mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-16 04:20:32 +01:00
2461 lines
54 KiB
C
2461 lines
54 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/*
|
|
* session.c
|
|
*
|
|
* This file implements the NSSCKFWSession type and methods.
|
|
*/
|
|
|
|
#ifndef CK_T
|
|
#include "ck.h"
|
|
#endif /* CK_T */
|
|
|
|
/*
|
|
* NSSCKFWSession
|
|
*
|
|
* -- create/destroy --
|
|
* nssCKFWSession_Create
|
|
* nssCKFWSession_Destroy
|
|
*
|
|
* -- public accessors --
|
|
* NSSCKFWSession_GetMDSession
|
|
* NSSCKFWSession_GetArena
|
|
* NSSCKFWSession_CallNotification
|
|
* NSSCKFWSession_IsRWSession
|
|
* NSSCKFWSession_IsSO
|
|
*
|
|
* -- implement public accessors --
|
|
* nssCKFWSession_GetMDSession
|
|
* nssCKFWSession_GetArena
|
|
* nssCKFWSession_CallNotification
|
|
* nssCKFWSession_IsRWSession
|
|
* nssCKFWSession_IsSO
|
|
*
|
|
* -- private accessors --
|
|
* nssCKFWSession_GetSlot
|
|
* nssCKFWSession_GetSessionState
|
|
* nssCKFWSession_SetFWFindObjects
|
|
* nssCKFWSession_GetFWFindObjects
|
|
* nssCKFWSession_SetMDSession
|
|
* nssCKFWSession_SetHandle
|
|
* nssCKFWSession_GetHandle
|
|
* nssCKFWSession_RegisterSessionObject
|
|
* nssCKFWSession_DeegisterSessionObject
|
|
*
|
|
* -- module fronts --
|
|
* nssCKFWSession_GetDeviceError
|
|
* nssCKFWSession_Login
|
|
* nssCKFWSession_Logout
|
|
* nssCKFWSession_InitPIN
|
|
* nssCKFWSession_SetPIN
|
|
* nssCKFWSession_GetOperationStateLen
|
|
* nssCKFWSession_GetOperationState
|
|
* nssCKFWSession_SetOperationState
|
|
* nssCKFWSession_CreateObject
|
|
* nssCKFWSession_CopyObject
|
|
* nssCKFWSession_FindObjectsInit
|
|
* nssCKFWSession_SeedRandom
|
|
* nssCKFWSession_GetRandom
|
|
*/
|
|
|
|
struct NSSCKFWSessionStr {
|
|
NSSArena *arena;
|
|
NSSCKMDSession *mdSession;
|
|
NSSCKFWToken *fwToken;
|
|
NSSCKMDToken *mdToken;
|
|
NSSCKFWInstance *fwInstance;
|
|
NSSCKMDInstance *mdInstance;
|
|
CK_VOID_PTR pApplication;
|
|
CK_NOTIFY Notify;
|
|
|
|
/*
|
|
* Everything above is set at creation time, and then not modified.
|
|
* The items below are atomic. No locking required. If we fear
|
|
* about pointer-copies being nonatomic, we'll lock fwFindObjects.
|
|
*/
|
|
|
|
CK_BBOOL rw;
|
|
NSSCKFWFindObjects *fwFindObjects;
|
|
NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
|
|
nssCKFWHash *sessionObjectHash;
|
|
CK_SESSION_HANDLE hSession;
|
|
};
|
|
|
|
#ifdef DEBUG
|
|
/*
|
|
* But first, the pointer-tracking stuff.
|
|
*
|
|
* NOTE: the pointer-tracking support in NSS/base currently relies
|
|
* upon NSPR's CallOnce support. That, however, relies upon NSPR's
|
|
* locking, which is tied into the runtime. We need a pointer-tracker
|
|
* implementation that uses the locks supplied through C_Initialize.
|
|
* That support, however, can be filled in later. So for now, I'll
|
|
* just do this routines as no-ops.
