject *mdWrappingKeyObject; 995 NSSCKFWObject *fwObject = NULL; 996 NSSArena *arena; 997 998 if (!fwMechanism->mdMechanism->UnwrapKey) { 999 /* we could simulate UnwrapKey using Decrypt and Create object, but 1000 * 1) it's not clear that would work well, and 2) the low level token 1001 * may want to restrict unwrap key for a reason, so just fail it it 1002 * can't be done */ 1003 *pError = CKR_FUNCTION_FAILED; 1004 return (NSSCKFWObject *)NULL; 1005 } 1006 1007 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); 1008 if (!arena) { 1009 if (CKR_OK == *pError) { 1010 *pError = CKR_GENERAL_ERROR; 1011 } 1012 return (NSSCKFWObject *)NULL; 1013 } 1014 1015 mdSession = nssCKFWSession_GetMDSession(fwSession); 1016 mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); 1017 mdObject = fwMechanism->mdMechanism->UnwrapKey( 1018 fwMechanism->mdMechanism, 1019 fwMechanism, 1020 pMechanism, 1021 mdSession, 1022 fwSession, 1023 fwMechanism->mdToken, 1024 fwMechanism->fwToken, 1025 fwMechanism->mdInstance, 1026 fwMechanism->fwInstance, 1027 mdWrappingKeyObject, 1028 fwWrappingKeyObject, 1029 wrappedKey, 1030 pTemplate, 1031 ulAttributeCount, 1032 pError); 1033 1034 if (!mdObject) { 1035 return (NSSCKFWObject *)NULL; 1036 } 1037 1038 fwObject = nssCKFWObject_Create(arena, mdObject, 1039 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); 1040 1041 return fwObject; 1042 } 1043 1044 /* 1045 * nssCKFWMechanism_DeriveKey 1046 */ 1047 NSS_EXTERN NSSCKFWObject * 1048 nssCKFWMechanism_DeriveKey( 1049 NSSCKFWMechanism *fwMechanism, 1050 CK_MECHANISM_PTR pMechanism, 1051 NSSCKFWSession *fwSession, 1052 NSSCKFWObject *fwBaseKeyObject, 1053 CK_ATTRIBUTE_PTR pTemplate, 1054 CK_ULONG ulAttributeCount, 1055 CK_RV *pError) 1056 { 1057 NSSCKMDSession *mdSession; 1058 NSSCKMDObject *mdObject; 1059 NSSCKMDObject *mdBaseKeyObject; 1060 NSSCKFWObject *fwObject = NULL; 1061 NSSArena *arena; 1062 1063 if (!fwMechanism->mdMechanism->DeriveKey) { 1064 *pError = CKR_FUNCTION_FAILED; 1065 return (NSSCKFWObject *)NULL; 1066 } 1067 1068 arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); 1069 if (!arena) { 1070 if (CKR_OK == *pError) { 1071 *pError = CKR_GENERAL_ERROR; 1072 } 1073 return (NSSCKFWObject *)NULL; 1074 } 1075 1076 mdSession = nssCKFWSession_GetMDSession(fwSession); 1077 mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); 1078 mdObject = fwMechanism->mdMechanism->DeriveKey( 1079 fwMechanism->mdMechanism, 1080 fwMechanism, 1081 pMechanism, 1082 mdSession, 1083 fwSession, 1084 fwMechanism->mdToken, 1085 fwMechanism->fwToken, 1086 fwMechanism->mdInstance, 1087 fwMechanism->fwInstance, 1088 mdBaseKeyObject, 1089 fwBaseKeyObject, 1090 pTemplate, 1091 ulAttributeCount, 1092 pError); 1093 1094 if (!mdObject) { 1095 return (NSSCKFWObject *)NULL; 1096 } 1097 1098 fwObject = nssCKFWObject_Create(arena, mdObject, 1099 fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); 1100 1101 return fwObject; 1102 }