|
|
*/
|
|
|
|
static CK_RV
|
|
session_add_pointer
|
|
(
|
|
const NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
return CKR_OK;
|
|
}
|
|
|
|
static CK_RV
|
|
session_remove_pointer
|
|
(
|
|
const NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
return CKR_OK;
|
|
}
|
|
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_verifyPointer
|
|
(
|
|
const NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
return CKR_OK;
|
|
}
|
|
|
|
#endif /* DEBUG */
|
|
|
|
/*
|
|
* nssCKFWSession_Create
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWSession *
|
|
nssCKFWSession_Create
|
|
(
|
|
NSSCKFWToken *fwToken,
|
|
CK_BBOOL rw,
|
|
CK_VOID_PTR pApplication,
|
|
CK_NOTIFY Notify,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
NSSArena *arena = (NSSArena *)NULL;
|
|
NSSCKFWSession *fwSession;
|
|
NSSCKFWSlot *fwSlot;
|
|
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSCKFWSession *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWToken_verifyPointer(fwToken);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSCKFWSession *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
arena = NSSArena_Create();
|
|
if (!arena) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
return (NSSCKFWSession *)NULL;
|
|
}
|
|
|
|
fwSession = nss_ZNEW(arena, NSSCKFWSession);
|
|
if (!fwSession) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
goto loser;
|
|
}
|
|
|
|
fwSession->arena = arena;
|
|
fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
|
|
fwSession->fwToken = fwToken;
|
|
fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
|
|
|
|
fwSlot = nssCKFWToken_GetFWSlot(fwToken);
|
|
fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
|
|
fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
|
|
|
|
fwSession->rw = rw;
|
|
fwSession->pApplication = pApplication;
|
|
fwSession->Notify = Notify;
|
|
|
|
fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
|
|
|
|
fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
|
|
if (!fwSession->sessionObjectHash) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
goto loser;
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
*pError = session_add_pointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
goto loser;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return fwSession;
|
|
|
|
loser:
|
|
if (arena) {
|
|
if (fwSession && fwSession->sessionObjectHash) {
|
|
(void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
|
|
}
|
|
NSSArena_Destroy(arena);
|
|
}
|
|
|
|
return (NSSCKFWSession *)NULL;
|
|
}
|
|
|
|
static void
|
|
nss_ckfw_session_object_destroy_iterator
|
|
(
|
|
const void *key,
|
|
void *value,
|
|
void *closure
|
|
)
|
|
{
|
|
NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
|
|
nssCKFWObject_Finalize(fwObject, PR_TRUE);
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_Destroy
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_Destroy
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_BBOOL removeFromTokenHash
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
nssCKFWHash *sessionObjectHash;
|
|
NSSCKFWCryptoOperationState i;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if( removeFromTokenHash ) {
|
|
error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
|
|
}
|
|
|
|
/*
|
|
* Invalidate session objects
|
|
*/
|
|
|
|
sessionObjectHash = fwSession->sessionObjectHash;
|
|
fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
|
|
|
|
nssCKFWHash_Iterate(sessionObjectHash,
|
|
nss_ckfw_session_object_destroy_iterator,
|
|
(void *)NULL);
|
|
|
|
for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) {
|
|
if (fwSession->fwOperationArray[i]) {
|
|
nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
|
|
}
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
(void)session_remove_pointer(fwSession);
|
|
#endif /* DEBUG */
|
|
(void)nssCKFWHash_Destroy(sessionObjectHash);
|
|
NSSArena_Destroy(fwSession->arena);
|
|
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetMDSession
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKMDSession *
|
|
nssCKFWSession_GetMDSession
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return (NSSCKMDSession *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return fwSession->mdSession;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetArena
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSArena *
|
|
nssCKFWSession_GetArena
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSArena *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSArena *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return fwSession->arena;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_CallNotification
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_CallNotification
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_NOTIFICATION event
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_SESSION_HANDLE handle;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if( (CK_NOTIFY)NULL == fwSession->Notify ) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
|
|
if( (CK_SESSION_HANDLE)0 == handle ) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
error = fwSession->Notify(handle, event, fwSession->pApplication);
|
|
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_IsRWSession
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_BBOOL
|
|
nssCKFWSession_IsRWSession
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CK_FALSE;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return fwSession->rw;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_IsSO
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_BBOOL
|
|
nssCKFWSession_IsSO
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
CK_STATE state;
|
|
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CK_FALSE;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
state = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
|
switch( state ) {
|
|
case CKS_RO_PUBLIC_SESSION:
|
|
case CKS_RO_USER_FUNCTIONS:
|
|
case CKS_RW_PUBLIC_SESSION:
|
|
case CKS_RW_USER_FUNCTIONS:
|
|
return CK_FALSE;
|
|
case CKS_RW_SO_FUNCTIONS:
|
|
return CK_TRUE;
|
|
default:
|
|
return CK_FALSE;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetFWSlot
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWSlot *
|
|
nssCKFWSession_GetFWSlot
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return (NSSCKFWSlot *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return nssCKFWToken_GetFWSlot(fwSession->fwToken);
|
|
}
|
|
|
|
/*
|
|
* nssCFKWSession_GetSessionState
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_STATE
|
|
nssCKFWSession_GetSessionState
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CKS_RO_PUBLIC_SESSION; /* whatever */
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return nssCKFWToken_GetSessionState(fwSession->fwToken);
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SetFWFindObjects
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SetFWFindObjects
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWFindObjects *fwFindObjects
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
CK_RV error = CKR_OK;
|
|
#endif /* NSSDEBUG */
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
/* fwFindObjects may be null */
|
|
#endif /* NSSDEBUG */
|
|
|
|
if ((fwSession->fwFindObjects) &&
|
|
(fwFindObjects)) {
|
|
return CKR_OPERATION_ACTIVE;
|
|
}
|
|
|
|
fwSession->fwFindObjects = fwFindObjects;
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetFWFindObjects
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWFindObjects *
|
|
nssCKFWSession_GetFWFindObjects
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->fwFindObjects) {
|
|
*pError = CKR_OPERATION_NOT_INITIALIZED;
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
return fwSession->fwFindObjects;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SetMDSession
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SetMDSession
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKMDSession *mdSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
CK_RV error = CKR_OK;
|
|
#endif /* NSSDEBUG */
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!mdSession) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
fwSession->mdSession = mdSession;
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SetHandle
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SetHandle
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_SESSION_HANDLE hSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
CK_RV error = CKR_OK;
|
|
#endif /* NSSDEBUG */
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
fwSession->hSession = hSession;
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetHandle
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_SESSION_HANDLE
|
|
nssCKFWSession_GetHandle
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
return fwSession->hSession;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_RegisterSessionObject
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_RegisterSessionObject
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWObject *fwObject
|
|
)
|
|
{
|
|
CK_RV rv = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (fwSession->sessionObjectHash) {
|
|
rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_DeregisterSessionObject
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_DeregisterSessionObject
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWObject *fwObject
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (fwSession->sessionObjectHash) {
|
|
nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
|
|
}
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetDeviceError
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_ULONG
|
|
nssCKFWSession_GetDeviceError
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->mdSession->GetDeviceError) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance);
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_Login
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_Login
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_USER_TYPE userType,
|
|
NSSItem *pin
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_STATE oldState;
|
|
CK_STATE newState;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
switch( userType ) {
|
|
case CKU_SO:
|
|
case CKU_USER:
|
|
break;
|
|
default:
|
|
return CKR_USER_TYPE_INVALID;
|
|
}
|
|
|
|
if (!pin) {
|
|
if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
|
|
|
/*
|
|
* It's not clear what happens when you're already logged in.
|
|
* I'll just fail; but if we decide to change, the logic is
|
|
* all right here.
|
|
*/
|
|
|
|
if( CKU_SO == userType ) {
|
|
switch( oldState ) {
|
|
case CKS_RO_PUBLIC_SESSION:
|
|
/*
|
|
* There's no such thing as a read-only security officer
|
|
* session, so fail. The error should be CKR_SESSION_READ_ONLY,
|
|
* except that C_Login isn't defined to return that. So we'll
|
|
* do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
|
|
*/
|
|
return CKR_SESSION_READ_ONLY_EXISTS;
|
|
case CKS_RO_USER_FUNCTIONS:
|
|
return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
|
case CKS_RW_PUBLIC_SESSION:
|
|
newState = CKS_RW_SO_FUNCTIONS;
|
|
break;
|
|
case CKS_RW_USER_FUNCTIONS:
|
|
return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
|
case CKS_RW_SO_FUNCTIONS:
|
|
return CKR_USER_ALREADY_LOGGED_IN;
|
|
default:
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
} else /* CKU_USER == userType */ {
|
|
switch( oldState ) {
|
|
case CKS_RO_PUBLIC_SESSION:
|
|
newState = CKS_RO_USER_FUNCTIONS;
|
|
break;
|
|
case CKS_RO_USER_FUNCTIONS:
|
|
return CKR_USER_ALREADY_LOGGED_IN;
|
|
case CKS_RW_PUBLIC_SESSION:
|
|
newState = CKS_RW_USER_FUNCTIONS;
|
|
break;
|
|
case CKS_RW_USER_FUNCTIONS:
|
|
return CKR_USER_ALREADY_LOGGED_IN;
|
|
case CKS_RW_SO_FUNCTIONS:
|
|
return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
|
|
default:
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* So now we're in one of three cases:
|
|
*
|
|
* Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
|
|
* Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
|
|
* Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
|
|
*/
|
|
|
|
if (!fwSession->mdSession->Login) {
|
|
/*
|
|
* The Module doesn't want to be informed (or check the pin)
|
|
* it'll just rely on the Framework as needed.
|
|
*/
|
|
;
|
|
} else {
|
|
error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, userType, pin, oldState, newState);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
}
|
|
|
|
(void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_Logout
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_Logout
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_STATE oldState;
|
|
CK_STATE newState;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
|
|
|
switch( oldState ) {
|
|
case CKS_RO_PUBLIC_SESSION:
|
|
return CKR_USER_NOT_LOGGED_IN;
|
|
case CKS_RO_USER_FUNCTIONS:
|
|
newState = CKS_RO_PUBLIC_SESSION;
|
|
break;
|
|
case CKS_RW_PUBLIC_SESSION:
|
|
return CKR_USER_NOT_LOGGED_IN;
|
|
case CKS_RW_USER_FUNCTIONS:
|
|
newState = CKS_RW_PUBLIC_SESSION;
|
|
break;
|
|
case CKS_RW_SO_FUNCTIONS:
|
|
newState = CKS_RW_PUBLIC_SESSION;
|
|
break;
|
|
default:
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
/*
|
|
* So now we're in one of three cases:
|
|
*
|
|
* Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
|
|
* Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
|
|
* Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
|
|
*/
|
|
|
|
if (!fwSession->mdSession->Logout) {
|
|
/*
|
|
* The Module doesn't want to be informed. Okay.
|
|
*/
|
|
;
|
|
} else {
|
|
error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, oldState, newState);
|
|
if( CKR_OK != error ) {
|
|
/*
|
|
* Now what?! A failure really should end up with the Framework
|
|
* considering it logged out, right?
|
|
*/
|
|
;
|
|
}
|
|
}
|
|
|
|
(void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_InitPIN
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_InitPIN
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *pin
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_STATE state;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
state = nssCKFWToken_GetSessionState(fwSession->fwToken);
|
|
if( CKS_RW_SO_FUNCTIONS != state ) {
|
|
return CKR_USER_NOT_LOGGED_IN;
|
|
}
|
|
|
|
if (!pin) {
|
|
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
|
if( CK_TRUE != has ) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
}
|
|
|
|
if (!fwSession->mdSession->InitPIN) {
|
|
return CKR_TOKEN_WRITE_PROTECTED;
|
|
}
|
|
|
|
error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, pin);
|
|
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SetPIN
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SetPIN
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *newPin,
|
|
NSSItem *oldPin
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!newPin) {
|
|
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
|
if( CK_TRUE != has ) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
}
|
|
|
|
if (!oldPin) {
|
|
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
|
if( CK_TRUE != has ) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
}
|
|
|
|
if (!fwSession->mdSession->SetPIN) {
|
|
return CKR_TOKEN_WRITE_PROTECTED;
|
|
}
|
|
|
|
error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, newPin, oldPin);
|
|
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetOperationStateLen
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_ULONG
|
|
nssCKFWSession_GetOperationStateLen
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
CK_ULONG mdAmt;
|
|
CK_ULONG fwAmt;
|
|
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
return (CK_ULONG)0;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->mdSession->GetOperationStateLen) {
|
|
*pError = CKR_STATE_UNSAVEABLE;
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
/*
|
|
* We could check that the session is actually in some state..
|
|
*/
|
|
|
|
mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, pError);
|
|
|
|
if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) {
|
|
return (CK_ULONG)0;
|
|
}
|
|
|
|
/*
|
|
* Add a bit of sanity-checking
|
|
*/
|
|
fwAmt = mdAmt + 2*sizeof(CK_ULONG);
|
|
|
|
return fwAmt;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetOperationState
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_GetOperationState
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *buffer
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_ULONG fwAmt;
|
|
CK_ULONG *ulBuffer;
|
|
NSSItem i2;
|
|
CK_ULONG n, i;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!buffer) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!buffer->data) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->mdSession->GetOperationState) {
|
|
return CKR_STATE_UNSAVEABLE;
|
|
}
|
|
|
|
/*
|
|
* Sanity-check the caller's buffer.
|
|
*/
|
|
|
|
error = CKR_OK;
|
|
fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
|
|
if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) {
|
|
return error;
|
|
}
|
|
|
|
if( buffer->size < fwAmt ) {
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
ulBuffer = (CK_ULONG *)buffer->data;
|
|
|
|
i2.size = buffer->size - 2*sizeof(CK_ULONG);
|
|
i2.data = (void *)&ulBuffer[2];
|
|
|
|
error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance, &i2);
|
|
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* Add a little integrety/identity check.
|
|
* NOTE: right now, it's pretty stupid.
|
|
* A CRC or something would be better.
|
|
*/
|
|
|
|
ulBuffer[0] = 0x434b4657; /* CKFW */
|
|
ulBuffer[1] = 0;
|
|
n = i2.size/sizeof(CK_ULONG);
|
|
for( i = 0; i < n; i++ ) {
|
|
ulBuffer[1] ^= ulBuffer[2+i];
|
|
}
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SetOperationState
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SetOperationState
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *state,
|
|
NSSCKFWObject *encryptionKey,
|
|
NSSCKFWObject *authenticationKey
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
CK_ULONG *ulBuffer;
|
|
CK_ULONG n, i;
|
|
CK_ULONG x;
|
|
NSSItem s;
|
|
NSSCKMDObject *mdek;
|
|
NSSCKMDObject *mdak;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!state) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!state->data) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (encryptionKey) {
|
|
error = nssCKFWObject_verifyPointer(encryptionKey);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
}
|
|
|
|
if (authenticationKey) {
|
|
error = nssCKFWObject_verifyPointer(authenticationKey);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
ulBuffer = (CK_ULONG *)state->data;
|
|
if( 0x43b4657 != ulBuffer[0] ) {
|
|
return CKR_SAVED_STATE_INVALID;
|
|
}
|
|
n = (state->size / sizeof(CK_ULONG)) - 2;
|
|
x = (CK_ULONG)0;
|
|
for( i = 0; i < n; i++ ) {
|
|
x ^= ulBuffer[2+i];
|
|
}
|
|
|
|
if( x != ulBuffer[1] ) {
|
|
return CKR_SAVED_STATE_INVALID;
|
|
}
|
|
|
|
if (!fwSession->mdSession->SetOperationState) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
s.size = state->size - 2*sizeof(CK_ULONG);
|
|
s.data = (void *)&ulBuffer[2];
|
|
|
|
if (encryptionKey) {
|
|
mdek = nssCKFWObject_GetMDObject(encryptionKey);
|
|
} else {
|
|
mdek = (NSSCKMDObject *)NULL;
|
|
}
|
|
|
|
if (authenticationKey) {
|
|
mdak = nssCKFWObject_GetMDObject(authenticationKey);
|
|
} else {
|
|
mdak = (NSSCKMDObject *)NULL;
|
|
}
|
|
|
|
error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
|
|
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* Here'd we restore any session data
|
|
*/
|
|
|
|
return CKR_OK;
|
|
}
|
|
|
|
static CK_BBOOL
|
|
nss_attributes_form_token_object
|
|
(
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount
|
|
)
|
|
{
|
|
CK_ULONG i;
|
|
CK_BBOOL rv;
|
|
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
if( CKA_TOKEN == pTemplate[i].type ) {
|
|
/* If we sanity-check, we can remove this sizeof check */
|
|
if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) {
|
|
(void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
|
return rv;
|
|
} else {
|
|
return CK_FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
return CK_FALSE;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_CreateObject
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWObject *
|
|
nssCKFWSession_CreateObject
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
NSSArena *arena;
|
|
NSSCKMDObject *mdObject;
|
|
NSSCKFWObject *fwObject;
|
|
CK_BBOOL isTokenObject;
|
|
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != pError ) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
|
|
*pError = CKR_ARGUMENTS_BAD;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/*
|
|
* Here would be an excellent place to sanity-check the object.
|
|
*/
|
|
|
|
isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
|
|
if( CK_TRUE == isTokenObject ) {
|
|
/* === TOKEN OBJECT === */
|
|
|
|
if (!fwSession->mdSession->CreateObject) {
|
|
*pError = CKR_TOKEN_WRITE_PROTECTED;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
|
if (!arena) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
goto callmdcreateobject;
|
|
} else {
|
|
/* === SESSION OBJECT === */
|
|
|
|
arena = nssCKFWSession_GetArena(fwSession, pError);
|
|
if (!arena) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
|
|
fwSession->fwInstance) ) {
|
|
/* --- module handles the session object -- */
|
|
|
|
if (!fwSession->mdSession->CreateObject) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
goto callmdcreateobject;
|
|
} else {
|
|
/* --- framework handles the session object -- */
|
|
mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
|
|
arena, pTemplate, ulAttributeCount, pError);
|
|
goto gotmdobject;
|
|
}
|
|
}
|
|
|
|
callmdcreateobject:
|
|
mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
|
|
ulAttributeCount, pError);
|
|
|
|
gotmdobject:
|
|
if (!mdObject) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
fwObject = nssCKFWObject_Create(arena, mdObject,
|
|
isTokenObject ? NULL : fwSession,
|
|
fwSession->fwToken, fwSession->fwInstance, pError);
|
|
if (!fwObject) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
if (mdObject->Destroy) {
|
|
(void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
|
|
fwSession->mdSession, fwSession, fwSession->mdToken,
|
|
fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
|
|
}
|
|
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
if( CK_FALSE == isTokenObject ) {
|
|
if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) {
|
|
*pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
|
|
if( CKR_OK != *pError ) {
|
|
nssCKFWObject_Finalize(fwObject, PR_TRUE);
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
}
|
|
}
|
|
|
|
return fwObject;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_CopyObject
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWObject *
|
|
nssCKFWSession_CopyObject
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWObject *fwObject,
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
CK_BBOOL oldIsToken;
|
|
CK_BBOOL newIsToken;
|
|
CK_ULONG i;
|
|
NSSCKFWObject *rv;
|
|
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWObject_verifyPointer(fwObject);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/*
|
|
* Sanity-check object
|
|
*/
|
|
|
|
if (!fwObject) {
|
|
*pError = CKR_ARGUMENTS_BAD;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
|
|
|
|
newIsToken = oldIsToken;
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
if( CKA_TOKEN == pTemplate[i].type ) {
|
|
/* Since we sanity-checked the object, we know this is the right size. */
|
|
(void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* If the Module handles its session objects, or if both the new
|
|
* and old object are token objects, use CopyObject if it exists.
|
|
*/
|
|
|
|
if ((fwSession->mdSession->CopyObject) &&
|
|
(((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
|
|
(CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
|
|
fwSession->fwInstance))) ) {
|
|
/* use copy object */
|
|
NSSArena *arena;
|
|
NSSCKMDObject *mdOldObject;
|
|
NSSCKMDObject *mdObject;
|
|
|
|
mdOldObject = nssCKFWObject_GetMDObject(fwObject);
|
|
|
|
if( CK_TRUE == newIsToken ) {
|
|
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
|
} else {
|
|
arena = nssCKFWSession_GetArena(fwSession, pError);
|
|
}
|
|
if (!arena) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
|
|
fwObject, arena, pTemplate, ulAttributeCount, pError);
|
|
if (!mdObject) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
rv = nssCKFWObject_Create(arena, mdObject,
|
|
newIsToken ? NULL : fwSession,
|
|
fwSession->fwToken, fwSession->fwInstance, pError);
|
|
|
|
if( CK_FALSE == newIsToken ) {
|
|
if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) {
|
|
*pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
|
|
if( CKR_OK != *pError ) {
|
|
nssCKFWObject_Finalize(rv, PR_TRUE);
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
}
|
|
}
|
|
|
|
return rv;
|
|
} else {
|
|
/* use create object */
|
|
NSSArena *tmpArena;
|
|
CK_ATTRIBUTE_PTR newTemplate;
|
|
CK_ULONG i, j, n, newLength, k;
|
|
CK_ATTRIBUTE_TYPE_PTR oldTypes;
|
|
NSSCKFWObject *rv;
|
|
|
|
n = nssCKFWObject_GetAttributeCount(fwObject, pError);
|
|
if( (0 == n) && (CKR_OK != *pError) ) {
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
tmpArena = NSSArena_Create();
|
|
if (!tmpArena) {
|
|
*pError = CKR_HOST_MEMORY;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
|
|
if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) {
|
|
NSSArena_Destroy(tmpArena);
|
|
*pError = CKR_HOST_MEMORY;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
|
|
if( CKR_OK != *pError ) {
|
|
NSSArena_Destroy(tmpArena);
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
newLength = n;
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
for( j = 0; j < n; j++ ) {
|
|
if( oldTypes[j] == pTemplate[i].type ) {
|
|
if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
|
|
/* Removing the attribute */
|
|
newLength--;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
if( j == n ) {
|
|
/* Not found */
|
|
newLength++;
|
|
}
|
|
}
|
|
|
|
newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
|
|
if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) {
|
|
NSSArena_Destroy(tmpArena);
|
|
*pError = CKR_HOST_MEMORY;
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
k = 0;
|
|
for( j = 0; j < n; j++ ) {
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
if( oldTypes[j] == pTemplate[i].type ) {
|
|
if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
|
|
/* This attribute is being deleted */
|
|
;
|
|
} else {
|
|
/* This attribute is being replaced */
|
|
newTemplate[k].type = pTemplate[i].type;
|
|
newTemplate[k].pValue = pTemplate[i].pValue;
|
|
newTemplate[k].ulValueLen = pTemplate[i].ulValueLen;
|
|
k++;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
if( i == ulAttributeCount ) {
|
|
/* This attribute is being copied over from the old object */
|
|
NSSItem item, *it;
|
|
item.size = 0;
|
|
item.data = (void *)NULL;
|
|
it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
|
|
&item, tmpArena, pError);
|
|
if (!it) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
NSSArena_Destroy(tmpArena);
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
newTemplate[k].type = oldTypes[j];
|
|
newTemplate[k].pValue = it->data;
|
|
newTemplate[k].ulValueLen = it->size;
|
|
k++;
|
|
}
|
|
}
|
|
/* assert that k == newLength */
|
|
|
|
rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
|
|
if (!rv) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
NSSArena_Destroy(tmpArena);
|
|
return (NSSCKFWObject *)NULL;
|
|
}
|
|
|
|
NSSArena_Destroy(tmpArena);
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_FindObjectsInit
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWFindObjects *
|
|
nssCKFWSession_FindObjectsInit
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_ATTRIBUTE_PTR pTemplate,
|
|
CK_ULONG ulAttributeCount,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
|
|
NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
|
|
|
|
#ifdef NSSDEBUG
|
|
if (!pError) {
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) {
|
|
*pError = CKR_ARGUMENTS_BAD;
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
|
|
fwSession->fwInstance) ) {
|
|
CK_ULONG i;
|
|
|
|
/*
|
|
* Does the search criteria restrict us to token or session
|
|
* objects?
|
|
*/
|
|
|
|
for( i = 0; i < ulAttributeCount; i++ ) {
|
|
if( CKA_TOKEN == pTemplate[i].type ) {
|
|
/* Yes, it does. */
|
|
CK_BBOOL isToken;
|
|
if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) {
|
|
*pError = CKR_ATTRIBUTE_VALUE_INVALID;
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
(void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
|
|
|
if( CK_TRUE == isToken ) {
|
|
/* Pass it on to the module's search routine */
|
|
if (!fwSession->mdSession->FindObjectsInit) {
|
|
goto wrap;
|
|
}
|
|
|
|
mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance,
|
|
pTemplate, ulAttributeCount, pError);
|
|
} else {
|
|
/* Do the search ourselves */
|
|
mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
|
pTemplate, ulAttributeCount, pError);
|
|
}
|
|
|
|
if (!mdfo1) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
goto wrap;
|
|
}
|
|
}
|
|
|
|
if( i == ulAttributeCount ) {
|
|
/* No, it doesn't. Do a hybrid search. */
|
|
mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance,
|
|
pTemplate, ulAttributeCount, pError);
|
|
|
|
if (!mdfo1) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
|
pTemplate, ulAttributeCount, pError);
|
|
if (!mdfo2) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
if (mdfo1->Final) {
|
|
mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance);
|
|
}
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
goto wrap;
|
|
}
|
|
/*NOTREACHED*/
|
|
} else {
|
|
/* Module handles all its own objects. Pass on to module's search */
|
|
mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
|
fwSession, fwSession->mdToken, fwSession->fwToken,
|
|
fwSession->mdInstance, fwSession->fwInstance,
|
|
pTemplate, ulAttributeCount, pError);
|
|
|
|
if (!mdfo1) {
|
|
if( CKR_OK == *pError ) {
|
|
*pError = CKR_GENERAL_ERROR;
|
|
}
|
|
return (NSSCKFWFindObjects *)NULL;
|
|
}
|
|
|
|
goto wrap;
|
|
}
|
|
|
|
wrap:
|
|
return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
|
|
fwSession->fwInstance, mdfo1, mdfo2, pError);
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_SeedRandom
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_SeedRandom
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *seed
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!seed) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!seed->data) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if( 0 == seed->size ) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->mdSession->SeedRandom) {
|
|
return CKR_RANDOM_SEED_NOT_SUPPORTED;
|
|
}
|
|
|
|
error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, seed);
|
|
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetRandom
|
|
*
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_GetRandom
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSItem *buffer
|
|
)
|
|
{
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!buffer) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!buffer->data) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
if (!fwSession->mdSession->GetRandom) {
|
|
if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) {
|
|
return CKR_GENERAL_ERROR;
|
|
} else {
|
|
return CKR_RANDOM_NO_RNG;
|
|
}
|
|
}
|
|
|
|
if( 0 == buffer->size ) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
|
|
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
|
fwSession->fwInstance, buffer);
|
|
|
|
return error;
|
|
}
|
|
|
|
|
|
/*
|
|
* nssCKFWSession_SetCurrentCryptoOperation
|
|
*/
|
|
NSS_IMPLEMENT void
|
|
nssCKFWSession_SetCurrentCryptoOperation
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperation * fwOperation,
|
|
NSSCKFWCryptoOperationState state
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
CK_RV error = CKR_OK;
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return;
|
|
}
|
|
|
|
if ( state >= NSSCKFWCryptoOperationState_Max) {
|
|
return;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
fwSession->fwOperationArray[state] = fwOperation;
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_GetCurrentCryptoOperation
|
|
*/
|
|
NSS_IMPLEMENT NSSCKFWCryptoOperation *
|
|
nssCKFWSession_GetCurrentCryptoOperation
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationState state
|
|
)
|
|
{
|
|
#ifdef NSSDEBUG
|
|
CK_RV error = CKR_OK;
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return (NSSCKFWCryptoOperation *)NULL;
|
|
}
|
|
|
|
if ( state >= NSSCKFWCryptoOperationState_Max) {
|
|
return (NSSCKFWCryptoOperation *)NULL;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return (NSSCKFWCryptoOperation *)NULL;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
return fwSession->fwOperationArray[state];
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_Final
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_Final
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationType type,
|
|
NSSCKFWCryptoOperationState state,
|
|
CK_BYTE_PTR outBuf,
|
|
CK_ULONG_PTR outBufLen
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSItem outputBuffer;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* handle buffer issues, note for Verify, the type is an input buffer. */
|
|
if (NSSCKFWCryptoOperationType_Verify == type) {
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
error = CKR_ARGUMENTS_BAD;
|
|
goto done;
|
|
}
|
|
} else {
|
|
CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
|
CK_ULONG maxBufLen = *outBufLen;
|
|
|
|
if (CKR_OK != error) {
|
|
goto done;
|
|
}
|
|
*outBufLen = len;
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
if (len > maxBufLen) {
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
}
|
|
}
|
|
outputBuffer.data = outBuf;
|
|
outputBuffer.size = *outBufLen;
|
|
|
|
error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
|
|
done:
|
|
if (CKR_BUFFER_TOO_SMALL == error) {
|
|
return error;
|
|
}
|
|
/* clean up our state */
|
|
nssCKFWCryptoOperation_Destroy(fwOperation);
|
|
nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_Update
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_Update
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationType type,
|
|
NSSCKFWCryptoOperationState state,
|
|
CK_BYTE_PTR inBuf,
|
|
CK_ULONG inBufLen,
|
|
CK_BYTE_PTR outBuf,
|
|
CK_ULONG_PTR outBufLen
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSItem inputBuffer;
|
|
NSSItem outputBuffer;
|
|
CK_ULONG len;
|
|
CK_ULONG maxBufLen;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
inputBuffer.data = inBuf;
|
|
inputBuffer.size = inBufLen;
|
|
|
|
/* handle buffer issues, note for Verify, the type is an input buffer. */
|
|
len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
|
|
&error);
|
|
if (CKR_OK != error) {
|
|
return error;
|
|
}
|
|
maxBufLen = *outBufLen;
|
|
|
|
*outBufLen = len;
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
if (len > maxBufLen) {
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
}
|
|
outputBuffer.data = outBuf;
|
|
outputBuffer.size = *outBufLen;
|
|
|
|
return nssCKFWCryptoOperation_Update(fwOperation,
|
|
&inputBuffer, &outputBuffer);
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_DigestUpdate
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_DigestUpdate
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationType type,
|
|
NSSCKFWCryptoOperationState state,
|
|
CK_BYTE_PTR inBuf,
|
|
CK_ULONG inBufLen
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSItem inputBuffer;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
inputBuffer.data = inBuf;
|
|
inputBuffer.size = inBufLen;
|
|
|
|
|
|
error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_DigestUpdate
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_DigestKey
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWObject *fwKey
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSItem *inputBuffer;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
|
NSSCKFWCryptoOperationState_Digest);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (NSSCKFWCryptoOperationType_Digest !=
|
|
nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
|
|
if (CKR_FUNCTION_FAILED != error) {
|
|
return error;
|
|
}
|
|
|
|
/* no machine depended way for this to happen, do it by hand */
|
|
inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
|
|
if (!inputBuffer) {
|
|
/* couldn't get the value, just fail then */
|
|
return error;
|
|
}
|
|
error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
|
|
nssItem_Destroy(inputBuffer);
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* nssCKFWSession_UpdateFinal
|
|
*/
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_UpdateFinal
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationType type,
|
|
NSSCKFWCryptoOperationState state,
|
|
CK_BYTE_PTR inBuf,
|
|
CK_ULONG inBufLen,
|
|
CK_BYTE_PTR outBuf,
|
|
CK_ULONG_PTR outBufLen
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSItem inputBuffer;
|
|
NSSItem outputBuffer;
|
|
PRBool isEncryptDecrypt;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
inputBuffer.data = inBuf;
|
|
inputBuffer.size = inBufLen;
|
|
isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) ||
|
|
(NSSCKFWCryptoOperationType_Decrypt == type)) ;
|
|
|
|
/* handle buffer issues, note for Verify, the type is an input buffer. */
|
|
if (NSSCKFWCryptoOperationType_Verify == type) {
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
error = CKR_ARGUMENTS_BAD;
|
|
goto done;
|
|
}
|
|
} else {
|
|
CK_ULONG maxBufLen = *outBufLen;
|
|
CK_ULONG len;
|
|
|
|
len = (isEncryptDecrypt) ?
|
|
nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
|
&inputBuffer, &error) :
|
|
nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
|
|
|
if (CKR_OK != error) {
|
|
goto done;
|
|
}
|
|
|
|
*outBufLen = len;
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
if (len > maxBufLen) {
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
}
|
|
}
|
|
outputBuffer.data = outBuf;
|
|
outputBuffer.size = *outBufLen;
|
|
|
|
error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
|
|
&inputBuffer, &outputBuffer);
|
|
|
|
/* UpdateFinal isn't support, manually use Update and Final */
|
|
if (CKR_FUNCTION_FAILED == error) {
|
|
error = isEncryptDecrypt ?
|
|
nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) :
|
|
nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
|
|
|
if (CKR_OK == error) {
|
|
error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
|
|
}
|
|
}
|
|
|
|
|
|
done:
|
|
if (CKR_BUFFER_TOO_SMALL == error) {
|
|
/* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
|
|
* the crypto state to be freed */
|
|
return error;
|
|
}
|
|
|
|
/* clean up our state */
|
|
nssCKFWCryptoOperation_Destroy(fwOperation);
|
|
nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
|
|
return error;
|
|
}
|
|
|
|
NSS_IMPLEMENT CK_RV
|
|
nssCKFWSession_UpdateCombo
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationType encryptType,
|
|
NSSCKFWCryptoOperationType digestType,
|
|
NSSCKFWCryptoOperationState digestState,
|
|
CK_BYTE_PTR inBuf,
|
|
CK_ULONG inBufLen,
|
|
CK_BYTE_PTR outBuf,
|
|
CK_ULONG_PTR outBufLen
|
|
)
|
|
{
|
|
NSSCKFWCryptoOperation *fwOperation;
|
|
NSSCKFWCryptoOperation *fwPeerOperation;
|
|
NSSItem inputBuffer;
|
|
NSSItem outputBuffer;
|
|
CK_ULONG maxBufLen = *outBufLen;
|
|
CK_ULONG len;
|
|
CK_RV error = CKR_OK;
|
|
|
|
#ifdef NSSDEBUG
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
|
|
if (!fwSession->mdSession) {
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
#endif /* NSSDEBUG */
|
|
|
|
/* make sure we have a valid operation initialized */
|
|
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
|
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
|
if (!fwOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
/* make sure we have a valid operation initialized */
|
|
fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
|
digestState);
|
|
if (!fwPeerOperation) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
/* make sure it's the correct type */
|
|
if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
|
|
return CKR_OPERATION_NOT_INITIALIZED;
|
|
}
|
|
|
|
inputBuffer.data = inBuf;
|
|
inputBuffer.size = inBufLen;
|
|
len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
|
&inputBuffer, &error);
|
|
if (CKR_OK != error) {
|
|
return error;
|
|
}
|
|
|
|
*outBufLen = len;
|
|
if ((CK_BYTE_PTR)NULL == outBuf) {
|
|
return CKR_OK;
|
|
}
|
|
|
|
if (len > maxBufLen) {
|
|
return CKR_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
outputBuffer.data = outBuf;
|
|
outputBuffer.size = *outBufLen;
|
|
|
|
error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
|
|
&inputBuffer, &outputBuffer);
|
|
if (CKR_FUNCTION_FAILED == error) {
|
|
PRBool isEncrypt =
|
|
(PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType);
|
|
|
|
if (isEncrypt) {
|
|
error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
|
|
&inputBuffer);
|
|
if (CKR_OK != error) {
|
|
return error;
|
|
}
|
|
}
|
|
error = nssCKFWCryptoOperation_Update(fwOperation,
|
|
&inputBuffer, &outputBuffer);
|
|
if (CKR_OK != error) {
|
|
return error;
|
|
}
|
|
if (!isEncrypt) {
|
|
error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
|
|
&outputBuffer);
|
|
}
|
|
}
|
|
return error;
|
|
}
|
|
|
|
|
|
/*
|
|
* NSSCKFWSession_GetMDSession
|
|
*
|
|
*/
|
|
|
|
NSS_IMPLEMENT NSSCKMDSession *
|
|
NSSCKFWSession_GetMDSession
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return (NSSCKMDSession *)NULL;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return nssCKFWSession_GetMDSession(fwSession);
|
|
}
|
|
|
|
/*
|
|
* NSSCKFWSession_GetArena
|
|
*
|
|
*/
|
|
|
|
NSS_IMPLEMENT NSSArena *
|
|
NSSCKFWSession_GetArena
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_RV *pError
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
if (!pError) {
|
|
return (NSSArena *)NULL;
|
|
}
|
|
|
|
*pError = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != *pError ) {
|
|
return (NSSArena *)NULL;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return nssCKFWSession_GetArena(fwSession, pError);
|
|
}
|
|
|
|
/*
|
|
* NSSCKFWSession_CallNotification
|
|
*
|
|
*/
|
|
|
|
NSS_IMPLEMENT CK_RV
|
|
NSSCKFWSession_CallNotification
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
CK_NOTIFICATION event
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
CK_RV error = CKR_OK;
|
|
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return error;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return nssCKFWSession_CallNotification(fwSession, event);
|
|
}
|
|
|
|
/*
|
|
* NSSCKFWSession_IsRWSession
|
|
*
|
|
*/
|
|
|
|
NSS_IMPLEMENT CK_BBOOL
|
|
NSSCKFWSession_IsRWSession
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CK_FALSE;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return nssCKFWSession_IsRWSession(fwSession);
|
|
}
|
|
|
|
/*
|
|
* NSSCKFWSession_IsSO
|
|
*
|
|
*/
|
|
|
|
NSS_IMPLEMENT CK_BBOOL
|
|
NSSCKFWSession_IsSO
|
|
(
|
|
NSSCKFWSession *fwSession
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
|
|
return CK_FALSE;
|
|
}
|
|
#endif /* DEBUG */
|
|
|
|
return nssCKFWSession_IsSO(fwSession);
|
|
}
|
|
|
|
NSS_IMPLEMENT NSSCKFWCryptoOperation *
|
|
NSSCKFWSession_GetCurrentCryptoOperation
|
|
(
|
|
NSSCKFWSession *fwSession,
|
|
NSSCKFWCryptoOperationState state
|
|
)
|
|
{
|
|
#ifdef DEBUG
|
|
CK_RV error = CKR_OK;
|
|
error = nssCKFWSession_verifyPointer(fwSession);
|
|
if( CKR_OK != error ) {
|
|
return (NSSCKFWCryptoOperation *)NULL;
|
|
}
|
|
|
|
if ( state >= NSSCKFWCryptoOperationState_Max) {
|
|
return (NSSCKFWCryptoOperation *)NULL;
|
|
}
|
|
#endif /* DEBUG */
|
|
return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
|
}
|