diff options
| author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-01-18 15:02:03 +0100 |
|---|---|---|
| committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-01-18 15:02:03 +0100 |
| commit | eb895cf42d8d6bc3a9006a0d5b39b7697712025c (patch) | |
| tree | b9738d5f15d5af404d03ab1e298e1b935460f278 | |
| parent | 4e1f105f08c62199e04ff940c4eac52d0fceaac3 (diff) | |
| download | nss-hg-eb895cf42d8d6bc3a9006a0d5b39b7697712025c.tar.gz | |
Bug 1233037, clang-format on lib/ckfw with manual corrections, r=kaie
67 files changed, 22124 insertions, 23880 deletions
diff --git a/lib/ckfw/builtins/anchor.c b/lib/ckfw/builtins/anchor.c index 51b4a5688..cc0d0c09f 100644 --- a/lib/ckfw/builtins/anchor.c +++ b/lib/ckfw/builtins/anchor.c @@ -6,12 +6,12 @@ * builtins/anchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ #include "builtins.h" #define MODULE_NAME builtins -#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance #include "nssck.api" diff --git a/lib/ckfw/builtins/bfind.c b/lib/ckfw/builtins/bfind.c index df35ed8b6..ee145b68a 100644 --- a/lib/ckfw/builtins/bfind.c +++ b/lib/ckfw/builtins/bfind.c @@ -14,258 +14,250 @@ */ struct builtinsFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - builtinsInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + builtinsInternalObject **objs; }; static void -builtins_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } + struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } - return; + return; } static NSSCKMDObject * -builtins_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +builtins_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; - builtinsInternalObject *io; + struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; + builtinsInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_builtins_CreateMDObject(arena, io, pError); + return nss_builtins_CreateMDObject(arena, io, pError); } static int -builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) { +builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) +{ unsigned char *start = src; int len = 0; - if (*src ++ != 2) { - return 0; + if (*src++ != 2) { + return 0; } len = *src++; if (len & 0x80) { - int count = len & 0x7f; - len =0; - - if (count+2 > size) { - return 0; - } - while (count-- > 0) { - len = (len << 8) | *src++; - } + int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return 0; + } + while (count-- > 0) { + len = (len << 8) | *src++; + } } - if (len + (src-start) != size) { - return 0; + if (len + (src - start) != size) { + return 0; } *dest = src; return len; } static CK_BBOOL -builtins_attrmatch -( - CK_ATTRIBUTE_PTR a, - const NSSItem *b -) +builtins_attrmatch( + CK_ATTRIBUTE_PTR a, + const NSSItem *b) { - PRBool prb; - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - int len; - unsigned char *data = NULL; - - len = builtins_derUnwrapInt(b->data,b->size,&data); - if (data && - (len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data = NULL; + + len = builtins_derUnwrapInt(b->data, b->size, &data); + if (data && + (len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } + if (PR_TRUE == prb) { + return CK_TRUE; + } + else { + return CK_FALSE; + } } - static CK_BBOOL -builtins_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - builtinsInternalObject *o -) +builtins_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + builtinsInternalObject *o) { - CK_ULONG i; - - for( i = 0; i < ulAttributeCount; i++ ) { - CK_ULONG j; - - for( j = 0; j < o->n; j++ ) { - if( o->types[j] == pTemplate[i].type ) { - if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) { - return CK_FALSE; - } else { - break; + CK_ULONG i; + + for (i = 0; i < ulAttributeCount; i++) { + CK_ULONG j; + + for (j = 0; j < o->n; j++) { + if (o->types[j] == pTemplate[i].type) { + if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) { + return CK_FALSE; + } + else { + break; + } + } } - } - } - if( j == o->n ) { - /* Loop ran to the end: no matching attribute */ - return CK_FALSE; + if (j == o->n) { + /* Loop ran to the end: no matching attribute */ + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } NSS_IMPLEMENT NSSCKMDFindObjects * -nss_builtins_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_builtins_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL; + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL; - /* +/* * 99% of the time we get 0 or 1 matches. So we start with a small * stack-allocated array to hold the matches and switch to a heap-allocated * array later if the number of matches exceeds STACK_BUF_LENGTH. */ - #define STACK_BUF_LENGTH 1 - builtinsInternalObject *stackTemp[STACK_BUF_LENGTH]; - builtinsInternalObject **temp = stackTemp; - PRBool tempIsHeapAllocated = PR_FALSE; - PRUint32 i; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct builtinsFOStr); - if( (struct builtinsFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = builtins_mdFindObjects_Final; - rv->Next = builtins_mdFindObjects_Next; - rv->null = (void *)NULL; - - for( i = 0; i < nss_builtins_nObjects; i++ ) { - builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i]; - - if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) { - if( fo->n == STACK_BUF_LENGTH ) { - /* Switch from the small stack array to a heap-allocated array large +#define STACK_BUF_LENGTH 1 + builtinsInternalObject *stackTemp[STACK_BUF_LENGTH]; + builtinsInternalObject **temp = stackTemp; + PRBool tempIsHeapAllocated = PR_FALSE; + PRUint32 i; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct builtinsFOStr); + if ((struct builtinsFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = builtins_mdFindObjects_Final; + rv->Next = builtins_mdFindObjects_Next; + rv->null = (void *)NULL; + + for (i = 0; i < nss_builtins_nObjects; i++) { + builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i]; + + if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) { + if (fo->n == STACK_BUF_LENGTH) { + /* Switch from the small stack array to a heap-allocated array large * enough to handle matches in all remaining cases. */ - temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, - fo->n + nss_builtins_nObjects - i); - if( (builtinsInternalObject **)NULL == temp ) { - *pError = CKR_HOST_MEMORY; - goto loser; + temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, + fo->n + nss_builtins_nObjects - i); + if ((builtinsInternalObject **)NULL == temp) { + *pError = + CKR_HOST_MEMORY; + goto loser; + } + tempIsHeapAllocated = PR_TRUE; + (void)nsslibc_memcpy(temp, stackTemp, + sizeof(builtinsInternalObject *) * fo->n); + } + + temp[fo->n] = o; + fo->n++; } - tempIsHeapAllocated = PR_TRUE; - (void)nsslibc_memcpy(temp, stackTemp, - sizeof(builtinsInternalObject *) * fo->n); - } + } - temp[ fo->n ] = o; - fo->n++; + fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n); + if ((builtinsInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n); + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + temp = (builtinsInternalObject **)NULL; } - } - - fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n); - if( (builtinsInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n); - if (tempIsHeapAllocated) { - nss_ZFreeIf(temp); - temp = (builtinsInternalObject **)NULL; - } - - return rv; - - loser: - if (tempIsHeapAllocated) { - nss_ZFreeIf(temp); - } - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + return rv; + +loser: + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + } + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/lib/ckfw/builtins/binst.c b/lib/ckfw/builtins/binst.c index 8cb057d96..ca1dac89c 100644 --- a/lib/ckfw/builtins/binst.c +++ b/lib/ckfw/builtins/binst.c @@ -7,7 +7,7 @@ /* * builtins/instance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "builtin objects" cryptoki module. */ @@ -16,84 +16,72 @@ */ static CK_ULONG -builtins_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -builtins_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_CryptokiVersion; + return nss_builtins_CryptokiVersion; } static NSSUTF8 * -builtins_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static NSSUTF8 * -builtins_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_LibraryDescription; + return (NSSUTF8 *)nss_builtins_LibraryDescription; } static CK_VERSION -builtins_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #define NSS_VERSION_VARIABLE __nss_builtins_version #include "verref.h" - return nss_builtins_LibraryVersion; + return nss_builtins_LibraryVersion; } static CK_RV -builtins_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +builtins_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot; + return CKR_OK; } const NSSCKMDInstance -nss_builtins_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - builtins_mdInstance_GetNSlots, - builtins_mdInstance_GetCryptokiVersion, - builtins_mdInstance_GetManufacturerID, - builtins_mdInstance_GetLibraryDescription, - builtins_mdInstance_GetLibraryVersion, - NULL, /* ModuleHandlesSessionObjects -- defaults to false */ - builtins_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_builtins_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + builtins_mdInstance_GetNSlots, + builtins_mdInstance_GetCryptokiVersion, + builtins_mdInstance_GetManufacturerID, + builtins_mdInstance_GetLibraryDescription, + builtins_mdInstance_GetLibraryVersion, + NULL, /* ModuleHandlesSessionObjects -- defaults to false */ + builtins_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/builtins/bobject.c b/lib/ckfw/builtins/bobject.c index 55876c0f2..1c0babdd6 100644 --- a/lib/ckfw/builtins/bobject.c +++ b/lib/ckfw/builtins/bobject.c @@ -24,199 +24,183 @@ */ static CK_RV -builtins_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CKR_SESSION_READ_ONLY; + return CKR_SESSION_READ_ONLY; } static CK_BBOOL -builtins_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -builtins_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - return io->n; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + return io->n; } static CK_RV -builtins_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +builtins_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; - if( io->n != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } + if (io->n != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } - for( i = 0; i < io->n; i++ ) { - typeArray[i] = io->types[i]; - } + for (i = 0; i < io->n; i++) { + typeArray[i] = io->types[i]; + } - return CKR_OK; + return CKR_OK; } static CK_ULONG -builtins_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +builtins_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; - for( i = 0; i < io->n; i++ ) { - if( attribute == io->types[i] ) { - return (CK_ULONG)(io->items[i].size); + for (i = 0; i < io->n; i++) { + if (attribute == io->types[i]) { + return (CK_ULONG)(io->items[i].size); + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; } static NSSCKFWItem -builtins_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +builtins_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; - - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*) NULL; - - for( i = 0; i < io->n; i++ ) { - if( attribute == io->types[i] ) { - mdItem.item = (NSSItem*) &io->items[i]; - return mdItem; + NSSCKFWItem mdItem; + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; + + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)NULL; + + for (i = 0; i < io->n; i++) { + if (attribute == io->types[i]) { + mdItem.item = (NSSItem *)&io->items[i]; + return mdItem; + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return mdItem; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return mdItem; } static CK_ULONG -builtins_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; - CK_ULONG i; - CK_ULONG rv = sizeof(CK_ULONG); + builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc; + CK_ULONG i; + CK_ULONG rv = sizeof(CK_ULONG); - for( i = 0; i < io->n; i++ ) { - rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size; - } + for (i = 0; i < io->n; i++) { + rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size; + } - return rv; + return rv; } static const NSSCKMDObject -builtins_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - builtins_mdObject_Destroy, - builtins_mdObject_IsTokenObject, - builtins_mdObject_GetAttributeCount, - builtins_mdObject_GetAttributeTypes, - builtins_mdObject_GetAttributeSize, - builtins_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - NULL, /* SetAttribute */ - builtins_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + builtins_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + builtins_mdObject_Destroy, + builtins_mdObject_IsTokenObject, + builtins_mdObject_GetAttributeCount, + builtins_mdObject_GetAttributeTypes, + builtins_mdObject_GetAttributeSize, + builtins_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + NULL, /* SetAttribute */ + builtins_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT NSSCKMDObject * -nss_builtins_CreateMDObject -( - NSSArena *arena, - builtinsInternalObject *io, - CK_RV *pError -) +nss_builtins_CreateMDObject( + NSSArena *arena, + builtinsInternalObject *io, + CK_RV *pError) { - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject, - sizeof(builtins_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject, + sizeof(builtins_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } - return &io->mdObject; + return &io->mdObject; } diff --git a/lib/ckfw/builtins/bsession.c b/lib/ckfw/builtins/bsession.c index 6705bfc61..6828a49af 100644 --- a/lib/ckfw/builtins/bsession.c +++ b/lib/ckfw/builtins/bsession.c @@ -7,69 +7,65 @@ /* * builtins/session.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "builtin objects" cryptoki module. */ static NSSCKMDFindObjects * -builtins_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +builtins_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_builtins_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_builtins_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - /* rv->CreateObject */ - /* rv->CopyObject */ - rv->FindObjectsInit = builtins_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + /* rv->CreateObject */ + /* rv->CopyObject */ + rv->FindObjectsInit = builtins_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/lib/ckfw/builtins/bslot.c b/lib/ckfw/builtins/bslot.c index 7cc9dcde0..f2ef1efb9 100644 --- a/lib/ckfw/builtins/bslot.c +++ b/lib/ckfw/builtins/bslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -builtins_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_SlotDescription; + return (NSSUTF8 *)nss_builtins_SlotDescription; } static NSSUTF8 * -builtins_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static CK_VERSION -builtins_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_HardwareVersion; + return nss_builtins_HardwareVersion; } static CK_VERSION -builtins_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_FirmwareVersion; + return nss_builtins_FirmwareVersion; } static NSSCKMDToken * -builtins_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_builtins_mdToken; + return (NSSCKMDToken *)&nss_builtins_mdToken; } const NSSCKMDSlot -nss_builtins_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - builtins_mdSlot_GetSlotDescription, - builtins_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - builtins_mdSlot_GetHardwareVersion, - builtins_mdSlot_GetFirmwareVersion, - builtins_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_builtins_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + builtins_mdSlot_GetSlotDescription, + builtins_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + builtins_mdSlot_GetHardwareVersion, + builtins_mdSlot_GetFirmwareVersion, + builtins_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/builtins/btoken.c b/lib/ckfw/builtins/btoken.c index a68d51151..ae1e1380b 100644 --- a/lib/ckfw/builtins/btoken.c +++ b/lib/ckfw/builtins/btoken.c @@ -12,140 +12,124 @@ */ static NSSUTF8 * -builtins_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenLabel; + return (NSSUTF8 *)nss_builtins_TokenLabel; } static NSSUTF8 * -builtins_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_ManufacturerID; + return (NSSUTF8 *)nss_builtins_ManufacturerID; } static NSSUTF8 * -builtins_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenModel; + return (NSSUTF8 *)nss_builtins_TokenModel; } static NSSUTF8 * -builtins_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +builtins_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_builtins_TokenSerialNumber; + return (NSSUTF8 *)nss_builtins_TokenSerialNumber; } static CK_BBOOL -builtins_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -builtins_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_HardwareVersion; + return nss_builtins_HardwareVersion; } static CK_VERSION -builtins_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +builtins_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_builtins_FirmwareVersion; + return nss_builtins_FirmwareVersion; } static NSSCKMDSession * -builtins_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +builtins_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_builtins_CreateSession(fwSession, pError); + return nss_builtins_CreateSession(fwSession, pError); } const NSSCKMDToken -nss_builtins_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - builtins_mdToken_GetLabel, - builtins_mdToken_GetManufacturerID, - builtins_mdToken_GetModel, - builtins_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - builtins_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - NULL, /* GetUserPinInitialized -- default is false */ - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - builtins_mdToken_GetHardwareVersion, - builtins_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - builtins_mdToken_OpenSession, - NULL, /* GetMechanismCount -- default is zero */ - NULL, /* GetMechanismTypes -- irrelevant */ - NULL, /* GetMechanism -- irrelevant */ - (void *)NULL /* null terminator */ -}; + nss_builtins_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + builtins_mdToken_GetLabel, + builtins_mdToken_GetManufacturerID, + builtins_mdToken_GetModel, + builtins_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + builtins_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + NULL, /* GetUserPinInitialized -- default is false */ + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + builtins_mdToken_GetHardwareVersion, + builtins_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + builtins_mdToken_OpenSession, + NULL, /* GetMechanismCount -- default is zero */ + NULL, /* GetMechanismTypes -- irrelevant */ + NULL, /* GetMechanism -- irrelevant */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/builtins/builtins.h b/lib/ckfw/builtins/builtins.h index a4a90f16c..a1693c29c 100644 --- a/lib/ckfw/builtins/builtins.h +++ b/lib/ckfw/builtins/builtins.h @@ -21,52 +21,46 @@ #endif /* CKT_H */ struct builtinsInternalObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; - NSSCKMDObject mdObject; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; + NSSCKMDObject mdObject; }; typedef struct builtinsInternalObjectStr builtinsInternalObject; -extern builtinsInternalObject nss_builtins_data[]; -extern const PRUint32 nss_builtins_nObjects; +extern builtinsInternalObject nss_builtins_data[]; +extern const PRUint32 nss_builtins_nObjects; -extern const CK_VERSION nss_builtins_CryptokiVersion; -extern const CK_VERSION nss_builtins_LibraryVersion; -extern const CK_VERSION nss_builtins_HardwareVersion; -extern const CK_VERSION nss_builtins_FirmwareVersion; +extern const CK_VERSION nss_builtins_CryptokiVersion; +extern const CK_VERSION nss_builtins_LibraryVersion; +extern const CK_VERSION nss_builtins_HardwareVersion; +extern const CK_VERSION nss_builtins_FirmwareVersion; -extern const NSSUTF8 nss_builtins_ManufacturerID[]; -extern const NSSUTF8 nss_builtins_LibraryDescription[]; -extern const NSSUTF8 nss_builtins_SlotDescription[]; -extern const NSSUTF8 nss_builtins_TokenLabel[]; -extern const NSSUTF8 nss_builtins_TokenModel[]; -extern const NSSUTF8 nss_builtins_TokenSerialNumber[]; +extern const NSSUTF8 nss_builtins_ManufacturerID[]; +extern const NSSUTF8 nss_builtins_LibraryDescription[]; +extern const NSSUTF8 nss_builtins_SlotDescription[]; +extern const NSSUTF8 nss_builtins_TokenLabel[]; +extern const NSSUTF8 nss_builtins_TokenModel[]; +extern const NSSUTF8 nss_builtins_TokenSerialNumber[]; extern const NSSCKMDInstance nss_builtins_mdInstance; -extern const NSSCKMDSlot nss_builtins_mdSlot; -extern const NSSCKMDToken nss_builtins_mdToken; +extern const NSSCKMDSlot nss_builtins_mdSlot; +extern const NSSCKMDToken nss_builtins_mdToken; NSS_EXTERN NSSCKMDSession * -nss_builtins_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_builtins_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_builtins_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_builtins_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_builtins_CreateMDObject -( - NSSArena *arena, - builtinsInternalObject *io, - CK_RV *pError -); +nss_builtins_CreateMDObject( + NSSArena *arena, + builtinsInternalObject *io, + CK_RV *pError); diff --git a/lib/ckfw/builtins/ckbiver.c b/lib/ckfw/builtins/ckbiver.c index 41783b2fb..208066ca3 100644 --- a/lib/ckfw/builtins/ckbiver.c +++ b/lib/ckfw/builtins/ckbiver.c @@ -15,5 +15,4 @@ /* * Version information */ -const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; diff --git a/lib/ckfw/builtins/constants.c b/lib/ckfw/builtins/constants.c index 71146e60d..f5d267b3d 100644 --- a/lib/ckfw/builtins/constants.c +++ b/lib/ckfw/builtins/constants.c @@ -21,41 +21,44 @@ #endif /* NSSCKBI_H */ const CK_VERSION -nss_builtins_CryptokiVersion = { - NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR, - NSS_BUILTINS_CRYPTOKI_VERSION_MINOR }; + nss_builtins_CryptokiVersion = { + NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR, + NSS_BUILTINS_CRYPTOKI_VERSION_MINOR + }; const CK_VERSION -nss_builtins_LibraryVersion = { - NSS_BUILTINS_LIBRARY_VERSION_MAJOR, - NSS_BUILTINS_LIBRARY_VERSION_MINOR}; + nss_builtins_LibraryVersion = { + NSS_BUILTINS_LIBRARY_VERSION_MAJOR, + NSS_BUILTINS_LIBRARY_VERSION_MINOR + }; const CK_VERSION -nss_builtins_HardwareVersion = { - NSS_BUILTINS_HARDWARE_VERSION_MAJOR, - NSS_BUILTINS_HARDWARE_VERSION_MINOR }; + nss_builtins_HardwareVersion = { + NSS_BUILTINS_HARDWARE_VERSION_MAJOR, + NSS_BUILTINS_HARDWARE_VERSION_MINOR + }; const CK_VERSION -nss_builtins_FirmwareVersion = { - NSS_BUILTINS_FIRMWARE_VERSION_MAJOR, - NSS_BUILTINS_FIRMWARE_VERSION_MINOR }; + nss_builtins_FirmwareVersion = { + NSS_BUILTINS_FIRMWARE_VERSION_MAJOR, + NSS_BUILTINS_FIRMWARE_VERSION_MINOR + }; -const NSSUTF8 -nss_builtins_ManufacturerID[] = { "Mozilla Foundation" }; +const NSSUTF8 + nss_builtins_ManufacturerID[] = { "Mozilla Foundation" }; -const NSSUTF8 -nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" }; +const NSSUTF8 + nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" }; -const NSSUTF8 -nss_builtins_SlotDescription[] = { "NSS Builtin Objects" }; +const NSSUTF8 + nss_builtins_SlotDescription[] = { "NSS Builtin Objects" }; -const NSSUTF8 -nss_builtins_TokenLabel[] = { "Builtin Object Token" }; +const NSSUTF8 + nss_builtins_TokenLabel[] = { "Builtin Object Token" }; -const NSSUTF8 -nss_builtins_TokenModel[] = { "1" }; +const NSSUTF8 + nss_builtins_TokenModel[] = { "1" }; /* should this be e.g. the certdata.txt RCS revision number? */ -const NSSUTF8 -nss_builtins_TokenSerialNumber[] = { "1" }; - +const NSSUTF8 + nss_builtins_TokenSerialNumber[] = { "1" }; diff --git a/lib/ckfw/builtins/nssckbi.h b/lib/ckfw/builtins/nssckbi.h index 5ef3a49fb..3ee2e83af 100644 --- a/lib/ckfw/builtins/nssckbi.h +++ b/lib/ckfw/builtins/nssckbi.h @@ -18,7 +18,7 @@ #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped @@ -52,7 +52,7 @@ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0 diff --git a/lib/ckfw/capi/anchor.c b/lib/ckfw/capi/anchor.c index 97f3f0d01..c8aff6039 100644 --- a/lib/ckfw/capi/anchor.c +++ b/lib/ckfw/capi/anchor.c @@ -6,12 +6,12 @@ * capi/canchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ #include "ckcapi.h" #define MODULE_NAME ckcapi -#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance #include "nssck.api" diff --git a/lib/ckfw/capi/cfind.c b/lib/ckfw/capi/cfind.c index c17ed3c0e..5fb11e35e 100644 --- a/lib/ckfw/capi/cfind.c +++ b/lib/ckfw/capi/cfind.c @@ -14,245 +14,237 @@ */ struct ckcapiFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - ckcapiInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckcapiInternalObject **objs; }; static void -ckcapi_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - PRUint32 i; - - /* walk down an free the unused 'objs' */ - for (i=fo->i; i < fo->n ; i++) { - nss_ckcapi_DestroyInternalObject(fo->objs[i]); - } - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - - return; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i = fo->i; i < fo->n; i++) { + nss_ckcapi_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; } static NSSCKMDObject * -ckcapi_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +ckcapi_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; - ckcapiInternalObject *io; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + ckcapiInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_ckcapi_CreateMDObject(arena, io, pError); + return nss_ckcapi_CreateMDObject(arena, io, pError); } static CK_BBOOL -ckcapi_attrmatch -( - CK_ATTRIBUTE_PTR a, - ckcapiInternalObject *o -) +ckcapi_attrmatch( + CK_ATTRIBUTE_PTR a, + ckcapiInternalObject *o) { - PRBool prb; - const NSSItem *b; - - b = nss_ckcapi_FetchAttribute(o, a->type); - if (b == NULL) { - return CK_FALSE; - } - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - unsigned int len; - unsigned char *data; - - data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL); - if ((len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + const NSSItem *b; + + b = nss_ckcapi_FetchAttribute(o, a->type); + if (b == NULL) { + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + unsigned int len; + unsigned char *data; + + data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } -} + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (PR_TRUE == prb) { + return CK_TRUE; + } + else { + return CK_FALSE; + } +} static CK_BBOOL -ckcapi_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject *o -) +ckcapi_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject *o) { - CK_ULONG i; + CK_ULONG i; - for( i = 0; i < ulAttributeCount; i++ ) { - if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) { - return CK_FALSE; + for (i = 0; i < ulAttributeCount; i++) { + if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } -#define CKAPI_ITEM_CHUNK 20 - -#define PUT_Object(obj,err) \ - { \ - if (count >= size) { \ - *listp = *listp ? \ - nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ - (size+CKAPI_ITEM_CHUNK) ) : \ - nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ - (size+CKAPI_ITEM_CHUNK) ) ; \ - if ((ckcapiInternalObject **)NULL == *listp) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - size += CKAPI_ITEM_CHUNK; \ - } \ - (*listp)[ count ] = (obj); \ - count++; \ - } - +#define CKAPI_ITEM_CHUNK 20 + +#define PUT_Object(obj, err) \ + { \ + if (count >= size) { \ + *listp = *listp ? \ + nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)) \ + : \ + nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)); \ + if ((ckcapiInternalObject **)NULL == *listp) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + size += CKAPI_ITEM_CHUNK; \ + } \ + (*listp)[count] = (obj); \ + count++; \ + } /* * pass parameters back through the callback. */ typedef struct BareCollectParamsStr { - CK_OBJECT_CLASS objClass; - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - ckcapiInternalObject ***listp; - PRUint32 size; - PRUint32 count; + CK_OBJECT_CLASS objClass; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + ckcapiInternalObject ***listp; + PRUint32 size; + PRUint32 count; } BareCollectParams; /* collect_bare's callback. Called for each object that * supposedly has a PROVINDER_INFO property */ static BOOL WINAPI -doBareCollect -( - const CRYPT_HASH_BLOB *msKeyID, - DWORD flags, - void *reserved, - void *args, - DWORD cProp, - DWORD *propID, - void **propData, - DWORD *propSize -) +doBareCollect( + const CRYPT_HASH_BLOB *msKeyID, + DWORD flags, + void *reserved, + void *args, + DWORD cProp, + DWORD *propID, + void **propData, + DWORD *propSize) { - BareCollectParams *bcp = (BareCollectParams *) args; - PRUint32 size = bcp->size; - PRUint32 count = bcp->count; - ckcapiInternalObject ***listp = bcp->listp; - ckcapiInternalObject *io = NULL; - DWORD i; - CRYPT_KEY_PROV_INFO *keyProvInfo = NULL; - void *idData; - CK_RV error; - - /* make sure there is a Key Provider Info property */ - for (i=0; i < cProp; i++) { - if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) { - keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i]; - break; + BareCollectParams *bcp = (BareCollectParams *)args; + PRUint32 size = bcp->size; + PRUint32 count = bcp->count; + ckcapiInternalObject ***listp = bcp->listp; + ckcapiInternalObject *io = NULL; + DWORD i; + CRYPT_KEY_PROV_INFO *keyProvInfo = NULL; + void *idData; + CK_RV error; + + /* make sure there is a Key Provider Info property */ + for (i = 0; i < cProp; i++) { + if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) { + keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i]; + break; + } + } + if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) { + return 1; + } + + /* copy the key ID */ + idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData); + if ((void *)NULL == idData) { + goto loser; + } + nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData); + + /* build a bare internal object */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = bcp->objClass; + io->u.key.provInfo = *keyProvInfo; + io->u.key.provInfo.pwszContainerName = + nss_ckcapi_WideDup(keyProvInfo->pwszContainerName); + io->u.key.provInfo.pwszProvName = + nss_ckcapi_WideDup(keyProvInfo->pwszProvName); + io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + io->u.key.containerName = + nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName); + io->u.key.hProv = 0; + io->idData = idData; + io->id.data = idData; + io->id.size = msKeyID->cbData; + idData = NULL; + + /* see if it matches */ + if (CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io)) { + goto loser; } - } - if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) { + PUT_Object(io, error); + bcp->size = size; + bcp->count = count; return 1; - } - - /* copy the key ID */ - idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData); - if ((void *)NULL == idData) { - goto loser; - } - nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData); - - /* build a bare internal object */ - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - goto loser; - } - io->type = ckcapiBareKey; - io->objClass = bcp->objClass; - io->u.key.provInfo = *keyProvInfo; - io->u.key.provInfo.pwszContainerName = - nss_ckcapi_WideDup(keyProvInfo->pwszContainerName); - io->u.key.provInfo.pwszProvName = - nss_ckcapi_WideDup(keyProvInfo->pwszProvName); - io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); - io->u.key.containerName = - nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName); - io->u.key.hProv = 0; - io->idData = idData; - io->id.data = idData; - io->id.size = msKeyID->cbData; - idData = NULL; - - /* see if it matches */ - if( CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io) ) { - goto loser; - } - PUT_Object(io, error); - bcp->size = size; - bcp->count = count; - return 1; loser: - if (io) { - nss_ckcapi_DestroyInternalObject(io); - } - nss_ZFreeIf(idData); - return 1; + if (io) { + nss_ckcapi_DestroyInternalObject(io); + } + nss_ZFreeIf(idData); + return 1; } /* @@ -260,30 +252,29 @@ loser: */ static PRUint32 collect_bare( - CK_OBJECT_CLASS objClass, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - BOOL rc; - BareCollectParams bareCollectParams; + BOOL rc; + BareCollectParams bareCollectParams; - bareCollectParams.objClass = objClass; - bareCollectParams.pTemplate = pTemplate; - bareCollectParams.ulAttributeCount = ulAttributeCount; - bareCollectParams.listp = listp; - bareCollectParams.size = *sizep; - bareCollectParams.count = count; + bareCollectParams.objClass = objClass; + bareCollectParams.pTemplate = pTemplate; + bareCollectParams.ulAttributeCount = ulAttributeCount; + bareCollectParams.listp = listp; + bareCollectParams.size = *sizep; + bareCollectParams.count = count; - rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0, - NULL, NULL, &bareCollectParams, doBareCollect); + rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0, + NULL, NULL, &bareCollectParams, doBareCollect); - *sizep = bareCollectParams.size; - return bareCollectParams.count; + *sizep = bareCollectParams.size; + return bareCollectParams.count; } /* find all the certs that represent the appropriate object (cert, priv key, or @@ -291,291 +282,286 @@ collect_bare( */ static PRUint32 collect_class( - CK_OBJECT_CLASS objClass, - LPCSTR storeStr, - PRBool hasID, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + LPCSTR storeStr, + PRBool hasID, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - PRUint32 size = *sizep; - ckcapiInternalObject *next = NULL; - HCERTSTORE hStore; - PCCERT_CONTEXT certContext = NULL; - PRBool isKey = - (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY); - - hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); - if (NULL == hStore) { - return count; /* none found does not imply an error */ - } - - /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't + PRUint32 size = *sizep; + ckcapiInternalObject *next = NULL; + HCERTSTORE hStore; + PCCERT_CONTEXT certContext = NULL; + PRBool isKey = + (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY); + + hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); + if (NULL == hStore) { + return count; /* none found does not imply an error */ + } + + /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't * have to enumerate all the certificates */ - while ((PCERT_CONTEXT) NULL != - (certContext= CertEnumCertificatesInStore(hStore, certContext))) { - /* first filter out non user certs if we are looking for keys */ - if (isKey) { - /* make sure there is a Key Provider Info property */ - CRYPT_KEY_PROV_INFO *keyProvInfo; - DWORD size = 0; - BOOL rv; - rv =CertGetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, NULL, &size); - if (!rv) { - int reason = GetLastError(); - /* we only care if it exists, we don't really need to fetch it yet */ - if (reason == CRYPT_E_NOT_FOUND) { - continue; - } - } - /* filter out the non-microsoft providers */ - keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if (keyProvInfo) { - rv =CertGetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size); - if (rv) { - char *provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); - nss_ZFreeIf(keyProvInfo); - - if (provName && - (strncmp(provName, "Microsoft", sizeof("Microsoft")-1) != 0)) { - continue; - } - } else { - int reason = GetLastError(); - /* we only care if it exists, we don't really need to fetch it yet */ - nss_ZFreeIf(keyProvInfo); - if (reason == CRYPT_E_NOT_FOUND) { - continue; - } - + while ((PCERT_CONTEXT)NULL != + (certContext = CertEnumCertificatesInStore(hStore, certContext))) { + /* first filter out non user certs if we are looking for keys */ + if (isKey) { + /* make sure there is a Key Provider Info property */ + CRYPT_KEY_PROV_INFO *keyProvInfo; + DWORD size = 0; + BOOL rv; + rv = CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, NULL, &size); + if (!rv) { + int reason = GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + if (reason == CRYPT_E_NOT_FOUND) { + continue; + } + } + /* filter out the non-microsoft providers */ + keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if (keyProvInfo) { + rv = CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size); + if (rv) { + char *provName = + nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + nss_ZFreeIf(keyProvInfo); + + if (provName && + (strncmp(provName, "Microsoft", sizeof("Microsoft") - + 1) != 0)) { + continue; + } + } + else { + int reason = + GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + nss_ZFreeIf(keyProvInfo); + if (reason == + CRYPT_E_NOT_FOUND) { + continue; + } + } + } + } + + if ((ckcapiInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + next->type = ckcapiCert; + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next)) { + /* clear cached values that may be dependent on our old certContext */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); + /* get a 'permanent' context */ + next->u.cert.certContext = CertDuplicateCertificateContext(certContext); + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + PUT_Object(next, *pError); + next = NULL; /* need to allocate a new one now */ + } + else { + /* don't cache the values we just loaded */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); } - } - } - - if ((ckcapiInternalObject *)NULL == next) { - next = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == next) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - } - next->type = ckcapiCert; - next->objClass = objClass; - next->u.cert.certContext = certContext; - next->u.cert.hasID = hasID; - next->u.cert.certStore = storeStr; - if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next) ) { - /* clear cached values that may be dependent on our old certContext */ - memset(&next->u.cert, 0, sizeof(next->u.cert)); - /* get a 'permanent' context */ - next->u.cert.certContext = CertDuplicateCertificateContext(certContext); - next->objClass = objClass; - next->u.cert.certContext = certContext; - next->u.cert.hasID = hasID; - next->u.cert.certStore = storeStr; - PUT_Object(next, *pError); - next = NULL; /* need to allocate a new one now */ - } else { - /* don't cache the values we just loaded */ - memset(&next->u.cert, 0, sizeof(next->u.cert)); } - } loser: - CertCloseStore(hStore, 0); - nss_ZFreeIf(next); - *sizep = size; - return count; + CertCloseStore(hStore, 0); + nss_ZFreeIf(next); + *sizep = size; + return count; } NSS_IMPLEMENT PRUint32 nss_ckcapi_collect_all_certs( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, + count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, ulAttributeCount, listp, sizep, count, pError); */ - count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, - ulAttributeCount, listp, sizep, count, pError); - return count; + count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + return count; } CK_OBJECT_CLASS -ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, +ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount) { - CK_ULONG i; + CK_ULONG i; - for (i=0; i < ulAttributeCount; i++) - { - if (pTemplate[i].type == CKA_CLASS) { - return *(CK_OBJECT_CLASS *) pTemplate[i].pValue; + for (i = 0; i < ulAttributeCount; i++) { + if (pTemplate[i].type == CKA_CLASS) { + return *(CK_OBJECT_CLASS *)pTemplate[i].pValue; + } } - } - /* need to return a value that says 'fetch them all' */ - return CK_INVALID_HANDLE; + /* need to return a value that says 'fetch them all' */ + return CK_INVALID_HANDLE; } static PRUint32 collect_objects( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + CK_RV *pError) { - PRUint32 i; - PRUint32 count = 0; - PRUint32 size = 0; - CK_OBJECT_CLASS objClass; - - /* - * first handle the static build in objects (if any) - */ - for( i = 0; i < nss_ckcapi_nObjects; i++ ) { - ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i]; - - if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o) ) { - PUT_Object(o, *pError); + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for (i = 0; i < nss_ckcapi_nObjects; i++) { + ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i]; + + if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o)) { + PUT_Object(o, *pError); + } } - } - - /* - * now handle the various object types - */ - objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount); - *pError = CKR_OK; - switch (objClass) { - case CKO_CERTIFICATE: - count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PUBLIC_KEY: - count = collect_class(objClass, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PRIVATE_KEY: - count = collect_class(objClass, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - /* all of them */ - case CK_INVALID_HANDLE: - count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, - ulAttributeCount, listp, &size, count, pError); - count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - default: - goto done; /* no other object types we understand in this module */ - } - if (CKR_OK != *pError) { - goto loser; - } + /* + * now handle the various object types + */ + objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount); + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + goto done; /* no other object types we understand in this module */ + } + if (CKR_OK != *pError) { + goto loser; + } done: - return count; + return count; loser: - nss_ZFreeIf(*listp); - return 0; + nss_ZFreeIf(*listp); + return 0; } - - NSS_IMPLEMENT NSSCKMDFindObjects * -nss_ckcapi_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL; - ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct ckcapiFOStr); - if( (struct ckcapiFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = ckcapi_mdFindObjects_Final; - rv->Next = ckcapi_mdFindObjects_Next; - rv->null = (void *)NULL; - - fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); - if (*pError != CKR_OK) { - goto loser; - } - - fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n); - if( (ckcapiInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n); - nss_ZFreeIf(temp); - temp = (ckcapiInternalObject **)NULL; - - return rv; - - loser: - nss_ZFreeIf(temp); - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL; + ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + fo = nss_ZNEW(arena, struct ckcapiFOStr); + if ((struct ckcapiFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = ckcapi_mdFindObjects_Final; + rv->Next = ckcapi_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n); + if ((ckcapiInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckcapiInternalObject **)NULL; + + return rv; + +loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/lib/ckfw/capi/cinst.c b/lib/ckfw/capi/cinst.c index 8aac1ca0c..937c289a1 100644 --- a/lib/ckfw/capi/cinst.c +++ b/lib/ckfw/capi/cinst.c @@ -7,7 +7,7 @@ /* * ckcapi/cinstance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "capi" cryptoki module. */ @@ -16,96 +16,82 @@ */ static CK_ULONG -ckcapi_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -ckcapi_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_CryptokiVersion; + return nss_ckcapi_CryptokiVersion; } static NSSUTF8 * -ckcapi_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static NSSUTF8 * -ckcapi_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_LibraryDescription; + return (NSSUTF8 *)nss_ckcapi_LibraryDescription; } static CK_VERSION -ckcapi_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_LibraryVersion; + return nss_ckcapi_LibraryVersion; } static CK_RV -ckcapi_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +ckcapi_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot; + return CKR_OK; } static CK_BBOOL -ckcapi_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* we don't want to allow any session object creation, at least - * until we can investigate whether or not we can use those objects - */ - return CK_TRUE; + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; } NSS_IMPLEMENT_DATA const NSSCKMDInstance -nss_ckcapi_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - ckcapi_mdInstance_GetNSlots, - ckcapi_mdInstance_GetCryptokiVersion, - ckcapi_mdInstance_GetManufacturerID, - ckcapi_mdInstance_GetLibraryDescription, - ckcapi_mdInstance_GetLibraryVersion, - ckcapi_mdInstance_ModuleHandlesSessionObjects, - /*NULL, /* HandleSessionObjects */ - ckcapi_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckcapi_mdInstance_GetNSlots, + ckcapi_mdInstance_GetCryptokiVersion, + ckcapi_mdInstance_GetManufacturerID, + ckcapi_mdInstance_GetLibraryDescription, + ckcapi_mdInstance_GetLibraryVersion, + ckcapi_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckcapi_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/capi/ckcapi.h b/lib/ckfw/capi/ckcapi.h index 2ae01e35f..2c4b12aac 100644 --- a/lib/ckfw/capi/ckcapi.h +++ b/lib/ckfw/capi/ckcapi.h @@ -31,28 +31,27 @@ * to this PKCS #11 module. */ struct ckcapiRawObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; }; typedef struct ckcapiRawObjectStr ckcapiRawObject; - /* * common values needed for both bare keys and cert referenced keys. */ struct ckcapiKeyParamsStr { - NSSItem modulus; - NSSItem exponent; - NSSItem privateExponent; - NSSItem prime1; - NSSItem prime2; - NSSItem exponent1; - NSSItem exponent2; - NSSItem coefficient; - unsigned char publicExponentData[sizeof(CK_ULONG)]; - void *privateKey; - void *pubKey; + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; + unsigned char publicExponentData[sizeof(CK_ULONG)]; + void *privateKey; + void *pubKey; }; typedef struct ckcapiKeyParamsStr ckcapiKeyParams; @@ -62,11 +61,11 @@ typedef struct ckcapiKeyParamsStr ckcapiKeyParams; * while the CA is issuing the certificate. */ struct ckcapiKeyObjectStr { - CRYPT_KEY_PROV_INFO provInfo; - char *provName; - char *containerName; - HCRYPTPROV hProv; - ckcapiKeyParams key; + CRYPT_KEY_PROV_INFO provInfo; + char *provName; + char *containerName; + HCRYPTPROV hProv; + ckcapiKeyParams key; }; typedef struct ckcapiKeyObjectStr ckcapiKeyObject; @@ -74,25 +73,25 @@ typedef struct ckcapiKeyObjectStr ckcapiKeyObject; * Certificate and certificate referenced keys. */ struct ckcapiCertObjectStr { - PCCERT_CONTEXT certContext; - PRBool hasID; - const char *certStore; - NSSItem label; - NSSItem subject; - NSSItem issuer; - NSSItem serial; - NSSItem derCert; - ckcapiKeyParams key; - unsigned char *labelData; - /* static data: to do, make this dynamic like labelData */ - unsigned char derSerial[128]; + PCCERT_CONTEXT certContext; + PRBool hasID; + const char *certStore; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + ckcapiKeyParams key; + unsigned char *labelData; + /* static data: to do, make this dynamic like labelData */ + unsigned char derSerial[128]; }; typedef struct ckcapiCertObjectStr ckcapiCertObject; typedef enum { - ckcapiRaw, - ckcapiCert, - ckcapiBareKey + ckcapiRaw, + ckcapiCert, + ckcapiBareKey } ckcapiObjectType; /* @@ -100,98 +99,84 @@ typedef enum { * cfind as ckcapiInternalObjects. */ struct ckcapiInternalObjectStr { - ckcapiObjectType type; - union { - ckcapiRawObject raw; - ckcapiCertObject cert; - ckcapiKeyObject key; - } u; - CK_OBJECT_CLASS objClass; - NSSItem hashKey; - NSSItem id; - void *idData; - unsigned char hashKeyData[128]; - NSSCKMDObject mdObject; + ckcapiObjectType type; + union { + ckcapiRawObject raw; + ckcapiCertObject cert; + ckcapiKeyObject key; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + NSSItem id; + void *idData; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; }; typedef struct ckcapiInternalObjectStr ckcapiInternalObject; /* our raw object data array */ NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[]; -NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; - -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; -NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber; - -NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; -NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; -NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; +NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA; NSS_EXTERN NSSCKMDSession * -nss_ckcapi_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_ckcapi_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_ckcapi_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckcapi_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * Object Utilities */ NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateMDObject -( - NSSArena *arena, - ckcapiInternalObject *io, - CK_RV *pError -); +nss_ckcapi_CreateMDObject( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckcapi_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN const NSSItem * -nss_ckcapi_FetchAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -); +nss_ckcapi_FetchAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type); NSS_EXTERN void -nss_ckcapi_DestroyInternalObject -( - ckcapiInternalObject *io -); +nss_ckcapi_DestroyInternalObject( + ckcapiInternalObject *io); NSS_EXTERN CK_RV -nss_ckcapi_FetchKeyContainer -( - ckcapiInternalObject *iKey, - HCRYPTPROV *hProv, - DWORD *keySpec, - HCRYPTKEY *hKey -); +nss_ckcapi_FetchKeyContainer( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey); /* * generic utilities @@ -202,70 +187,56 @@ nss_ckcapi_FetchKeyContainer * Microsoft, we need to byte swap everything coming into and out of CAPI. */ void -ckcapi_ReverseData -( - NSSItem *item -); +ckcapi_ReverseData( + NSSItem *item); /* * unwrap a single DER value */ unsigned char * -nss_ckcapi_DERUnwrap -( - unsigned char *src, - unsigned int size, - unsigned int *outSize, - unsigned char **next -); +nss_ckcapi_DERUnwrap( + unsigned char *src, + unsigned int size, + unsigned int *outSize, + unsigned char **next); /* * Return the size in bytes of a wide string */ -int -nss_ckcapi_WideSize -( - LPCWSTR wide -); +int +nss_ckcapi_WideSize( + LPCWSTR wide); /* * Covert a Unicode wide character string to a UTF8 string */ char * -nss_ckcapi_WideToUTF8 -( - LPCWSTR wide -); +nss_ckcapi_WideToUTF8( + LPCWSTR wide); /* * Return a Wide String duplicated with nss allocated memory. */ LPWSTR -nss_ckcapi_WideDup -( - LPCWSTR wide -); +nss_ckcapi_WideDup( + LPCWSTR wide); /* * Covert a UTF8 string to Unicode wide character */ LPWSTR -nss_ckcapi_UTF8ToWide -( - char *buf -); - +nss_ckcapi_UTF8ToWide( + char *buf); NSS_EXTERN PRUint32 nss_ckcapi_collect_all_certs( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckcapiInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -); + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError); + +#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0]))) -#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) - #endif diff --git a/lib/ckfw/capi/ckcapiver.c b/lib/ckfw/capi/ckcapiver.c index 54e488756..825b63074 100644 --- a/lib/ckfw/capi/ckcapiver.c +++ b/lib/ckfw/capi/ckcapiver.c @@ -14,5 +14,4 @@ /* * Version information */ -const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; diff --git a/lib/ckfw/capi/cobject.c b/lib/ckfw/capi/cobject.c index 1da5f7d20..03a8a5e7b 100644 --- a/lib/ckfw/capi/cobject.c +++ b/lib/ckfw/capi/cobject.c @@ -76,22 +76,30 @@ static const CK_KEY_TYPE ckk_rsa = CKK_RSA; static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; -static const NSSItem ckcapi_trueItem = { - (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckcapi_falseItem = { - (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckcapi_x509Item = { - (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; -static const NSSItem ckcapi_rsaItem = { - (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; -static const NSSItem ckcapi_certClassItem = { - (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckcapi_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckcapi_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckcapi_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) +}; +static const NSSItem ckcapi_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) +}; +static const NSSItem ckcapi_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckcapi_privKeyClassItem = { - (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckcapi_pubKeyClassItem = { - (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; -static const NSSItem ckcapi_emptyItem = { - (void *)&ck_true, 0}; + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; +static const NSSItem ckcapi_emptyItem = { + (void *)&ck_true, 0 +}; /* * these are utilities. The chould be moved to a new utilities file. @@ -101,117 +109,111 @@ static const NSSItem ckcapi_emptyItem = { * unwrap a single DER value */ unsigned char * -nss_ckcapi_DERUnwrap -( - unsigned char *src, - unsigned int size, - unsigned int *outSize, - unsigned char **next -) +nss_ckcapi_DERUnwrap( + unsigned char *src, + unsigned int size, + unsigned int *outSize, + unsigned char **next) { - unsigned char *start = src; - unsigned char *end = src+size; - unsigned int len = 0; - - /* initialize error condition return values */ - *outSize = 0; - if (next) { - *next = src; - } - - if (size < 2) { - return start; - } - src++; /* skip the tag -- should check it against an expected value! */ - len = (unsigned) *src++; - if (len & 0x80) { - unsigned int count = len & 0x7f; - len = 0; - - if (count+2 > size) { - return start; - } - while (count-- > 0) { - len = (len << 8) | (unsigned) *src++; - } - } - if (len + (src-start) > size) { - return start; - } - if (next) { - *next = src+len; - } - *outSize = len; - - return src; + unsigned char *start = src; + unsigned char *end = src + size; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src++; /* skip the tag -- should check it against an expected value! */ + len = (unsigned)*src++; + if (len & 0x80) { + unsigned int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned)*src++; + } + } + if (len + (src - start) > size) { + return start; + } + if (next) { + *next = src + len; + } + *outSize = len; + + return src; } /* * convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be * less than sizeof (CK_ULONG). */ -CK_ULONG -nss_ckcapi_DataToInt -( - NSSItem *data, - CK_RV *pError -) +CK_ULONG +nss_ckcapi_DataToInt( + NSSItem *data, + CK_RV *pError) { - CK_ULONG value = 0; - unsigned long count = data->size; - unsigned char *dataPtr = data->data; - unsigned long size = 0; - - *pError = CKR_OK; - - while (count--) { - value = value << 8; - value = value + *dataPtr++; - if (size || value) { - size++; - } - } - if (size > sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - return value; + CK_ULONG value = 0; + unsigned long count = data->size; + unsigned char *dataPtr = data->data; + unsigned long size = 0; + + *pError = CKR_OK; + + while (count--) { + value = value << 8; + value = value + *dataPtr++; + if (size || value) { + size++; + } + } + if (size > sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + return value; } /* * convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf' * and must be at least CK_ULONG. Caller must provide buf. */ -CK_ULONG -nss_ckcapi_IntToData -( - CK_ULONG value, - NSSItem *data, - unsigned char *dataPtr, - CK_RV *pError -) +CK_ULONG +nss_ckcapi_IntToData( + CK_ULONG value, + NSSItem *data, + unsigned char *dataPtr, + CK_RV *pError) { - unsigned long count = 0; - unsigned long i; -#define SHIFT ((sizeof(CK_ULONG)-1)*8) - PRBool first = 0; + unsigned long count = 0; + unsigned long i; +#define SHIFT ((sizeof(CK_ULONG) - 1) * 8) + PRBool first = 0; - *pError = CKR_OK; + *pError = CKR_OK; - data->data = dataPtr; - for (i=0; i < sizeof(CK_ULONG); i++) { - unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff); + data->data = dataPtr; + for (i = 0; i < sizeof(CK_ULONG); i++) { + unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff); - value = value << 8; + value = value << 8; - /* drop leading zero bytes */ - if (first && (0 == digit)) { - continue; + /* drop leading zero bytes */ + if (first && (0 == digit)) { + continue; + } + *dataPtr++ = digit; + count++; } - *dataPtr++ = digit; - count++; - } - data->size = count; - return count; + data->size = count; + return count; } /* @@ -219,107 +221,99 @@ nss_ckcapi_IntToData * data for the item is owned by the template. */ CK_RV -nss_ckcapi_GetAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - NSSItem *item -) +nss_ckcapi_GetAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item) { - CK_ULONG i; - - for (i=0; i < templateSize; i++) { - if (template[i].type == type) { - item->data = template[i].pValue; - item->size = template[i].ulValueLen; - return CKR_OK; + CK_ULONG i; + + for (i = 0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } } - } - return CKR_TEMPLATE_INCOMPLETE; + return CKR_TEMPLATE_INCOMPLETE; } /* * get an attribute which is type CK_ULONG. */ CK_ULONG -nss_ckcapi_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_ULONG) 0; - } - if (item.size != sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_ULONG) 0; - } - return *(CK_ULONG *)item.data; + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG)0; + } + return *(CK_ULONG *)item.data; } /* * get an attribute which is type CK_BBOOL. */ CK_BBOOL -nss_ckcapi_GetBoolAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetBoolAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_BBOOL) 0; - } - if (item.size != sizeof(CK_BBOOL)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_BBOOL) 0; - } - return *(CK_BBOOL *)item.data; + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_BBOOL)0; + } + if (item.size != sizeof(CK_BBOOL)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_BBOOL)0; + } + return *(CK_BBOOL *)item.data; } /* * get an attribute which is type CK_BBOOL. */ char * -nss_ckcapi_GetStringAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckcapi_GetStringAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - char *str; - - /* get the attribute */ - *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (char *)NULL; - } - /* make sure it is null terminated */ - str = nss_ZNEWARRAY(NULL, char, item.size+1); - if ((char *)NULL == str) { - *pError = CKR_HOST_MEMORY; - return (char *)NULL; - } - - nsslibc_memcpy(str, item.data, item.size); - str[item.size] = 0; - - return str; + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size + 1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; } /* @@ -327,104 +321,95 @@ nss_ckcapi_GetStringAttribute * character */ int -nss_ckcapi_WideSize -( - LPCWSTR wide -) +nss_ckcapi_WideSize( + LPCWSTR wide) { - DWORD size; + DWORD size; - if ((LPWSTR)NULL == wide) { - return 0; - } - size = wcslen(wide)+1; - return size*sizeof(WCHAR); + if ((LPWSTR)NULL == wide) { + return 0; + } + size = wcslen(wide) + 1; + return size * sizeof(WCHAR); } /* * Covert a Unicode wide character string to a UTF8 string */ char * -nss_ckcapi_WideToUTF8 -( - LPCWSTR wide -) +nss_ckcapi_WideToUTF8( + LPCWSTR wide) { - DWORD size; - char *buf; - - if ((LPWSTR)NULL == wide) { - return (char *)NULL; - } - - size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0); - if (size == 0) { - return (char *)NULL; - } - buf = nss_ZNEWARRAY(NULL, char, size); - size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0); - if (size == 0) { - nss_ZFreeIf(buf); - return (char *)NULL; - } - return buf; + DWORD size; + char *buf; + + if ((LPWSTR)NULL == wide) { + return (char *)NULL; + } + + size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0); + if (size == 0) { + return (char *)NULL; + } + buf = nss_ZNEWARRAY(NULL, char, size); + size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0); + if (size == 0) { + nss_ZFreeIf(buf); + return (char *)NULL; + } + return buf; } /* * Return a Wide String duplicated with nss allocated memory. */ LPWSTR -nss_ckcapi_WideDup -( - LPCWSTR wide -) +nss_ckcapi_WideDup( + LPCWSTR wide) { - DWORD len; - LPWSTR buf; + DWORD len; + LPWSTR buf; - if ((LPWSTR)NULL == wide) { - return (LPWSTR)NULL; - } + if ((LPWSTR)NULL == wide) { + return (LPWSTR)NULL; + } - len = wcslen(wide)+1; + len = wcslen(wide) + 1; - buf = nss_ZNEWARRAY(NULL, WCHAR, len); - if ((LPWSTR) NULL == buf) { + buf = nss_ZNEWARRAY(NULL, WCHAR, len); + if ((LPWSTR)NULL == buf) { + return buf; + } + nsslibc_memcpy(buf, wide, len * sizeof(WCHAR)); return buf; - } - nsslibc_memcpy(buf, wide, len*sizeof(WCHAR)); - return buf; } /* * Covert a UTF8 string to Unicode wide character */ LPWSTR -nss_ckcapi_UTF8ToWide -( - char *buf -) +nss_ckcapi_UTF8ToWide( + char *buf) { - DWORD size; - LPWSTR wide; - - if ((char *)NULL == buf) { - return (LPWSTR) NULL; - } - - size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0); - if (size == 0) { - return (LPWSTR) NULL; - } - wide = nss_ZNEWARRAY(NULL, WCHAR, size); - size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size); - if (size == 0) { - nss_ZFreeIf(wide); - return (LPWSTR) NULL; - } - return wide; -} + DWORD size; + LPWSTR wide; + + if ((char *)NULL == buf) { + return (LPWSTR)NULL; + } + size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0); + if (size == 0) { + return (LPWSTR)NULL; + } + wide = nss_ZNEWARRAY(NULL, WCHAR, size); + size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size); + if (size == 0) { + nss_ZFreeIf(wide); + return (LPWSTR)NULL; + } + return wide; +} /* * keep all the knowlege of how the internalObject is laid out in this function @@ -436,281 +421,274 @@ nss_ckcapi_UTF8ToWide * this function fails with CKR_KEY_TYPE_INCONSISTENT */ NSS_EXTERN CK_RV -nss_ckcapi_FetchKeyContainer -( - ckcapiInternalObject *iKey, - HCRYPTPROV *hProv, - DWORD *keySpec, - HCRYPTKEY *hKey -) +nss_ckcapi_FetchKeyContainer( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey) { - ckcapiCertObject *co; - ckcapiKeyObject *ko; - BOOL rc, dummy; - DWORD msError; - - - switch (iKey->type) { - default: - case ckcapiRaw: - /* can't have raw private keys */ - return CKR_KEY_TYPE_INCONSISTENT; - case ckcapiCert: - if (iKey->objClass != CKO_PRIVATE_KEY) { - /* Only private keys have private key provider handles */ - return CKR_KEY_TYPE_INCONSISTENT; - } - co = &iKey->u.cert; - - /* OK, get the Provider */ - rc = CryptAcquireCertificatePrivateKey(co->certContext, - CRYPT_ACQUIRE_CACHE_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, hProv, - keySpec, &dummy); + ckcapiCertObject *co; + ckcapiKeyObject *ko; + BOOL rc, dummy; + DWORD msError; + + switch (iKey->type) { + default: + case ckcapiRaw: + /* can't have raw private keys */ + return CKR_KEY_TYPE_INCONSISTENT; + case ckcapiCert: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + co = &iKey->u.cert; + + /* OK, get the Provider */ + rc = CryptAcquireCertificatePrivateKey(co->certContext, + CRYPT_ACQUIRE_CACHE_FLAG | + CRYPT_ACQUIRE_COMPARE_KEY_FLAG, + NULL, hProv, + keySpec, &dummy); + if (!rc) { + goto loser; + } + break; + case ckcapiBareKey: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + ko = &iKey->u.key; + + /* OK, get the Provider */ + if (0 == ko->hProv) { + rc = + CryptAcquireContext(hProv, + ko->containerName, + ko->provName, + ko->provInfo.dwProvType, 0); + if (!rc) { + goto loser; + } + } + else { + *hProv = + ko->hProv; + } + *keySpec = ko->provInfo.dwKeySpec; + break; + } + + /* and get the crypto handle */ + rc = CryptGetUserKey(*hProv, *keySpec, hKey); if (!rc) { - goto loser; - } - break; - case ckcapiBareKey: - if (iKey->objClass != CKO_PRIVATE_KEY) { - /* Only private keys have private key provider handles */ - return CKR_KEY_TYPE_INCONSISTENT; - } - ko = &iKey->u.key; - - /* OK, get the Provider */ - if (0 == ko->hProv) { - rc = CryptAcquireContext(hProv, - ko->containerName, - ko->provName, - ko->provInfo.dwProvType , 0); - if (!rc) { goto loser; - } - } else { - *hProv = ko->hProv; - } - *keySpec = ko->provInfo.dwKeySpec; - break; - } - - /* and get the crypto handle */ - rc = CryptGetUserKey(*hProv, *keySpec, hKey); - if (!rc) { - goto loser; - } - return CKR_OK; + } + return CKR_OK; loser: - /* map the microsoft error before leaving */ - msError = GetLastError(); - switch (msError) { - case ERROR_INVALID_HANDLE: - case ERROR_INVALID_PARAMETER: - case NTE_BAD_KEY: - case NTE_NO_KEY: - case NTE_BAD_PUBLIC_KEY: - case NTE_BAD_KEYSET: - case NTE_KEYSET_NOT_DEF: - return CKR_KEY_TYPE_INCONSISTENT; - case NTE_BAD_UID: - case NTE_KEYSET_ENTRY_BAD: - return CKR_DEVICE_ERROR; - } - return CKR_GENERAL_ERROR; + /* map the microsoft error before leaving */ + msError = GetLastError(); + switch (msError) { + case ERROR_INVALID_HANDLE: + case ERROR_INVALID_PARAMETER: + case NTE_BAD_KEY: + case NTE_NO_KEY: + case NTE_BAD_PUBLIC_KEY: + case NTE_BAD_KEYSET: + case NTE_KEYSET_NOT_DEF: + return CKR_KEY_TYPE_INCONSISTENT; + case NTE_BAD_UID: + case NTE_KEYSET_ENTRY_BAD: + return CKR_DEVICE_ERROR; + } + return CKR_GENERAL_ERROR; } - /* * take a DER PUBLIC Key block and return the modulus and exponent */ static void -ckcapi_CertPopulateModulusExponent -( - ckcapiInternalObject *io -) +ckcapi_CertPopulateModulusExponent( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp = &io->u.cert.key; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - unsigned char *pkData = - certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData; - unsigned int size= - certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData; - unsigned int newSize; - unsigned char *ptr, *newptr; - - /* find the start of the modulus -- this will not give good results if - * the key isn't an rsa key! */ - ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL); - kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, - &kp->modulus.size, &newptr); - /* changed from signed to unsigned int */ - if (0 == *(char *)kp->modulus.data) { - kp->modulus.data = ((char *)kp->modulus.data)+1; - kp->modulus.size = kp->modulus.size - 1; - } - /* changed from signed to unsigned int */ - kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr-ptr)+newSize, - &kp->exponent.size, NULL); - if (0 == *(char *)kp->exponent.data) { - kp->exponent.data = ((char *)kp->exponent.data)+1; - kp->exponent.size = kp->exponent.size - 1; - } - return; + ckcapiKeyParams *kp = &io->u.cert.key; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + unsigned char *pkData = + certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData; + unsigned int size = + certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData; + unsigned int newSize; + unsigned char *ptr, *newptr; + + /* find the start of the modulus -- this will not give good results if + * the key isn't an rsa key! */ + ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL); + kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, + &kp->modulus.size, &newptr); + /* changed from signed to unsigned int */ + if (0 == *(char *)kp->modulus.data) { + kp->modulus.data = ((char *)kp->modulus.data) + 1; + kp->modulus.size = kp->modulus.size - 1; + } + /* changed from signed to unsigned int */ + kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr - ptr) + newSize, + &kp->exponent.size, NULL); + if (0 == *(char *)kp->exponent.data) { + kp->exponent.data = ((char *)kp->exponent.data) + 1; + kp->exponent.size = kp->exponent.size - 1; + } + return; } typedef struct _CAPI_RSA_KEY_BLOB { - PUBLICKEYSTRUC header; - RSAPUBKEY rsa; - char data[1]; + PUBLICKEYSTRUC header; + RSAPUBKEY rsa; + char data[1]; } CAPI_RSA_KEY_BLOB; -#define CAPI_MODULUS_OFFSET(modSize) 0 -#define CAPI_PRIME_1_OFFSET(modSize) (modSize) -#define CAPI_PRIME_2_OFFSET(modSize) ((modSize)+(modSize)/2) -#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2) -#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2+(modSize)/2) +#define CAPI_MODULUS_OFFSET(modSize) 0 +#define CAPI_PRIME_1_OFFSET(modSize) (modSize) +#define CAPI_PRIME_2_OFFSET(modSize) ((modSize) + (modSize) / 2) +#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2) +#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2 + (modSize) / 2) #define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3) -#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3+(modSize)/2) +#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3 + (modSize) / 2) void -ckcapi_FetchPublicKey -( - ckcapiInternalObject *io -) +ckcapi_FetchPublicKey( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey = 0; - CK_RV error; - DWORD bufLen; - BOOL rc; - unsigned long modulus; - char *buf = NULL; - CAPI_RSA_KEY_BLOB *blob; - - error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); - if (CKR_OK != error) { - goto loser; - } - kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; - - rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - buf = nss_ZNEWARRAY(NULL, char, bufLen); - rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - /* validate the blob */ - blob = (CAPI_RSA_KEY_BLOB *)buf; - if ((PUBLICKEYBLOB != blob->header.bType) || - (0x02 != blob->header.bVersion) || - (0x31415352 != blob->rsa.magic)) { - goto loser; - } - modulus = blob->rsa.bitlen/8; - kp->pubKey = buf; - buf = NULL; - - kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)]; - kp->modulus.size = modulus; - ckcapi_ReverseData(&kp->modulus); - nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent, - kp->publicExponentData, &error); + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PUBLICKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x31415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen / 8; + kp->pubKey = buf; + buf = NULL; + + kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)]; + kp->modulus.size = modulus; + ckcapi_ReverseData(&kp->modulus); + nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent, + kp->publicExponentData, &error); loser: - nss_ZFreeIf(buf); - if (0 != hKey) { - CryptDestroyKey(hKey); - } - return; + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; } void -ckcapi_FetchPrivateKey -( - ckcapiInternalObject *io -) +ckcapi_FetchPrivateKey( + ckcapiInternalObject *io) { - ckcapiKeyParams *kp; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey = 0; - CK_RV error; - DWORD bufLen; - BOOL rc; - unsigned long modulus; - char *buf = NULL; - CAPI_RSA_KEY_BLOB *blob; - - error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); - if (CKR_OK != error) { - goto loser; - } - kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; - - rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - buf = nss_ZNEWARRAY(NULL, char, bufLen); - rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); - if (!rc) { - goto loser; - } - /* validate the blob */ - blob = (CAPI_RSA_KEY_BLOB *)buf; - if ((PRIVATEKEYBLOB != blob->header.bType) || - (0x02 != blob->header.bVersion) || - (0x32415352 != blob->rsa.magic)) { - goto loser; - } - modulus = blob->rsa.bitlen/8; - kp->privateKey = buf; - buf = NULL; - - kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)]; - kp->privateExponent.size = modulus; - ckcapi_ReverseData(&kp->privateExponent); - kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)]; - kp->prime1.size = modulus/2; - ckcapi_ReverseData(&kp->prime1); - kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)]; - kp->prime2.size = modulus/2; - ckcapi_ReverseData(&kp->prime2); - kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)]; - kp->exponent1.size = modulus/2; - ckcapi_ReverseData(&kp->exponent1); - kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)]; - kp->exponent2.size = modulus/2; - ckcapi_ReverseData(&kp->exponent2); - kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)]; - kp->coefficient.size = modulus/2; - ckcapi_ReverseData(&kp->coefficient); + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PRIVATEKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x32415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen / 8; + kp->privateKey = buf; + buf = NULL; + + kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)]; + kp->privateExponent.size = modulus; + ckcapi_ReverseData(&kp->privateExponent); + kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)]; + kp->prime1.size = modulus / 2; + ckcapi_ReverseData(&kp->prime1); + kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)]; + kp->prime2.size = modulus / 2; + ckcapi_ReverseData(&kp->prime2); + kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)]; + kp->exponent1.size = modulus / 2; + ckcapi_ReverseData(&kp->exponent1); + kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)]; + kp->exponent2.size = modulus / 2; + ckcapi_ReverseData(&kp->exponent2); + kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)]; + kp->coefficient.size = modulus / 2; + ckcapi_ReverseData(&kp->coefficient); loser: - nss_ZFreeIf(buf); - if (0 != hKey) { - CryptDestroyKey(hKey); - } - return; + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; } - void -ckcapi_PopulateModulusExponent -( - ckcapiInternalObject *io -) +ckcapi_PopulateModulusExponent( + ckcapiInternalObject *io) { - if (ckcapiCert == io->type) { - ckcapi_CertPopulateModulusExponent(io); - } else { - ckcapi_FetchPublicKey(io); - } - return; + if (ckcapiCert == io->type) { + ckcapi_CertPopulateModulusExponent(io); + } + else { + ckcapi_FetchPublicKey(io); + } + return; } /* @@ -718,442 +696,435 @@ ckcapi_PopulateModulusExponent * can only be called with ckcapiCert type objects! */ void -ckcapi_FetchLabel -( - ckcapiInternalObject *io -) +ckcapi_FetchLabel( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - char *label; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - char labelDataUTF16[128]; - DWORD size = sizeof(labelDataUTF16); - DWORD size8 = sizeof(co->labelData); - BOOL rv; - - rv = CertGetCertificateContextProperty(certContext, - CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size); - if (rv) { - co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); - if ((CHAR *)NULL == co->labelData) { - rv = 0; - } else { - size = strlen(co->labelData); - } - } - label = co->labelData; - /* we are presuming a user cert, make sure it has a nickname, even if - * Microsoft never gave it one */ - if (!rv && co->hasID) { - DWORD mserror = GetLastError(); + ckcapiCertObject *co = &io->u.cert; + char *label; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + char labelDataUTF16[128]; + DWORD size = sizeof(labelDataUTF16); + DWORD size8 = sizeof(co->labelData); + BOOL rv; + + rv = CertGetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size); + if (rv) { + co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); + if ((CHAR *)NULL == co->labelData) { + rv = 0; + } + else { + size = strlen(co->labelData); + } + } + label = co->labelData; + /* we are presuming a user cert, make sure it has a nickname, even if + * Microsoft never gave it one */ + if (!rv && co->hasID) { + DWORD mserror = GetLastError(); #define DEFAULT_NICKNAME "no Microsoft nickname" - label = DEFAULT_NICKNAME; - size = sizeof(DEFAULT_NICKNAME); - rv = 1; - } - - if (rv) { - co->label.data = label; - co->label.size = size; - } - return; + label = DEFAULT_NICKNAME; + size = sizeof(DEFAULT_NICKNAME); + rv = 1; + } + + if (rv) { + co->label.data = label; + co->label.size = size; + } + return; } void -ckcapi_FetchSerial -( - ckcapiInternalObject *io -) +ckcapi_FetchSerial( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = sizeof(co->derSerial); - - BOOL rc = CryptEncodeObject(X509_ASN_ENCODING, - X509_MULTI_BYTE_INTEGER, - &certContext->pCertInfo->SerialNumber, - co->derSerial, - &size); - if (rc) { - co->serial.data = co->derSerial; - co->serial.size = size; - } - return; + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = sizeof(co->derSerial); + + BOOL rc = CryptEncodeObject(X509_ASN_ENCODING, + X509_MULTI_BYTE_INTEGER, + &certContext->pCertInfo->SerialNumber, + co->derSerial, + &size); + if (rc) { + co->serial.data = co->derSerial; + co->serial.size = size; + } + return; } /* * fetch the key ID. */ void -ckcapi_FetchID -( - ckcapiInternalObject *io -) +ckcapi_FetchID( + ckcapiInternalObject *io) { - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = 0; - BOOL rc; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = 0; + BOOL rc; - rc = CertGetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); - if (!rc) { - return; - } - io->idData = nss_ZNEWARRAY(NULL, char, size); - if (io->idData == NULL) { - return; - } + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (!rc) { + return; + } + io->idData = nss_ZNEWARRAY(NULL, char, size); + if (io->idData == NULL) { + return; + } - rc = CertGetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size); - if (!rc) { - nss_ZFreeIf(io->idData); - io->idData = NULL; + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size); + if (!rc) { + nss_ZFreeIf(io->idData); + io->idData = NULL; + return; + } + io->id.data = io->idData; + io->id.size = size; return; - } - io->id.data = io->idData; - io->id.size = size; - return; } /* * fetch the hash key. */ void -ckcapi_CertFetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_CertFetchHashKey( + ckcapiInternalObject *io) { - ckcapiCertObject *co = &io->u.cert; - PCCERT_CONTEXT certContext = io->u.cert.certContext; - DWORD size = certContext->cbCertEncoded; - DWORD max = sizeof(io->hashKeyData)-1; - DWORD offset = 0; - - /* make sure we don't over flow. NOTE: cutting the top of a cert is - * not a big issue because the signature for will be unique for the cert */ - if (size > max) { - offset = size - max; - size = max; - } - - nsslibc_memcpy(io->hashKeyData,certContext->pbCertEncoded+offset, size); - io->hashKeyData[size] = (char)(io->objClass & 0xff); - - io->hashKey.data = io->hashKeyData; - io->hashKey.size = size+1; - return; + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = certContext->cbCertEncoded; + DWORD max = sizeof(io->hashKeyData) - 1; + DWORD offset = 0; + + /* make sure we don't over flow. NOTE: cutting the top of a cert is + * not a big issue because the signature for will be unique for the cert */ + if (size > max) { + offset = size - max; + size = max; + } + + nsslibc_memcpy(io->hashKeyData, certContext->pbCertEncoded + offset, size); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size + 1; + return; } /* * fetch the hash key. */ void -ckcapi_KeyFetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_KeyFetchHashKey( + ckcapiInternalObject *io) { - ckcapiKeyObject *ko = &io->u.key; - DWORD size; - DWORD max = sizeof(io->hashKeyData)-2; - DWORD offset = 0; - DWORD provLen = strlen(ko->provName); - DWORD containerLen = strlen(ko->containerName); - - - size = provLen + containerLen; - - /* make sure we don't overflow, try to keep things unique */ - if (size > max) { - DWORD diff = ((size - max)+1)/2; - provLen -= diff; - containerLen -= diff; - size = provLen+containerLen; - } - - nsslibc_memcpy(io->hashKeyData, ko->provName, provLen); - nsslibc_memcpy(&io->hashKeyData[provLen], - ko->containerName, - containerLen); - io->hashKeyData[size] = (char)(io->objClass & 0xff); - io->hashKeyData[size+1] = (char)(ko->provInfo.dwKeySpec & 0xff); - - io->hashKey.data = io->hashKeyData; - io->hashKey.size = size+2; - return; + ckcapiKeyObject *ko = &io->u.key; + DWORD size; + DWORD max = sizeof(io->hashKeyData) - 2; + DWORD offset = 0; + DWORD provLen = strlen(ko->provName); + DWORD containerLen = strlen(ko->containerName); + + size = provLen + containerLen; + + /* make sure we don't overflow, try to keep things unique */ + if (size > max) { + DWORD diff = ((size - max) + 1) / 2; + provLen -= diff; + containerLen -= diff; + size = provLen + containerLen; + } + + nsslibc_memcpy(io->hashKeyData, ko->provName, provLen); + nsslibc_memcpy(&io->hashKeyData[provLen], + ko->containerName, + containerLen); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + io->hashKeyData[size + 1] = (char)(ko->provInfo.dwKeySpec & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size + 2; + return; } /* * fetch the hash key. */ void -ckcapi_FetchHashKey -( - ckcapiInternalObject *io -) +ckcapi_FetchHashKey( + ckcapiInternalObject *io) { - if (ckcapiCert == io->type) { - ckcapi_CertFetchHashKey(io); - } else { - ckcapi_KeyFetchHashKey(io); - } - return; + if (ckcapiCert == io->type) { + ckcapi_CertFetchHashKey(io); + } + else { + ckcapi_KeyFetchHashKey(io); + } + return; } - + const NSSItem * -ckcapi_FetchCertAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchCertAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PCCERT_CONTEXT certContext = io->u.cert.certContext; - switch(type) { - case CKA_CLASS: - return &ckcapi_certClassItem; - case CKA_TOKEN: - return &ckcapi_trueItem; - case CKA_MODIFIABLE: - case CKA_PRIVATE: - return &ckcapi_falseItem; - case CKA_CERTIFICATE_TYPE: - return &ckcapi_x509Item; - case CKA_LABEL: - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (0 == io->u.cert.subject.size) { - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_ISSUER: - if (0 == io->u.cert.issuer.size) { - io->u.cert.issuer.data = certContext->pCertInfo->Issuer.pbData; - io->u.cert.issuer.size = certContext->pCertInfo->Issuer.cbData; - } - return &io->u.cert.issuer; - case CKA_SERIAL_NUMBER: - if (0 == io->u.cert.serial.size) { - /* not exactly right. This should be the encoded serial number, but - * it's the decoded serial number! */ - ckcapi_FetchSerial(io); - } - return &io->u.cert.serial; - case CKA_VALUE: - if (0 == io->u.cert.derCert.size) { - io->u.cert.derCert.data = io->u.cert.certContext->pbCertEncoded; - io->u.cert.derCert.size = io->u.cert.certContext->cbCertEncoded; - } - return &io->u.cert.derCert; - case CKA_ID: - if (!io->u.cert.hasID) { - return NULL; - } - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - break; - } - return NULL; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + switch (type) { + case CKA_CLASS: + return &ckcapi_certClassItem; + case CKA_TOKEN: + return &ckcapi_trueItem; + case CKA_MODIFIABLE: + case CKA_PRIVATE: + return &ckcapi_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckcapi_x509Item; + case CKA_LABEL: + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (0 == io->u.cert.subject.size) { + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_ISSUER: + if (0 == io->u.cert.issuer.size) { + io->u.cert.issuer.data = + certContext->pCertInfo->Issuer.pbData; + io->u.cert.issuer.size = + certContext->pCertInfo->Issuer.cbData; + } + return &io->u.cert.issuer; + case CKA_SERIAL_NUMBER: + if (0 == io->u.cert.serial.size) { + /* not exactly right. This should be the encoded serial number, but + * it's the decoded serial number! */ + ckcapi_FetchSerial(io); + } + return &io->u.cert.serial; + case CKA_VALUE: + if (0 == io->u.cert.derCert.size) { + io->u.cert.derCert.data = + io->u.cert.certContext->pbCertEncoded; + io->u.cert.derCert.size = + io->u.cert.certContext->cbCertEncoded; + } + return &io->u.cert.derCert; + case CKA_ID: + if (!io->u.cert.hasID) { + return NULL; + } + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; } const NSSItem * -ckcapi_FetchPubKeyAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchPubKeyAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PRBool isCertType = (ckcapiCert == io->type); - ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; - - switch(type) { - case CKA_CLASS: - return &ckcapi_pubKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - case CKA_ENCRYPT: - case CKA_VERIFY: - case CKA_VERIFY_RECOVER: - return &ckcapi_trueItem; - case CKA_PRIVATE: - case CKA_MODIFIABLE: - case CKA_DERIVE: - case CKA_WRAP: - return &ckcapi_falseItem; - case CKA_KEY_TYPE: - return &ckcapi_rsaItem; - case CKA_LABEL: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.subject.size) { - PCCERT_CONTEXT certContext= io->u.cert.certContext; - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_MODULUS: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->modulus; - case CKA_PUBLIC_EXPONENT: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->exponent; - case CKA_ID: - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - break; - } - return NULL; + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch (type) { + case CKA_CLASS: + return &ckcapi_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_ENCRYPT: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + return &ckcapi_trueItem; + case CKA_PRIVATE: + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_WRAP: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext = + io->u.cert.certContext; + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; } const NSSItem * -ckcapi_FetchPrivKeyAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +ckcapi_FetchPrivKeyAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - PRBool isCertType = (ckcapiCert == io->type); - ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; - - switch(type) { - case CKA_CLASS: - return &ckcapi_privKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - case CKA_SIGN: - case CKA_DECRYPT: - case CKA_SIGN_RECOVER: - return &ckcapi_trueItem; - case CKA_SENSITIVE: - case CKA_PRIVATE: /* should move in the future */ - case CKA_MODIFIABLE: - case CKA_DERIVE: - case CKA_UNWRAP: - case CKA_EXTRACTABLE: /* will probably move in the future */ - case CKA_ALWAYS_SENSITIVE: - case CKA_NEVER_EXTRACTABLE: - return &ckcapi_falseItem; - case CKA_KEY_TYPE: - return &ckcapi_rsaItem; - case CKA_LABEL: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.label.size) { - ckcapi_FetchLabel(io); - } - return &io->u.cert.label; - case CKA_SUBJECT: - if (!isCertType) { - return &ckcapi_emptyItem; - } - if (0 == io->u.cert.subject.size) { - PCCERT_CONTEXT certContext= io->u.cert.certContext; - io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; - io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; - } - return &io->u.cert.subject; - case CKA_MODULUS: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->modulus; - case CKA_PUBLIC_EXPONENT: - if (0 == kp->modulus.size) { - ckcapi_PopulateModulusExponent(io); - } - return &kp->exponent; - case CKA_PRIVATE_EXPONENT: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->privateExponent; - case CKA_PRIME_1: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->prime1; - case CKA_PRIME_2: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->prime2; - case CKA_EXPONENT_1: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->exponent1; - case CKA_EXPONENT_2: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->exponent2; - case CKA_COEFFICIENT: - if (0 == kp->privateExponent.size) { - ckcapi_FetchPrivateKey(io); - } - return &kp->coefficient; - case CKA_ID: - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - return &io->id; - default: - return NULL; - } + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch (type) { + case CKA_CLASS: + return &ckcapi_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_SIGN: + case CKA_DECRYPT: + case CKA_SIGN_RECOVER: + return &ckcapi_trueItem; + case CKA_SENSITIVE: + case CKA_PRIVATE: /* should move in the future */ + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_UNWRAP: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext = + io->u.cert.certContext; + io->u.cert.subject.data = + certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = + certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_PRIVATE_EXPONENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->privateExponent; + case CKA_PRIME_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime1; + case CKA_PRIME_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime2; + case CKA_EXPONENT_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent1; + case CKA_EXPONENT_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent2; + case CKA_COEFFICIENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->coefficient; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + return NULL; + } } const NSSItem * -nss_ckcapi_FetchAttribute -( - ckcapiInternalObject *io, - CK_ATTRIBUTE_TYPE type -) +nss_ckcapi_FetchAttribute( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type) { - CK_ULONG i; - - if (io->type == ckcapiRaw) { - for( i = 0; i < io->u.raw.n; i++ ) { - if( type == io->u.raw.types[i] ) { - return &io->u.raw.items[i]; - } + CK_ULONG i; + + if (io->type == ckcapiRaw) { + for (i = 0; i < io->u.raw.n; i++) { + if (type == io->u.raw.types[i]) { + return &io->u.raw.items[i]; + } + } + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + return ckcapi_FetchCertAttribute(io, type); + case CKO_PRIVATE_KEY: + return ckcapi_FetchPrivKeyAttribute(io, type); + case CKO_PUBLIC_KEY: + return ckcapi_FetchPubKeyAttribute(io, type); } return NULL; - } - /* deal with the common attributes */ - switch (io->objClass) { - case CKO_CERTIFICATE: - return ckcapi_FetchCertAttribute(io, type); - case CKO_PRIVATE_KEY: - return ckcapi_FetchPrivKeyAttribute(io, type); - case CKO_PUBLIC_KEY: - return ckcapi_FetchPubKeyAttribute(io, type); - } - return NULL; } /* @@ -1161,173 +1132,160 @@ nss_ckcapi_FetchAttribute */ static PRBool ckcapi_cert_exists( - NSSItem *value, - ckcapiInternalObject **io -) + NSSItem *value, + ckcapiInternalObject **io) { - int count,i; - PRUint32 size = 0; - ckcapiInternalObject **listp = NULL; - CK_ATTRIBUTE myTemplate[2]; - CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; - CK_ULONG templateCount = 2; - CK_RV error; - PRBool found = PR_FALSE; - - myTemplate[0].type = CKA_CLASS; - myTemplate[0].pValue = &cert_class; - myTemplate[0].ulValueLen = sizeof(cert_class); - myTemplate[1].type = CKA_VALUE; - myTemplate[1].pValue = value->data; - myTemplate[1].ulValueLen = value->size; - - count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, - &size, 0, &error); - - /* free them */ - if (count > 1) { - *io = listp[0]; - found = PR_TRUE; - } - - for (i=1; i < count; i++) { - nss_ckcapi_DestroyInternalObject(listp[i]); - } - nss_ZFreeIf(listp); - return found; + int count, i; + PRUint32 size = 0; + ckcapiInternalObject **listp = NULL; + CK_ATTRIBUTE myTemplate[2]; + CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; + CK_ULONG templateCount = 2; + CK_RV error; + PRBool found = PR_FALSE; + + myTemplate[0].type = CKA_CLASS; + myTemplate[0].pValue = &cert_class; + myTemplate[0].ulValueLen = sizeof(cert_class); + myTemplate[1].type = CKA_VALUE; + myTemplate[1].pValue = value->data; + myTemplate[1].ulValueLen = value->size; + + count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, + &size, 0, &error); + + /* free them */ + if (count > 1) { + *io = listp[0]; + found = PR_TRUE; + } + + for (i = 1; i < count; i++) { + nss_ckcapi_DestroyInternalObject(listp[i]); + } + nss_ZFreeIf(listp); + return found; } static PRBool -ckcapi_cert_hasEmail -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_hasEmail( + PCCERT_CONTEXT certContext) { - int count; + int count; - count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, - 0, NULL, NULL, 0); + count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, + 0, NULL, NULL, 0); - return count > 1 ? PR_TRUE : PR_FALSE; + return count > 1 ? PR_TRUE : PR_FALSE; } static PRBool -ckcapi_cert_isRoot -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_isRoot( + PCCERT_CONTEXT certContext) { - return CertCompareCertificateName(certContext->dwCertEncodingType, - &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject); + return CertCompareCertificateName(certContext->dwCertEncodingType, + &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject); } static PRBool -ckcapi_cert_isCA -( - PCCERT_CONTEXT certContext -) +ckcapi_cert_isCA( + PCCERT_CONTEXT certContext) { - PCERT_EXTENSION extension; - CERT_BASIC_CONSTRAINTS2_INFO basicInfo; - DWORD size = sizeof(basicInfo); - BOOL rc; - - extension = CertFindExtension (szOID_BASIC_CONSTRAINTS, - certContext->pCertInfo->cExtension, - certContext->pCertInfo->rgExtension); - if ((PCERT_EXTENSION) NULL == extension ) { - return PR_FALSE; - } - rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, - extension->Value.pbData, extension->Value.cbData, - 0, &basicInfo, &size); - if (!rc) { - return PR_FALSE; - } - return (PRBool) basicInfo.fCA; + PCERT_EXTENSION extension; + CERT_BASIC_CONSTRAINTS2_INFO basicInfo; + DWORD size = sizeof(basicInfo); + BOOL rc; + + extension = CertFindExtension(szOID_BASIC_CONSTRAINTS, + certContext->pCertInfo->cExtension, + certContext->pCertInfo->rgExtension); + if ((PCERT_EXTENSION)NULL == extension) { + return PR_FALSE; + } + rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, + extension->Value.pbData, extension->Value.cbData, + 0, &basicInfo, &size); + if (!rc) { + return PR_FALSE; + } + return (PRBool)basicInfo.fCA; } static CRYPT_KEY_PROV_INFO * -ckcapi_cert_getPrivateKeyInfo -( - PCCERT_CONTEXT certContext, - NSSItem *keyID -) +ckcapi_cert_getPrivateKeyInfo( + PCCERT_CONTEXT certContext, + NSSItem *keyID) { - BOOL rc; - CRYPT_HASH_BLOB msKeyID; - DWORD size = 0; - CRYPT_KEY_PROV_INFO *prov = NULL; - - msKeyID.cbData = keyID->size; - msKeyID.pbData = keyID->data; - - rc = CryptGetKeyIdentifierProperty( - &msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, NULL, &size); - if (!rc) { - return (CRYPT_KEY_PROV_INFO *)NULL; - } - prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { - return (CRYPT_KEY_PROV_INFO *) NULL; - } - rc = CryptGetKeyIdentifierProperty( - &msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, prov, &size); - if (!rc) { - nss_ZFreeIf(prov); - return (CRYPT_KEY_PROV_INFO *)NULL; - } - - return prov; + BOOL rc; + CRYPT_HASH_BLOB msKeyID; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + msKeyID.cbData = keyID->size; + msKeyID.pbData = keyID->data; + + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; } static CRYPT_KEY_PROV_INFO * -ckcapi_cert_getProvInfo -( - ckcapiInternalObject *io -) +ckcapi_cert_getProvInfo( + ckcapiInternalObject *io) { - BOOL rc; - DWORD size = 0; - CRYPT_KEY_PROV_INFO *prov = NULL; - - rc = CertGetCertificateContextProperty( - io->u.cert.certContext, - CERT_KEY_PROV_INFO_PROP_ID, - NULL, &size); - if (!rc) { - return (CRYPT_KEY_PROV_INFO *)NULL; - } - prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); - if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { - return (CRYPT_KEY_PROV_INFO *) NULL; - } - rc = CertGetCertificateContextProperty( - io->u.cert.certContext, - CERT_KEY_PROV_INFO_PROP_ID, - prov, &size); - if (!rc) { - nss_ZFreeIf(prov); - return (CRYPT_KEY_PROV_INFO *)NULL; - } - - return prov; + BOOL rc; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; } - + /* forward declaration */ static void -ckcapi_removeObjectFromHash -( - ckcapiInternalObject *io -); +ckcapi_removeObjectFromHash( + ckcapiInternalObject *io); /* * Finalize - unneeded - * Destroy + * Destroy * IsTokenObject - CK_TRUE * GetAttributeCount * GetAttributeTypes @@ -1338,968 +1296,944 @@ ckcapi_removeObjectFromHash */ static CK_RV -ckcapi_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_OBJECT_CLASS objClass; - BOOL rc; - DWORD provType; - DWORD msError; - PRBool isCertType = (PRBool)(ckcapiCert == io->type); - HCERTSTORE hStore = 0; - - if (ckcapiRaw == io->type) { - /* there is not 'object write protected' error, use the next best thing */ - return CKR_TOKEN_WRITE_PROTECTED; - } - - objClass = io->objClass; - if (CKO_CERTIFICATE == objClass) { - PCCERT_CONTEXT certContext; - - /* get the store */ - hStore = CertOpenSystemStore(0, io->u.cert.certStore); - if (0 == hStore) { - rc = 0; - goto loser; - } - certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, - CERT_FIND_EXISTING, io->u.cert.certContext, NULL); - if ((PCCERT_CONTEXT)NULL == certContext) { - rc = 0; - goto loser; - } - rc = CertDeleteCertificateFromStore(certContext); - } else { - char *provName = NULL; - char *containerName = NULL; - HCRYPTPROV hProv; - CRYPT_HASH_BLOB msKeyID; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_OBJECT_CLASS objClass; + BOOL rc; + DWORD provType; + DWORD msError; + PRBool isCertType = (PRBool)(ckcapiCert == io->type); + HCERTSTORE hStore = 0; + + if (ckcapiRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; + } - if (0 == io->id.size) { - ckcapi_FetchID(io); - } - - if (isCertType) { - CRYPT_KEY_PROV_INFO * provInfo = ckcapi_cert_getProvInfo(io); - provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName); - containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); - provType = provInfo->dwProvType; - nss_ZFreeIf(provInfo); - } else { - provName = io->u.key.provName; - containerName = io->u.key.containerName; - provType = io->u.key.provInfo.dwProvType; - io->u.key.provName = NULL; - io->u.key.containerName = NULL; - } - /* first remove the key id pointer */ - msKeyID.cbData = io->id.size; - msKeyID.pbData = io->id.data; - rc = CryptSetKeyIdentifierProperty(&msKeyID, - CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL); - if (rc) { - rc = CryptAcquireContext(&hProv, containerName, provName, provType, - CRYPT_DELETEKEYSET); + objClass = io->objClass; + if (CKO_CERTIFICATE == objClass) { + PCCERT_CONTEXT certContext; + + /* get the store */ + hStore = CertOpenSystemStore(0, io->u.cert.certStore); + if (0 == hStore) { + rc = 0; + goto loser; + } + certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, + CERT_FIND_EXISTING, io->u.cert.certContext, NULL); + if ((PCCERT_CONTEXT)NULL == certContext) { + rc = 0; + goto loser; + } + rc = CertDeleteCertificateFromStore(certContext); + } + else { + char *provName = NULL; + char *containerName = NULL; + HCRYPTPROV hProv; + CRYPT_HASH_BLOB msKeyID; + + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + + if (isCertType) { + CRYPT_KEY_PROV_INFO *provInfo = ckcapi_cert_getProvInfo(io); + provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName); + containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); + provType = provInfo->dwProvType; + nss_ZFreeIf(provInfo); + } + else { + provName = io->u.key.provName; + containerName = io->u.key.containerName; + provType = io->u.key.provInfo.dwProvType; + io->u.key.provName = NULL; + io->u.key.containerName = NULL; + } + /* first remove the key id pointer */ + msKeyID.cbData = io->id.size; + msKeyID.pbData = io->id.data; + rc = CryptSetKeyIdentifierProperty(&msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL); + if (rc) { + rc = CryptAcquireContext(&hProv, containerName, provName, provType, + CRYPT_DELETEKEYSET); + } + nss_ZFreeIf(provName); + nss_ZFreeIf(containerName); } - nss_ZFreeIf(provName); - nss_ZFreeIf(containerName); - } loser: - if (hStore) { - CertCloseStore(hStore, 0); - } - if (!rc) { - msError = GetLastError(); - return CKR_GENERAL_ERROR; - } + if (hStore) { + CertCloseStore(hStore, 0); + } + if (!rc) { + msError = GetLastError(); + return CKR_GENERAL_ERROR; + } - /* remove it from the hash */ - ckcapi_removeObjectFromHash(io); + /* remove it from the hash */ + ckcapi_removeObjectFromHash(io); - /* free the puppy.. */ - nss_ckcapi_DestroyInternalObject(io); - return CKR_OK; + /* free the puppy.. */ + nss_ckcapi_DestroyInternalObject(io); + return CKR_OK; } static CK_BBOOL -ckcapi_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -ckcapi_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - - if (ckcapiRaw == io->type) { - return io->u.raw.n; - } - switch (io->objClass) { - case CKO_CERTIFICATE: - return certAttrsCount; - case CKO_PUBLIC_KEY: - return pubKeyAttrsCount; - case CKO_PRIVATE_KEY: - return privKeyAttrsCount; - default: - break; - } - return 0; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + + if (ckcapiRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; } static CK_RV -ckcapi_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +ckcapi_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_ULONG i; - CK_RV error = CKR_OK; - const CK_ATTRIBUTE_TYPE *attrs = NULL; - CK_ULONG size = ckcapi_mdObject_GetAttributeCount( - mdObject, fwObject, mdSession, fwSession, - mdToken, fwToken, mdInstance, fwInstance, &error); - - if( size != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } - if (io->type == ckcapiRaw) { - attrs = io->u.raw.types; - } else switch(io->objClass) { - case CKO_CERTIFICATE: - attrs = certAttrs; - break; - case CKO_PUBLIC_KEY: - attrs = pubKeyAttrs; - break; - case CKO_PRIVATE_KEY: - attrs = privKeyAttrs; - break; - default: - return CKR_OK; - } - - for( i = 0; i < size; i++) { - typeArray[i] = attrs[i]; - } - - return CKR_OK; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckcapi_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if (size != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckcapiRaw) { + attrs = io->u.raw.types; + } + else + switch (io->objClass) { + case CKO_CERTIFICATE: + attrs = + certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = + pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = + privKeyAttrs; + break; + default: + return CKR_OK; + } + + for (i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; } static CK_ULONG -ckcapi_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckcapi_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - const NSSItem *b; + const NSSItem *b; - b = nss_ckcapi_FetchAttribute(io, attribute); + b = nss_ckcapi_FetchAttribute(io, attribute); - if ((const NSSItem *)NULL == b) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; - } - return b->size; + if ((const NSSItem *)NULL == b) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; + } + return b->size; } static CK_RV -ckcapi_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +ckcapi_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - return CKR_OK; + return CKR_OK; } static NSSCKFWItem -ckcapi_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckcapi_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + NSSCKFWItem mdItem; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*)nss_ckcapi_FetchAttribute(io, attribute); + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)nss_ckcapi_FetchAttribute(io, attribute); - if ((NSSItem *)NULL == mdItem.item) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - } + if ((NSSItem *)NULL == mdItem.item) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + } - return mdItem; + return mdItem; } static CK_ULONG -ckcapi_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; - CK_ULONG rv = 1; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG rv = 1; - /* size is irrelevant to this token */ - return rv; + /* size is irrelevant to this token */ + return rv; } static const NSSCKMDObject -ckcapi_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - ckcapi_mdObject_Destroy, - ckcapi_mdObject_IsTokenObject, - ckcapi_mdObject_GetAttributeCount, - ckcapi_mdObject_GetAttributeTypes, - ckcapi_mdObject_GetAttributeSize, - ckcapi_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - ckcapi_mdObject_SetAttribute, - ckcapi_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + ckcapi_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckcapi_mdObject_Destroy, + ckcapi_mdObject_IsTokenObject, + ckcapi_mdObject_GetAttributeCount, + ckcapi_mdObject_GetAttributeTypes, + ckcapi_mdObject_GetAttributeSize, + ckcapi_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckcapi_mdObject_SetAttribute, + ckcapi_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; static nssHash *ckcapiInternalObjectHash = NULL; NSS_IMPLEMENT NSSCKMDObject * -nss_ckcapi_CreateMDObject -( - NSSArena *arena, - ckcapiInternalObject *io, - CK_RV *pError -) +nss_ckcapi_CreateMDObject( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError) { - if ((nssHash *)NULL == ckcapiInternalObjectHash) { - ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10); - } - if (ckcapiCert == io->type) { - /* the hash key, not a cryptographic key */ - NSSItem *key = &io->hashKey; - ckcapiInternalObject *old_o = NULL; + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckcapiCert == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckcapiInternalObject *old_o = NULL; + + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + old_o = (ckcapiInternalObject *) + nssHash_Lookup(ckcapiInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckcapiInternalObjectHash, key, io); + } + else if (old_o != io) { + nss_ckcapi_DestroyInternalObject(io); + io = old_o; + } + } - if (key->size == 0) { - ckcapi_FetchHashKey(io); - } - old_o = (ckcapiInternalObject *) - nssHash_Lookup(ckcapiInternalObjectHash, key); - if (!old_o) { - nssHash_Add(ckcapiInternalObjectHash, key, io); - } else if (old_o != io) { - nss_ckcapi_DestroyInternalObject(io); - io = old_o; - } - } - - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&ckcapi_prototype_mdObject, - sizeof(ckcapi_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } - return &io->mdObject; + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &ckcapi_prototype_mdObject, + sizeof(ckcapi_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; } static void -ckcapi_removeObjectFromHash -( - ckcapiInternalObject *io -) +ckcapi_removeObjectFromHash( + ckcapiInternalObject *io) { - NSSItem *key = &io->hashKey; + NSSItem *key = &io->hashKey; - if ((nssHash *)NULL == ckcapiInternalObjectHash) { + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + return; + } + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + nssHash_Remove(ckcapiInternalObjectHash, key); return; - } - if (key->size == 0) { - ckcapi_FetchHashKey(io); - } - nssHash_Remove(ckcapiInternalObjectHash, key); - return; } void -nss_ckcapi_DestroyInternalObject -( - ckcapiInternalObject *io -) +nss_ckcapi_DestroyInternalObject( + ckcapiInternalObject *io) { - switch (io->type) { - case ckcapiRaw: + switch (io->type) { + case ckcapiRaw: + return; + case ckcapiCert: + CertFreeCertificateContext(io->u.cert.certContext); + nss_ZFreeIf(io->u.cert.labelData); + nss_ZFreeIf(io->u.cert.key.privateKey); + nss_ZFreeIf(io->u.cert.key.pubKey); + nss_ZFreeIf(io->idData); + break; + case ckcapiBareKey: + nss_ZFreeIf(io->u.key.provInfo.pwszContainerName); + nss_ZFreeIf(io->u.key.provInfo.pwszProvName); + nss_ZFreeIf(io->u.key.provName); + nss_ZFreeIf(io->u.key.containerName); + nss_ZFreeIf(io->u.key.key.privateKey); + nss_ZFreeIf(io->u.key.key.pubKey); + if (0 != io->u.key.hProv) { + CryptReleaseContext(io->u.key.hProv, 0); + } + nss_ZFreeIf(io->idData); + break; + } + nss_ZFreeIf(io); return; - case ckcapiCert: - CertFreeCertificateContext(io->u.cert.certContext); - nss_ZFreeIf(io->u.cert.labelData); - nss_ZFreeIf(io->u.cert.key.privateKey); - nss_ZFreeIf(io->u.cert.key.pubKey); - nss_ZFreeIf(io->idData); - break; - case ckcapiBareKey: - nss_ZFreeIf(io->u.key.provInfo.pwszContainerName); - nss_ZFreeIf(io->u.key.provInfo.pwszProvName); - nss_ZFreeIf(io->u.key.provName); - nss_ZFreeIf(io->u.key.containerName); - nss_ZFreeIf(io->u.key.key.privateKey); - nss_ZFreeIf(io->u.key.key.pubKey); - if (0 != io->u.key.hProv) { - CryptReleaseContext(io->u.key.hProv, 0); - } - nss_ZFreeIf(io->idData); - break; - } - nss_ZFreeIf(io); - return; } static ckcapiInternalObject * -nss_ckcapi_CreateCertificate -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreateCertificate( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem value; - NSSItem keyID; - char *storeStr; - ckcapiInternalObject *io = NULL; - PCCERT_CONTEXT certContext = NULL; - PCCERT_CONTEXT storedCertContext = NULL; - CRYPT_KEY_PROV_INFO *prov_info = NULL; - char *nickname = NULL; - HCERTSTORE hStore = 0; - DWORD msError = 0; - PRBool hasID; - CK_RV dummy; - BOOL rc; - - *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, - ulAttributeCount, &value); - - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } + NSSItem value; + NSSItem keyID; + char *storeStr; + ckcapiInternalObject *io = NULL; + PCCERT_CONTEXT certContext = NULL; + PCCERT_CONTEXT storedCertContext = NULL; + CRYPT_KEY_PROV_INFO *prov_info = NULL; + char *nickname = NULL; + HCERTSTORE hStore = 0; + DWORD msError = 0; + PRBool hasID; + CK_RV dummy; + BOOL rc; + + *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } - *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } - if (ckcapi_cert_exists(&value, &io)) { - return io; - } + if (ckcapi_cert_exists(&value, &io)) { + return io; + } - /* OK, we are creating a new one, figure out what store it belongs to.. + /* OK, we are creating a new one, figure out what store it belongs to.. * first get a certContext handle.. */ - certContext = CertCreateCertificateContext(X509_ASN_ENCODING, - value.data, value.size); - if ((PCCERT_CONTEXT) NULL == certContext) { - msError = GetLastError(); - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - - /* do we have a private key laying around... */ - prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID); - if (prov_info) { - CRYPT_DATA_BLOB msKeyID; - storeStr = "My"; - hasID = PR_TRUE; - rc = CertSetCertificateContextProperty(certContext, - CERT_KEY_PROV_INFO_PROP_ID, - 0, prov_info); - nss_ZFreeIf(prov_info); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; + certContext = CertCreateCertificateContext(X509_ASN_ENCODING, + value.data, value.size); + if ((PCCERT_CONTEXT)NULL == certContext) { + msError = GetLastError(); + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; } - msKeyID.cbData = keyID.size; - msKeyID.pbData = keyID.data; - rc = CertSetCertificateContextProperty(certContext, - CERT_KEY_IDENTIFIER_PROP_ID, - 0, &msKeyID); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - /* does it look like a CA */ - } else if (ckcapi_cert_isCA(certContext)) { - storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; - /* does it look like an S/MIME cert */ - } else if (ckcapi_cert_hasEmail(certContext)) { - storeStr = "AddressBook"; - } else { - /* just pick a store */ - storeStr = "CA"; - } - - /* get the nickname, not an error if we can't find it */ - nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &dummy); - if (nickname) { - LPWSTR nicknameUTF16 = NULL; - CRYPT_DATA_BLOB nicknameBlob; - - nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname); - nss_ZFreeIf(nickname); - nickname = NULL; - if ((LPWSTR)NULL == nicknameUTF16) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16); - nicknameBlob.pbData = (BYTE *)nicknameUTF16; - rc = CertSetCertificateContextProperty(certContext, - CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob); - nss_ZFreeIf(nicknameUTF16); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; + + /* do we have a private key laying around... */ + prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID); + if (prov_info) { + CRYPT_DATA_BLOB msKeyID; + storeStr = "My"; + hasID = PR_TRUE; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, + 0, prov_info); + nss_ZFreeIf(prov_info); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, + 0, &msKeyID); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + /* does it look like a CA */ + } + else if (ckcapi_cert_isCA(certContext)) { + storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; + /* does it look like an S/MIME cert */ + } + else if (ckcapi_cert_hasEmail(certContext)) { + storeStr = "AddressBook"; + } + else { + /* just pick a store */ + storeStr = "CA"; } - } - hStore = CertOpenSystemStore((HCRYPTPROV) NULL, storeStr); - if (0 == hStore) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - rc = CertAddCertificateContextToStore(hStore, certContext, - CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext); - CertFreeCertificateContext(certContext); - certContext = NULL; - CertCloseStore(hStore, 0); - hStore = 0; - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - io->type = ckcapiCert; - io->objClass = CKO_CERTIFICATE; - io->u.cert.certContext = storedCertContext; - io->u.cert.hasID = hasID; - return io; + /* get the nickname, not an error if we can't find it */ + nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + if (nickname) { + LPWSTR nicknameUTF16 = NULL; + CRYPT_DATA_BLOB nicknameBlob; + + nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname); + nss_ZFreeIf(nickname); + nickname = NULL; + if ((LPWSTR)NULL == nicknameUTF16) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16); + nicknameBlob.pbData = (BYTE *)nicknameUTF16; + rc = CertSetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob); + nss_ZFreeIf(nicknameUTF16); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + } -loser: - if (certContext) { + hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); + if (0 == hStore) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + rc = CertAddCertificateContextToStore(hStore, certContext, + CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext); CertFreeCertificateContext(certContext); certContext = NULL; - } - if (storedCertContext) { - CertFreeCertificateContext(storedCertContext); - storedCertContext = NULL; - } - if (0 != hStore) { CertCloseStore(hStore, 0); - } - return (ckcapiInternalObject *)NULL; + hStore = 0; + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiCert; + io->objClass = CKO_CERTIFICATE; + io->u.cert.certContext = storedCertContext; + io->u.cert.hasID = hasID; + return io; + +loser: + if (certContext) { + CertFreeCertificateContext(certContext); + certContext = NULL; + } + if (storedCertContext) { + CertFreeCertificateContext(storedCertContext); + storedCertContext = NULL; + } + if (0 != hStore) { + CertCloseStore(hStore, 0); + } + return (ckcapiInternalObject *)NULL; } static char * -ckcapi_getDefaultProvider -( - CK_RV *pError -) +ckcapi_getDefaultProvider( + CK_RV *pError) { - char *name = NULL; - BOOL rc; - DWORD nameLength = 0; - - rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL, - &nameLength); - if (!rc) { - return (char *)NULL; - } - - name = nss_ZNEWARRAY(NULL, char, nameLength); - if ((char *)NULL == name ) { - return (char *)NULL; - } - rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name, - &nameLength); - if (!rc) { - nss_ZFreeIf(name); - return (char *)NULL; - } - - return name; + char *name = NULL; + BOOL rc; + DWORD nameLength = 0; + + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL, + &nameLength); + if (!rc) { + return (char *)NULL; + } + + name = nss_ZNEWARRAY(NULL, char, nameLength); + if ((char *)NULL == name) { + return (char *)NULL; + } + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name, + &nameLength); + if (!rc) { + nss_ZFreeIf(name); + return (char *)NULL; + } + + return name; } static char * -ckcapi_getContainer -( - CK_RV *pError, - NSSItem *id -) +ckcapi_getContainer( + CK_RV *pError, + NSSItem *id) { - RPC_STATUS rstat; - UUID uuid; - char *uuidStr; - char *container; - - rstat = UuidCreate(&uuid); - rstat = UuidToString(&uuid, &uuidStr); - - /* convert it from rcp memory to our own */ - container = nssUTF8_Duplicate(uuidStr, NULL); - RpcStringFree(&uuidStr); - - return container; + RPC_STATUS rstat; + UUID uuid; + char *uuidStr; + char *container; + + rstat = UuidCreate(&uuid); + rstat = UuidToString(&uuid, &uuidStr); + + /* convert it from rcp memory to our own */ + container = nssUTF8_Duplicate(uuidStr, NULL); + RpcStringFree(&uuidStr); + + return container; } static CK_RV -ckcapi_buildPrivateKeyBlob -( - NSSItem *keyBlob, - NSSItem *modulus, - NSSItem *publicExponent, - NSSItem *privateExponent, - NSSItem *prime1, - NSSItem *prime2, - NSSItem *exponent1, - NSSItem *exponent2, - NSSItem *coefficient, - PRBool isKeyExchange -) +ckcapi_buildPrivateKeyBlob( + NSSItem *keyBlob, + NSSItem *modulus, + NSSItem *publicExponent, + NSSItem *privateExponent, + NSSItem *prime1, + NSSItem *prime2, + NSSItem *exponent1, + NSSItem *exponent2, + NSSItem *coefficient, + PRBool isKeyExchange) { - CAPI_RSA_KEY_BLOB *keyBlobData = NULL; - unsigned char *target; - unsigned long modSize = modulus->size; - unsigned long dataSize; - CK_RV error = CKR_OK; - - /* validate extras */ - if (privateExponent->size != modSize) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (prime1->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (prime2->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (exponent1->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (exponent2->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - if (coefficient->size != modSize/2) { - error = CKR_ATTRIBUTE_VALUE_INVALID; - goto loser; - } - dataSize = (modSize*4)+(modSize/2) + sizeof(CAPI_RSA_KEY_BLOB); - keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize); - if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) { - error = CKR_HOST_MEMORY; - goto loser; - } - - keyBlobData->header.bType = PRIVATEKEYBLOB; - keyBlobData->header.bVersion = 0x02; - keyBlobData->header.reserved = 0x00; - keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX:CALG_RSA_SIGN; - keyBlobData->rsa.magic = 0x32415352; - keyBlobData->rsa.bitlen = modSize * 8; - keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent,&error); - if (CKR_OK != error) { - goto loser; - } - - target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)]; - nsslibc_memcpy(target, modulus->data, modulus->size); - modulus->data = target; - ckcapi_ReverseData(modulus); - - target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)]; - nsslibc_memcpy(target, privateExponent->data, privateExponent->size); - privateExponent->data = target; - ckcapi_ReverseData(privateExponent); - - target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)]; - nsslibc_memcpy(target, prime1->data, prime1->size); - prime1->data = target; - ckcapi_ReverseData(prime1); - - target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)]; - nsslibc_memcpy(target, prime2->data, prime2->size); - prime2->data = target; - ckcapi_ReverseData(prime2); - - target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)]; - nsslibc_memcpy(target, exponent1->data, exponent1->size); - exponent1->data = target; - ckcapi_ReverseData(exponent1); - - target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)]; - nsslibc_memcpy(target, exponent2->data, exponent2->size); - exponent2->data = target; - ckcapi_ReverseData(exponent2); - - target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)]; - nsslibc_memcpy(target, coefficient->data, coefficient->size); - coefficient->data = target; - ckcapi_ReverseData(coefficient); - - keyBlob->data = keyBlobData; - keyBlob->size = dataSize; - - return CKR_OK; + CAPI_RSA_KEY_BLOB *keyBlobData = NULL; + unsigned char *target; + unsigned long modSize = modulus->size; + unsigned long dataSize; + CK_RV error = CKR_OK; + + /* validate extras */ + if (privateExponent->size != modSize) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime1->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime2->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent1->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent2->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (coefficient->size != modSize / 2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + dataSize = (modSize * 4) + (modSize / 2) + sizeof(CAPI_RSA_KEY_BLOB); + keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize); + if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) { + error = CKR_HOST_MEMORY; + goto loser; + } + + keyBlobData->header.bType = PRIVATEKEYBLOB; + keyBlobData->header.bVersion = 0x02; + keyBlobData->header.reserved = 0x00; + keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX : CALG_RSA_SIGN; + keyBlobData->rsa.magic = 0x32415352; + keyBlobData->rsa.bitlen = modSize * 8; + keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent, &error); + if (CKR_OK != error) { + goto loser; + } + + target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)]; + nsslibc_memcpy(target, modulus->data, modulus->size); + modulus->data = target; + ckcapi_ReverseData(modulus); + + target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)]; + nsslibc_memcpy(target, privateExponent->data, privateExponent->size); + privateExponent->data = target; + ckcapi_ReverseData(privateExponent); + + target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)]; + nsslibc_memcpy(target, prime1->data, prime1->size); + prime1->data = target; + ckcapi_ReverseData(prime1); + + target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)]; + nsslibc_memcpy(target, prime2->data, prime2->size); + prime2->data = target; + ckcapi_ReverseData(prime2); + + target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent1->data, exponent1->size); + exponent1->data = target; + ckcapi_ReverseData(exponent1); + + target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent2->data, exponent2->size); + exponent2->data = target; + ckcapi_ReverseData(exponent2); + + target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)]; + nsslibc_memcpy(target, coefficient->data, coefficient->size); + coefficient->data = target; + ckcapi_ReverseData(coefficient); + + keyBlob->data = keyBlobData; + keyBlob->size = dataSize; + + return CKR_OK; loser: - nss_ZFreeIf(keyBlobData); - return error; + nss_ZFreeIf(keyBlobData); + return error; } static ckcapiInternalObject * -nss_ckcapi_CreatePrivateKey -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreatePrivateKey( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem modulus; - NSSItem publicExponent; - NSSItem privateExponent; - NSSItem exponent1; - NSSItem exponent2; - NSSItem prime1; - NSSItem prime2; - NSSItem coefficient; - NSSItem keyID; - NSSItem keyBlob; - ckcapiInternalObject *io = NULL; - char *providerName = NULL; - char *containerName = NULL; - char *idData = NULL; - CRYPT_KEY_PROV_INFO provInfo; - CRYPT_HASH_BLOB msKeyID; - CK_KEY_TYPE keyType; - HCRYPTPROV hProv = 0; - HCRYPTKEY hKey = 0; - PRBool decrypt; - DWORD keySpec; - DWORD msError; - BOOL rc; - - keyType = nss_ckcapi_GetULongAttribute - (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - if (CKK_RSA != keyType) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (ckcapiInternalObject *)NULL; - } - - decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, - pTemplate, ulAttributeCount, pError); - if (CKR_TEMPLATE_INCOMPLETE == *pError) { - decrypt = PR_TRUE; /* default to true */ - } - decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, - pTemplate, ulAttributeCount, pError); - if (CKR_TEMPLATE_INCOMPLETE == *pError) { - decrypt = PR_TRUE; /* default to true */ - } - keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE; - - *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, - ulAttributeCount, &modulus); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, - ulAttributeCount, &publicExponent); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, - ulAttributeCount, &privateExponent); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, - ulAttributeCount, &prime1); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, - ulAttributeCount, &prime2); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, - ulAttributeCount, &exponent1); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, - ulAttributeCount, &exponent2); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, - ulAttributeCount, &coefficient); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); - if (CKR_OK != *pError) { - return (ckcapiInternalObject *)NULL; - } - providerName = ckcapi_getDefaultProvider(pError); - if ((char *)NULL == providerName ) { - return (ckcapiInternalObject *)NULL; - } - containerName = ckcapi_getContainer(pError, &keyID); - if ((char *)NULL == containerName) { - goto loser; - } - rc = CryptAcquireContext(&hProv, containerName, providerName, - PROV_RSA_FULL, CRYPT_NEWKEYSET); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - *pError = ckcapi_buildPrivateKeyBlob( - &keyBlob, - &modulus, - &publicExponent, - &privateExponent, - &prime1, - &prime2, - &exponent1, - &exponent2, - &coefficient, - decrypt); - if (CKR_OK != *pError) { - goto loser; - } - - rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, - 0, CRYPT_EXPORTABLE, &hKey); - if (!rc) { - msError = GetLastError(); - *pError = CKR_DEVICE_ERROR; - goto loser; - } - - idData = nss_ZNEWARRAY(NULL, char, keyID.size); - if ((void *)NULL == idData) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(idData, keyID.data, keyID.size); - - provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName); - provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName); - provInfo.dwProvType = PROV_RSA_FULL; - provInfo.dwFlags = 0; - provInfo.cProvParam = 0; - provInfo.rgProvParam = NULL; - provInfo.dwKeySpec = keySpec; - - msKeyID.cbData = keyID.size; - msKeyID.pbData = keyID.data; - - rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID, - 0, NULL, NULL, &provInfo); - if (!rc) { - goto loser; - } - - /* handle error here */ - io = nss_ZNEW(NULL, ckcapiInternalObject); - if ((ckcapiInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - io->type = ckcapiBareKey; - io->objClass = CKO_PRIVATE_KEY; - io->u.key.provInfo = provInfo; - io->u.key.provName = providerName; - io->u.key.containerName = containerName; - io->u.key.hProv = hProv; /* save the handle */ - io->idData = idData; - io->id.data = idData; - io->id.size = keyID.size; - /* done with the key handle */ - CryptDestroyKey(hKey); - return io; + NSSItem modulus; + NSSItem publicExponent; + NSSItem privateExponent; + NSSItem exponent1; + NSSItem exponent2; + NSSItem prime1; + NSSItem prime2; + NSSItem coefficient; + NSSItem keyID; + NSSItem keyBlob; + ckcapiInternalObject *io = NULL; + char *providerName = NULL; + char *containerName = NULL; + char *idData = NULL; + CRYPT_KEY_PROV_INFO provInfo; + CRYPT_HASH_BLOB msKeyID; + CK_KEY_TYPE keyType; + HCRYPTPROV hProv = 0; + HCRYPTKEY hKey = 0; + PRBool decrypt; + DWORD keySpec; + DWORD msError; + BOOL rc; + + keyType = nss_ckcapi_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckcapiInternalObject *)NULL; + } -loser: - nss_ZFreeIf(containerName); - nss_ZFreeIf(providerName); - nss_ZFreeIf(idData); - if (0 != hProv) { - CryptReleaseContext(hProv, 0); - } - if (0 != hKey) { + decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE; + + *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &modulus); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &publicExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &privateExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &prime1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &prime2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &exponent1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &exponent2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &coefficient); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + providerName = ckcapi_getDefaultProvider(pError); + if ((char *)NULL == providerName) { + return (ckcapiInternalObject *)NULL; + } + containerName = ckcapi_getContainer(pError, &keyID); + if ((char *)NULL == containerName) { + goto loser; + } + rc = CryptAcquireContext(&hProv, containerName, providerName, + PROV_RSA_FULL, CRYPT_NEWKEYSET); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + *pError = ckcapi_buildPrivateKeyBlob( + &keyBlob, + &modulus, + &publicExponent, + &privateExponent, + &prime1, + &prime2, + &exponent1, + &exponent2, + &coefficient, + decrypt); + if (CKR_OK != *pError) { + goto loser; + } + + rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, + 0, CRYPT_EXPORTABLE, &hKey); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + idData = nss_ZNEWARRAY(NULL, char, keyID.size); + if ((void *)NULL == idData) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(idData, keyID.data, keyID.size); + + provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName); + provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName); + provInfo.dwProvType = PROV_RSA_FULL; + provInfo.dwFlags = 0; + provInfo.cProvParam = 0; + provInfo.rgProvParam = NULL; + provInfo.dwKeySpec = keySpec; + + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + + rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, &provInfo); + if (!rc) { + goto loser; + } + + /* handle error here */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = CKO_PRIVATE_KEY; + io->u.key.provInfo = provInfo; + io->u.key.provName = providerName; + io->u.key.containerName = containerName; + io->u.key.hProv = hProv; /* save the handle */ + io->idData = idData; + io->id.data = idData; + io->id.size = keyID.size; + /* done with the key handle */ CryptDestroyKey(hKey); - } - return (ckcapiInternalObject *)NULL; -} + return io; +loser: + nss_ZFreeIf(containerName); + nss_ZFreeIf(providerName); + nss_ZFreeIf(idData); + if (0 != hProv) { + CryptReleaseContext(hProv, 0); + } + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return (ckcapiInternalObject *)NULL; +} NSS_EXTERN NSSCKMDObject * -nss_ckcapi_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckcapi_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_OBJECT_CLASS objClass; - ckcapiInternalObject *io = NULL; - CK_BBOOL isToken; - - /* - * only create token objects - */ - isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } - if (!isToken) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKMDObject *) NULL; - } - - /* - * only create keys and certs. - */ - objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } + CK_OBJECT_CLASS objClass; + ckcapiInternalObject *io = NULL; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *)NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } #ifdef notdef - if (objClass == CKO_PUBLIC_KEY) { - return CKR_OK; /* fake public key creation, happens as a side effect of - * private key creation */ - } + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } #endif - if (objClass == CKO_CERTIFICATE) { - io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, - ulAttributeCount, pError); - } else if (objClass == CKO_PRIVATE_KEY) { - io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, - ulAttributeCount, pError); - } else { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - - if ((ckcapiInternalObject *)NULL == io) { - return (NSSCKMDObject *) NULL; - } - return nss_ckcapi_CreateMDObject(NULL, io, pError); + if (objClass == CKO_CERTIFICATE) { + io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } + else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } + else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckcapiInternalObject *)NULL == io) { + return (NSSCKMDObject *)NULL; + } + return nss_ckcapi_CreateMDObject(NULL, io, pError); } diff --git a/lib/ckfw/capi/constants.c b/lib/ckfw/capi/constants.c index 9b919aa6d..0d4b70110 100644 --- a/lib/ckfw/capi/constants.c +++ b/lib/ckfw/capi/constants.c @@ -21,40 +21,43 @@ #endif /* NSSCAPI_H */ NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_CryptokiVersion = { - NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR, - NSS_CKCAPI_CRYPTOKI_VERSION_MINOR }; + nss_ckcapi_CryptokiVersion = { + NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR, + NSS_CKCAPI_CRYPTOKI_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + nss_ckcapi_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_LibraryDescription = (NSSUTF8 *) "NSS Access to Microsoft Certificate Store"; + nss_ckcapi_LibraryDescription = (NSSUTF8 *)"NSS Access to Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_LibraryVersion = { - NSS_CKCAPI_LIBRARY_VERSION_MAJOR, - NSS_CKCAPI_LIBRARY_VERSION_MINOR}; + nss_ckcapi_LibraryVersion = { + NSS_CKCAPI_LIBRARY_VERSION_MAJOR, + NSS_CKCAPI_LIBRARY_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_SlotDescription = (NSSUTF8 *) "Microsoft Certificate Store"; + nss_ckcapi_SlotDescription = (NSSUTF8 *)"Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_HardwareVersion = { - NSS_CKCAPI_HARDWARE_VERSION_MAJOR, - NSS_CKCAPI_HARDWARE_VERSION_MINOR }; + nss_ckcapi_HardwareVersion = { + NSS_CKCAPI_HARDWARE_VERSION_MAJOR, + NSS_CKCAPI_HARDWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckcapi_FirmwareVersion = { - NSS_CKCAPI_FIRMWARE_VERSION_MAJOR, - NSS_CKCAPI_FIRMWARE_VERSION_MINOR }; + nss_ckcapi_FirmwareVersion = { + NSS_CKCAPI_FIRMWARE_VERSION_MAJOR, + NSS_CKCAPI_FIRMWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenLabel = (NSSUTF8 *) "Microsoft Certificate Store"; + nss_ckcapi_TokenLabel = (NSSUTF8 *)"Microsoft Certificate Store"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenModel = (NSSUTF8 *) "1"; + nss_ckcapi_TokenModel = (NSSUTF8 *)"1"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckcapi_TokenSerialNumber = (NSSUTF8 *) "1"; - + nss_ckcapi_TokenSerialNumber = (NSSUTF8 *)"1"; diff --git a/lib/ckfw/capi/crsa.c b/lib/ckfw/capi/crsa.c index 9acc7e780..62f90acb6 100644 --- a/lib/ckfw/capi/crsa.c +++ b/lib/ckfw/capi/crsa.c @@ -5,7 +5,7 @@ #include "ckcapi.h" #include "secdert.h" -#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */ +#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */ /* * ckcapi/crsa.c @@ -21,115 +21,109 @@ static char * putDecimalString(char *cstr, unsigned long value) { - unsigned long tenpower; - int first = 1; - - for (tenpower=10000000; tenpower; tenpower /= 10) { - unsigned char digit = (unsigned char )(value/tenpower); - value = value % tenpower; - - /* drop leading zeros */ - if (first && (0 == digit)) { - continue; - } - first = 0; - *cstr++ = digit + '0'; - } - - /* if value was zero, put one of them out */ - if (first) { - *cstr++ = '0'; - } - return cstr; -} + unsigned long tenpower; + int first = 1; + + for (tenpower = 10000000; tenpower; tenpower /= 10) { + unsigned char digit = (unsigned char)(value / tenpower); + value = value % tenpower; + + /* drop leading zeros */ + if (first && (0 == digit)) { + continue; + } + first = 0; + *cstr++ = digit + '0'; + } + /* if value was zero, put one of them out */ + if (first) { + *cstr++ = '0'; + } + return cstr; +} /* * Create a Capi OID string value from a DER OID */ static char * -nss_ckcapi_GetOidString -( - unsigned char *oidTag, - unsigned int oidTagSize, - CK_RV *pError -) +nss_ckcapi_GetOidString( + unsigned char *oidTag, + unsigned int oidTagSize, + CK_RV *pError) { - unsigned char *oid; - char *oidStr; - char *cstr; - unsigned long value; - unsigned int oidSize; - - if (DER_OBJECT_ID != *oidTag) { - /* wasn't an oid */ - *pError = CKR_DATA_INVALID; - return NULL; - } - oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL); - - if (oidSize < 2) { - *pError = CKR_DATA_INVALID; - return NULL; - } - - oidStr = nss_ZNEWARRAY( NULL, char, oidSize*4 ); - if ((char *)NULL == oidStr) { - *pError = CKR_HOST_MEMORY; - return NULL; - } - cstr = oidStr; - cstr = putDecimalString(cstr, (*oid) / 40); - *cstr++ = '.'; - cstr = putDecimalString(cstr, (*oid) % 40); - oidSize--; - - value = 0; - while (oidSize--) { - oid++; - value = (value << 7) + (*oid & 0x7f); - if (0 == (*oid & 0x80)) { - *cstr++ = '.'; - cstr = putDecimalString(cstr, value); - value = 0; - } - } - - *cstr = 0; /* NULL terminate */ - - if (value != 0) { - nss_ZFreeIf(oidStr); - *pError = CKR_DATA_INVALID; - return NULL; - } - return oidStr; -} + unsigned char *oid; + char *oidStr; + char *cstr; + unsigned long value; + unsigned int oidSize; + + if (DER_OBJECT_ID != *oidTag) { + /* wasn't an oid */ + *pError = CKR_DATA_INVALID; + return NULL; + } + oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL); + + if (oidSize < 2) { + *pError = CKR_DATA_INVALID; + return NULL; + } + + oidStr = nss_ZNEWARRAY(NULL, char, oidSize * 4); + if ((char *)NULL == oidStr) { + *pError = CKR_HOST_MEMORY; + return NULL; + } + cstr = oidStr; + cstr = putDecimalString(cstr, (*oid) / 40); + *cstr++ = '.'; + cstr = putDecimalString(cstr, (*oid) % 40); + oidSize--; + + value = 0; + while (oidSize--) { + oid++; + value = (value << 7) + (*oid & 0x7f); + if (0 == (*oid & 0x80)) { + *cstr++ = '.'; + cstr = putDecimalString(cstr, value); + value = 0; + } + } + + *cstr = 0; /* NULL terminate */ + if (value != 0) { + nss_ZFreeIf(oidStr); + *pError = CKR_DATA_INVALID; + return NULL; + } + return oidStr; +} /* - * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, - * which includes the hash OID. CAPI expects to take a Hash Context. While - * CAPI does have the capability of setting a raw hash value, it does not + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not * have the ability to sign an arbitrary value. This function tries to * reduce the passed in data into something that CAPI could actually sign. */ static CK_RV -ckcapi_GetRawHash -( - const NSSItem *input, - NSSItem *hash, - ALG_ID *hashAlg -) +ckcapi_GetRawHash( + const NSSItem *input, + NSSItem *hash, + ALG_ID *hashAlg) { - unsigned char *current; - unsigned char *algid; - unsigned char *oid; - unsigned char *hashData; - char *oidStr; - CK_RV error; - unsigned int oidSize; - unsigned int size; - /* + unsigned char *current; + unsigned char *algid; + unsigned char *oid; + unsigned char *hashData; + char *oidStr; + CK_RV error; + unsigned int oidSize; + unsigned int size; + /* * there are 2 types of hashes NSS typically tries to sign, regular * RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes. * CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any @@ -138,73 +132,73 @@ ckcapi_GetRawHash * is really a combined hash or some other arbitrary data, so it's safe to * handle this case first. */ - if (SSL3_SHAMD5_HASH_SIZE == input->size) { - hash->data = input->data; - hash->size = input->size; - *hashAlg = CALG_SSL3_SHAMD5; - return CKR_OK; - } - - current = (unsigned char *)input->data; - - /* make sure we have a sequence tag */ - if ((DER_SEQUENCE|DER_CONSTRUCTED) != *current) { - return CKR_DATA_INVALID; - } - - /* parse the input block to get 1) the hash oid, and 2) the raw hash value. - * unfortunatly CAPI doesn't have a builtin function to do this work, so - * we go ahead and do it by hand here. - * - * format is: - * SEQUENCE { - * SECQUENCE { // algid - * OID {} // oid - * ANY {} // optional params - * } - * OCTECT {} // hash - */ - - /* unwrap */ - algid = nss_ckcapi_DERUnwrap(current,input->size, &size, NULL); - - if (algid+size != current+input->size) { - /* make sure there is not extra data at the end */ - return CKR_DATA_INVALID; - } - - if ((DER_SEQUENCE|DER_CONSTRUCTED) != *algid) { - /* wasn't an algid */ - return CKR_DATA_INVALID; - } - oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData); - - if (DER_OCTET_STRING != *hashData) { - /* wasn't a hash */ - return CKR_DATA_INVALID; - } - - /* get the real hash */ - current = hashData; - size = size - (hashData-algid); - hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL); - - /* get the real oid as a string. Again, Microsoft does not - * export anything that does this for us */ - oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error); - if ((char *)NULL == oidStr ) { - return error; - } + if (SSL3_SHAMD5_HASH_SIZE == input->size) { + hash->data = input->data; + hash->size = input->size; + *hashAlg = CALG_SSL3_SHAMD5; + return CKR_OK; + } + + current = (unsigned char *)input->data; + + /* make sure we have a sequence tag */ + if ((DER_SEQUENCE | DER_CONSTRUCTED) != *current) { + return CKR_DATA_INVALID; + } + + /* parse the input block to get 1) the hash oid, and 2) the raw hash value. + * unfortunatly CAPI doesn't have a builtin function to do this work, so + * we go ahead and do it by hand here. + * + * format is: + * SEQUENCE { + * SECQUENCE { // algid + * OID {} // oid + * ANY {} // optional params + * } + * OCTECT {} // hash + */ + + /* unwrap */ + algid = nss_ckcapi_DERUnwrap(current, input->size, &size, NULL); + + if (algid + size != current + input->size) { + /* make sure there is not extra data at the end */ + return CKR_DATA_INVALID; + } + + if ((DER_SEQUENCE | DER_CONSTRUCTED) != *algid) { + /* wasn't an algid */ + return CKR_DATA_INVALID; + } + oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData); + + if (DER_OCTET_STRING != *hashData) { + /* wasn't a hash */ + return CKR_DATA_INVALID; + } + + /* get the real hash */ + current = hashData; + size = size - (hashData - algid); + hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL); + + /* get the real oid as a string. Again, Microsoft does not + * export anything that does this for us */ + oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error); + if ((char *)NULL == oidStr) { + return error; + } - /* look up the hash alg from the oid (fortunately CAPI does to this) */ - *hashAlg = CertOIDToAlgId(oidStr); - nss_ZFreeIf(oidStr); - if (0 == *hashAlg) { - return CKR_HOST_MEMORY; - } + /* look up the hash alg from the oid (fortunately CAPI does to this) */ + *hashAlg = CertOIDToAlgId(oidStr); + nss_ZFreeIf(oidStr); + if (0 == *hashAlg) { + return CKR_HOST_MEMORY; + } - /* hash looks reasonably consistent, we should be able to sign it now */ - return CKR_OK; + /* hash looks reasonably consistent, we should be able to sign it now */ + return CKR_OK; } /* @@ -214,133 +208,125 @@ ckcapi_GetRawHash void ckcapi_ReverseData(NSSItem *item) { - int end = (item->size)-1; - int middle = (item->size)/2; - unsigned char *buf = item->data; - int i; - - for (i=0; i < middle; i++) { - unsigned char tmp = buf[i]; - buf[i] = buf[end-i]; - buf[end-i] = tmp; - } - return; + int end = (item->size) - 1; + int middle = (item->size) / 2; + unsigned char *buf = item->data; + int i; + + for (i = 0; i < middle; i++) { + unsigned char tmp = buf[i]; + buf[i] = buf[end - i]; + buf[end - i] = tmp; + } + return; } -typedef struct ckcapiInternalCryptoOperationRSAPrivStr - ckcapiInternalCryptoOperationRSAPriv; -struct ckcapiInternalCryptoOperationRSAPrivStr -{ - NSSCKMDCryptoOperation mdOperation; - NSSCKMDMechanism *mdMechanism; - ckcapiInternalObject *iKey; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey; - NSSItem *buffer; +typedef struct ckcapiInternalCryptoOperationRSAPrivStr + ckcapiInternalCryptoOperationRSAPriv; +struct ckcapiInternalCryptoOperationRSAPrivStr { + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckcapiInternalObject *iKey; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + NSSItem *buffer; }; /* * ckcapi_mdCryptoOperationRSAPriv_Create */ static NSSCKMDCryptoOperation * -ckcapi_mdCryptoOperationRSAPriv_Create -( - const NSSCKMDCryptoOperation *proto, - NSSCKMDMechanism *mdMechanism, - NSSCKMDObject *mdKey, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSAPriv_Create( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + CK_RV *pError) { - ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc; - const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS); - const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE); - ckcapiInternalCryptoOperationRSAPriv *iOperation; - CK_RV error; - HCRYPTPROV hProv; - DWORD keySpec; - HCRYPTKEY hKey; - - /* make sure we have the right objects */ - if (((const NSSItem *)NULL == classItem) || - (sizeof(CK_OBJECT_CLASS) != classItem->size) || - (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || - ((const NSSItem *)NULL == keyType) || - (sizeof(CK_KEY_TYPE) != keyType->size) || - (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { - *pError = CKR_KEY_TYPE_INCONSISTENT; - return (NSSCKMDCryptoOperation *)NULL; - } - - error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey); - if (error != CKR_OK) { - *pError = error; - return (NSSCKMDCryptoOperation *)NULL; - } - - iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv); - if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *)NULL; - } - iOperation->mdMechanism = mdMechanism; - iOperation->iKey = iKey; - iOperation->hProv = hProv; - iOperation->keySpec = keySpec; - iOperation->hKey = hKey; - - nsslibc_memcpy(&iOperation->mdOperation, - proto, sizeof(NSSCKMDCryptoOperation)); - iOperation->mdOperation.etc = iOperation; - - return &iOperation->mdOperation; + ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS); + const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE); + ckcapiInternalCryptoOperationRSAPriv *iOperation; + CK_RV error; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey); + if (error != CKR_OK) { + *pError = error; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv); + if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->hProv = hProv; + iOperation->keySpec = keySpec; + iOperation->hKey = hKey; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; } static CK_RV -ckcapi_mdCryptoOperationRSAPriv_Destroy -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdCryptoOperationRSAPriv_Destroy( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - - if (iOperation->hKey) { - CryptDestroyKey(iOperation->hKey); - } - if (iOperation->buffer) { - nssItem_Destroy(iOperation->buffer); - } - nss_ZFreeIf(iOperation); - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->hKey) { + CryptDestroyKey(iOperation->hKey); + } + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + nss_ZFreeIf(iOperation); + return CKR_OK; } static CK_ULONG -ckcapi_mdCryptoOperationRSA_GetFinalLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSA_GetFinalLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - const NSSItem *modulus = - nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS); + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS); - return modulus->size; + return modulus->size; } - /* * ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength * we won't know the length until we actually decrypt the @@ -348,86 +334,85 @@ ckcapi_mdCryptoOperationRSA_GetFinalLength * the block, we'll save if for when the block is asked for */ static CK_ULONG -ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - CK_RV *pError -) +ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - BOOL rc; - - /* Microsoft's Decrypt operation works in place. Since we don't want - * to trash our input buffer, we make a copy of it */ - iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL); - if ((NSSItem *) NULL == iOperation->buffer) { - *pError = CKR_HOST_MEMORY; - return 0; - } - /* Sigh, reverse it */ - ckcapi_ReverseData(iOperation->buffer); - - rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, - iOperation->buffer->data, &iOperation->buffer->size); - if (!rc) { - DWORD msError = GetLastError(); - switch (msError) { - case NTE_BAD_DATA: - *pError = CKR_ENCRYPTED_DATA_INVALID; - break; - case NTE_FAIL: - case NTE_BAD_UID: - *pError = CKR_DEVICE_ERROR; - break; - default: - *pError = CKR_GENERAL_ERROR; - } - return 0; - } - - return iOperation->buffer->size; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + BOOL rc; + + /* Microsoft's Decrypt operation works in place. Since we don't want + * to trash our input buffer, we make a copy of it */ + iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL); + if ((NSSItem *)NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + /* Sigh, reverse it */ + ckcapi_ReverseData(iOperation->buffer); + + rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, + iOperation->buffer->data, &iOperation->buffer->size); + if (!rc) { + DWORD msError = GetLastError(); + switch (msError) { + case NTE_BAD_DATA: + *pError = + CKR_ENCRYPTED_DATA_INVALID; + break; + case NTE_FAIL: + case NTE_BAD_UID: + *pError = + CKR_DEVICE_ERROR; + break; + default: + *pError = + CKR_GENERAL_ERROR; + } + return 0; + } + + return iOperation->buffer->size; } /* * ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal * - * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to * have been called previously. */ static CK_RV -ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - NSSItem *buffer = iOperation->buffer; - - if ((NSSItem *)NULL == buffer) { - return CKR_GENERAL_ERROR; - } - nsslibc_memcpy(output->data, buffer->data, buffer->size); - output->size = buffer->size; - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; } /* @@ -435,277 +420,268 @@ ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal * */ static CK_RV -ckcapi_mdCryptoOperationRSASign_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckcapi_mdCryptoOperationRSASign_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckcapiInternalCryptoOperationRSAPriv *iOperation = - (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; - CK_RV error = CKR_OK; - DWORD msError; - NSSItem hash; - HCRYPTHASH hHash = 0; - ALG_ID hashAlg; - DWORD hashSize; - DWORD len; /* temp length value we throw away */ - BOOL rc; - - /* - * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, - * which includes the hash OID. CAPI expects to take a Hash Context. While - * CAPI does have the capability of setting a raw hash value, it does not - * have the ability to sign an arbitrary value. This function tries to - * reduce the passed in data into something that CAPI could actually sign. - */ - error = ckcapi_GetRawHash(input, &hash, &hashAlg); - if (CKR_OK != error) { - goto loser; - } - - rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash); - if (!rc) { - goto loser; - } - - /* make sure the hash lens match before we set it */ - len = sizeof(DWORD); - rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0); - if (!rc) { - goto loser; - } - - if (hash.size != hashSize) { - /* The input must have been bad for this to happen */ - error = CKR_DATA_INVALID; - goto loser; - } - - /* we have an explicit hash, set it, note that the length is - * implicit by the hashAlg used in create */ - rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0); - if (!rc) { - goto loser; - } - - /* OK, we have the data in a hash structure, sign it! */ - rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0, - output->data, &output->size); - if (!rc) { - goto loser; - } - - /* Don't return a signature that might have been broken because of a cosmic - * ray, or a broken processor, verify that it is valid... */ - rc = CryptVerifySignature(hHash, output->data, output->size, - iOperation->hKey, NULL, 0); - if (!rc) { - goto loser; - } - - /* OK, Microsoft likes to do things completely differently than anyone - * else. We need to reverse the data we received here */ - ckcapi_ReverseData(output); - CryptDestroyHash(hHash); - return CKR_OK; + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + CK_RV error = CKR_OK; + DWORD msError; + NSSItem hash; + HCRYPTHASH hHash = 0; + ALG_ID hashAlg; + DWORD hashSize; + DWORD len; /* temp length value we throw away */ + BOOL rc; + + /* + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not + * have the ability to sign an arbitrary value. This function tries to + * reduce the passed in data into something that CAPI could actually sign. + */ + error = ckcapi_GetRawHash(input, &hash, &hashAlg); + if (CKR_OK != error) { + goto loser; + } -loser: - /* map the microsoft error */ - if (CKR_OK == error) { - msError = GetLastError(); - switch (msError) { - case ERROR_NOT_ENOUGH_MEMORY: - error = CKR_HOST_MEMORY; - break; - case NTE_NO_MEMORY: - error = CKR_DEVICE_MEMORY; - break; - case ERROR_MORE_DATA: - return CKR_BUFFER_TOO_SMALL; - case ERROR_INVALID_PARAMETER: /* these params were derived from the */ - case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */ - case NTE_BAD_ALGID: /* data is bad */ - case NTE_BAD_HASH: - error = CKR_DATA_INVALID; - break; - case ERROR_BUSY: - case NTE_FAIL: - case NTE_BAD_UID: - error = CKR_DEVICE_ERROR; - break; - default: - error = CKR_GENERAL_ERROR; - break; - } - } - if (hHash) { + rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash); + if (!rc) { + goto loser; + } + + /* make sure the hash lens match before we set it */ + len = sizeof(DWORD); + rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0); + if (!rc) { + goto loser; + } + + if (hash.size != hashSize) { + /* The input must have been bad for this to happen */ + error = CKR_DATA_INVALID; + goto loser; + } + + /* we have an explicit hash, set it, note that the length is + * implicit by the hashAlg used in create */ + rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0); + if (!rc) { + goto loser; + } + + /* OK, we have the data in a hash structure, sign it! */ + rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0, + output->data, &output->size); + if (!rc) { + goto loser; + } + + /* Don't return a signature that might have been broken because of a cosmic + * ray, or a broken processor, verify that it is valid... */ + rc = CryptVerifySignature(hHash, output->data, output->size, + iOperation->hKey, NULL, 0); + if (!rc) { + goto loser; + } + + /* OK, Microsoft likes to do things completely differently than anyone + * else. We need to reverse the data we received here */ + ckcapi_ReverseData(output); CryptDestroyHash(hHash); - } - return error; + return CKR_OK; + +loser: + /* map the microsoft error */ + if (CKR_OK == error) { + msError = GetLastError(); + switch (msError) { + case ERROR_NOT_ENOUGH_MEMORY: + error = + CKR_HOST_MEMORY; + break; + case NTE_NO_MEMORY: + error = + CKR_DEVICE_MEMORY; + break; + case ERROR_MORE_DATA: + return CKR_BUFFER_TOO_SMALL; + case ERROR_INVALID_PARAMETER: /* these params were derived from the */ + case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */ + case NTE_BAD_ALGID: /* data is bad */ + case NTE_BAD_HASH: + error = + CKR_DATA_INVALID; + break; + case ERROR_BUSY: + case NTE_FAIL: + case NTE_BAD_UID: + error = + CKR_DEVICE_ERROR; + break; + default: + error = + CKR_GENERAL_ERROR; + break; + } + } + if (hHash) { + CryptDestroyHash(hHash); + } + return error; } - NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckcapi_mdCryptoOperationRSADecrypt_proto = { - NULL, /* etc */ - ckcapi_mdCryptoOperationRSAPriv_Destroy, - NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ - ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength, - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckcapi_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckcapi_mdCryptoOperationRSASign_proto = { - NULL, /* etc */ - ckcapi_mdCryptoOperationRSAPriv_Destroy, - ckcapi_mdCryptoOperationRSA_GetFinalLength, - NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckcapi_mdCryptoOperationRSASign_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckcapi_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + ckcapi_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; /********** NSSCKMDMechansim functions ***********************/ /* * ckcapi_mdMechanismRSA_Destroy */ static void -ckcapi_mdMechanismRSA_Destroy -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdMechanismRSA_Destroy( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_ZFreeIf(fwMechanism); + nss_ZFreeIf(fwMechanism); } /* * ckcapi_mdMechanismRSA_GetMinKeySize */ static CK_ULONG -ckcapi_mdMechanismRSA_GetMinKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdMechanismRSA_GetMinKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 384; + return 384; } /* * ckcapi_mdMechanismRSA_GetMaxKeySize */ static CK_ULONG -ckcapi_mdMechanismRSA_GetMaxKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdMechanismRSA_GetMaxKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 16384; + return 16384; } /* * ckcapi_mdMechanismRSA_DecryptInit */ -static NSSCKMDCryptoOperation * -ckcapi_mdMechanismRSA_DecryptInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_DecryptInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckcapi_mdCryptoOperationRSAPriv_Create( - &ckcapi_mdCryptoOperationRSADecrypt_proto, - mdMechanism, mdKey, pError); + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, pError); } /* * ckcapi_mdMechanismRSA_SignInit */ -static NSSCKMDCryptoOperation * -ckcapi_mdMechanismRSA_SignInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_SignInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckcapi_mdCryptoOperationRSAPriv_Create( - &ckcapi_mdCryptoOperationRSASign_proto, - mdMechanism, mdKey, pError); + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, pError); } - NSS_IMPLEMENT_DATA const NSSCKMDMechanism -nss_ckcapi_mdMechanismRSA = { - (void *)NULL, /* etc */ - ckcapi_mdMechanismRSA_Destroy, - ckcapi_mdMechanismRSA_GetMinKeySize, - ckcapi_mdMechanismRSA_GetMaxKeySize, - NULL, /* GetInHardware - default false */ - NULL, /* EncryptInit - default errs */ - ckcapi_mdMechanismRSA_DecryptInit, - NULL, /* DigestInit - default errs*/ - ckcapi_mdMechanismRSA_SignInit, - NULL, /* VerifyInit - default errs */ - ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */ - NULL, /* VerifyRecoverInit - default errs */ - NULL, /* GenerateKey - default errs */ - NULL, /* GenerateKeyPair - default errs */ - NULL, /* GetWrapKeyLength - default errs */ - NULL, /* WrapKey - default errs */ - NULL, /* UnwrapKey - default errs */ - NULL, /* DeriveKey - default errs */ - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckcapi_mdMechanismRSA_Destroy, + ckcapi_mdMechanismRSA_GetMinKeySize, + ckcapi_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckcapi_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckcapi_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/capi/csession.c b/lib/ckfw/capi/csession.c index 4c253541d..5b268ead1 100644 --- a/lib/ckfw/capi/csession.c +++ b/lib/ckfw/capi/csession.c @@ -7,87 +7,81 @@ /* * ckcapi/csession.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "nss to capi" cryptoki module. */ static NSSCKMDFindObjects * -ckcapi_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckcapi_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } static NSSCKMDObject * -ckcapi_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckcapi_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_ckcapi_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_ckcapi_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - rv->CreateObject = ckcapi_mdSession_CreateObject; - /* rv->CopyObject */ - rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckcapi_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/lib/ckfw/capi/cslot.c b/lib/ckfw/capi/cslot.c index 779161fc5..8a39b7888 100644 --- a/lib/ckfw/capi/cslot.c +++ b/lib/ckfw/capi/cslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -ckcapi_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_SlotDescription; + return (NSSUTF8 *)nss_ckcapi_SlotDescription; } static NSSUTF8 * -ckcapi_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static CK_VERSION -ckcapi_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_HardwareVersion; + return nss_ckcapi_HardwareVersion; } static CK_VERSION -ckcapi_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_FirmwareVersion; + return nss_ckcapi_FirmwareVersion; } static NSSCKMDToken * -ckcapi_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_ckcapi_mdToken; + return (NSSCKMDToken *)&nss_ckcapi_mdToken; } NSS_IMPLEMENT_DATA const NSSCKMDSlot -nss_ckcapi_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - ckcapi_mdSlot_GetSlotDescription, - ckcapi_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - ckcapi_mdSlot_GetHardwareVersion, - ckcapi_mdSlot_GetFirmwareVersion, - ckcapi_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckcapi_mdSlot_GetSlotDescription, + ckcapi_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckcapi_mdSlot_GetHardwareVersion, + ckcapi_mdSlot_GetFirmwareVersion, + ckcapi_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/capi/ctoken.c b/lib/ckfw/capi/ctoken.c index 7f0e633ea..cc95c17b6 100644 --- a/lib/ckfw/capi/ctoken.c +++ b/lib/ckfw/capi/ctoken.c @@ -12,197 +12,173 @@ */ static NSSUTF8 * -ckcapi_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenLabel; + return (NSSUTF8 *)nss_ckcapi_TokenLabel; } static NSSUTF8 * -ckcapi_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_ManufacturerID; + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; } static NSSUTF8 * -ckcapi_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenModel; + return (NSSUTF8 *)nss_ckcapi_TokenModel; } static NSSUTF8 * -ckcapi_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckcapi_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber; + return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber; } static CK_BBOOL -ckcapi_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_FALSE; + return CK_FALSE; } /* fake out Mozilla so we don't try to initialize the token */ static CK_BBOOL -ckcapi_mdToken_GetUserPinInitialized -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetUserPinInitialized( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -ckcapi_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_HardwareVersion; + return nss_ckcapi_HardwareVersion; } static CK_VERSION -ckcapi_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckcapi_FirmwareVersion; + return nss_ckcapi_FirmwareVersion; } static NSSCKMDSession * -ckcapi_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +ckcapi_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_ckcapi_CreateSession(fwSession, pError); + return nss_ckcapi_CreateSession(fwSession, pError); } static CK_ULONG -ckcapi_mdToken_GetMechanismCount -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckcapi_mdToken_GetMechanismCount( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_RV -ckcapi_mdToken_GetMechanismTypes -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] -) +ckcapi_mdToken_GetMechanismTypes( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]) { - types[0] = CKM_RSA_PKCS; - return CKR_OK; + types[0] = CKM_RSA_PKCS; + return CKR_OK; } static NSSCKMDMechanism * -ckcapi_mdToken_GetMechanism -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +ckcapi_mdToken_GetMechanism( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - if (which != CKM_RSA_PKCS) { - *pError = CKR_MECHANISM_INVALID; - return (NSSCKMDMechanism *)NULL; - } - return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA; + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA; } NSS_IMPLEMENT_DATA const NSSCKMDToken -nss_ckcapi_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - ckcapi_mdToken_GetLabel, - ckcapi_mdToken_GetManufacturerID, - ckcapi_mdToken_GetModel, - ckcapi_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - ckcapi_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - ckcapi_mdToken_GetUserPinInitialized, - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - ckcapi_mdToken_GetHardwareVersion, - ckcapi_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - ckcapi_mdToken_OpenSession, - ckcapi_mdToken_GetMechanismCount, - ckcapi_mdToken_GetMechanismTypes, - ckcapi_mdToken_GetMechanism, - (void *)NULL /* null terminator */ -}; + nss_ckcapi_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckcapi_mdToken_GetLabel, + ckcapi_mdToken_GetManufacturerID, + ckcapi_mdToken_GetModel, + ckcapi_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckcapi_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckcapi_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckcapi_mdToken_GetHardwareVersion, + ckcapi_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckcapi_mdToken_OpenSession, + ckcapi_mdToken_GetMechanismCount, + ckcapi_mdToken_GetMechanismTypes, + ckcapi_mdToken_GetMechanism, + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/capi/nsscapi.h b/lib/ckfw/capi/nsscapi.h index d98312031..78bf38b28 100644 --- a/lib/ckfw/capi/nsscapi.h +++ b/lib/ckfw/capi/nsscapi.h @@ -18,7 +18,7 @@ #define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2 #define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear @@ -33,7 +33,7 @@ #define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1 #define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1 #define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0 diff --git a/lib/ckfw/capi/staticobj.c b/lib/ckfw/capi/staticobj.c index c14c8121b..2d67a34b3 100644 --- a/lib/ckfw/capi/staticobj.c +++ b/lib/ckfw/capi/staticobj.c @@ -17,22 +17,23 @@ static const CK_BBOOL ck_false = CK_FALSE; static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; /* example of a static object */ -static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1[] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL }; -static const NSSItem nss_ckcapi_items_1 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Mozilla CAPI Access", (PRUint32)20 } +static const NSSItem nss_ckcapi_items_1[] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla CAPI Access", (PRUint32)20 } }; ckcapiInternalObject nss_ckcapi_data[] = { - { ckcapiRaw, - { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , - }, + { + ckcapiRaw, + { 5, nss_ckcapi_types_1, nss_ckcapi_items_1 }, + }, }; diff --git a/lib/ckfw/ckfw.h b/lib/ckfw/ckfw.h index e5d2e1bff..d4a2ead99 100644 --- a/lib/ckfw/ckfw.h +++ b/lib/ckfw/ckfw.h @@ -40,7 +40,7 @@ * nssCKFWInstance_MayCreatePthreads * nssCKFWInstance_CreateMutex * nssCKFWInstance_GetConfigurationData - * nssCKFWInstance_GetInitArgs + * nssCKFWInstance_GetInitArgs * * -- private accessors -- * nssCKFWInstance_CreateSessionHandle @@ -72,295 +72,240 @@ * */ NSS_EXTERN NSSCKFWInstance * -nssCKFWInstance_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSCKMDInstance *mdInstance, - CK_RV *pError -); +nssCKFWInstance_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError); /* * nssCKFWInstance_Destroy * */ NSS_EXTERN CK_RV -nssCKFWInstance_Destroy -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_Destroy( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetMDInstance * */ NSS_EXTERN NSSCKMDInstance * -nssCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_MayCreatePthreads * */ NSS_EXTERN CK_BBOOL -nssCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_CreateMutex * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nssCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWInstance_GetConfigurationData * */ NSS_EXTERN NSSUTF8 * -nssCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetInitArgs * */ NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR -nssCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_CreateSessionHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWInstance_CreateSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWInstance_CreateSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWInstance_ResolveSessionHandle * */ NSS_EXTERN NSSCKFWSession * -nssCKFWInstance_ResolveSessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +nssCKFWInstance_ResolveSessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * nssCKFWInstance_DestroySessionHandle * */ NSS_EXTERN void -nssCKFWInstance_DestroySessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +nssCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * nssCKFWInstance_FindSessionHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWInstance_FindSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession -); +nssCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession); /* * nssCKFWInstance_CreateObjectHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWInstance_CreateObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWInstance_CreateObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWInstance_ResolveObjectHandle * */ NSS_EXTERN NSSCKFWObject * -nssCKFWInstance_ResolveObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -); +nssCKFWInstance_ResolveObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject); /* * nssCKFWInstance_ReassignObjectHandle * */ NSS_EXTERN CK_RV -nssCKFWInstance_ReassignObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject, - NSSCKFWObject *fwObject -); +nssCKFWInstance_ReassignObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject); /* * nssCKFWInstance_DestroyObjectHandle * */ NSS_EXTERN void -nssCKFWInstance_DestroyObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -); +nssCKFWInstance_DestroyObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject); /* * nssCKFWInstance_FindObjectHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWInstance_FindObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject -); +nssCKFWInstance_FindObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject); /* * nssCKFWInstance_GetNSlots * */ NSS_EXTERN CK_ULONG -nssCKFWInstance_GetNSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetNSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_GetCryptokiVersion * */ NSS_EXTERN CK_VERSION -nssCKFWInstance_GetCryptokiVersion -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetCryptokiVersion( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWInstance_GetManufacturerID -( - NSSCKFWInstance *fwInstance, - CK_CHAR manufacturerID[32] -); +nssCKFWInstance_GetManufacturerID( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32]); /* * nssCKFWInstance_GetFlags * */ NSS_EXTERN CK_ULONG -nssCKFWInstance_GetFlags -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetFlags( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetLibraryDescription * */ NSS_EXTERN CK_RV -nssCKFWInstance_GetLibraryDescription -( - NSSCKFWInstance *fwInstance, - CK_CHAR libraryDescription[32] -); +nssCKFWInstance_GetLibraryDescription( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32]); /* * nssCKFWInstance_GetLibraryVersion * */ NSS_EXTERN CK_VERSION -nssCKFWInstance_GetLibraryVersion -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetLibraryVersion( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetModuleHandlesSessionObjects * */ NSS_EXTERN CK_BBOOL -nssCKFWInstance_GetModuleHandlesSessionObjects -( - NSSCKFWInstance *fwInstance -); +nssCKFWInstance_GetModuleHandlesSessionObjects( + NSSCKFWInstance *fwInstance); /* * nssCKFWInstance_GetSlots * */ NSS_EXTERN NSSCKFWSlot ** -nssCKFWInstance_GetSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWInstance_GetSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWInstance_WaitForSlotEvent * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWInstance_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError -); +nssCKFWInstance_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError); /* * nssCKFWInstance_verifyPointer * */ NSS_EXTERN CK_RV -nssCKFWInstance_verifyPointer -( - const NSSCKFWInstance *fwInstance -); - +nssCKFWInstance_verifyPointer( + const NSSCKFWInstance *fwInstance); /* * NSSCKFWSlot @@ -393,33 +338,27 @@ nssCKFWInstance_verifyPointer * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWSlot_Create -( - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *mdSlot, - CK_SLOT_ID slotID, - CK_RV *pError -); +nssCKFWSlot_Create( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError); /* * nssCKFWSlot_Destroy * */ NSS_EXTERN CK_RV -nssCKFWSlot_Destroy -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_Destroy( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetMDSlot * */ NSS_EXTERN NSSCKMDSlot * -nssCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetFWInstance @@ -427,10 +366,8 @@ nssCKFWSlot_GetMDSlot */ NSS_EXTERN NSSCKFWInstance * -nssCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetMDInstance @@ -438,113 +375,91 @@ nssCKFWSlot_GetFWInstance */ NSS_EXTERN NSSCKMDInstance * -nssCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetSlotID * */ NSS_EXTERN CK_SLOT_ID -nssCKFWSlot_GetSlotID -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetSlotDescription * */ NSS_EXTERN CK_RV -nssCKFWSlot_GetSlotDescription -( - NSSCKFWSlot *fwSlot, - CK_CHAR slotDescription[64] -); +nssCKFWSlot_GetSlotDescription( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64]); /* * nssCKFWSlot_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWSlot_GetManufacturerID -( - NSSCKFWSlot *fwSlot, - CK_CHAR manufacturerID[32] -); +nssCKFWSlot_GetManufacturerID( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32]); /* * nssCKFWSlot_GetTokenPresent * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetTokenPresent -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetTokenPresent( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetRemovableDevice * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetRemovableDevice -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetRemovableDevice( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetHardwareSlot * */ NSS_EXTERN CK_BBOOL -nssCKFWSlot_GetHardwareSlot -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetHardwareSlot( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetHardwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWSlot_GetHardwareVersion -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetHardwareVersion( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetFirmwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWSlot_GetFirmwareVersion -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_GetFirmwareVersion( + NSSCKFWSlot *fwSlot); /* * nssCKFWSlot_GetToken - * + * */ NSS_EXTERN NSSCKFWToken * -nssCKFWSlot_GetToken -( - NSSCKFWSlot *fwSlot, - CK_RV *pError -); +nssCKFWSlot_GetToken( + NSSCKFWSlot *fwSlot, + CK_RV *pError); /* * nssCKFWSlot_ClearToken * */ NSS_EXTERN void -nssCKFWSlot_ClearToken -( - NSSCKFWSlot *fwSlot -); +nssCKFWSlot_ClearToken( + NSSCKFWSlot *fwSlot); /* * NSSCKFWToken @@ -606,459 +521,371 @@ nssCKFWSlot_ClearToken * */ NSS_EXTERN NSSCKFWToken * -nssCKFWToken_Create -( - NSSCKFWSlot *fwSlot, - NSSCKMDToken *mdToken, - CK_RV *pError -); +nssCKFWToken_Create( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError); /* * nssCKFWToken_Destroy * */ NSS_EXTERN CK_RV -nssCKFWToken_Destroy -( - NSSCKFWToken *fwToken -); +nssCKFWToken_Destroy( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDToken * */ NSS_EXTERN NSSCKMDToken * -nssCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDToken( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -); +nssCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError); /* * nssCKFWToken_GetFWSlot * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDSlot * */ NSS_EXTERN NSSCKMDSlot * -nssCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionState * */ NSS_EXTERN CK_STATE -nssCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionState( + NSSCKFWToken *fwToken); /* * nssCKFWToken_InitToken * */ NSS_EXTERN CK_RV -nssCKFWToken_InitToken -( - NSSCKFWToken *fwToken, - NSSItem *pin, - NSSUTF8 *label -); +nssCKFWToken_InitToken( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label); /* * nssCKFWToken_GetLabel * */ NSS_EXTERN CK_RV -nssCKFWToken_GetLabel -( - NSSCKFWToken *fwToken, - CK_CHAR label[32] -); +nssCKFWToken_GetLabel( + NSSCKFWToken *fwToken, + CK_CHAR label[32]); /* * nssCKFWToken_GetManufacturerID * */ NSS_EXTERN CK_RV -nssCKFWToken_GetManufacturerID -( - NSSCKFWToken *fwToken, - CK_CHAR manufacturerID[32] -); +nssCKFWToken_GetManufacturerID( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32]); /* * nssCKFWToken_GetModel * */ NSS_EXTERN CK_RV -nssCKFWToken_GetModel -( - NSSCKFWToken *fwToken, - CK_CHAR model[16] -); +nssCKFWToken_GetModel( + NSSCKFWToken *fwToken, + CK_CHAR model[16]); /* * nssCKFWToken_GetSerialNumber * */ NSS_EXTERN CK_RV -nssCKFWToken_GetSerialNumber -( - NSSCKFWToken *fwToken, - CK_CHAR serialNumber[16] -); +nssCKFWToken_GetSerialNumber( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16]); /* * nssCKFWToken_GetHasRNG * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasRNG -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasRNG( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetIsWriteProtected * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetIsWriteProtected -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetIsWriteProtected( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetLoginRequired * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetLoginRequired -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetLoginRequired( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetUserPinInitialized * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetUserPinInitialized -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetUserPinInitialized( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRestoreKeyNotNeeded * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetRestoreKeyNotNeeded -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRestoreKeyNotNeeded( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHasClockOnToken * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasClockOnToken -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasClockOnToken( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHasProtectedAuthenticationPath * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetHasProtectedAuthenticationPath -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHasProtectedAuthenticationPath( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSupportsDualCryptoOperations * */ NSS_EXTERN CK_BBOOL -nssCKFWToken_GetSupportsDualCryptoOperations -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSupportsDualCryptoOperations( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxRwSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxRwSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxRwSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMaxPinLen * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMaxPinLen -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMaxPinLen( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMinPinLen * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMinPinLen -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMinPinLen( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetTotalPublicMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetTotalPublicMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetTotalPublicMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFreePublicMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetFreePublicMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFreePublicMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetTotalPrivateMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetTotalPrivateMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetTotalPrivateMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFreePrivateMemory * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetFreePrivateMemory -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFreePrivateMemory( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetHardwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWToken_GetHardwareVersion -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetHardwareVersion( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetFirmwareVersion * */ NSS_EXTERN CK_VERSION -nssCKFWToken_GetFirmwareVersion -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetFirmwareVersion( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetUTCTime * */ NSS_EXTERN CK_RV -nssCKFWToken_GetUTCTime -( - NSSCKFWToken *fwToken, - CK_CHAR utcTime[16] -); +nssCKFWToken_GetUTCTime( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16]); /* * nssCKFWToken_OpenSession * */ NSS_EXTERN NSSCKFWSession * -nssCKFWToken_OpenSession -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -); +nssCKFWToken_OpenSession( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError); /* * nssCKFWToken_GetMechanismCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetMechanismCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMechanismCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMechanismTypes * */ NSS_EXTERN CK_RV -nssCKFWToken_GetMechanismTypes -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE types[] -); +nssCKFWToken_GetMechanismTypes( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[]); /* * nssCKFWToken_GetMechanism * */ NSS_EXTERN NSSCKFWMechanism * -nssCKFWToken_GetMechanism -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE which, - CK_RV *pError -); +nssCKFWToken_GetMechanism( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError); /* * nssCKFWToken_SetSessionState * */ NSS_EXTERN CK_RV -nssCKFWToken_SetSessionState -( - NSSCKFWToken *fwToken, - CK_STATE newState -); +nssCKFWToken_SetSessionState( + NSSCKFWToken *fwToken, + CK_STATE newState); /* * nssCKFWToken_RemoveSession * */ NSS_EXTERN CK_RV -nssCKFWToken_RemoveSession -( - NSSCKFWToken *fwToken, - NSSCKFWSession *fwSession -); +nssCKFWToken_RemoveSession( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession); /* * nssCKFWToken_CloseAllSessions * */ NSS_EXTERN CK_RV -nssCKFWToken_CloseAllSessions -( - NSSCKFWToken *fwToken -); +nssCKFWToken_CloseAllSessions( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRwSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetRwSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRwSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetRoSessionCount * */ NSS_EXTERN CK_ULONG -nssCKFWToken_GetRoSessionCount -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetRoSessionCount( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetSessionObjectHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetSessionObjectHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetSessionObjectHash( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetMDObjectHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetMDObjectHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetMDObjectHash( + NSSCKFWToken *fwToken); /* * nssCKFWToken_GetObjectHandleHash * */ NSS_EXTERN nssCKFWHash * -nssCKFWToken_GetObjectHandleHash -( - NSSCKFWToken *fwToken -); +nssCKFWToken_GetObjectHandleHash( + NSSCKFWToken *fwToken); /* * NSSCKFWMechanism @@ -1107,24 +934,20 @@ nssCKFWToken_GetObjectHandleHash * */ NSS_EXTERN NSSCKFWMechanism * -nssCKFWMechanism_Create -( - NSSCKMDMechanism *mdMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nssCKFWMechanism_Create( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); /* * nssCKFWMechanism_Destroy * */ NSS_EXTERN void -nssCKFWMechanism_Destroy -( - NSSCKFWMechanism *fwMechanism -); +nssCKFWMechanism_Destroy( + NSSCKFWMechanism *fwMechanism); /* * nssCKFWMechanism_GetMDMechanism @@ -1132,43 +955,35 @@ nssCKFWMechanism_Destroy */ NSS_EXTERN NSSCKMDMechanism * -nssCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -); +nssCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism); /* * nssCKFWMechanism_GetMinKeySize * */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetMinKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetMinKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetMaxKeySize * */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetMaxKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetMaxKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetInHardware -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetInHardware( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * the following are determined automatically by which of the cryptographic @@ -1179,305 +994,255 @@ nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanEncrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanEncrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDecrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDecrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDecrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDigest * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDigest -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDigest( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanSign * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSign -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanSign( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanSignRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSignRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanSignRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanVerify * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerify -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanVerify( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanVerifyRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerifyRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanVerifyRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanGenerate * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerate -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanGenerate( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanGenerateKeyPair * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanGenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanWrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanWrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanWrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanUnwrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanUnwrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanUnwrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_GetCanDerive * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDerive -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -); +nssCKFWMechanism_GetCanDerive( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError); /* * nssCKFWMechanism_EncryptInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_EncryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_EncryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_DecryptInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_DecryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_DecryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_DigestInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_DigestInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession -); +nssCKFWMechanism_DigestInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession); /* * nssCKFWMechanism_SignInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_SignInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_SignRecoverInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_SignRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_VerifyInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_VerifyInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_VerifyRecoverInit */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWMechanism_VerifyRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWMechanism_GenerateKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_GenerateKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWMechanism_GenerateKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWMechanism_GenerateKeyPair */ NSS_EXTERN CK_RV -nssCKFWMechanism_GenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKFWObject **fwPublicKeyObject, - NSSCKFWObject **fwPrivateKeyObject -); +nssCKFWMechanism_GenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject); /* * nssCKFWMechanism_GetWrapKeyLength */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetWrapKeyLength -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWMechanism_GetWrapKeyLength( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWMechanism_WrapKey */ NSS_EXTERN CK_RV -nssCKFWMechanism_WrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwObject, - NSSItem *wrappedKey -); +nssCKFWMechanism_WrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + NSSItem *wrappedKey); /* * nssCKFWMechanism_UnwrapKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_UnwrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); - -/* +nssCKFWMechanism_UnwrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + +/* * nssCKFWMechanism_DeriveKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_DeriveKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwBaseKeyObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWMechanism_DeriveKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * NSSCKFWCryptoOperation @@ -1506,130 +1271,106 @@ nssCKFWMechanism_DeriveKey * nssCKFWCrytoOperation_Create */ NSS_EXTERN NSSCKFWCryptoOperation * -nssCKFWCryptoOperation_Create -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWCryptoOperationType type, - CK_RV *pError -); +nssCKFWCryptoOperation_Create( + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError); /* * nssCKFWCryptoOperation_Destroy */ NSS_EXTERN void -nssCKFWCryptoOperation_Destroy -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_Destroy( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetMDCryptoOperation */ NSS_EXTERN NSSCKMDCryptoOperation * -nssCKFWCryptoOperation_GetMDCryptoOperation -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_GetMDCryptoOperation( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetType */ NSS_EXTERN NSSCKFWCryptoOperationType -nssCKFWCryptoOperation_GetType -( - NSSCKFWCryptoOperation *fwOperation -); +nssCKFWCryptoOperation_GetType( + NSSCKFWCryptoOperation *fwOperation); /* * nssCKFWCryptoOperation_GetFinalLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetFinalLength -( - NSSCKFWCryptoOperation *fwOperation, - CK_RV *pError -); +nssCKFWCryptoOperation_GetFinalLength( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError); /* * nssCKFWCryptoOperation_GetOperationLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetOperationLength -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - CK_RV *pError -); +nssCKFWCryptoOperation_GetOperationLength( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError); /* * nssCKFWCryptoOperation_Final */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Final -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_Final( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_Update */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Update -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_Update( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_DigestUpdate */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestUpdate -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer -); +nssCKFWCryptoOperation_DigestUpdate( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer); /* * nssCKFWCryptoOperation_DigestKey */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestKey -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWObject *fwKey -); +nssCKFWCryptoOperation_DigestKey( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwKey); /* * nssCKFWCryptoOperation_UpdateFinal */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateFinal -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_UpdateFinal( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * nssCKFWCryptoOperation_UpdateCombo */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateCombo -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWCryptoOperation *fwPeerOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -); +nssCKFWCryptoOperation_UpdateCombo( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer); /* * NSSCKFWSession @@ -1685,434 +1426,360 @@ nssCKFWCryptoOperation_UpdateCombo * */ NSS_EXTERN NSSCKFWSession * -nssCKFWSession_Create -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -); +nssCKFWSession_Create( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError); /* * nssCKFWSession_Destroy * */ NSS_EXTERN CK_RV -nssCKFWSession_Destroy -( - NSSCKFWSession *fwSession, - CK_BBOOL removeFromTokenHash -); +nssCKFWSession_Destroy( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash); /* * nssCKFWSession_GetMDSession * */ NSS_EXTERN NSSCKMDSession * -nssCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetMDSession( + NSSCKFWSession *fwSession); /* * nssCKFWSession_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWSession_CallNotification * */ NSS_EXTERN CK_RV -nssCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -); +nssCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event); /* * nssCKFWSession_IsRWSession * */ NSS_EXTERN CK_BBOOL -nssCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -); +nssCKFWSession_IsRWSession( + NSSCKFWSession *fwSession); /* * nssCKFWSession_IsSO * */ NSS_EXTERN CK_BBOOL -nssCKFWSession_IsSO -( - NSSCKFWSession *fwSession -); +nssCKFWSession_IsSO( + NSSCKFWSession *fwSession); /* * nssCKFWSession_GetFWSlot * */ NSS_EXTERN NSSCKFWSlot * -nssCKFWSession_GetFWSlot -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession); /* * nssCFKWSession_GetSessionState * */ NSS_EXTERN CK_STATE -nssCKFWSession_GetSessionState -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetSessionState( + NSSCKFWSession *fwSession); /* * nssCKFWSession_SetFWFindObjects * */ NSS_EXTERN CK_RV -nssCKFWSession_SetFWFindObjects -( - NSSCKFWSession *fwSession, - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWSession_SetFWFindObjects( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWSession_GetFWFindObjects * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWSession_GetFWFindObjects -( - NSSCKFWSession *fwSesssion, - CK_RV *pError -); +nssCKFWSession_GetFWFindObjects( + NSSCKFWSession *fwSesssion, + CK_RV *pError); /* * nssCKFWSession_SetMDSession * */ NSS_EXTERN CK_RV -nssCKFWSession_SetMDSession -( - NSSCKFWSession *fwSession, - NSSCKMDSession *mdSession -); +nssCKFWSession_SetMDSession( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession); /* * nssCKFWSession_SetHandle * */ NSS_EXTERN CK_RV -nssCKFWSession_SetHandle -( - NSSCKFWSession *fwSession, - CK_SESSION_HANDLE hSession -); +nssCKFWSession_SetHandle( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession); /* * nssCKFWSession_GetHandle * */ NSS_EXTERN CK_SESSION_HANDLE -nssCKFWSession_GetHandle -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetHandle( + NSSCKFWSession *fwSession); /* * nssCKFWSession_RegisterSessionObject * */ NSS_EXTERN CK_RV -nssCKFWSession_RegisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWSession_RegisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWSession_DeregisterSessionObject * */ NSS_EXTERN CK_RV -nssCKFWSession_DeregisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -); +nssCKFWSession_DeregisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject); /* * nssCKFWSession_GetDeviceError * */ NSS_EXTERN CK_ULONG -nssCKFWSession_GetDeviceError -( - NSSCKFWSession *fwSession -); +nssCKFWSession_GetDeviceError( + NSSCKFWSession *fwSession); /* * nssCKFWSession_Login * */ NSS_EXTERN CK_RV -nssCKFWSession_Login -( - NSSCKFWSession *fwSession, - CK_USER_TYPE userType, - NSSItem *pin -); +nssCKFWSession_Login( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin); /* * nssCKFWSession_Logout * */ NSS_EXTERN CK_RV -nssCKFWSession_Logout -( - NSSCKFWSession *fwSession -); +nssCKFWSession_Logout( + NSSCKFWSession *fwSession); /* * nssCKFWSession_InitPIN * */ NSS_EXTERN CK_RV -nssCKFWSession_InitPIN -( - NSSCKFWSession *fwSession, - NSSItem *pin -); +nssCKFWSession_InitPIN( + NSSCKFWSession *fwSession, + NSSItem *pin); /* * nssCKFWSession_SetPIN * */ NSS_EXTERN CK_RV -nssCKFWSession_SetPIN -( - NSSCKFWSession *fwSession, - NSSItem *newPin, - NSSItem *oldPin -); +nssCKFWSession_SetPIN( + NSSCKFWSession *fwSession, + NSSItem *newPin, + NSSItem *oldPin); /* * nssCKFWSession_GetOperationStateLen * */ NSS_EXTERN CK_ULONG -nssCKFWSession_GetOperationStateLen -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nssCKFWSession_GetOperationStateLen( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * nssCKFWSession_GetOperationState * */ NSS_EXTERN CK_RV -nssCKFWSession_GetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *buffer -); +nssCKFWSession_GetOperationState( + NSSCKFWSession *fwSession, + NSSItem *buffer); /* * nssCKFWSession_SetOperationState * */ NSS_EXTERN CK_RV -nssCKFWSession_SetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *state, - NSSCKFWObject *encryptionKey, - NSSCKFWObject *authenticationKey -); +nssCKFWSession_SetOperationState( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey); /* * nssCKFWSession_CreateObject * */ NSS_EXTERN NSSCKFWObject * -nssCKFWSession_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_CopyObject * */ NSS_EXTERN NSSCKFWObject * -nssCKFWSession_CopyObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *object, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_CopyObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *object, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_FindObjectsInit * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWSession_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nssCKFWSession_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * nssCKFWSession_SetCurrentCryptoOperation */ NSS_IMPLEMENT void -nssCKFWSession_SetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperation * fwOperation, - NSSCKFWCryptoOperationState state -); +nssCKFWSession_SetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperationState state); /* * nssCKFWSession_GetCurrentCryptoOperation */ NSS_IMPLEMENT NSSCKFWCryptoOperation * -nssCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -); +nssCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state); /* * nssCKFWSession_Final * (terminate a cryptographic operation and get the result) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Final -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_Final( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_Update * (get the next step of an encrypt/decrypt operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Update -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_Update( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_DigestUpdate * (do the next step of an digest/sign/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestUpdate -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen -); +nssCKFWSession_DigestUpdate( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen); /* * nssCKFWSession_DigestKey * (do the next step of an digest/sign/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestKey -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwKey -); +nssCKFWSession_DigestKey( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey); /* * nssCKFWSession_UpdateFinal * (do a single-step of a cryptographic operation and get the result) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateFinal -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_UpdateFinal( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_UpdateCombo * (do a combination encrypt/decrypt and sign/digest/verify operation) */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateCombo -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType encryptType, - NSSCKFWCryptoOperationType digestType, - NSSCKFWCryptoOperationState digestState, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -); +nssCKFWSession_UpdateCombo( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen); /* * nssCKFWSession_SeedRandom * */ NSS_EXTERN CK_RV -nssCKFWSession_SeedRandom -( - NSSCKFWSession *fwSession, - NSSItem *seed -); +nssCKFWSession_SeedRandom( + NSSCKFWSession *fwSession, + NSSItem *seed); /* * nssCKFWSession_GetRandom * */ NSS_EXTERN CK_RV -nssCKFWSession_GetRandom -( - NSSCKFWSession *fwSession, - NSSItem *buffer -); +nssCKFWSession_GetRandom( + NSSCKFWSession *fwSession, + NSSItem *buffer); /* * NSSCKFWObject @@ -2145,123 +1812,101 @@ nssCKFWSession_GetRandom * */ NSS_EXTERN NSSCKFWObject * -nssCKFWObject_Create -( - NSSArena *arena, - NSSCKMDObject *mdObject, - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nssCKFWObject_Create( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKFWObject_Finalize * */ NSS_EXTERN void -nssCKFWObject_Finalize -( - NSSCKFWObject *fwObject, - PRBool removeFromHash -); +nssCKFWObject_Finalize( + NSSCKFWObject *fwObject, + PRBool removeFromHash); /* * nssCKFWObject_Destroy * */ NSS_EXTERN void -nssCKFWObject_Destroy -( - NSSCKFWObject *fwObject -); +nssCKFWObject_Destroy( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetMDObject * */ NSS_EXTERN NSSCKMDObject * -nssCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -); +nssCKFWObject_GetMDObject( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetArena * */ NSS_EXTERN NSSArena * -nssCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWObject_SetHandle * */ NSS_EXTERN CK_RV -nssCKFWObject_SetHandle -( - NSSCKFWObject *fwObject, - CK_OBJECT_HANDLE hObject -); +nssCKFWObject_SetHandle( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject); /* * nssCKFWObject_GetHandle * */ NSS_EXTERN CK_OBJECT_HANDLE -nssCKFWObject_GetHandle -( - NSSCKFWObject *fwObject -); +nssCKFWObject_GetHandle( + NSSCKFWObject *fwObject); /* * nssCKFWObject_IsTokenObject * */ NSS_EXTERN CK_BBOOL -nssCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -); +nssCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject); /* * nssCKFWObject_GetAttributeCount * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * nssCKFWObject_GetAttributeTypes * */ NSS_EXTERN CK_RV -nssCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +nssCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); /* * nssCKFWObject_GetAttributeSize * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nssCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); /* * nssCKFWObject_GetAttribute @@ -2274,38 +1919,32 @@ nssCKFWObject_GetAttributeSize * specified. */ NSS_EXTERN NSSItem * -nssCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -); +nssCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError); /* * nssCKFWObject_SetAttribute * */ NSS_EXTERN CK_RV -nssCKFWObject_SetAttribute -( - NSSCKFWObject *fwObject, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -); +nssCKFWObject_SetAttribute( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); /* * nssCKFWObject_GetObjectSize * */ NSS_EXTERN CK_ULONG -nssCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +nssCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWFindObjects @@ -2328,47 +1967,39 @@ nssCKFWObject_GetObjectSize * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWFindObjects_Create -( - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - NSSCKMDFindObjects *mdFindObjects1, - NSSCKMDFindObjects *mdFindObjects2, - CK_RV *pError -); +nssCKFWFindObjects_Create( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError); /* * nssCKFWFindObjects_Destroy * */ NSS_EXTERN void -nssCKFWFindObjects_Destroy -( - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWFindObjects_Destroy( + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWFindObjects_GetMDFindObjects * */ NSS_EXTERN NSSCKMDFindObjects * -nssCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -); +nssCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects); /* * nssCKFWFindObjects_Next * */ NSS_EXTERN NSSCKFWObject * -nssCKFWFindObjects_Next -( - NSSCKFWFindObjects *fwFindObjects, - NSSArena *arenaOpt, - CK_RV *pError -); +nssCKFWFindObjects_Next( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError); /* * NSSCKFWMutex @@ -2385,42 +2016,34 @@ nssCKFWFindObjects_Next * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWMutex_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSArena *arena, - CK_RV *pError -); +nssCKFWMutex_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Destroy( + NSSCKFWMutex *mutex); /* * nssCKFWMutex_Lock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Lock -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Lock( + NSSCKFWMutex *mutex); /* * nssCKFWMutex_Unlock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -); +nssCKFWMutex_Unlock( + NSSCKFWMutex *mutex); #endif /* CKFW_H */ diff --git a/lib/ckfw/ckfwm.h b/lib/ckfw/ckfwm.h index ed0aec313..7b14d209e 100644 --- a/lib/ckfw/ckfwm.h +++ b/lib/ckfw/ckfwm.h @@ -41,88 +41,72 @@ * */ NSS_EXTERN nssCKFWHash * -nssCKFWHash_Create -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nssCKFWHash_Create( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * nssCKFWHash_Destroy * */ NSS_EXTERN void -nssCKFWHash_Destroy -( - nssCKFWHash *hash -); +nssCKFWHash_Destroy( + nssCKFWHash *hash); /* * nssCKFWHash_Add * */ NSS_EXTERN CK_RV -nssCKFWHash_Add -( - nssCKFWHash *hash, - const void *key, - const void *value -); +nssCKFWHash_Add( + nssCKFWHash *hash, + const void *key, + const void *value); /* * nssCKFWHash_Remove * */ NSS_EXTERN void -nssCKFWHash_Remove -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Remove( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Count * */ NSS_EXTERN CK_ULONG -nssCKFWHash_Count -( - nssCKFWHash *hash -); +nssCKFWHash_Count( + nssCKFWHash *hash); /* * nssCKFWHash_Exists * */ NSS_EXTERN CK_BBOOL -nssCKFWHash_Exists -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Exists( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Lookup * */ NSS_EXTERN void * -nssCKFWHash_Lookup -( - nssCKFWHash *hash, - const void *it -); +nssCKFWHash_Lookup( + nssCKFWHash *hash, + const void *it); /* * nssCKFWHash_Iterate * */ NSS_EXTERN void -nssCKFWHash_Iterate -( - nssCKFWHash *hash, - nssCKFWHashIterator fcn, - void *closure -); +nssCKFWHash_Iterate( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure); #endif /* CKFWM_H */ diff --git a/lib/ckfw/ckfwtm.h b/lib/ckfw/ckfwtm.h index ac8f55080..670298463 100644 --- a/lib/ckfw/ckfwtm.h +++ b/lib/ckfw/ckfwtm.h @@ -18,6 +18,6 @@ struct nssCKFWHashStr; typedef struct nssCKFWHashStr nssCKFWHash; -typedef void (PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure); +typedef void(PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure); #endif /* CKFWTM_H */ diff --git a/lib/ckfw/ckmd.h b/lib/ckfw/ckmd.h index 0a6dc9070..820cf9021 100644 --- a/lib/ckfw/ckmd.h +++ b/lib/ckfw/ckmd.h @@ -11,22 +11,18 @@ */ NSS_EXTERN NSSCKMDObject * -nssCKMDSessionObject_Create -( - NSSCKFWToken *fwToken, - NSSArena *arena, - CK_ATTRIBUTE_PTR attributes, - CK_ULONG ulCount, - CK_RV *pError -); +nssCKMDSessionObject_Create( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nssCKMDFindSessionObjects_Create -( - NSSCKFWToken *fwToken, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_RV *pError -); +nssCKMDFindSessionObjects_Create( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError); #endif /* CKMD_H */ diff --git a/lib/ckfw/crypto.c b/lib/ckfw/crypto.c index d97cf6c3a..66afb773a 100644 --- a/lib/ckfw/crypto.c +++ b/lib/ckfw/crypto.c @@ -35,15 +35,15 @@ */ struct NSSCKFWCryptoOperationStr { - /* NSSArena *arena; */ - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKFWSession *fwSession; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; - NSSCKFWCryptoOperationType type; + /* NSSArena *arena; */ + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + NSSCKFWCryptoOperationType type; }; /* @@ -51,290 +51,268 @@ struct NSSCKFWCryptoOperationStr { */ NSS_EXTERN NSSCKFWCryptoOperation * nssCKFWCryptoOperation_Create( - NSSCKMDCryptoOperation *mdOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWCryptoOperationType type, - CK_RV *pError -) + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError) { - NSSCKFWCryptoOperation *fwOperation; - fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation); - if (!fwOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWCryptoOperation *)NULL; - } - fwOperation->mdOperation = mdOperation; - fwOperation->mdSession = mdSession; - fwOperation->fwSession = fwSession; - fwOperation->mdToken = mdToken; - fwOperation->fwToken = fwToken; - fwOperation->mdInstance = mdInstance; - fwOperation->fwInstance = fwInstance; - fwOperation->type = type; - return fwOperation; + NSSCKFWCryptoOperation *fwOperation; + fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation); + if (!fwOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWCryptoOperation *)NULL; + } + fwOperation->mdOperation = mdOperation; + fwOperation->mdSession = mdSession; + fwOperation->fwSession = fwSession; + fwOperation->mdToken = mdToken; + fwOperation->fwToken = fwToken; + fwOperation->mdInstance = mdInstance; + fwOperation->fwInstance = fwInstance; + fwOperation->type = type; + return fwOperation; } /* * nssCKFWCryptoOperation_Destroy */ NSS_EXTERN void -nssCKFWCryptoOperation_Destroy -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_Destroy( + NSSCKFWCryptoOperation *fwOperation) { - if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) { - if (fwOperation->mdOperation->Destroy) { - fwOperation->mdOperation->Destroy( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdInstance, - fwOperation->fwInstance); + if ((NSSCKMDCryptoOperation *)NULL != fwOperation->mdOperation) { + if (fwOperation->mdOperation->Destroy) { + fwOperation->mdOperation->Destroy( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdInstance, + fwOperation->fwInstance); + } } - } - nss_ZFreeIf(fwOperation); + nss_ZFreeIf(fwOperation); } /* * nssCKFWCryptoOperation_GetMDCryptoOperation */ NSS_EXTERN NSSCKMDCryptoOperation * -nssCKFWCryptoOperation_GetMDCryptoOperation -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_GetMDCryptoOperation( + NSSCKFWCryptoOperation *fwOperation) { - return fwOperation->mdOperation; + return fwOperation->mdOperation; } /* * nssCKFWCryptoOperation_GetType */ NSS_EXTERN NSSCKFWCryptoOperationType -nssCKFWCryptoOperation_GetType -( - NSSCKFWCryptoOperation *fwOperation -) +nssCKFWCryptoOperation_GetType( + NSSCKFWCryptoOperation *fwOperation) { - return fwOperation->type; + return fwOperation->type; } /* * nssCKFWCryptoOperation_GetFinalLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetFinalLength -( - NSSCKFWCryptoOperation *fwOperation, - CK_RV *pError -) +nssCKFWCryptoOperation_GetFinalLength( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError) { - if (!fwOperation->mdOperation->GetFinalLength) { - *pError = CKR_FUNCTION_FAILED; - return 0; - } - return fwOperation->mdOperation->GetFinalLength( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - pError); + if (!fwOperation->mdOperation->GetFinalLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetFinalLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + pError); } /* * nssCKFWCryptoOperation_GetOperationLength */ NSS_EXTERN CK_ULONG -nssCKFWCryptoOperation_GetOperationLength -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - CK_RV *pError -) +nssCKFWCryptoOperation_GetOperationLength( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError) { - if (!fwOperation->mdOperation->GetOperationLength) { - *pError = CKR_FUNCTION_FAILED; - return 0; - } - return fwOperation->mdOperation->GetOperationLength( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - pError); + if (!fwOperation->mdOperation->GetOperationLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetOperationLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + pError); } /* * nssCKFWCryptoOperation_Final */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Final -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_Final( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->Final) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->Final( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - outputBuffer); + if (!fwOperation->mdOperation->Final) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Final( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + outputBuffer); } /* * nssCKFWCryptoOperation_Update */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_Update -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_Update( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->Update) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->Update( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->Update) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Update( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } /* * nssCKFWCryptoOperation_DigestUpdate */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestUpdate -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer -) +nssCKFWCryptoOperation_DigestUpdate( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer) { - if (!fwOperation->mdOperation->DigestUpdate) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->DigestUpdate( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer); + if (!fwOperation->mdOperation->DigestUpdate) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->DigestUpdate( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer); } /* * nssCKFWCryptoOperation_DigestKey */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_DigestKey -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWObject *fwObject /* Key */ -) +nssCKFWCryptoOperation_DigestKey( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwObject /* Key */ + ) { - NSSCKMDObject *mdObject; + NSSCKMDObject *mdObject; - if (!fwOperation->mdOperation->DigestKey) { - return CKR_FUNCTION_FAILED; - } - mdObject = nssCKFWObject_GetMDObject(fwObject); - return fwOperation->mdOperation->DigestKey( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - mdObject, - fwObject); + if (!fwOperation->mdOperation->DigestKey) { + return CKR_FUNCTION_FAILED; + } + mdObject = nssCKFWObject_GetMDObject(fwObject); + return fwOperation->mdOperation->DigestKey( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + mdObject, + fwObject); } /* * nssCKFWCryptoOperation_UpdateFinal */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateFinal -( - NSSCKFWCryptoOperation *fwOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_UpdateFinal( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->UpdateFinal) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->UpdateFinal( - fwOperation->mdOperation, - fwOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->UpdateFinal) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateFinal( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } /* * nssCKFWCryptoOperation_UpdateCombo */ NSS_EXTERN CK_RV -nssCKFWCryptoOperation_UpdateCombo -( - NSSCKFWCryptoOperation *fwOperation, - NSSCKFWCryptoOperation *fwPeerOperation, - NSSItem *inputBuffer, - NSSItem *outputBuffer -) +nssCKFWCryptoOperation_UpdateCombo( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer) { - if (!fwOperation->mdOperation->UpdateCombo) { - return CKR_FUNCTION_FAILED; - } - return fwOperation->mdOperation->UpdateCombo( - fwOperation->mdOperation, - fwOperation, - fwPeerOperation->mdOperation, - fwPeerOperation, - fwOperation->mdSession, - fwOperation->fwSession, - fwOperation->mdToken, - fwOperation->fwToken, - fwOperation->mdInstance, - fwOperation->fwInstance, - inputBuffer, - outputBuffer); + if (!fwOperation->mdOperation->UpdateCombo) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateCombo( + fwOperation->mdOperation, + fwOperation, + fwPeerOperation->mdOperation, + fwPeerOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); } diff --git a/lib/ckfw/dbm/anchor.c b/lib/ckfw/dbm/anchor.c index f004b1e84..2ac7e9643 100644 --- a/lib/ckfw/dbm/anchor.c +++ b/lib/ckfw/dbm/anchor.c @@ -6,12 +6,12 @@ * dbm/anchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ #include "ckdbm.h" #define MODULE_NAME dbm -#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *) & nss_dbm_mdInstance #include "nssck.api" diff --git a/lib/ckfw/dbm/ckdbm.h b/lib/ckfw/dbm/ckdbm.h index 4f9df9343..8c2607cb3 100644 --- a/lib/ckfw/dbm/ckdbm.h +++ b/lib/ckfw/dbm/ckdbm.h @@ -29,220 +29,182 @@ NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; typedef struct nss_dbm_db_struct nss_dbm_db_t; struct nss_dbm_db_struct { - DB *db; - NSSCKFWMutex *crustylock; + DB *db; + NSSCKFWMutex *crustylock; }; typedef struct nss_dbm_dbt_struct nss_dbm_dbt_t; struct nss_dbm_dbt_struct { - DBT dbt; - nss_dbm_db_t *my_db; + DBT dbt; + nss_dbm_db_t *my_db; }; typedef struct nss_dbm_instance_struct nss_dbm_instance_t; struct nss_dbm_instance_struct { - NSSArena *arena; - CK_ULONG nSlots; - char **filenames; - int *flags; /* e.g. O_RDONLY, O_RDWR */ + NSSArena *arena; + CK_ULONG nSlots; + char **filenames; + int *flags; /* e.g. O_RDONLY, O_RDWR */ }; typedef struct nss_dbm_slot_struct nss_dbm_slot_t; struct nss_dbm_slot_struct { - nss_dbm_instance_t *instance; - char *filename; - int flags; - nss_dbm_db_t *token_db; + nss_dbm_instance_t *instance; + char *filename; + int flags; + nss_dbm_db_t *token_db; }; typedef struct nss_dbm_token_struct nss_dbm_token_t; struct nss_dbm_token_struct { - NSSArena *arena; - nss_dbm_slot_t *slot; - nss_dbm_db_t *session_db; - NSSUTF8 *label; + NSSArena *arena; + nss_dbm_slot_t *slot; + nss_dbm_db_t *session_db; + NSSUTF8 *label; }; struct nss_dbm_dbt_node { - struct nss_dbm_dbt_node *next; - nss_dbm_dbt_t *dbt; + struct nss_dbm_dbt_node *next; + nss_dbm_dbt_t *dbt; }; typedef struct nss_dbm_session_struct nss_dbm_session_t; struct nss_dbm_session_struct { - NSSArena *arena; - nss_dbm_token_t *token; - CK_ULONG deviceError; - struct nss_dbm_dbt_node *session_objects; - NSSCKFWMutex *list_lock; + NSSArena *arena; + nss_dbm_token_t *token; + CK_ULONG deviceError; + struct nss_dbm_dbt_node *session_objects; + NSSCKFWMutex *list_lock; }; typedef struct nss_dbm_object_struct nss_dbm_object_t; struct nss_dbm_object_struct { - NSSArena *arena; /* token or session */ - nss_dbm_dbt_t *handle; + NSSArena *arena; /* token or session */ + nss_dbm_dbt_t *handle; }; typedef struct nss_dbm_find_struct nss_dbm_find_t; struct nss_dbm_find_struct { - NSSArena *arena; - struct nss_dbm_dbt_node *found; - NSSCKFWMutex *list_lock; + NSSArena *arena; + struct nss_dbm_dbt_node *found; + NSSCKFWMutex *list_lock; }; NSS_EXTERN NSSCKMDSlot * -nss_dbm_mdSlot_factory -( - nss_dbm_instance_t *instance, - char *filename, - int flags, - CK_RV *pError -); +nss_dbm_mdSlot_factory( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError); NSS_EXTERN NSSCKMDToken * -nss_dbm_mdToken_factory -( - nss_dbm_slot_t *slot, - CK_RV *pError -); +nss_dbm_mdToken_factory( + nss_dbm_slot_t *slot, + CK_RV *pError); NSS_EXTERN NSSCKMDSession * -nss_dbm_mdSession_factory -( - nss_dbm_token_t *token, - NSSCKFWSession *fwSession, - NSSCKFWInstance *fwInstance, - CK_BBOOL rw, - CK_RV *pError -); +nss_dbm_mdSession_factory( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_dbm_mdObject_factory -( - nss_dbm_object_t *object, - CK_RV *pError -); +nss_dbm_mdObject_factory( + nss_dbm_object_t *object, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_dbm_mdFindObjects_factory -( - nss_dbm_find_t *find, - CK_RV *pError -); +nss_dbm_mdFindObjects_factory( + nss_dbm_find_t *find, + CK_RV *pError); NSS_EXTERN nss_dbm_db_t * -nss_dbm_db_open -( - NSSArena *arena, - NSSCKFWInstance *fwInstance, - char *filename, - int flags, - CK_RV *pError -); +nss_dbm_db_open( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError); NSS_EXTERN void -nss_dbm_db_close -( - nss_dbm_db_t *db -); +nss_dbm_db_close( + nss_dbm_db_t *db); NSS_EXTERN CK_VERSION -nss_dbm_db_get_format_version -( - nss_dbm_db_t *db -); +nss_dbm_db_get_format_version( + nss_dbm_db_t *db); NSS_EXTERN CK_RV -nss_dbm_db_set_label -( - nss_dbm_db_t *db, - NSSUTF8 *label -); +nss_dbm_db_set_label( + nss_dbm_db_t *db, + NSSUTF8 *label); NSS_EXTERN NSSUTF8 * -nss_dbm_db_get_label -( - nss_dbm_db_t *db, - NSSArena *arena, - CK_RV *pError -); +nss_dbm_db_get_label( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError); NSS_EXTERN CK_RV -nss_dbm_db_delete_object -( - nss_dbm_dbt_t *dbt -); +nss_dbm_db_delete_object( + nss_dbm_dbt_t *dbt); NSS_EXTERN nss_dbm_dbt_t * -nss_dbm_db_create_object -( - NSSArena *arena, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_create_object( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_find_objects -( - nss_dbm_find_t *find, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_ULONG *pdbrv -); +nss_dbm_db_find_objects( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv); NSS_EXTERN CK_BBOOL -nss_dbm_db_object_still_exists -( - nss_dbm_dbt_t *dbt -); +nss_dbm_db_object_still_exists( + nss_dbm_dbt_t *dbt); NSS_EXTERN CK_ULONG -nss_dbm_db_get_object_attribute_count -( - nss_dbm_dbt_t *dbt, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_count( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_get_object_attribute_types -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_types( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv); NSS_EXTERN CK_ULONG -nss_dbm_db_get_object_attribute_size -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute_size( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN NSSItem * -nss_dbm_db_get_object_attribute -( - nss_dbm_dbt_t *dbt, - NSSArena *arena, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -); +nss_dbm_db_get_object_attribute( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv); NSS_EXTERN CK_RV -nss_dbm_db_set_object_attribute -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - NSSItem *value, - CK_ULONG *pdbrv -); +nss_dbm_db_set_object_attribute( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv); #endif /* CKDBM_H */ diff --git a/lib/ckfw/dbm/db.c b/lib/ckfw/dbm/db.c index 8d0a6cba8..44b47e7f3 100644 --- a/lib/ckfw/dbm/db.c +++ b/lib/ckfw/dbm/db.c @@ -5,303 +5,294 @@ #include "ckdbm.h" #define PREFIX_METADATA "0000" -#define PREFIX_OBJECT "0001" -#define PREFIX_INDEX "0002" +#define PREFIX_OBJECT "0001" +#define PREFIX_INDEX "0002" static CK_VERSION nss_dbm_db_format_version = { 1, 0 }; struct handle { - char prefix[4]; - CK_ULONG id; + char prefix[4]; + CK_ULONG id; }; NSS_IMPLEMENT nss_dbm_db_t * -nss_dbm_db_open -( - NSSArena *arena, - NSSCKFWInstance *fwInstance, - char *filename, - int flags, - CK_RV *pError -) +nss_dbm_db_open( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError) { - nss_dbm_db_t *rv; - CK_VERSION db_version; - - rv = nss_ZNEW(arena, nss_dbm_db_t); - if( (nss_dbm_db_t *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_db_t *)NULL; - } - - rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL); - if( (DB *)NULL == rv->db ) { - *pError = CKR_TOKEN_NOT_PRESENT; - return (nss_dbm_db_t *)NULL; - } - - rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == rv->crustylock ) { - return (nss_dbm_db_t *)NULL; - } - - db_version = nss_dbm_db_get_format_version(rv); - if( db_version.major != nss_dbm_db_format_version.major ) { - nss_dbm_db_close(rv); - *pError = CKR_TOKEN_NOT_RECOGNIZED; - return (nss_dbm_db_t *)NULL; - } - - return rv; + nss_dbm_db_t *rv; + CK_VERSION db_version; + + rv = nss_ZNEW(arena, nss_dbm_db_t); + if ((nss_dbm_db_t *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_db_t *)NULL; + } + + rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL); + if ((DB *)NULL == rv->db) { + *pError = CKR_TOKEN_NOT_PRESENT; + return (nss_dbm_db_t *)NULL; + } + + rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == rv->crustylock) { + return (nss_dbm_db_t *)NULL; + } + + db_version = nss_dbm_db_get_format_version(rv); + if (db_version.major != nss_dbm_db_format_version.major) { + nss_dbm_db_close(rv); + *pError = CKR_TOKEN_NOT_RECOGNIZED; + return (nss_dbm_db_t *)NULL; + } + + return rv; } NSS_IMPLEMENT void -nss_dbm_db_close -( - nss_dbm_db_t *db -) +nss_dbm_db_close( + nss_dbm_db_t *db) { - if( (NSSCKFWMutex *)NULL != db->crustylock ) { - (void)NSSCKFWMutex_Destroy(db->crustylock); - } + if ((NSSCKFWMutex *)NULL != db->crustylock) { + (void)NSSCKFWMutex_Destroy(db->crustylock); + } - if( (DB *)NULL != db->db ) { - (void)db->db->close(db->db); - } + if ((DB *)NULL != db->db) { + (void)db->db->close(db->db); + } - nss_ZFreeIf(db); + nss_ZFreeIf(db); } NSS_IMPLEMENT CK_VERSION -nss_dbm_db_get_format_version -( - nss_dbm_db_t *db -) +nss_dbm_db_get_format_version( + nss_dbm_db_t *db) { - CK_VERSION rv; - DBT k, v; - int dbrv; - char buffer[64]; + CK_VERSION rv; + DBT k, v; + int dbrv; + char buffer[64]; - rv.major = rv.minor = 0; + rv.major = rv.minor = 0; - k.data = PREFIX_METADATA "FormatVersion"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - (void)memset(&v, 0, sizeof(v)); + k.data = PREFIX_METADATA "FormatVersion"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); - /* Locked region */ - { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { - return rv; - } + /* Locked region */ + { + if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) { + return rv; + } - dbrv = db->db->get(db->db, &k, &v, 0); - if( dbrv == 0 ) { - CK_ULONG major = 0, minor = 0; - (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); - rv.major = major; - rv.minor = minor; - } else if( dbrv > 0 ) { - (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, - nss_dbm_db_format_version.minor); - v.data = buffer; - v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - dbrv = db->db->put(db->db, &k, &v, 0); - (void)db->db->sync(db->db, 0); - rv = nss_dbm_db_format_version; - } else { - /* No error return.. */ - ; - } + dbrv = db->db->get(db->db, &k, &v, 0); + if (dbrv == 0) { + CK_ULONG major = 0, minor = 0; + (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); + rv.major = major; + rv.minor = minor; + } + else if (dbrv > 0) { + (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, + nss_dbm_db_format_version.minor); + v.data = buffer; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); + dbrv = db->db->put(db->db, &k, &v, 0); + (void)db->db->sync(db->db, 0); + rv = nss_dbm_db_format_version; + } + else { + /* No error return.. */ + ; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_set_label -( - nss_dbm_db_t *db, - NSSUTF8 *label -) +nss_dbm_db_set_label( + nss_dbm_db_t *db, + NSSUTF8 *label) { - CK_RV rv; - DBT k, v; - int dbrv; - - k.data = PREFIX_METADATA "Label"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - v.data = label; - v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv; + DBT k, v; + int dbrv; - dbrv = db->db->put(db->db, &k, &v, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - } + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + v.data = label; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); - dbrv = db->db->sync(db->db, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != rv) { + return rv; + } + + dbrv = db->db->put(db->db, &k, &v, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + } + + dbrv = db->db->sync(db->db, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT NSSUTF8 * -nss_dbm_db_get_label -( - nss_dbm_db_t *db, - NSSArena *arena, - CK_RV *pError -) +nss_dbm_db_get_label( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError) { - NSSUTF8 *rv = (NSSUTF8 *)NULL; - DBT k, v; - int dbrv; - - k.data = PREFIX_METADATA "Label"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + NSSUTF8 *rv = (NSSUTF8 *)NULL; + DBT k, v; + int dbrv; - /* Locked region */ - { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { - return rv; - } + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - dbrv = db->db->get(db->db, &k, &v, 0); - if( 0 == dbrv ) { - rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena); - if( (NSSUTF8 *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - } - } else if( dbrv > 0 ) { - /* Just return null */ - ; - } else { - *pError = CKR_DEVICE_ERROR; - ; - } + /* Locked region */ + { + if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) { + return rv; + } + dbrv = db->db->get(db->db, &k, &v, 0); + if (0 == dbrv) { + rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena); + if ((NSSUTF8 *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + } + } + else if (dbrv > 0) { + /* Just return null */ + ; + } + else { + *pError = CKR_DEVICE_ERROR; + ; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_delete_object -( - nss_dbm_dbt_t *dbt -) +nss_dbm_db_delete_object( + nss_dbm_dbt_t *dbt) { - CK_RV rv; - int dbrv; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv; + int dbrv; - dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + return rv; + } - dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0); - if( 0 != dbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0); + if (0 != dbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - return rv; + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; } static CK_ULONG -nss_dbm_db_new_handle -( - nss_dbm_db_t *db, - DBT *dbt, /* pre-allocated */ - CK_RV *pError -) +nss_dbm_db_new_handle( + nss_dbm_db_t *db, + DBT *dbt, /* pre-allocated */ + CK_RV *pError) { - CK_ULONG rv; - DBT k, v; - CK_ULONG align = 0, id, myid; - struct handle *hp; - - if( sizeof(struct handle) != dbt->size ) { - return EINVAL; - } - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != *pError ) { - return EINVAL; + CK_ULONG rv; + DBT k, v; + CK_ULONG align = 0, id, myid; + struct handle *hp; + + if (sizeof(struct handle) != dbt->size) { + return EINVAL; } - k.data = PREFIX_METADATA "LastID"; - k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); - (void)memset(&v, 0, sizeof(v)); + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != *pError) { + return EINVAL; + } - rv = db->db->get(db->db, &k, &v, 0); - if( 0 == rv ) { - (void)memcpy(&align, v.data, sizeof(CK_ULONG)); - id = ntohl(align); - } else if( rv > 0 ) { - id = 0; - } else { - goto done; - } + k.data = PREFIX_METADATA "LastID"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); - myid = id; - id++; - align = htonl(id); - v.data = &align; - v.size = sizeof(CK_ULONG); + rv = db->db->get(db->db, &k, &v, 0); + if (0 == rv) { + (void)memcpy(&align, v.data, sizeof(CK_ULONG)); + id = ntohl(align); + } + else if (rv > 0) { + id = 0; + } + else { + goto done; + } - rv = db->db->put(db->db, &k, &v, 0); - if( 0 != rv ) { - goto done; - } + myid = id; + id++; + align = htonl(id); + v.data = &align; + v.size = sizeof(CK_ULONG); - rv = db->db->sync(db->db, 0); - if( 0 != rv ) { - goto done; - } + rv = db->db->put(db->db, &k, &v, 0); + if (0 != rv) { + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + rv = db->db->sync(db->db, 0); + if (0 != rv) { + goto done; + } - if( 0 != rv ) { - return rv; - } + done: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + if (0 != rv) { + return rv; + } - hp = (struct handle *)dbt->data; - (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4); - hp->id = myid; + hp = (struct handle *)dbt->data; + (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4); + hp->id = myid; - return 0; + return 0; } /* @@ -311,723 +302,786 @@ nss_dbm_db_new_handle * will have to be augmentable or overridable by a Module. */ -enum swap_type { type_byte, type_short, type_long, type_opaque }; +enum swap_type { type_byte, + type_short, + type_long, + type_opaque }; static enum swap_type -nss_dbm_db_swap_type -( - CK_ATTRIBUTE_TYPE type -) +nss_dbm_db_swap_type( + CK_ATTRIBUTE_TYPE type) { - switch( type ) { - case CKA_CLASS: return type_long; - case CKA_TOKEN: return type_byte; - case CKA_PRIVATE: return type_byte; - case CKA_LABEL: return type_opaque; - case CKA_APPLICATION: return type_opaque; - case CKA_VALUE: return type_opaque; - case CKA_CERTIFICATE_TYPE: return type_long; - case CKA_ISSUER: return type_opaque; - case CKA_SERIAL_NUMBER: return type_opaque; - case CKA_KEY_TYPE: return type_long; - case CKA_SUBJECT: return type_opaque; - case CKA_ID: return type_opaque; - case CKA_SENSITIVE: return type_byte; - case CKA_ENCRYPT: return type_byte; - case CKA_DECRYPT: return type_byte; - case CKA_WRAP: return type_byte; - case CKA_UNWRAP: return type_byte; - case CKA_SIGN: return type_byte; - case CKA_SIGN_RECOVER: return type_byte; - case CKA_VERIFY: return type_byte; - case CKA_VERIFY_RECOVER: return type_byte; - case CKA_DERIVE: return type_byte; - case CKA_START_DATE: return type_opaque; - case CKA_END_DATE: return type_opaque; - case CKA_MODULUS: return type_opaque; - case CKA_MODULUS_BITS: return type_long; - case CKA_PUBLIC_EXPONENT: return type_opaque; - case CKA_PRIVATE_EXPONENT: return type_opaque; - case CKA_PRIME_1: return type_opaque; - case CKA_PRIME_2: return type_opaque; - case CKA_EXPONENT_1: return type_opaque; - case CKA_EXPONENT_2: return type_opaque; - case CKA_COEFFICIENT: return type_opaque; - case CKA_PRIME: return type_opaque; - case CKA_SUBPRIME: return type_opaque; - case CKA_BASE: return type_opaque; - case CKA_VALUE_BITS: return type_long; - case CKA_VALUE_LEN: return type_long; - case CKA_EXTRACTABLE: return type_byte; - case CKA_LOCAL: return type_byte; - case CKA_NEVER_EXTRACTABLE: return type_byte; - case CKA_ALWAYS_SENSITIVE: return type_byte; - case CKA_MODIFIABLE: return type_byte; - case CKA_NETSCAPE_URL: return type_opaque; - case CKA_NETSCAPE_EMAIL: return type_opaque; - case CKA_NETSCAPE_SMIME_INFO: return type_opaque; - case CKA_NETSCAPE_SMIME_TIMESTAMP: return type_opaque; - case CKA_NETSCAPE_PKCS8_SALT: return type_opaque; - case CKA_NETSCAPE_PASSWORD_CHECK: return type_opaque; - case CKA_NETSCAPE_EXPIRES: return type_opaque; - case CKA_TRUST_DIGITAL_SIGNATURE: return type_long; - case CKA_TRUST_NON_REPUDIATION: return type_long; - case CKA_TRUST_KEY_ENCIPHERMENT: return type_long; - case CKA_TRUST_DATA_ENCIPHERMENT: return type_long; - case CKA_TRUST_KEY_AGREEMENT: return type_long; - case CKA_TRUST_KEY_CERT_SIGN: return type_long; - case CKA_TRUST_CRL_SIGN: return type_long; - case CKA_TRUST_SERVER_AUTH: return type_long; - case CKA_TRUST_CLIENT_AUTH: return type_long; - case CKA_TRUST_CODE_SIGNING: return type_long; - case CKA_TRUST_EMAIL_PROTECTION: return type_long; - case CKA_TRUST_IPSEC_END_SYSTEM: return type_long; - case CKA_TRUST_IPSEC_TUNNEL: return type_long; - case CKA_TRUST_IPSEC_USER: return type_long; - case CKA_TRUST_TIME_STAMPING: return type_long; - case CKA_NETSCAPE_DB: return type_opaque; - case CKA_NETSCAPE_TRUST: return type_opaque; - default: return type_opaque; - } + switch (type) { + case CKA_CLASS: + return type_long; + case CKA_TOKEN: + return type_byte; + case CKA_PRIVATE: + return type_byte; + case CKA_LABEL: + return type_opaque; + case CKA_APPLICATION: + return type_opaque; + case CKA_VALUE: + return type_opaque; + case CKA_CERTIFICATE_TYPE: + return type_long; + case CKA_ISSUER: + return type_opaque; + case CKA_SERIAL_NUMBER: + return type_opaque; + case CKA_KEY_TYPE: + return type_long; + case CKA_SUBJECT: + return type_opaque; + case CKA_ID: + return type_opaque; + case CKA_SENSITIVE: + return type_byte; + case CKA_ENCRYPT: + return type_byte; + case CKA_DECRYPT: + return type_byte; + case CKA_WRAP: + return type_byte; + case CKA_UNWRAP: + return type_byte; + case CKA_SIGN: + return type_byte; + case CKA_SIGN_RECOVER: + return type_byte; + case CKA_VERIFY: + return type_byte; + case CKA_VERIFY_RECOVER: + return type_byte; + case CKA_DERIVE: + return type_byte; + case CKA_START_DATE: + return type_opaque; + case CKA_END_DATE: + return type_opaque; + case CKA_MODULUS: + return type_opaque; + case CKA_MODULUS_BITS: + return type_long; + case CKA_PUBLIC_EXPONENT: + return type_opaque; + case CKA_PRIVATE_EXPONENT: + return type_opaque; + case CKA_PRIME_1: + return type_opaque; + case CKA_PRIME_2: + return type_opaque; + case CKA_EXPONENT_1: + return type_opaque; + case CKA_EXPONENT_2: + return type_opaque; + case CKA_COEFFICIENT: + return type_opaque; + case CKA_PRIME: + return type_opaque; + case CKA_SUBPRIME: + return type_opaque; + case CKA_BASE: + return type_opaque; + case CKA_VALUE_BITS: + return type_long; + case CKA_VALUE_LEN: + return type_long; + case CKA_EXTRACTABLE: + return type_byte; + case CKA_LOCAL: + return type_byte; + case CKA_NEVER_EXTRACTABLE: + return type_byte; + case CKA_ALWAYS_SENSITIVE: + return type_byte; + case CKA_MODIFIABLE: + return type_byte; + case CKA_NETSCAPE_URL: + return type_opaque; + case CKA_NETSCAPE_EMAIL: + return type_opaque; + case CKA_NETSCAPE_SMIME_INFO: + return type_opaque; + case CKA_NETSCAPE_SMIME_TIMESTAMP: + return type_opaque; + case CKA_NETSCAPE_PKCS8_SALT: + return type_opaque; + case CKA_NETSCAPE_PASSWORD_CHECK: + return type_opaque; + case CKA_NETSCAPE_EXPIRES: + return type_opaque; + case CKA_TRUST_DIGITAL_SIGNATURE: + return type_long; + case CKA_TRUST_NON_REPUDIATION: + return type_long; + case CKA_TRUST_KEY_ENCIPHERMENT: + return type_long; + case CKA_TRUST_DATA_ENCIPHERMENT: + return type_long; + case CKA_TRUST_KEY_AGREEMENT: + return type_long; + case CKA_TRUST_KEY_CERT_SIGN: + return type_long; + case CKA_TRUST_CRL_SIGN: + return type_long; + case CKA_TRUST_SERVER_AUTH: + return type_long; + case CKA_TRUST_CLIENT_AUTH: + return type_long; + case CKA_TRUST_CODE_SIGNING: + return type_long; + case CKA_TRUST_EMAIL_PROTECTION: + return type_long; + case CKA_TRUST_IPSEC_END_SYSTEM: + return type_long; + case CKA_TRUST_IPSEC_TUNNEL: + return type_long; + case CKA_TRUST_IPSEC_USER: + return type_long; + case CKA_TRUST_TIME_STAMPING: + return type_long; + case CKA_NETSCAPE_DB: + return type_opaque; + case CKA_NETSCAPE_TRUST: + return type_opaque; + default: + return type_opaque; + } } static void -nss_dbm_db_swap_copy -( - CK_ATTRIBUTE_TYPE type, - void *dest, - void *src, - CK_ULONG len -) +nss_dbm_db_swap_copy( + CK_ATTRIBUTE_TYPE type, + void *dest, + void *src, + CK_ULONG len) { - switch( nss_dbm_db_swap_type(type) ) { - case type_byte: - case type_opaque: - (void)memcpy(dest, src, len); - break; - case type_short: - { - CK_USHORT s, d; - (void)memcpy(&s, src, sizeof(CK_USHORT)); - d = htons(s); - (void)memcpy(dest, &d, sizeof(CK_USHORT)); - break; - } - case type_long: - { - CK_ULONG s, d; - (void)memcpy(&s, src, sizeof(CK_ULONG)); - d = htonl(s); - (void)memcpy(dest, &d, sizeof(CK_ULONG)); - break; + switch (nss_dbm_db_swap_type(type)) { + case type_byte: + case type_opaque: + (void)memcpy(dest, src, len); + break; + case type_short: { + CK_USHORT s, d; + (void)memcpy(&s, src, sizeof(CK_USHORT)); + d = htons(s); + (void)memcpy(dest, &d, sizeof(CK_USHORT)); + break; + } + case type_long: { + CK_ULONG s, d; + (void)memcpy(&s, src, sizeof(CK_ULONG)); + d = htonl(s); + (void)memcpy(dest, &d, sizeof(CK_ULONG)); + break; + } } - } } static CK_RV -nss_dbm_db_wrap_object -( - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - DBT *object -) +nss_dbm_db_wrap_object( + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + DBT *object) { - CK_ULONG object_size; - CK_ULONG i; - CK_ULONG *pulData; - char *pcData; - CK_ULONG offset; - - object_size = (1 + ulAttributeCount*3) * sizeof(CK_ULONG); - offset = object_size; - for( i = 0; i < ulAttributeCount; i++ ) { - object_size += pTemplate[i].ulValueLen; - } - - object->size = object_size; - object->data = nss_ZAlloc(arena, object_size); - if( (void *)NULL == object->data ) { - return CKR_HOST_MEMORY; - } - - pulData = (CK_ULONG *)object->data; - pcData = (char *)object->data; - - pulData[0] = htonl(ulAttributeCount); - for( i = 0; i < ulAttributeCount; i++ ) { - CK_ULONG len = pTemplate[i].ulValueLen; - pulData[1 + i*3] = htonl(pTemplate[i].type); - pulData[2 + i*3] = htonl(len); - pulData[3 + i*3] = htonl(offset); - nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len); - offset += len; - } - - return CKR_OK; + CK_ULONG object_size; + CK_ULONG i; + CK_ULONG *pulData; + char *pcData; + CK_ULONG offset; + + object_size = (1 + ulAttributeCount * 3) * sizeof(CK_ULONG); + offset = object_size; + for (i = 0; i < ulAttributeCount; i++) { + object_size += pTemplate[i].ulValueLen; + } + + object->size = object_size; + object->data = nss_ZAlloc(arena, object_size); + if ((void *)NULL == object->data) { + return CKR_HOST_MEMORY; + } + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + pulData[0] = htonl(ulAttributeCount); + for (i = 0; i < ulAttributeCount; i++) { + CK_ULONG len = pTemplate[i].ulValueLen; + pulData[1 + i * 3] = htonl(pTemplate[i].type); + pulData[2 + i * 3] = htonl(len); + pulData[3 + i * 3] = htonl(offset); + nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len); + offset += len; + } + + return CKR_OK; } static CK_RV -nss_dbm_db_unwrap_object -( - NSSArena *arena, - DBT *object, - CK_ATTRIBUTE_PTR *ppTemplate, - CK_ULONG *pulAttributeCount -) +nss_dbm_db_unwrap_object( + NSSArena *arena, + DBT *object, + CK_ATTRIBUTE_PTR *ppTemplate, + CK_ULONG *pulAttributeCount) { - CK_ULONG *pulData; - char *pcData; - CK_ULONG n, i; - CK_ATTRIBUTE_PTR pTemplate; - - pulData = (CK_ULONG *)object->data; - pcData = (char *)object->data; - - n = ntohl(pulData[0]); - *pulAttributeCount = n; - pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n); - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - return CKR_HOST_MEMORY; - } - - for( i = 0; i < n; i++ ) { - CK_ULONG len; - CK_ULONG offset; - void *p; - - pTemplate[i].type = ntohl(pulData[1 + i*3]); - len = ntohl(pulData[2 + i*3]); - offset = ntohl(pulData[3 + i*3]); - - p = nss_ZAlloc(arena, len); - if( (void *)NULL == p ) { - return CKR_HOST_MEMORY; + CK_ULONG *pulData; + char *pcData; + CK_ULONG n, i; + CK_ATTRIBUTE_PTR pTemplate; + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + n = ntohl(pulData[0]); + *pulAttributeCount = n; + pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n); + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + return CKR_HOST_MEMORY; + } + + for (i = 0; i < n; i++) { + CK_ULONG len; + CK_ULONG offset; + void *p; + + pTemplate[i].type = ntohl(pulData[1 + i * 3]); + len = ntohl(pulData[2 + i * 3]); + offset = ntohl(pulData[3 + i * 3]); + + p = nss_ZAlloc(arena, len); + if ((void *)NULL == p) { + return CKR_HOST_MEMORY; + } + + nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len); + pTemplate[i].ulValueLen = len; + pTemplate[i].pValue = p; } - - nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len); - pTemplate[i].ulValueLen = len; - pTemplate[i].pValue = p; - } - - *ppTemplate = pTemplate; - return CKR_OK; -} + *ppTemplate = pTemplate; + return CKR_OK; +} NSS_IMPLEMENT nss_dbm_dbt_t * -nss_dbm_db_create_object -( - NSSArena *arena, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_create_object( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv) { - NSSArena *tmparena = (NSSArena *)NULL; - nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL; - DBT object; - - rv = nss_ZNEW(arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - rv->my_db = db; - rv->dbt.size = sizeof(struct handle); - rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size); - if( (void *)NULL == rv->dbt.data ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError); - if( 0 != *pdbrv ) { - return (nss_dbm_dbt_t *)NULL; - } - - tmparena = NSSArena_Create(); - if( (NSSArena *)NULL == tmparena ) { - *pError = CKR_HOST_MEMORY; - return (nss_dbm_dbt_t *)NULL; - } - - *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object); - if( CKR_OK != *pError ) { - return (nss_dbm_dbt_t *)NULL; - } - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != *pError ) { - goto loser; + NSSArena *tmparena = (NSSArena *)NULL; + nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL; + DBT object; + + rv = nss_ZNEW(arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; } - *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0); - if( 0 != *pdbrv ) { - *pError = CKR_DEVICE_ERROR; + rv->my_db = db; + rv->dbt.size = sizeof(struct handle); + rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size); + if ((void *)NULL == rv->dbt.data) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; } - (void)db->db->sync(db->db, 0); + *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError); + if (0 != *pdbrv) { + return (nss_dbm_dbt_t *)NULL; + } - (void)NSSCKFWMutex_Unlock(db->crustylock); - } + tmparena = NSSArena_Create(); + if ((NSSArena *)NULL == tmparena) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; + } - loser: - if( (NSSArena *)NULL != tmparena ) { - (void)NSSArena_Destroy(tmparena); - } + *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object); + if (CKR_OK != *pError) { + return (nss_dbm_dbt_t *)NULL; + } - return rv; -} + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != *pError) { + goto loser; + } + + *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0); + if (0 != *pdbrv) { + *pError = CKR_DEVICE_ERROR; + } + + (void)db->db->sync(db->db, 0); + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } +loser: + if ((NSSArena *)NULL != tmparena) { + (void)NSSArena_Destroy(tmparena); + } + + return rv; +} NSS_IMPLEMENT CK_RV -nss_dbm_db_find_objects -( - nss_dbm_find_t *find, - nss_dbm_db_t *db, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_ULONG *pdbrv -) +nss_dbm_db_find_objects( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; - if( (nss_dbm_db_t *)NULL != db ) { - DBT k, v; + if ((nss_dbm_db_t *)NULL != db) { + DBT k, v; - rv = NSSCKFWMutex_Lock(db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + rv = NSSCKFWMutex_Lock(db->crustylock); + if (CKR_OK != rv) { + return rv; + } - *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST); - while( 0 == *pdbrv ) { - CK_ULONG i, j; - NSSArena *tmparena = (NSSArena *)NULL; - CK_ULONG ulac; - CK_ATTRIBUTE_PTR pt; - - if( (k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4)) ) { - goto nomatch; - } - - tmparena = NSSArena_Create(); - - rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac); - if( CKR_OK != rv ) { - goto loser; - } - - for( i = 0; i < ulAttributeCount; i++ ) { - for( j = 0; j < ulac; j++ ) { - if( pTemplate[i].type == pt[j].type ) { - if( pTemplate[i].ulValueLen != pt[j].ulValueLen ) { - goto nomatch; + *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST); + while (0 == *pdbrv) { + CK_ULONG i, j; + NSSArena *tmparena = (NSSArena *)NULL; + CK_ULONG ulac; + CK_ATTRIBUTE_PTR pt; + + if ((k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4))) { + goto nomatch; } - if( 0 != memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen) ) { - goto nomatch; + + tmparena = NSSArena_Create(); + + rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac); + if (CKR_OK != rv) { + goto loser; } - break; - } - } - if( j == ulac ) { - goto nomatch; - } - } - /* entire template matches */ - { - struct nss_dbm_dbt_node *node; + for (i = 0; i < ulAttributeCount; i++) { + for (j = 0; j < ulac; j++) { + if (pTemplate[i].type == + pt[j].type) { + if (pTemplate[i].ulValueLen != + pt[j].ulValueLen) { + goto nomatch; + } + if (0 != + memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen)) { + goto nomatch; + } + break; + } + } + if (j == ulac) { + goto nomatch; + } + } - node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node); - if( (struct nss_dbm_dbt_node *)NULL == node ) { - rv = CKR_HOST_MEMORY; - goto loser; - } + /* entire template matches */ + { + struct nss_dbm_dbt_node *node; + + node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node); + if ((struct nss_dbm_dbt_node *)NULL == node) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == node->dbt) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + node->dbt->dbt.size = k.size; + node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size); + if ((void *)NULL == node->dbt->dbt.data) { + rv = + CKR_HOST_MEMORY; + goto loser; + } + + (void)memcpy(node->dbt->dbt.data, k.data, k.size); + + node->dbt->my_db = db; + + node->next = find->found; + find->found = node; + } - node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == node->dbt ) { - rv = CKR_HOST_MEMORY; - goto loser; + nomatch: + if ((NSSArena *)NULL != tmparena) { + (void)NSSArena_Destroy(tmparena); + } + *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT); } - - node->dbt->dbt.size = k.size; - node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size); - if( (void *)NULL == node->dbt->dbt.data ) { - rv = CKR_HOST_MEMORY; - goto loser; + + if (*pdbrv < 0) { + rv = CKR_DEVICE_ERROR; + goto loser; } - (void)memcpy(node->dbt->dbt.data, k.data, k.size); + rv = CKR_OK; - node->dbt->my_db = db; + loser: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } - node->next = find->found; - find->found = node; - } + return rv; +} - nomatch: - if( (NSSArena *)NULL != tmparena ) { - (void)NSSArena_Destroy(tmparena); - } - *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT); +NSS_IMPLEMENT CK_BBOOL +nss_dbm_db_object_still_exists( + nss_dbm_dbt_t *dbt) +{ + CK_BBOOL rv; + CK_RV ckrv; + int dbrv; + DBT object; + + ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != ckrv) { + return CK_FALSE; } - if( *pdbrv < 0 ) { - rv = CKR_DEVICE_ERROR; - goto loser; + dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == dbrv) { + rv = CK_TRUE; + } + else { + rv = CK_FALSE; } - rv = CKR_OK; - - loser: - (void)NSSCKFWMutex_Unlock(db->crustylock); - } - - return rv; -} + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); -NSS_IMPLEMENT CK_BBOOL -nss_dbm_db_object_still_exists -( - nss_dbm_dbt_t *dbt -) -{ - CK_BBOOL rv; - CK_RV ckrv; - int dbrv; - DBT object; - - ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != ckrv ) { - return CK_FALSE; - } - - dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == dbrv ) { - rv = CK_TRUE; - } else { - rv = CK_FALSE; - } - - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - - return rv; + return rv; } NSS_IMPLEMENT CK_ULONG -nss_dbm_db_get_object_attribute_count -( - nss_dbm_dbt_t *dbt, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_count( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv) { - CK_ULONG rv = 0; - DBT object; - CK_ULONG *pulData; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - return rv; - } + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + return rv; + } - pulData = (CK_ULONG *)object.data; - rv = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } + else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } + else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + pulData = (CK_ULONG *)object.data; + rv = ntohl(pulData[0]); + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_get_object_attribute_types -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_types( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; - DBT object; - CK_ULONG *pulData; - CK_ULONG n, i; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - rv = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - rv = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + return rv; + } - pulData = (CK_ULONG *)object.data; - n = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } + else if (*pdbrv > 0) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } + else { + rv = CKR_DEVICE_ERROR; + goto done; + } - if( ulCount < n ) { - rv = CKR_BUFFER_TOO_SMALL; - goto done; - } + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); - for( i = 0; i < n; i++ ) { - typeArray[i] = ntohl(pulData[1 + i*3]); - } + if (ulCount < n) { + rv = CKR_BUFFER_TOO_SMALL; + goto done; + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + for (i = 0; i < n; i++) { + typeArray[i] = ntohl(pulData[1 + i * 3]); + } - return rv; + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; } NSS_IMPLEMENT CK_ULONG -nss_dbm_db_get_object_attribute_size -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute_size( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv) { - CK_ULONG rv = 0; - DBT object; - CK_ULONG *pulData; - CK_ULONG n, i; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - return rv; - } + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + return rv; + } - pulData = (CK_ULONG *)object.data; - n = ntohl(pulData[0]); + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } + else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } + else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - for( i = 0; i < n; i++ ) { - if( type == ntohl(pulData[1 + i*3]) ) { - rv = ntohl(pulData[2 + i*3]); - } - } + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); - if( i == n ) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - goto done; - } + for (i = 0; i < n; i++) { + if (type == ntohl(pulData[1 + i * 3])) { + rv = ntohl(pulData[2 + i * + 3]); + } + } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + if (i == n) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - return rv; + return rv; } NSS_IMPLEMENT NSSItem * -nss_dbm_db_get_object_attribute -( - nss_dbm_dbt_t *dbt, - NSSArena *arena, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError, - CK_ULONG *pdbrv -) +nss_dbm_db_get_object_attribute( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv) { - NSSItem *rv = (NSSItem *)NULL; - DBT object; - CK_ULONG i; - NSSArena *tmp = NSSArena_Create(); - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - - /* Locked region */ - { - *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != *pError ) { - goto loser; - } + NSSItem *rv = (NSSItem *)NULL; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != *pError) { + goto loser; + } - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - *pError = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - *pError = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } + else if (*pdbrv > 0) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } + else { + *pError = CKR_DEVICE_ERROR; + goto done; + } - *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); - if( CKR_OK != *pError ) { - goto done; - } + *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if (CKR_OK != *pError) { + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( type == pTemplate[i].type ) { - rv = nss_ZNEW(arena, NSSItem); - if( (NSSItem *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto done; + for (i = 0; i < ulAttributeCount; i++) { + if (type == pTemplate[i].type) { + rv = nss_ZNEW(arena, NSSItem); + if ((NSSItem *)NULL == rv) { + *pError = + CKR_HOST_MEMORY; + goto done; + } + rv->size = pTemplate[i].ulValueLen; + rv->data = nss_ZAlloc(arena, rv->size); + if ((void *)NULL == rv->data) { + *pError = + CKR_HOST_MEMORY; + goto done; + } + (void)memcpy(rv->data, pTemplate[i].pValue, rv->size); + break; + } } - rv->size = pTemplate[i].ulValueLen; - rv->data = nss_ZAlloc(arena, rv->size); - if( (void *)NULL == rv->data ) { - *pError = CKR_HOST_MEMORY; - goto done; + if (ulAttributeCount == i) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; } - (void)memcpy(rv->data, pTemplate[i].pValue, rv->size); - break; - } - } - if( ulAttributeCount == i ) { - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - goto done; - } - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - loser: - if( (NSSArena *)NULL != tmp ) { - NSSArena_Destroy(tmp); - } +loser: + if ((NSSArena *)NULL != tmp) { + NSSArena_Destroy(tmp); + } - return rv; + return rv; } NSS_IMPLEMENT CK_RV -nss_dbm_db_set_object_attribute -( - nss_dbm_dbt_t *dbt, - CK_ATTRIBUTE_TYPE type, - NSSItem *value, - CK_ULONG *pdbrv -) +nss_dbm_db_set_object_attribute( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv) { - CK_RV rv = CKR_OK; - DBT object; - CK_ULONG i; - NSSArena *tmp = NSSArena_Create(); - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulAttributeCount; - - /* Locked region */ - { - rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); - if( CKR_OK != rv ) { - goto loser; - } + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if (CKR_OK != rv) { + goto loser; + } - *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 == *pdbrv ) { - ; - } else if( *pdbrv > 0 ) { - rv = CKR_OBJECT_HANDLE_INVALID; - goto done; - } else { - rv = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 == *pdbrv) { + ; + } + else if (*pdbrv > 0) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } + else { + rv = CKR_DEVICE_ERROR; + goto done; + } - rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); - if( CKR_OK != rv ) { - goto done; - } + rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if (CKR_OK != rv) { + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( type == pTemplate[i].type ) { - /* Replacing an existing attribute */ - pTemplate[i].ulValueLen = value->size; - pTemplate[i].pValue = value->data; - break; - } - } + for (i = 0; i < ulAttributeCount; i++) { + if (type == pTemplate[i].type) { + /* Replacing an existing attribute */ + pTemplate[i].ulValueLen = value->size; + pTemplate[i].pValue = value->data; + break; + } + } - if( i == ulAttributeCount ) { - /* Adding a new attribute */ - CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount+1); - if( (CK_ATTRIBUTE_PTR)NULL == npt ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + if (i == ulAttributeCount) { + /* Adding a new attribute */ + CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount + 1); + if ((CK_ATTRIBUTE_PTR)NULL == npt) { + rv = CKR_DEVICE_ERROR; + goto done; + } - for( i = 0; i < ulAttributeCount; i++ ) { - npt[i] = pTemplate[i]; - } + for (i = 0; i < ulAttributeCount; i++) { + npt[i] = pTemplate[i]; + } - npt[ulAttributeCount].type = type; - npt[ulAttributeCount].ulValueLen = value->size; - npt[ulAttributeCount].pValue = value->data; + npt[ulAttributeCount].type = type; + npt[ulAttributeCount].ulValueLen = value->size; + npt[ulAttributeCount].pValue = value->data; - pTemplate = npt; - ulAttributeCount++; - } + pTemplate = npt; + ulAttributeCount++; + } - rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object); - if( CKR_OK != rv ) { - goto done; - } + rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object); + if (CKR_OK != rv) { + goto done; + } - *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0); - if( 0 != *pdbrv ) { - rv = CKR_DEVICE_ERROR; - goto done; - } + *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0); + if (0 != *pdbrv) { + rv = CKR_DEVICE_ERROR; + goto done; + } - (void)dbt->my_db->db->sync(dbt->my_db->db, 0); + (void)dbt->my_db->db->sync(dbt->my_db->db, 0); - done: - (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); - } + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } - loser: - if( (NSSArena *)NULL != tmp ) { - NSSArena_Destroy(tmp); - } +loser: + if ((NSSArena *)NULL != tmp) { + NSSArena_Destroy(tmp); + } - return rv; + return rv; } diff --git a/lib/ckfw/dbm/find.c b/lib/ckfw/dbm/find.c index 575c0ad5a..8a03855c3 100644 --- a/lib/ckfw/dbm/find.c +++ b/lib/ckfw/dbm/find.c @@ -5,129 +5,122 @@ #include "ckdbm.h" static void -nss_dbm_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; - /* Locks might have system resources associated */ - (void)NSSCKFWMutex_Destroy(find->list_lock); - (void)NSSArena_Destroy(find->arena); + /* Locks might have system resources associated */ + (void)NSSCKFWMutex_Destroy(find->list_lock); + (void)NSSArena_Destroy(find->arena); } - static NSSCKMDObject * -nss_dbm_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nss_dbm_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; - struct nss_dbm_dbt_node *node; - nss_dbm_object_t *object; - NSSCKMDObject *rv; - - while(1) { - /* Lock */ - { - *pError = NSSCKFWMutex_Lock(find->list_lock); - if( CKR_OK != *pError ) { + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + struct nss_dbm_dbt_node *node; + nss_dbm_object_t *object; + NSSCKMDObject *rv; + + while (1) { + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(find->list_lock); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } + + node = find->found; + if ((struct nss_dbm_dbt_node *)NULL != node) { + find->found = node->next; + } + + *pError = NSSCKFWMutex_Unlock(find->list_lock); + if (CKR_OK != *pError) { + /* screwed now */ + return (NSSCKMDObject *)NULL; + } + } + + if ((struct nss_dbm_dbt_node *)NULL == node) { + break; + } + + if (nss_dbm_db_object_still_exists(node->dbt)) { + break; + } + } + + if ((struct nss_dbm_dbt_node *)NULL == node) { + *pError = CKR_OK; return (NSSCKMDObject *)NULL; - } - - node = find->found; - if( (struct nss_dbm_dbt_node *)NULL != node ) { - find->found = node->next; - } - - *pError = NSSCKFWMutex_Unlock(find->list_lock); - if( CKR_OK != *pError ) { - /* screwed now */ + } + + object = nss_ZNEW(arena, nss_dbm_object_t); + if ((nss_dbm_object_t *)NULL == object) { + *pError = CKR_HOST_MEMORY; return (NSSCKMDObject *)NULL; - } } - if( (struct nss_dbm_dbt_node *)NULL == node ) { - break; + object->arena = arena; + object->handle = nss_ZNEW(arena, nss_dbm_dbt_t); + if ((nss_dbm_dbt_t *)NULL == object->handle) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - if( nss_dbm_db_object_still_exists(node->dbt) ) { - break; + object->handle->my_db = node->dbt->my_db; + object->handle->dbt.size = node->dbt->dbt.size; + object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size); + if ((void *)NULL == object->handle->dbt.data) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - } - - if( (struct nss_dbm_dbt_node *)NULL == node ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } - - object = nss_ZNEW(arena, nss_dbm_object_t); - if( (nss_dbm_object_t *)NULL == object ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->arena = arena; - object->handle = nss_ZNEW(arena, nss_dbm_dbt_t); - if( (nss_dbm_dbt_t *)NULL == object->handle ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->handle->my_db = node->dbt->my_db; - object->handle->dbt.size = node->dbt->dbt.size; - object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size); - if( (void *)NULL == object->handle->dbt.data ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size); - - rv = nss_dbm_mdObject_factory(object, pError); - if( (NSSCKMDObject *)NULL == rv ) { - return (NSSCKMDObject *)NULL; - } - - return rv; + + (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size); + + rv = nss_dbm_mdObject_factory(object, pError); + if ((NSSCKMDObject *)NULL == rv) { + return (NSSCKMDObject *)NULL; + } + + return rv; } NSS_IMPLEMENT NSSCKMDFindObjects * -nss_dbm_mdFindObjects_factory -( - nss_dbm_find_t *find, - CK_RV *pError -) +nss_dbm_mdFindObjects_factory( + nss_dbm_find_t *find, + CK_RV *pError) { - NSSCKMDFindObjects *rv; + NSSCKMDFindObjects *rv; - rv = nss_ZNEW(find->arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDFindObjects *)NULL; - } + rv = nss_ZNEW(find->arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } - rv->etc = (void *)find; - rv->Final = nss_dbm_mdFindObjects_Final; - rv->Next = nss_dbm_mdFindObjects_Next; + rv->etc = (void *)find; + rv->Final = nss_dbm_mdFindObjects_Final; + rv->Next = nss_dbm_mdFindObjects_Next; - return rv; + return rv; } diff --git a/lib/ckfw/dbm/instance.c b/lib/ckfw/dbm/instance.c index 14f7af827..fbb11722d 100644 --- a/lib/ckfw/dbm/instance.c +++ b/lib/ckfw/dbm/instance.c @@ -5,159 +5,143 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdInstance_Initialize -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSUTF8 *configurationData -) +nss_dbm_mdInstance_Initialize( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData) { - CK_RV rv = CKR_OK; - NSSArena *arena; - nss_dbm_instance_t *instance; + CK_RV rv = CKR_OK; + NSSArena *arena; + nss_dbm_instance_t *instance; - arena = NSSCKFWInstance_GetArena(fwInstance, &rv); - if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) { - return rv; - } - - instance = nss_ZNEW(arena, nss_dbm_instance_t); - if( (nss_dbm_instance_t *)NULL == instance ) { - return CKR_HOST_MEMORY; - } - - instance->arena = arena; - - /* - * This should parse the configuration data for information on - * number and locations of databases, modes (e.g. readonly), etc. - * But for now, we'll have one slot with a creatable read-write - * database called "cert8.db." - */ - - instance->nSlots = 1; - instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots); - if( (char **)NULL == instance->filenames ) { - return CKR_HOST_MEMORY; - } - - instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots); - if( (int *)NULL == instance->flags ) { - return CKR_HOST_MEMORY; - } - - instance->filenames[0] = "cert8.db"; - instance->flags[0] = O_RDWR|O_CREAT; - - mdInstance->etc = (void *)instance; - return CKR_OK; + arena = NSSCKFWInstance_GetArena(fwInstance, &rv); + if (((NSSArena *)NULL == arena) && (CKR_OK != rv)) { + return rv; + } + + instance = nss_ZNEW(arena, nss_dbm_instance_t); + if ((nss_dbm_instance_t *)NULL == instance) { + return CKR_HOST_MEMORY; + } + + instance->arena = arena; + + /* + * This should parse the configuration data for information on + * number and locations of databases, modes (e.g. readonly), etc. + * But for now, we'll have one slot with a creatable read-write + * database called "cert8.db." + */ + + instance->nSlots = 1; + instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots); + if ((char **)NULL == instance->filenames) { + return CKR_HOST_MEMORY; + } + + instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots); + if ((int *)NULL == instance->flags) { + return CKR_HOST_MEMORY; + } + + instance->filenames[0] = "cert8.db"; + instance->flags[0] = O_RDWR | O_CREAT; + + mdInstance->etc = (void *)instance; + return CKR_OK; } /* nss_dbm_mdInstance_Finalize is not required */ static CK_ULONG -nss_dbm_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - return instance->nSlots; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + return instance->nSlots; } static CK_VERSION -nss_dbm_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - static CK_VERSION rv = { 2, 1 }; - return rv; + static CK_VERSION rv = { 2, 1 }; + return rv; } static NSSUTF8 * -nss_dbm_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Mozilla Foundation"; + return "Mozilla Foundation"; } static NSSUTF8 * -nss_dbm_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Berkeley Database Module"; + return "Berkeley Database Module"; } static CK_VERSION -nss_dbm_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - static CK_VERSION rv = { 1, 0 }; /* My own version number */ - return rv; + static CK_VERSION rv = { 1, 0 }; /* My own version number */ + return rv; } static CK_BBOOL -nss_dbm_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_RV -nss_dbm_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +nss_dbm_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_ULONG i; - CK_RV rv = CKR_OK; - - for( i = 0; i < instance->nSlots; i++ ) { - slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i], - instance->flags[i], &rv); - if( (NSSCKMDSlot *)NULL == slots[i] ) { - return rv; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_ULONG i; + CK_RV rv = CKR_OK; + + for (i = 0; i < instance->nSlots; i++) { + slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i], + instance->flags[i], &rv); + if ((NSSCKMDSlot *)NULL == slots[i]) { + return rv; + } } - } - return rv; + return rv; } /* nss_dbm_mdInstance_WaitForSlotEvent is not relevant */ -NSS_IMPLEMENT_DATA NSSCKMDInstance -nss_dbm_mdInstance = { - NULL, /* etc; filled in later */ - nss_dbm_mdInstance_Initialize, - NULL, /* nss_dbm_mdInstance_Finalize */ - nss_dbm_mdInstance_GetNSlots, - nss_dbm_mdInstance_GetCryptokiVersion, - nss_dbm_mdInstance_GetManufacturerID, - nss_dbm_mdInstance_GetLibraryDescription, - nss_dbm_mdInstance_GetLibraryVersion, - nss_dbm_mdInstance_ModuleHandlesSessionObjects, - nss_dbm_mdInstance_GetSlots, - NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */ - NULL /* terminator */ -}; +NSS_IMPLEMENT_DATA NSSCKMDInstance + nss_dbm_mdInstance = { + NULL, /* etc; filled in later */ + nss_dbm_mdInstance_Initialize, + NULL, /* nss_dbm_mdInstance_Finalize */ + nss_dbm_mdInstance_GetNSlots, + nss_dbm_mdInstance_GetCryptokiVersion, + nss_dbm_mdInstance_GetManufacturerID, + nss_dbm_mdInstance_GetLibraryDescription, + nss_dbm_mdInstance_GetLibraryVersion, + nss_dbm_mdInstance_ModuleHandlesSessionObjects, + nss_dbm_mdInstance_GetSlots, + NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */ + NULL /* terminator */ + }; diff --git a/lib/ckfw/dbm/object.c b/lib/ckfw/dbm/object.c index 0649d40c0..4f6e4d409 100644 --- a/lib/ckfw/dbm/object.c +++ b/lib/ckfw/dbm/object.c @@ -5,167 +5,151 @@ #include "ckdbm.h" static void -nss_dbm_mdObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ; + ; } static CK_RV -nss_dbm_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - return nss_dbm_db_delete_object(object->handle); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + return nss_dbm_db_delete_object(object->handle); } static CK_ULONG -nss_dbm_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_count(object->handle, pError, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_count(object->handle, pError, + &session->deviceError); } static CK_RV -nss_dbm_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nss_dbm_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_types(object->handle, typeArray, - ulCount, &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_types(object->handle, typeArray, + ulCount, &session->deviceError); } static CK_ULONG -nss_dbm_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_dbm_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError, + &session->deviceError); } static NSSItem * -nss_dbm_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_dbm_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute, - pError, &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute, + pError, &session->deviceError); } static CK_RV -nss_dbm_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nss_dbm_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return nss_dbm_db_set_object_attribute(object->handle, attribute, value, - &session->deviceError); + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_set_object_attribute(object->handle, attribute, value, + &session->deviceError); } NSS_IMPLEMENT NSSCKMDObject * -nss_dbm_mdObject_factory -( - nss_dbm_object_t *object, - CK_RV *pError -) +nss_dbm_mdObject_factory( + nss_dbm_object_t *object, + CK_RV *pError) { - NSSCKMDObject *rv; + NSSCKMDObject *rv; - rv = nss_ZNEW(object->arena, NSSCKMDObject); - if( (NSSCKMDObject *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } + rv = nss_ZNEW(object->arena, NSSCKMDObject); + if ((NSSCKMDObject *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } - rv->etc = (void *)object; - rv->Finalize = nss_dbm_mdObject_Finalize; - rv->Destroy = nss_dbm_mdObject_Destroy; - /* IsTokenObject can be deferred */ - rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount; - rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes; - rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize; - rv->GetAttribute = nss_dbm_mdObject_GetAttribute; - rv->SetAttribute = nss_dbm_mdObject_SetAttribute; - /* GetObjectSize can be deferred */ + rv->etc = (void *)object; + rv->Finalize = nss_dbm_mdObject_Finalize; + rv->Destroy = nss_dbm_mdObject_Destroy; + /* IsTokenObject can be deferred */ + rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount; + rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes; + rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize; + rv->GetAttribute = nss_dbm_mdObject_GetAttribute; + rv->SetAttribute = nss_dbm_mdObject_SetAttribute; + /* GetObjectSize can be deferred */ - return rv; + return rv; } diff --git a/lib/ckfw/dbm/session.c b/lib/ckfw/dbm/session.c index 6101c06a7..a1c2ee5fa 100644 --- a/lib/ckfw/dbm/session.c +++ b/lib/ckfw/dbm/session.c @@ -5,50 +5,46 @@ #include "ckdbm.h" static void -nss_dbm_mdSession_Close -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSession_Close( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - struct nss_dbm_dbt_node *w; + struct nss_dbm_dbt_node *w; - /* Lock */ - { - if( CKR_OK != NSSCKFWMutex_Lock(session->list_lock) ) { - return; - } + /* Lock */ + { + if (CKR_OK != NSSCKFWMutex_Lock(session->list_lock)) { + return; + } - w = session->session_objects; - session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */ - - (void)NSSCKFWMutex_Unlock(session->list_lock); - } + w = session->session_objects; + session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */ + + (void)NSSCKFWMutex_Unlock(session->list_lock); + } - for( ; (struct nss_dbm_dbt_node *)NULL != w; w = w->next ) { - (void)nss_dbm_db_delete_object(w->dbt); - } + for (; (struct nss_dbm_dbt_node *)NULL != w; w = w->next) { + (void)nss_dbm_db_delete_object(w->dbt); + } } static CK_ULONG -nss_dbm_mdSession_GetDeviceError -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSession_GetDeviceError( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - return session->deviceError; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return session->deviceError; } /* Login isn't needed */ @@ -60,206 +56,200 @@ nss_dbm_mdSession_GetDeviceError /* SetOperationState is irrelevant */ static NSSCKMDObject * -nss_dbm_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_dbm_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - CK_ULONG i; - CK_BBOOL isToken = CK_FALSE; /* defaults to false */ - NSSCKMDObject *rv; - struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL; - nss_dbm_object_t *object; - nss_dbm_db_t *which_db; - - /* This framework should really pass this to me */ - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - isToken = *(CK_BBOOL *)pTemplate[i].pValue; - break; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_ULONG i; + CK_BBOOL isToken = CK_FALSE; /* defaults to false */ + NSSCKMDObject *rv; + struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL; + nss_dbm_object_t *object; + nss_dbm_db_t *which_db; + + /* This framework should really pass this to me */ + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + isToken = *(CK_BBOOL *)pTemplate[i].pValue; + break; + } } - } - - object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t); - if( (nss_dbm_object_t *)NULL == object ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; - } - - object->arena = handyArenaPointer; - which_db = isToken ? token->slot->token_db : token->session_db; - - /* Do this before the actual database call; it's easier to recover from */ - rv = nss_dbm_mdObject_factory(object, pError); - if( (NSSCKMDObject *)NULL == rv ) { - return (NSSCKMDObject *)NULL; - } - - if( CK_FALSE == isToken ) { - node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node); - if( (struct nss_dbm_dbt_node *)NULL == node ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDObject *)NULL; + + object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t); + if ((nss_dbm_object_t *)NULL == object) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; } - } - object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db, - pTemplate, ulAttributeCount, - pError, &session->deviceError); - if( (nss_dbm_dbt_t *)NULL == object->handle ) { - return (NSSCKMDObject *)NULL; - } + object->arena = handyArenaPointer; + which_db = isToken ? token->slot->token_db : token->session_db; - if( CK_FALSE == isToken ) { - node->dbt = object->handle; - /* Lock */ - { - *pError = NSSCKFWMutex_Lock(session->list_lock); - if( CKR_OK != *pError ) { - (void)nss_dbm_db_delete_object(object->handle); + /* Do this before the actual database call; it's easier to recover from */ + rv = nss_dbm_mdObject_factory(object, pError); + if ((NSSCKMDObject *)NULL == rv) { return (NSSCKMDObject *)NULL; - } - - node->next = session->session_objects; - session->session_objects = node; - - *pError = NSSCKFWMutex_Unlock(session->list_lock); } - } - return rv; + if (CK_FALSE == isToken) { + node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node); + if ((struct nss_dbm_dbt_node *)NULL == node) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + } + + object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db, + pTemplate, ulAttributeCount, + pError, &session->deviceError); + if ((nss_dbm_dbt_t *)NULL == object->handle) { + return (NSSCKMDObject *)NULL; + } + + if (CK_FALSE == isToken) { + node->dbt = object->handle; + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(session->list_lock); + if (CKR_OK != *pError) { + (void)nss_dbm_db_delete_object(object->handle); + return (NSSCKMDObject *)NULL; + } + + node->next = session->session_objects; + session->session_objects = node; + + *pError = NSSCKFWMutex_Unlock(session->list_lock); + } + } + + return rv; } /* CopyObject isn't needed; the framework will use CreateObject */ static NSSCKMDFindObjects * -nss_dbm_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_dbm_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - NSSArena *arena; - nss_dbm_find_t *find; - NSSCKMDFindObjects *rv; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - find = nss_ZNEW(arena, nss_dbm_find_t); - if( (nss_dbm_find_t *)NULL == find ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - find->arena = arena; - find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == find->list_lock ) { - goto loser; - } - - *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate, - ulAttributeCount, &session->deviceError); - if( CKR_OK != *pError ) { - goto loser; - } - - *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate, - ulAttributeCount, &session->deviceError); - if( CKR_OK != *pError ) { - goto loser; - } - - rv = nss_dbm_mdFindObjects_factory(find, pError); - if( (NSSCKMDFindObjects *)NULL == rv ) { - goto loser; - } - - return rv; - - loser: - if( (NSSArena *)NULL != arena ) { - (void)NSSArena_Destroy(arena); - } - - return (NSSCKMDFindObjects *)NULL; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + NSSArena *arena; + nss_dbm_find_t *find; + NSSCKMDFindObjects *rv; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find = nss_ZNEW(arena, nss_dbm_find_t); + if ((nss_dbm_find_t *)NULL == find) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find->arena = arena; + find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == find->list_lock) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate, + ulAttributeCount, &session->deviceError); + if (CKR_OK != *pError) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate, + ulAttributeCount, &session->deviceError); + if (CKR_OK != *pError) { + goto loser; + } + + rv = nss_dbm_mdFindObjects_factory(find, pError); + if ((NSSCKMDFindObjects *)NULL == rv) { + goto loser; + } + + return rv; + +loser: + if ((NSSArena *)NULL != arena) { + (void)NSSArena_Destroy(arena); + } + + return (NSSCKMDFindObjects *)NULL; } /* SeedRandom is irrelevant */ /* GetRandom is irrelevant */ NSS_IMPLEMENT NSSCKMDSession * -nss_dbm_mdSession_factory -( - nss_dbm_token_t *token, - NSSCKFWSession *fwSession, - NSSCKFWInstance *fwInstance, - CK_BBOOL rw, - CK_RV *pError -) +nss_dbm_mdSession_factory( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError) { - NSSArena *arena; - nss_dbm_session_t *session; - NSSCKMDSession *rv; - - arena = NSSCKFWSession_GetArena(fwSession, pError); - - session = nss_ZNEW(arena, nss_dbm_session_t); - if( (nss_dbm_session_t *)NULL == session ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } - - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } - - session->arena = arena; - session->token = token; - session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); - if( (NSSCKFWMutex *)NULL == session->list_lock ) { - return (NSSCKMDSession *)NULL; - } - - rv->etc = (void *)session; - rv->Close = nss_dbm_mdSession_Close; - rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError; - /* Login isn't needed */ - /* Logout isn't needed */ - /* InitPIN is irrelevant */ - /* SetPIN is irrelevant */ - /* GetOperationStateLen is irrelevant */ - /* GetOperationState is irrelevant */ - /* SetOperationState is irrelevant */ - rv->CreateObject = nss_dbm_mdSession_CreateObject; - /* CopyObject isn't needed; the framework will use CreateObject */ - rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit; - rv->null = NULL; - - return rv; + NSSArena *arena; + nss_dbm_session_t *session; + NSSCKMDSession *rv; + + arena = NSSCKFWSession_GetArena(fwSession, pError); + + session = nss_ZNEW(arena, nss_dbm_session_t); + if ((nss_dbm_session_t *)NULL == session) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + session->arena = arena; + session->token = token; + session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if ((NSSCKFWMutex *)NULL == session->list_lock) { + return (NSSCKMDSession *)NULL; + } + + rv->etc = (void *)session; + rv->Close = nss_dbm_mdSession_Close; + rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError; + /* Login isn't needed */ + /* Logout isn't needed */ + /* InitPIN is irrelevant */ + /* SetPIN is irrelevant */ + /* GetOperationStateLen is irrelevant */ + /* GetOperationState is irrelevant */ + /* SetOperationState is irrelevant */ + rv->CreateObject = nss_dbm_mdSession_CreateObject; + /* CopyObject isn't needed; the framework will use CreateObject */ + rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit; + rv->null = NULL; + + return rv; } diff --git a/lib/ckfw/dbm/slot.c b/lib/ckfw/dbm/slot.c index 0b7e645df..827b4ca8a 100644 --- a/lib/ckfw/dbm/slot.c +++ b/lib/ckfw/dbm/slot.c @@ -5,113 +5,102 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdSlot_Initialize -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_Initialize( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_RV rv = CKR_OK; - - slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename, - slot->flags, &rv); - if( (nss_dbm_db_t *)NULL == slot->token_db ) { - if( CKR_TOKEN_NOT_PRESENT == rv ) { - /* This is not an error-- just means "the token isn't there" */ - rv = CKR_OK; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv = CKR_OK; + + slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename, + slot->flags, &rv); + if ((nss_dbm_db_t *)NULL == slot->token_db) { + if (CKR_TOKEN_NOT_PRESENT == rv) { + /* This is not an error-- just means "the token isn't there" */ + rv = CKR_OK; + } } - } - return rv; + return rv; } static void -nss_dbm_mdSlot_Destroy -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_Destroy( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - if( (nss_dbm_db_t *)NULL != slot->token_db ) { - nss_dbm_db_close(slot->token_db); - slot->token_db = (nss_dbm_db_t *)NULL; - } + if ((nss_dbm_db_t *)NULL != slot->token_db) { + nss_dbm_db_close(slot->token_db); + slot->token_db = (nss_dbm_db_t *)NULL; + } } static NSSUTF8 * -nss_dbm_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Database"; + return "Database"; } static NSSUTF8 * -nss_dbm_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "Berkeley"; + return "Berkeley"; } static CK_BBOOL -nss_dbm_mdSlot_GetTokenPresent -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_GetTokenPresent( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - if( (nss_dbm_db_t *)NULL == slot->token_db ) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if ((nss_dbm_db_t *)NULL == slot->token_db) { + return CK_FALSE; + } + else { + return CK_TRUE; + } } static CK_BBOOL -nss_dbm_mdSlot_GetRemovableDevice -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdSlot_GetRemovableDevice( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* - * Well, this supports "tokens" (databases) that aren't there, so in - * that sense they're removable. It'd be nice to handle databases - * that suddenly disappear (NFS-mounted home directories and network - * errors, for instance) but that's a harder problem. We'll say - * we support removable devices, badly. - */ - - return CK_TRUE; + /* + * Well, this supports "tokens" (databases) that aren't there, so in + * that sense they're removable. It'd be nice to handle databases + * that suddenly disappear (NFS-mounted home directories and network + * errors, for instance) but that's a harder problem. We'll say + * we support removable devices, badly. + */ + + return CK_TRUE; } /* nss_dbm_mdSlot_GetHardwareSlot defaults to CK_FALSE */ -/* +/* * nss_dbm_mdSlot_GetHardwareVersion * nss_dbm_mdSlot_GetFirmwareVersion * @@ -122,60 +111,56 @@ nss_dbm_mdSlot_GetRemovableDevice */ static NSSCKMDToken * -nss_dbm_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; - return nss_dbm_mdToken_factory(slot, pError); + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + return nss_dbm_mdToken_factory(slot, pError); } NSS_IMPLEMENT NSSCKMDSlot * -nss_dbm_mdSlot_factory -( - nss_dbm_instance_t *instance, - char *filename, - int flags, - CK_RV *pError -) +nss_dbm_mdSlot_factory( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError) { - nss_dbm_slot_t *slot; - NSSCKMDSlot *rv; - - slot = nss_ZNEW(instance->arena, nss_dbm_slot_t); - if( (nss_dbm_slot_t *)NULL == slot ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSlot *)NULL; - } - - slot->instance = instance; - slot->filename = filename; - slot->flags = flags; - slot->token_db = (nss_dbm_db_t *)NULL; - - rv = nss_ZNEW(instance->arena, NSSCKMDSlot); - if( (NSSCKMDSlot *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSlot *)NULL; - } - - rv->etc = (void *)slot; - rv->Initialize = nss_dbm_mdSlot_Initialize; - rv->Destroy = nss_dbm_mdSlot_Destroy; - rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription; - rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID; - rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent; - rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice; - /* GetHardwareSlot */ - /* GetHardwareVersion */ - /* GetFirmwareVersion */ - rv->GetToken = nss_dbm_mdSlot_GetToken; - rv->null = (void *)NULL; - - return rv; + nss_dbm_slot_t *slot; + NSSCKMDSlot *rv; + + slot = nss_ZNEW(instance->arena, nss_dbm_slot_t); + if ((nss_dbm_slot_t *)NULL == slot) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + slot->instance = instance; + slot->filename = filename; + slot->flags = flags; + slot->token_db = (nss_dbm_db_t *)NULL; + + rv = nss_ZNEW(instance->arena, NSSCKMDSlot); + if ((NSSCKMDSlot *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + rv->etc = (void *)slot; + rv->Initialize = nss_dbm_mdSlot_Initialize; + rv->Destroy = nss_dbm_mdSlot_Destroy; + rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription; + rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID; + rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent; + rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice; + /* GetHardwareSlot */ + /* GetHardwareVersion */ + /* GetFirmwareVersion */ + rv->GetToken = nss_dbm_mdSlot_GetToken; + rv->null = (void *)NULL; + + return rv; } diff --git a/lib/ckfw/dbm/token.c b/lib/ckfw/dbm/token.c index e033e1504..4648b8bef 100644 --- a/lib/ckfw/dbm/token.c +++ b/lib/ckfw/dbm/token.c @@ -5,168 +5,155 @@ #include "ckdbm.h" static CK_RV -nss_dbm_mdToken_Setup -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_Setup( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - CK_RV rv = CKR_OK; - - token->arena = NSSCKFWToken_GetArena(fwToken, &rv); - token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, - O_RDWR|O_CREAT, &rv); - if( (nss_dbm_db_t *)NULL == token->session_db ) { - return rv; - } + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_RV rv = CKR_OK; + + token->arena = NSSCKFWToken_GetArena(fwToken, &rv); + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR | O_CREAT, &rv); + if ((nss_dbm_db_t *)NULL == token->session_db) { + return rv; + } - /* Add a label record if there isn't one? */ + /* Add a label record if there isn't one? */ - return CKR_OK; + return CKR_OK; } static void -nss_dbm_mdToken_Invalidate -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_Invalidate( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( (nss_dbm_db_t *)NULL != token->session_db ) { - nss_dbm_db_close(token->session_db); - token->session_db = (nss_dbm_db_t *)NULL; - } + if ((nss_dbm_db_t *)NULL != token->session_db) { + nss_dbm_db_close(token->session_db); + token->session_db = (nss_dbm_db_t *)NULL; + } } static CK_RV -nss_dbm_mdToken_InitToken -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin, - NSSUTF8 *label -) +nss_dbm_mdToken_InitToken( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; - CK_RV rv; - - /* Wipe the session object data */ - - if( (nss_dbm_db_t *)NULL != token->session_db ) { - nss_dbm_db_close(token->session_db); - } - - token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, - O_RDWR|O_CREAT, &rv); - if( (nss_dbm_db_t *)NULL == token->session_db ) { - return rv; - } + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv; - /* Wipe the token object data */ + /* Wipe the session object data */ - if( token->slot->flags & O_RDWR ) { - if( (nss_dbm_db_t *)NULL != token->slot->token_db ) { - nss_dbm_db_close(token->slot->token_db); + if ((nss_dbm_db_t *)NULL != token->session_db) { + nss_dbm_db_close(token->session_db); } - token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, - token->slot->filename, - token->slot->flags | O_CREAT | O_TRUNC, - &rv); - if( (nss_dbm_db_t *)NULL == token->slot->token_db ) { - return rv; + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR | O_CREAT, &rv); + if ((nss_dbm_db_t *)NULL == token->session_db) { + return rv; } - /* PIN is irrelevant */ + /* Wipe the token object data */ - rv = nss_dbm_db_set_label(token->slot->token_db, label); - if( CKR_OK != rv ) { - return rv; + if (token->slot->flags & O_RDWR) { + if ((nss_dbm_db_t *)NULL != token->slot->token_db) { + nss_dbm_db_close(token->slot->token_db); + } + + token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, + token->slot->filename, + token->slot->flags | O_CREAT | O_TRUNC, + &rv); + if ((nss_dbm_db_t *)NULL == token->slot->token_db) { + return rv; + } + + /* PIN is irrelevant */ + + rv = nss_dbm_db_set_label(token->slot->token_db, label); + if (CKR_OK != rv) { + return rv; + } } - } - return CKR_OK; + return CKR_OK; } static NSSUTF8 * -nss_dbm_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( (NSSUTF8 *)NULL == token->label ) { - token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError); - } + if ((NSSUTF8 *)NULL == token->label) { + token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError); + } - /* If no label has been set, return *something* */ - if( (NSSUTF8 *)NULL == token->label ) { - return token->slot->filename; - } + /* If no label has been set, return *something* */ + if ((NSSUTF8 *)NULL == token->label) { + return token->slot->filename; + } - return token->label; + return token->label; } static NSSUTF8 * -nss_dbm_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "mozilla.org NSS"; + return "mozilla.org NSS"; } static NSSUTF8 * -nss_dbm_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_dbm_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return "dbm"; + return "dbm"; } /* GetSerialNumber is irrelevant */ /* GetHasRNG defaults to CK_FALSE */ static CK_BBOOL -nss_dbm_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - if( token->slot->flags & O_RDWR ) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if (token->slot->flags & O_RDWR) { + return CK_FALSE; + } + else { + return CK_TRUE; + } } /* GetLoginRequired defaults to CK_FALSE */ @@ -177,47 +164,41 @@ nss_dbm_mdToken_GetIsWriteProtected /* GetSupportsDualCryptoOperations is irrelevant */ static CK_ULONG -nss_dbm_mdToken_effectively_infinite -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_effectively_infinite( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_EFFECTIVELY_INFINITE; + return CK_EFFECTIVELY_INFINITE; } static CK_VERSION -nss_dbm_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_dbm_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - return nss_dbm_db_get_format_version(token->slot->token_db); + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_db_get_format_version(token->slot->token_db); } /* GetFirmwareVersion is irrelevant */ /* GetUTCTime is irrelevant */ static NSSCKMDSession * -nss_dbm_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +nss_dbm_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; - return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError); + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError); } /* GetMechanismCount defaults to zero */ @@ -225,58 +206,56 @@ nss_dbm_mdToken_OpenSession /* GetMechanism is irrelevant */ NSS_IMPLEMENT NSSCKMDToken * -nss_dbm_mdToken_factory -( - nss_dbm_slot_t *slot, - CK_RV *pError -) +nss_dbm_mdToken_factory( + nss_dbm_slot_t *slot, + CK_RV *pError) { - nss_dbm_token_t *token; - NSSCKMDToken *rv; - - token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t); - if( (nss_dbm_token_t *)NULL == token ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDToken *)NULL; - } - - rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken); - if( (NSSCKMDToken *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDToken *)NULL; - } - - token->slot = slot; - - rv->etc = (void *)token; - rv->Setup = nss_dbm_mdToken_Setup; - rv->Invalidate = nss_dbm_mdToken_Invalidate; - rv->InitToken = nss_dbm_mdToken_InitToken; - rv->GetLabel = nss_dbm_mdToken_GetLabel; - rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID; - rv->GetModel = nss_dbm_mdToken_GetModel; - /* GetSerialNumber is irrelevant */ - /* GetHasRNG defaults to CK_FALSE */ - rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected; - /* GetLoginRequired defaults to CK_FALSE */ - /* GetUserPinInitialized defaults to CK_FALSE */ - /* GetRestoreKeyNotNeeded is irrelevant */ - /* GetHasClockOnToken defaults to CK_FALSE */ - /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ - /* GetSupportsDualCryptoOperations is irrelevant */ - rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite; - rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite; - /* GetMaxPinLen is irrelevant */ - /* GetMinPinLen is irrelevant */ - /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ - /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ - rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion; - /* GetFirmwareVersion is irrelevant */ - /* GetUTCTime is irrelevant */ - rv->OpenSession = nss_dbm_mdToken_OpenSession; - rv->null = NULL; - - return rv; + nss_dbm_token_t *token; + NSSCKMDToken *rv; + + token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t); + if ((nss_dbm_token_t *)NULL == token) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken); + if ((NSSCKMDToken *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + token->slot = slot; + + rv->etc = (void *)token; + rv->Setup = nss_dbm_mdToken_Setup; + rv->Invalidate = nss_dbm_mdToken_Invalidate; + rv->InitToken = nss_dbm_mdToken_InitToken; + rv->GetLabel = nss_dbm_mdToken_GetLabel; + rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID; + rv->GetModel = nss_dbm_mdToken_GetModel; + /* GetSerialNumber is irrelevant */ + /* GetHasRNG defaults to CK_FALSE */ + rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected; + /* GetLoginRequired defaults to CK_FALSE */ + /* GetUserPinInitialized defaults to CK_FALSE */ + /* GetRestoreKeyNotNeeded is irrelevant */ + /* GetHasClockOnToken defaults to CK_FALSE */ + /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ + /* GetSupportsDualCryptoOperations is irrelevant */ + rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite; + rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite; + /* GetMaxPinLen is irrelevant */ + /* GetMinPinLen is irrelevant */ + /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion; + /* GetFirmwareVersion is irrelevant */ + /* GetUTCTime is irrelevant */ + rv->OpenSession = nss_dbm_mdToken_OpenSession; + rv->null = NULL; + + return rv; } diff --git a/lib/ckfw/find.c b/lib/ckfw/find.c index 8a8a5415d..798a20b2f 100644 --- a/lib/ckfw/find.c +++ b/lib/ckfw/find.c @@ -21,7 +21,7 @@ * * -- public accessors -- * NSSCKFWFindObjects_GetMDFindObjects - * + * * -- implement public accessors -- * nssCKFWFindObjects_GetMDFindObjects * @@ -32,17 +32,17 @@ */ struct NSSCKFWFindObjectsStr { - NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ - NSSCKMDFindObjects *mdfo1; - NSSCKMDFindObjects *mdfo2; - NSSCKFWSession *fwSession; - NSSCKMDSession *mdSession; - NSSCKFWToken *fwToken; - NSSCKMDToken *mdToken; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - - NSSCKMDFindObjects *mdFindObjects; /* varies */ + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSCKMDFindObjects *mdfo1; + NSSCKMDFindObjects *mdfo2; + NSSCKFWSession *fwSession; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + NSSCKMDFindObjects *mdFindObjects; /* varies */ }; #ifdef DEBUG @@ -58,30 +58,24 @@ struct NSSCKFWFindObjectsStr { */ static CK_RV -findObjects_add_pointer -( - const NSSCKFWFindObjects *fwFindObjects -) +findObjects_add_pointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } static CK_RV -findObjects_remove_pointer -( - const NSSCKFWFindObjects *fwFindObjects -) +findObjects_remove_pointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWFindObjects_verifyPointer -( - const NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_verifyPointer( + const NSSCKFWFindObjects *fwFindObjects) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -91,128 +85,123 @@ nssCKFWFindObjects_verifyPointer * */ NSS_EXTERN NSSCKFWFindObjects * -nssCKFWFindObjects_Create -( - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - NSSCKMDFindObjects *mdFindObjects1, - NSSCKMDFindObjects *mdFindObjects2, - CK_RV *pError -) +nssCKFWFindObjects_Create( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError) { - NSSCKFWFindObjects *fwFindObjects = NULL; - NSSCKMDSession *mdSession; - NSSCKMDToken *mdToken; - NSSCKMDInstance *mdInstance; - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdToken = nssCKFWToken_GetMDToken(fwToken); - mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - - fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); - if (!fwFindObjects) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwFindObjects->mdfo1 = mdFindObjects1; - fwFindObjects->mdfo2 = mdFindObjects2; - fwFindObjects->fwSession = fwSession; - fwFindObjects->mdSession = mdSession; - fwFindObjects->fwToken = fwToken; - fwFindObjects->mdToken = mdToken; - fwFindObjects->fwInstance = fwInstance; - fwFindObjects->mdInstance = mdInstance; - - fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); - if (!fwFindObjects->mutex) { - goto loser; - } + NSSCKFWFindObjects *fwFindObjects = NULL; + NSSCKMDSession *mdSession; + NSSCKMDToken *mdToken; + NSSCKMDInstance *mdInstance; + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdToken = nssCKFWToken_GetMDToken(fwToken); + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + + fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); + if (!fwFindObjects) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwFindObjects->mdfo1 = mdFindObjects1; + fwFindObjects->mdfo2 = mdFindObjects2; + fwFindObjects->fwSession = fwSession; + fwFindObjects->mdSession = mdSession; + fwFindObjects->fwToken = fwToken; + fwFindObjects->mdToken = mdToken; + fwFindObjects->fwInstance = fwInstance; + fwFindObjects->mdInstance = mdInstance; + + fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); + if (!fwFindObjects->mutex) { + goto loser; + } #ifdef DEBUG - *pError = findObjects_add_pointer(fwFindObjects); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = findObjects_add_pointer(fwFindObjects); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - return fwFindObjects; + return fwFindObjects; - loser: - if( fwFindObjects ) { - if( NULL != mdFindObjects1 ) { - if( NULL != mdFindObjects1->Final ) { - fwFindObjects->mdFindObjects = mdFindObjects1; - mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, - fwSession, mdToken, fwToken, mdInstance, fwInstance); - } - } +loser: + if (fwFindObjects) { + if (NULL != mdFindObjects1) { + if (NULL != mdFindObjects1->Final) { + fwFindObjects->mdFindObjects = mdFindObjects1; + mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } - if( NULL != mdFindObjects2 ) { - if( NULL != mdFindObjects2->Final ) { - fwFindObjects->mdFindObjects = mdFindObjects2; - mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, - fwSession, mdToken, fwToken, mdInstance, fwInstance); - } - } + if (NULL != mdFindObjects2) { + if (NULL != mdFindObjects2->Final) { + fwFindObjects->mdFindObjects = mdFindObjects2; + mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } - nss_ZFreeIf(fwFindObjects); - } + nss_ZFreeIf(fwFindObjects); + } - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - return (NSSCKFWFindObjects *)NULL; + return (NSSCKFWFindObjects *)NULL; } - /* * nssCKFWFindObjects_Destroy * */ NSS_EXTERN void -nssCKFWFindObjects_Destroy -( - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_Destroy( + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwFindObjects->mutex); + (void)nssCKFWMutex_Destroy(fwFindObjects->mutex); - if (fwFindObjects->mdfo1) { - if (fwFindObjects->mdfo1->Final) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; - fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } } - } - - if (fwFindObjects->mdfo2) { - if (fwFindObjects->mdfo2->Final) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; - fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); + + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } } - } - nss_ZFreeIf(fwFindObjects); + nss_ZFreeIf(fwFindObjects); #ifdef DEBUG - (void)findObjects_remove_pointer(fwFindObjects); + (void)findObjects_remove_pointer(fwFindObjects); #endif /* DEBUG */ - return; + return; } /* @@ -220,18 +209,16 @@ nssCKFWFindObjects_Destroy * */ NSS_EXTERN NSSCKMDFindObjects * -nssCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return (NSSCKMDFindObjects *)NULL; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return (NSSCKMDFindObjects *)NULL; + } #endif /* NSSDEBUG */ - return fwFindObjects->mdFindObjects; + return fwFindObjects->mdFindObjects; } /* @@ -239,89 +226,89 @@ nssCKFWFindObjects_GetMDFindObjects * */ NSS_EXTERN NSSCKFWObject * -nssCKFWFindObjects_Next -( - NSSCKFWFindObjects *fwFindObjects, - NSSArena *arenaOpt, - CK_RV *pError -) +nssCKFWFindObjects_Next( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError) { - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL; - NSSArena *objArena; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL; + NSSArena *objArena; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWObject *)NULL; + } - *pError = nssCKFWMutex_Lock(fwFindObjects->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - if (fwFindObjects->mdfo1) { - if (fwFindObjects->mdfo1->Next) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; - mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1, - fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance, - arenaOpt, pError); - if (!mdObject) { - if( CKR_OK != *pError ) { - goto done; - } + *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ - /* All done. */ - fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); - fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; - } else { - goto wrap; - } + *pError = nssCKFWMutex_Lock(fwFindObjects->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; } - } - - if (fwFindObjects->mdfo2) { - if (fwFindObjects->mdfo2->Next) { - fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; - mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2, - fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance, - arenaOpt, pError); - if (!mdObject) { - if( CKR_OK != *pError ) { - goto done; + + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if (CKR_OK != *pError) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; + } + else { + goto wrap; + } } + } - /* All done. */ - fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, - fwFindObjects->mdSession, fwFindObjects->fwSession, - fwFindObjects->mdToken, fwFindObjects->fwToken, - fwFindObjects->mdInstance, fwFindObjects->fwInstance); - fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; - } else { - goto wrap; - } + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if (CKR_OK != *pError) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; + } + else { + goto wrap; + } + } } - } - - /* No more objects */ - *pError = CKR_OK; - goto done; - - wrap: - /* + + /* No more objects */ + *pError = CKR_OK; + goto done; + +wrap: + /* * This seems is less than ideal-- we should determine if it's a token * object or a session object, and use the appropriate arena. * But that duplicates logic in nssCKFWObject_IsTokenObject. @@ -336,26 +323,26 @@ nssCKFWFindObjects_Next * exist in the cache from their initial creation). So this code is correct, * but it depends on nssCKFWObject_Create caching all objects. */ - objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError); - if (!objArena) { - if( CKR_OK == *pError ) { - *pError = CKR_HOST_MEMORY; + objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError); + if (!objArena) { + if (CKR_OK == *pError) { + *pError = CKR_HOST_MEMORY; + } + goto done; } - goto done; - } - - fwObject = nssCKFWObject_Create(objArena, mdObject, - NULL, fwFindObjects->fwToken, - fwFindObjects->fwInstance, pError); - if (!fwObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + + fwObject = nssCKFWObject_Create(objArena, mdObject, + NULL, fwFindObjects->fwToken, + fwFindObjects->fwInstance, pError); + if (!fwObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } } - } - done: - (void)nssCKFWMutex_Unlock(fwFindObjects->mutex); - return fwObject; +done: + (void)nssCKFWMutex_Unlock(fwFindObjects->mutex); + return fwObject; } /* @@ -364,16 +351,14 @@ nssCKFWFindObjects_Next */ NSS_EXTERN NSSCKMDFindObjects * -NSSCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects *fwFindObjects -) +NSSCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *fwFindObjects) { #ifdef DEBUG - if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { - return (NSSCKMDFindObjects *)NULL; - } + if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) { + return (NSSCKMDFindObjects *)NULL; + } #endif /* DEBUG */ - return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects); + return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects); } diff --git a/lib/ckfw/hash.c b/lib/ckfw/hash.c index 7d21084bd..eb0d4066b 100644 --- a/lib/ckfw/hash.c +++ b/lib/ckfw/hash.c @@ -31,24 +31,22 @@ */ struct nssCKFWHashStr { - NSSCKFWMutex *mutex; + NSSCKFWMutex *mutex; - /* - * The invariant that mutex protects is: - * The count accurately reflects the hashtable state. - */ + /* + * The invariant that mutex protects is: + * The count accurately reflects the hashtable state. + */ - PLHashTable *plHashTable; - CK_ULONG count; + PLHashTable *plHashTable; + CK_ULONG count; }; static PLHashNumber -nss_ckfw_identity_hash -( - const void *key -) +nss_ckfw_identity_hash( + const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -56,53 +54,51 @@ nss_ckfw_identity_hash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWHash_Create -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nssCKFWHash_Create( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nssCKFWHash *rv; + nssCKFWHash *rv; #ifdef NSSDEBUG - if (!pError) { - return (nssCKFWHash *)NULL; - } - - if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { - *pError = CKR_ARGUMENTS_BAD; - return (nssCKFWHash *)NULL; - } + if (!pError) { + return (nssCKFWHash *)NULL; + } + + if (PR_SUCCESS != nssArena_verifyPointer(arena)) { + *pError = CKR_ARGUMENTS_BAD; + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - rv = nss_ZNEW(arena, nssCKFWHash); - if (!rv) { - *pError = CKR_HOST_MEMORY; - return (nssCKFWHash *)NULL; - } + rv = nss_ZNEW(arena, nssCKFWHash); + if (!rv) { + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; + } - rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!rv->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!rv->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + (void)nss_ZFreeIf(rv); + return (nssCKFWHash *)NULL; } - (void)nss_ZFreeIf(rv); - return (nssCKFWHash *)NULL; - } - - rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, - PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); - if (!rv->plHashTable) { - (void)nssCKFWMutex_Destroy(rv->mutex); - (void)nss_ZFreeIf(rv); - *pError = CKR_HOST_MEMORY; - return (nssCKFWHash *)NULL; - } - - rv->count = 0; - - return rv; + + rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, + PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); + if (!rv->plHashTable) { + (void)nssCKFWMutex_Destroy(rv->mutex); + (void)nss_ZFreeIf(rv); + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; + } + + rv->count = 0; + + return rv; } /* @@ -110,14 +106,12 @@ nssCKFWHash_Create * */ NSS_IMPLEMENT void -nssCKFWHash_Destroy -( - nssCKFWHash *hash -) +nssCKFWHash_Destroy( + nssCKFWHash *hash) { - (void)nssCKFWMutex_Destroy(hash->mutex); - PL_HashTableDestroy(hash->plHashTable); - (void)nss_ZFreeIf(hash); + (void)nssCKFWMutex_Destroy(hash->mutex); + PL_HashTableDestroy(hash->plHashTable); + (void)nss_ZFreeIf(hash); } /* @@ -125,31 +119,30 @@ nssCKFWHash_Destroy * */ NSS_IMPLEMENT CK_RV -nssCKFWHash_Add -( - nssCKFWHash *hash, - const void *key, - const void *value -) +nssCKFWHash_Add( + nssCKFWHash *hash, + const void *key, + const void *value) { - CK_RV error = CKR_OK; - PLHashEntry *he; + CK_RV error = CKR_OK; + PLHashEntry *he; + + error = nssCKFWMutex_Lock(hash->mutex); + if (CKR_OK != error) { + return error; + } + + he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); + if (!he) { + error = CKR_HOST_MEMORY; + } + else { + hash->count++; + } + + (void)nssCKFWMutex_Unlock(hash->mutex); - error = nssCKFWMutex_Lock(hash->mutex); - if( CKR_OK != error ) { return error; - } - - he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); - if (!he) { - error = CKR_HOST_MEMORY; - } else { - hash->count++; - } - - (void)nssCKFWMutex_Unlock(hash->mutex); - - return error; } /* @@ -157,25 +150,23 @@ nssCKFWHash_Add * */ NSS_IMPLEMENT void -nssCKFWHash_Remove -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Remove( + nssCKFWHash *hash, + const void *it) { - PRBool found; + PRBool found; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return; + } - found = PL_HashTableRemove(hash->plHashTable, it); - if( found ) { - hash->count--; - } + found = PL_HashTableRemove(hash->plHashTable, it); + if (found) { + hash->count--; + } - (void)nssCKFWMutex_Unlock(hash->mutex); - return; + (void)nssCKFWMutex_Unlock(hash->mutex); + return; } /* @@ -183,22 +174,20 @@ nssCKFWHash_Remove * */ NSS_IMPLEMENT CK_ULONG -nssCKFWHash_Count -( - nssCKFWHash *hash -) +nssCKFWHash_Count( + nssCKFWHash *hash) { - CK_ULONG count; + CK_ULONG count; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return (CK_ULONG)0; + } - count = hash->count; + count = hash->count; - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return count; + return count; } /* @@ -206,27 +195,26 @@ nssCKFWHash_Count * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWHash_Exists -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Exists( + nssCKFWHash *hash, + const void *it) { - void *value; + void *value; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return CK_FALSE; + } - value = PL_HashTableLookup(hash->plHashTable, it); + value = PL_HashTableLookup(hash->plHashTable, it); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - if (!value) { - return CK_FALSE; - } else { - return CK_TRUE; - } + if (!value) { + return CK_FALSE; + } + else { + return CK_TRUE; + } } /* @@ -234,41 +222,37 @@ nssCKFWHash_Exists * */ NSS_IMPLEMENT void * -nssCKFWHash_Lookup -( - nssCKFWHash *hash, - const void *it -) +nssCKFWHash_Lookup( + nssCKFWHash *hash, + const void *it) { - void *rv; + void *rv; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return (void *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return (void *)NULL; + } - rv = PL_HashTableLookup(hash->plHashTable, it); + rv = PL_HashTableLookup(hash->plHashTable, it); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return rv; + return rv; } struct arg_str { - nssCKFWHashIterator fcn; - void *closure; + nssCKFWHashIterator fcn; + void *closure; }; static PRIntn -nss_ckfwhash_enumerator -( - PLHashEntry *he, - PRIntn index, - void *arg -) +nss_ckfwhash_enumerator( + PLHashEntry *he, + PRIntn index, + void *arg) { - struct arg_str *as = (struct arg_str *)arg; - as->fcn(he->key, he->value, as->closure); - return HT_ENUMERATE_NEXT; + struct arg_str *as = (struct arg_str *)arg; + as->fcn(he->key, he->value, as->closure); + return HT_ENUMERATE_NEXT; } /* @@ -277,24 +261,22 @@ nss_ckfwhash_enumerator * NOTE that the iteration function will be called with the hashtable locked. */ NSS_IMPLEMENT void -nssCKFWHash_Iterate -( - nssCKFWHash *hash, - nssCKFWHashIterator fcn, - void *closure -) +nssCKFWHash_Iterate( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure) { - struct arg_str as; - as.fcn = fcn; - as.closure = closure; + struct arg_str as; + as.fcn = fcn; + as.closure = closure; - if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) { + return; + } - PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as); + PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as); - (void)nssCKFWMutex_Unlock(hash->mutex); + (void)nssCKFWMutex_Unlock(hash->mutex); - return; + return; } diff --git a/lib/ckfw/instance.c b/lib/ckfw/instance.c index b8a5b25e1..3ef3fea15 100644 --- a/lib/ckfw/instance.c +++ b/lib/ckfw/instance.c @@ -33,7 +33,7 @@ * nssCKFWInstance_MayCreatePthreads * nssCKFWInstance_CreateMutex * nssCKFWInstance_GetConfigurationData - * nssCKFWInstance_GetInitArgs + * nssCKFWInstance_GetInitArgs * * -- private accessors -- * nssCKFWInstance_CreateSessionHandle @@ -60,52 +60,52 @@ */ struct NSSCKFWInstanceStr { - NSSCKFWMutex *mutex; - NSSArena *arena; - NSSCKMDInstance *mdInstance; - CK_C_INITIALIZE_ARGS_PTR pInitArgs; - CK_C_INITIALIZE_ARGS initArgs; - CryptokiLockingState LockingState; - CK_BBOOL mayCreatePthreads; - NSSUTF8 *configurationData; - CK_ULONG nSlots; - NSSCKFWSlot **fwSlotList; - NSSCKMDSlot **mdSlotList; - CK_BBOOL moduleHandlesSessionObjects; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The session handle hashes and count are consistant - * - * 3) The object handle hashes and count are consistant. - * - * I could use multiple locks, but let's wait to see if that's - * really necessary. - * - * Note that the calls accessing the cached descriptions will - * call the NSSCKMDInstance methods with the mutex locked. Those - * methods may then call the public NSSCKFWInstance routines. - * Those public routines only access the constant data above, so - * there's no problem. But be careful if you add to this object; - * mutexes are in general not reentrant, so don't create deadlock - * situations. - */ - - CK_VERSION cryptokiVersion; - NSSUTF8 *manufacturerID; - NSSUTF8 *libraryDescription; - CK_VERSION libraryVersion; - - CK_ULONG lastSessionHandle; - nssCKFWHash *sessionHandleHash; - - CK_ULONG lastObjectHandle; - nssCKFWHash *objectHandleHash; + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDInstance *mdInstance; + CK_C_INITIALIZE_ARGS_PTR pInitArgs; + CK_C_INITIALIZE_ARGS initArgs; + CryptokiLockingState LockingState; + CK_BBOOL mayCreatePthreads; + NSSUTF8 *configurationData; + CK_ULONG nSlots; + NSSCKFWSlot **fwSlotList; + NSSCKMDSlot **mdSlotList; + CK_BBOOL moduleHandlesSessionObjects; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session handle hashes and count are consistant + * + * 3) The object handle hashes and count are consistant. + * + * I could use multiple locks, but let's wait to see if that's + * really necessary. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDInstance methods with the mutex locked. Those + * methods may then call the public NSSCKFWInstance routines. + * Those public routines only access the constant data above, so + * there's no problem. But be careful if you add to this object; + * mutexes are in general not reentrant, so don't create deadlock + * situations. + */ + + CK_VERSION cryptokiVersion; + NSSUTF8 *manufacturerID; + NSSUTF8 *libraryDescription; + CK_VERSION libraryVersion; + + CK_ULONG lastSessionHandle; + nssCKFWHash *sessionHandleHash; + + CK_ULONG lastObjectHandle; + nssCKFWHash *objectHandleHash; }; #ifdef DEBUG @@ -121,30 +121,24 @@ struct NSSCKFWInstanceStr { */ static CK_RV -instance_add_pointer -( - const NSSCKFWInstance *fwInstance -) +instance_add_pointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } static CK_RV -instance_remove_pointer -( - const NSSCKFWInstance *fwInstance -) +instance_remove_pointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWInstance_verifyPointer -( - const NSSCKFWInstance *fwInstance -) +nssCKFWInstance_verifyPointer( + const NSSCKFWInstance *fwInstance) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -154,191 +148,192 @@ nssCKFWInstance_verifyPointer * */ NSS_IMPLEMENT NSSCKFWInstance * -nssCKFWInstance_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSCKMDInstance *mdInstance, - CK_RV *pError -) +nssCKFWInstance_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError) { - NSSCKFWInstance *fwInstance; - NSSArena *arena = (NSSArena *)NULL; - CK_ULONG i; - CK_BBOOL called_Initialize = CK_FALSE; + NSSCKFWInstance *fwInstance; + NSSArena *arena = (NSSArena *)NULL; + CK_ULONG i; + CK_BBOOL called_Initialize = CK_FALSE; #ifdef NSSDEBUG - if( (CK_RV)NULL == pError ) { - return (NSSCKFWInstance *)NULL; - } + if ((CK_RV)NULL == pError) { + return (NSSCKFWInstance *)NULL; + } - if (!mdInstance) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWInstance *)NULL; - } + if (!mdInstance) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWInstance *)NULL; + } #endif /* NSSDEBUG */ - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWInstance *)NULL; - } - - fwInstance = nss_ZNEW(arena, NSSCKFWInstance); - if (!fwInstance) { - goto nomem; - } - - fwInstance->arena = arena; - fwInstance->mdInstance = mdInstance; - - fwInstance->LockingState = LockingState; - if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) { - fwInstance->initArgs = *pInitArgs; - fwInstance->pInitArgs = &fwInstance->initArgs; - if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) { - fwInstance->mayCreatePthreads = CK_FALSE; - } else { - fwInstance->mayCreatePthreads = CK_TRUE; - } - fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); - } else { - fwInstance->mayCreatePthreads = CK_TRUE; - } - - fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena, - pError); - if (!fwInstance->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - if (mdInstance->Initialize) { - *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData); - if( CKR_OK != *pError ) { - goto loser; - } - - called_Initialize = CK_TRUE; - } - - if (mdInstance->ModuleHandlesSessionObjects) { - fwInstance->moduleHandlesSessionObjects = - mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); - } else { - fwInstance->moduleHandlesSessionObjects = CK_FALSE; - } - - if (!mdInstance->GetNSlots) { - /* That routine is required */ - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError); - if( (CK_ULONG)0 == fwInstance->nSlots ) { - if( CKR_OK == *pError ) { - /* Zero is not a legitimate answer */ - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots); - if( (NSSCKFWSlot **)NULL == fwInstance->fwSlotList ) { - goto nomem; - } - - fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots); - if( (NSSCKMDSlot **)NULL == fwInstance->mdSlotList ) { - goto nomem; - } - - fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance, - fwInstance->arena, pError); - if (!fwInstance->sessionHandleHash) { - goto loser; - } - - fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance, - fwInstance->arena, pError); - if (!fwInstance->objectHandleHash) { - goto loser; - } - - if (!mdInstance->GetSlots) { - /* That routine is required */ - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList); - if( CKR_OK != *pError ) { - goto loser; - } - - for( i = 0; i < fwInstance->nSlots; i++ ) { - NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i]; + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWInstance *)NULL; + } - if (!mdSlot) { - *pError = CKR_GENERAL_ERROR; - goto loser; + fwInstance = nss_ZNEW(arena, NSSCKFWInstance); + if (!fwInstance) { + goto nomem; } - fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError); - if( CKR_OK != *pError ) { - CK_ULONG j; + fwInstance->arena = arena; + fwInstance->mdInstance = mdInstance; - for( j = 0; j < i; j++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]); - } + fwInstance->LockingState = LockingState; + if ((CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs) { + fwInstance->initArgs = *pInitArgs; + fwInstance->pInitArgs = &fwInstance->initArgs; + if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) { + fwInstance->mayCreatePthreads = CK_FALSE; + } + else { + fwInstance->mayCreatePthreads = CK_TRUE; + } + fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); + } + else { + fwInstance->mayCreatePthreads = CK_TRUE; + } - for( j = i; j < fwInstance->nSlots; j++ ) { - NSSCKMDSlot *mds = fwInstance->mdSlotList[j]; - if (mds->Destroy) { - mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance); + fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena, + pError); + if (!fwInstance->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; } - } + goto loser; + } + + if (mdInstance->Initialize) { + *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData); + if (CKR_OK != *pError) { + goto loser; + } + + called_Initialize = CK_TRUE; + } + + if (mdInstance->ModuleHandlesSessionObjects) { + fwInstance->moduleHandlesSessionObjects = + mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); + } + else { + fwInstance->moduleHandlesSessionObjects = CK_FALSE; + } + + if (!mdInstance->GetNSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError); + if ((CK_ULONG)0 == fwInstance->nSlots) { + if (CKR_OK == *pError) { + /* Zero is not a legitimate answer */ + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots); + if ((NSSCKFWSlot **)NULL == fwInstance->fwSlotList) { + goto nomem; + } - goto loser; + fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots); + if ((NSSCKMDSlot **)NULL == fwInstance->mdSlotList) { + goto nomem; + } + + fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->sessionHandleHash) { + goto loser; + } + + fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->objectHandleHash) { + goto loser; + } + + if (!mdInstance->GetSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList); + if (CKR_OK != *pError) { + goto loser; + } + + for (i = 0; i < fwInstance->nSlots; i++) { + NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i]; + + if (!mdSlot) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError); + if (CKR_OK != *pError) { + CK_ULONG j; + + for (j = 0; j < i; j++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]); + } + + for (j = i; j < fwInstance->nSlots; j++) { + NSSCKMDSlot *mds = fwInstance->mdSlotList[j]; + if (mds->Destroy) { + mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance); + } + } + + goto loser; + } } - } #ifdef DEBUG - *pError = instance_add_pointer(fwInstance); - if( CKR_OK != *pError ) { - for( i = 0; i < fwInstance->nSlots; i++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); - } - - goto loser; - } + *pError = instance_add_pointer(fwInstance); + if (CKR_OK != *pError) { + for (i = 0; i < fwInstance->nSlots; i++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } + + goto loser; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwInstance; + *pError = CKR_OK; + return fwInstance; - nomem: - *pError = CKR_HOST_MEMORY; - /*FALLTHROUGH*/ - loser: +nomem: + *pError = CKR_HOST_MEMORY; + /*FALLTHROUGH*/ +loser: - if( CK_TRUE == called_Initialize ) { - if (mdInstance->Finalize) { - mdInstance->Finalize(mdInstance, fwInstance); + if (CK_TRUE == called_Initialize) { + if (mdInstance->Finalize) { + mdInstance->Finalize(mdInstance, fwInstance); + } } - } - if (fwInstance && fwInstance->mutex) { - nssCKFWMutex_Destroy(fwInstance->mutex); - } + if (fwInstance && fwInstance->mutex) { + nssCKFWMutex_Destroy(fwInstance->mutex); + } - if (arena) { - (void)NSSArena_Destroy(arena); - } - return (NSSCKFWInstance *)NULL; + if (arena) { + (void)NSSArena_Destroy(arena); + } + return (NSSCKFWInstance *)NULL; } /* @@ -346,47 +341,45 @@ nssCKFWInstance_Create * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_Destroy -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_Destroy( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - CK_ULONG i; + CK_ULONG i; #ifdef NSSDEBUG - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - nssCKFWMutex_Destroy(fwInstance->mutex); + nssCKFWMutex_Destroy(fwInstance->mutex); - for( i = 0; i < fwInstance->nSlots; i++ ) { - (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); - } + for (i = 0; i < fwInstance->nSlots; i++) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } - if (fwInstance->mdInstance->Finalize) { - fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance); - } + if (fwInstance->mdInstance->Finalize) { + fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance); + } - if (fwInstance->sessionHandleHash) { - nssCKFWHash_Destroy(fwInstance->sessionHandleHash); - } + if (fwInstance->sessionHandleHash) { + nssCKFWHash_Destroy(fwInstance->sessionHandleHash); + } - if (fwInstance->objectHandleHash) { - nssCKFWHash_Destroy(fwInstance->objectHandleHash); - } + if (fwInstance->objectHandleHash) { + nssCKFWHash_Destroy(fwInstance->objectHandleHash); + } #ifdef DEBUG - (void)instance_remove_pointer(fwInstance); + (void)instance_remove_pointer(fwInstance); #endif /* DEBUG */ - (void)NSSArena_Destroy(fwInstance->arena); - return CKR_OK; + (void)NSSArena_Destroy(fwInstance->arena); + return CKR_OK; } /* @@ -394,18 +387,16 @@ nssCKFWInstance_Destroy * */ NSS_IMPLEMENT NSSCKMDInstance * -nssCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKMDInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->mdInstance; + return fwInstance->mdInstance; } /* @@ -413,25 +404,23 @@ nssCKFWInstance_GetMDInstance * */ NSS_IMPLEMENT NSSArena * -nssCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; - return fwInstance->arena; + *pError = CKR_OK; + return fwInstance->arena; } /* @@ -439,18 +428,16 @@ nssCKFWInstance_GetArena * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwInstance->mayCreatePthreads; + return fwInstance->mayCreatePthreads; } /* @@ -458,37 +445,35 @@ nssCKFWInstance_MayCreatePthreads * */ NSS_IMPLEMENT NSSCKFWMutex * -nssCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nssCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - NSSCKFWMutex *mutex; + NSSCKFWMutex *mutex; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWMutex *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWMutex *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWMutex *)NULL; + } - mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState, - arena, pError); - if (!mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWMutex *)NULL; } +#endif /* NSSDEBUG */ - return (NSSCKFWMutex *)NULL; - } + mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState, + arena, pError); + if (!mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - return mutex; + return (NSSCKFWMutex *)NULL; + } + + return mutex; } /* @@ -496,18 +481,16 @@ nssCKFWInstance_CreateMutex * */ NSS_IMPLEMENT NSSUTF8 * -nssCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSUTF8 *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSUTF8 *)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->configurationData; + return fwInstance->configurationData; } /* @@ -515,15 +498,13 @@ nssCKFWInstance_GetConfigurationData * */ CK_C_INITIALIZE_ARGS_PTR -nssCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_C_INITIALIZE_ARGS_PTR)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } #endif /* NSSDEBUG */ return fwInstance->pInitArgs; @@ -534,50 +515,48 @@ nssCKFWInstance_GetInitArgs * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWInstance_CreateSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWInstance_CreateSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError) { - CK_SESSION_HANDLE hSession; + CK_SESSION_HANDLE hSession; #ifdef NSSDEBUG - if (!pError) { - return (CK_SESSION_HANDLE)0; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_SESSION_HANDLE)0; - } + if (!pError) { + return (CK_SESSION_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_SESSION_HANDLE)0; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != *pError ) { - return (CK_SESSION_HANDLE)0; - } - - hSession = ++(fwInstance->lastSessionHandle); - - /* Alan would say I should unlock for this call. */ - - *pError = nssCKFWSession_SetHandle(fwSession, hSession); - if( CKR_OK != *pError ) { - goto done; - } - - *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash, - (const void *)hSession, (const void *)fwSession); - if( CKR_OK != *pError ) { - hSession = (CK_SESSION_HANDLE)0; - goto done; - } - - done: - nssCKFWMutex_Unlock(fwInstance->mutex); - return hSession; + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != *pError) { + return (CK_SESSION_HANDLE)0; + } + + hSession = ++(fwInstance->lastSessionHandle); + + /* Alan would say I should unlock for this call. */ + + *pError = nssCKFWSession_SetHandle(fwSession, hSession); + if (CKR_OK != *pError) { + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash, + (const void *)hSession, (const void *)fwSession); + if (CKR_OK != *pError) { + hSession = (CK_SESSION_HANDLE)0; + goto done; + } + +done: + nssCKFWMutex_Unlock(fwInstance->mutex); + return hSession; } /* @@ -585,32 +564,30 @@ nssCKFWInstance_CreateSessionHandle * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWInstance_ResolveSessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +nssCKFWInstance_ResolveSessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - NSSCKFWSession *fwSession; + NSSCKFWSession *fwSession; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKFWSession *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return (NSSCKFWSession *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return (NSSCKFWSession *)NULL; + } - fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( - fwInstance->sessionHandleHash, (const void *)hSession); + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); - /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */ + /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */ - (void)nssCKFWMutex_Unlock(fwInstance->mutex); + (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return fwSession; + return fwSession; } /* @@ -618,34 +595,32 @@ nssCKFWInstance_ResolveSessionHandle * */ NSS_IMPLEMENT void -nssCKFWInstance_DestroySessionHandle -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +nssCKFWInstance_DestroySessionHandle( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - NSSCKFWSession *fwSession; + NSSCKFWSession *fwSession; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return; + } - fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( - fwInstance->sessionHandleHash, (const void *)hSession); - if (fwSession) { - nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); - nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); - } + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); + if (fwSession) { + nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); + nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); + } - (void)nssCKFWMutex_Unlock(fwInstance->mutex); + (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return; + return; } /* @@ -653,24 +628,22 @@ nssCKFWInstance_DestroySessionHandle * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWInstance_FindSessionHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession -) +nssCKFWInstance_FindSessionHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_SESSION_HANDLE)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_SESSION_HANDLE)0; + } - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (CK_SESSION_HANDLE)0; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (CK_SESSION_HANDLE)0; + } #endif /* NSSDEBUG */ - return nssCKFWSession_GetHandle(fwSession); - /* look it up and assert? */ + return nssCKFWSession_GetHandle(fwSession); + /* look it up and assert? */ } /* @@ -678,49 +651,47 @@ nssCKFWInstance_FindSessionHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWInstance_CreateObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWInstance_CreateObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_OBJECT_HANDLE hObject; + CK_OBJECT_HANDLE hObject; #ifdef NSSDEBUG - if (!pError) { - return (CK_OBJECT_HANDLE)0; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_OBJECT_HANDLE)0; - } + if (!pError) { + return (CK_OBJECT_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != *pError ) { - return (CK_OBJECT_HANDLE)0; - } - - hObject = ++(fwInstance->lastObjectHandle); - - *pError = nssCKFWObject_SetHandle(fwObject, hObject); - if( CKR_OK != *pError ) { - hObject = (CK_OBJECT_HANDLE)0; - goto done; - } - - *pError = nssCKFWHash_Add(fwInstance->objectHandleHash, - (const void *)hObject, (const void *)fwObject); - if( CKR_OK != *pError ) { - hObject = (CK_OBJECT_HANDLE)0; - goto done; - } - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return hObject; + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != *pError) { + return (CK_OBJECT_HANDLE)0; + } + + hObject = ++(fwInstance->lastObjectHandle); + + *pError = nssCKFWObject_SetHandle(fwObject, hObject); + if (CKR_OK != *pError) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + if (CKR_OK != *pError) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return hObject; } /* @@ -728,31 +699,29 @@ nssCKFWInstance_CreateObjectHandle * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWInstance_ResolveObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -) +nssCKFWInstance_ResolveObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject) { - NSSCKFWObject *fwObject; + NSSCKFWObject *fwObject; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKFWObject *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKFWObject *)NULL; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - return (NSSCKFWObject *)NULL; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return (NSSCKFWObject *)NULL; + } - fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); - /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */ + /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */ - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return fwObject; + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return fwObject; } /* @@ -760,46 +729,44 @@ nssCKFWInstance_ResolveObjectHandle * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_ReassignObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject, - NSSCKFWObject *fwObject -) +nssCKFWInstance_ReassignObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject) { - CK_RV error = CKR_OK; - NSSCKFWObject *oldObject; + CK_RV error = CKR_OK; + NSSCKFWObject *oldObject; #ifdef NSSDEBUG - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } + + oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if (oldObject) { + /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */ + (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0); + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + } + + error = nssCKFWObject_SetHandle(fwObject, hObject); + if (CKR_OK != error) { + goto done; + } + error = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); return error; - } - - oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); - if(oldObject) { - /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */ - (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0); - nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); - } - - error = nssCKFWObject_SetHandle(fwObject, hObject); - if( CKR_OK != error ) { - goto done; - } - error = nssCKFWHash_Add(fwInstance->objectHandleHash, - (const void *)hObject, (const void *)fwObject); - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; } /* @@ -807,34 +774,32 @@ nssCKFWInstance_ReassignObjectHandle * */ NSS_IMPLEMENT void -nssCKFWInstance_DestroyObjectHandle -( - NSSCKFWInstance *fwInstance, - CK_OBJECT_HANDLE hObject -) +nssCKFWInstance_DestroyObjectHandle( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject) { - NSSCKFWObject *fwObject; + NSSCKFWObject *fwObject; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + return; + } + + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if (fwObject) { + /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */ + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0); + } + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); return; - } - - fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( - fwInstance->objectHandleHash, (const void *)hObject); - if (fwObject) { - /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */ - nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); - (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0); - } - - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return; } /* @@ -842,23 +807,21 @@ nssCKFWInstance_DestroyObjectHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWInstance_FindObjectHandle -( - NSSCKFWInstance *fwInstance, - NSSCKFWObject *fwObject -) +nssCKFWInstance_FindObjectHandle( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_OBJECT_HANDLE)0; + } - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - - return nssCKFWObject_GetHandle(fwObject); + + return nssCKFWObject_GetHandle(fwObject); } /* @@ -866,70 +829,67 @@ nssCKFWInstance_FindObjectHandle * */ NSS_IMPLEMENT CK_ULONG -nssCKFWInstance_GetNSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetNSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; - return fwInstance->nSlots; -} + *pError = CKR_OK; + return fwInstance->nSlots; +} /* * nssCKFWInstance_GetCryptokiVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWInstance_GetCryptokiVersion -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetCryptokiVersion( + NSSCKFWInstance *fwInstance) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwInstance->cryptokiVersion.major) || + (0 != fwInstance->cryptokiVersion.minor)) { + rv = fwInstance->cryptokiVersion; + goto done; + } + + if (fwInstance->mdInstance->GetCryptokiVersion) { + fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( + fwInstance->mdInstance, fwInstance); + } + else { + fwInstance->cryptokiVersion.major = 2; + fwInstance->cryptokiVersion.minor = 1; + } - if( (0 != fwInstance->cryptokiVersion.major) || - (0 != fwInstance->cryptokiVersion.minor) ) { rv = fwInstance->cryptokiVersion; - goto done; - } - - if (fwInstance->mdInstance->GetCryptokiVersion) { - fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( - fwInstance->mdInstance, fwInstance); - } else { - fwInstance->cryptokiVersion.major = 2; - fwInstance->cryptokiVersion.minor = 1; - } - - rv = fwInstance->cryptokiVersion; - - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; } /* @@ -937,48 +897,47 @@ nssCKFWInstance_GetCryptokiVersion * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_GetManufacturerID -( - NSSCKFWInstance *fwInstance, - CK_CHAR manufacturerID[32] -) +nssCKFWInstance_GetManufacturerID( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwInstance->manufacturerID) { - if (fwInstance->mdInstance->GetManufacturerID) { - fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID( - fwInstance->mdInstance, fwInstance, &error); - if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwInstance->manufacturerID = (NSSUTF8 *) ""; + if (!fwInstance->manufacturerID) { + if (fwInstance->mdInstance->GetManufacturerID) { + fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } + else { + fwInstance->manufacturerID = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; } /* @@ -986,19 +945,17 @@ nssCKFWInstance_GetManufacturerID * */ NSS_IMPLEMENT CK_ULONG -nssCKFWInstance_GetFlags -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetFlags( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - /* No "instance flags" are yet defined by Cryptoki. */ - return (CK_ULONG)0; + /* No "instance flags" are yet defined by Cryptoki. */ + return (CK_ULONG)0; } /* @@ -1006,48 +963,47 @@ nssCKFWInstance_GetFlags * */ NSS_IMPLEMENT CK_RV -nssCKFWInstance_GetLibraryDescription -( - NSSCKFWInstance *fwInstance, - CK_CHAR libraryDescription[32] -) +nssCKFWInstance_GetLibraryDescription( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == libraryDescription ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == libraryDescription) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwInstance->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwInstance->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwInstance->libraryDescription) { - if (fwInstance->mdInstance->GetLibraryDescription) { - fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription( - fwInstance->mdInstance, fwInstance, &error); - if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { - goto done; - } - } else { - fwInstance->libraryDescription = (NSSUTF8 *) ""; + if (!fwInstance->libraryDescription) { + if (fwInstance->mdInstance->GetLibraryDescription) { + fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { + goto done; + } + } + else { + fwInstance->libraryDescription = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; } /* @@ -1055,43 +1011,42 @@ nssCKFWInstance_GetLibraryDescription * */ NSS_IMPLEMENT CK_VERSION -nssCKFWInstance_GetLibraryVersion -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetLibraryVersion( + NSSCKFWInstance *fwInstance) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwInstance->libraryVersion.major) || + (0 != fwInstance->libraryVersion.minor)) { + rv = fwInstance->libraryVersion; + goto done; + } + + if (fwInstance->mdInstance->GetLibraryVersion) { + fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( + fwInstance->mdInstance, fwInstance); + } + else { + fwInstance->libraryVersion.major = 0; + fwInstance->libraryVersion.minor = 3; + } - if( (0 != fwInstance->libraryVersion.major) || - (0 != fwInstance->libraryVersion.minor) ) { rv = fwInstance->libraryVersion; - goto done; - } - - if (fwInstance->mdInstance->GetLibraryVersion) { - fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( - fwInstance->mdInstance, fwInstance); - } else { - fwInstance->libraryVersion.major = 0; - fwInstance->libraryVersion.minor = 3; - } - - rv = fwInstance->libraryVersion; - done: - (void)nssCKFWMutex_Unlock(fwInstance->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; } /* @@ -1099,18 +1054,16 @@ nssCKFWInstance_GetLibraryVersion * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWInstance_GetModuleHandlesSessionObjects -( - NSSCKFWInstance *fwInstance -) +nssCKFWInstance_GetModuleHandlesSessionObjects( + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwInstance->moduleHandlesSessionObjects; + return fwInstance->moduleHandlesSessionObjects; } /* @@ -1118,24 +1071,22 @@ nssCKFWInstance_GetModuleHandlesSessionObjects * */ NSS_IMPLEMENT NSSCKFWSlot ** -nssCKFWInstance_GetSlots -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWInstance_GetSlots( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot **)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot **)NULL; - } + if (!pError) { + return (NSSCKFWSlot **)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot **)NULL; + } #endif /* NSSDEBUG */ - return fwInstance->fwSlotList; + return fwInstance->fwSlotList; } /* @@ -1143,72 +1094,69 @@ nssCKFWInstance_GetSlots * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWInstance_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError -) +nssCKFWInstance_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError) { - NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL; - NSSCKMDSlot *mdSlot; - CK_ULONG i, n; + NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL; + NSSCKMDSlot *mdSlot; + CK_ULONG i, n; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot *)NULL; - } - - switch( block ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWSlot *)NULL; - } + if (!pError) { + return (NSSCKFWSlot *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot *)NULL; + } + + switch (block) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - if (!fwInstance->mdInstance->WaitForSlotEvent) { - *pError = CKR_NO_EVENT; - return (NSSCKFWSlot *)NULL; - } - - mdSlot = fwInstance->mdInstance->WaitForSlotEvent( - fwInstance->mdInstance, - fwInstance, - block, - pError - ); - - if (!mdSlot) { - return (NSSCKFWSlot *)NULL; - } - - n = nssCKFWInstance_GetNSlots(fwInstance, pError); - if( ((CK_ULONG)0 == n) && (CKR_OK != *pError) ) { - return (NSSCKFWSlot *)NULL; - } - - for( i = 0; i < n; i++ ) { - if( fwInstance->mdSlotList[i] == mdSlot ) { - fwSlot = fwInstance->fwSlotList[i]; - break; - } - } - - if (!fwSlot) { - /* Internal error */ - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWSlot *)NULL; - } - - return fwSlot; + if (!fwInstance->mdInstance->WaitForSlotEvent) { + *pError = CKR_NO_EVENT; + return (NSSCKFWSlot *)NULL; + } + + mdSlot = fwInstance->mdInstance->WaitForSlotEvent( + fwInstance->mdInstance, + fwInstance, + block, + pError); + + if (!mdSlot) { + return (NSSCKFWSlot *)NULL; + } + + n = nssCKFWInstance_GetNSlots(fwInstance, pError); + if (((CK_ULONG)0 == n) && (CKR_OK != *pError)) { + return (NSSCKFWSlot *)NULL; + } + + for (i = 0; i < n; i++) { + if (fwInstance->mdSlotList[i] == mdSlot) { + fwSlot = fwInstance->fwSlotList[i]; + break; + } + } + + if (!fwSlot) { + /* Internal error */ + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; + } + + return fwSlot; } /* @@ -1216,18 +1164,16 @@ nssCKFWInstance_WaitForSlotEvent * */ NSS_IMPLEMENT NSSCKMDInstance * -NSSCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSCKMDInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetMDInstance(fwInstance); + return nssCKFWInstance_GetMDInstance(fwInstance); } /* @@ -1235,24 +1181,22 @@ NSSCKFWInstance_GetMDInstance * */ NSS_IMPLEMENT NSSArena * -NSSCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +NSSCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetArena(fwInstance, pError); + return nssCKFWInstance_GetArena(fwInstance, pError); } /* @@ -1260,18 +1204,16 @@ NSSCKFWInstance_GetArena * */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWInstance_MayCreatePthreads(fwInstance); + return nssCKFWInstance_MayCreatePthreads(fwInstance); } /* @@ -1279,25 +1221,23 @@ NSSCKFWInstance_MayCreatePthreads * */ NSS_IMPLEMENT NSSCKFWMutex * -NSSCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +NSSCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSCKFWMutex *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWMutex *)NULL; - } + if (!pError) { + return (NSSCKFWMutex *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWMutex *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + return nssCKFWInstance_CreateMutex(fwInstance, arena, pError); } /* @@ -1305,18 +1245,16 @@ NSSCKFWInstance_CreateMutex * */ NSS_IMPLEMENT NSSUTF8 * -NSSCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (NSSUTF8 *)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (NSSUTF8 *)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetConfigurationData(fwInstance); + return nssCKFWInstance_GetConfigurationData(fwInstance); } /* @@ -1324,17 +1262,14 @@ NSSCKFWInstance_GetConfigurationData * */ NSS_IMPLEMENT CK_C_INITIALIZE_ARGS_PTR -NSSCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -) +NSSCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance) { #ifdef DEBUG - if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { - return (CK_C_INITIALIZE_ARGS_PTR)NULL; - } + if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } #endif /* DEBUG */ - return nssCKFWInstance_GetInitArgs(fwInstance); + return nssCKFWInstance_GetInitArgs(fwInstance); } - diff --git a/lib/ckfw/mechanism.c b/lib/ckfw/mechanism.c index 14baf02c5..47e5ac69f 100644 --- a/lib/ckfw/mechanism.c +++ b/lib/ckfw/mechanism.c @@ -55,13 +55,12 @@ * nssCKFWMechanism_DeriveKey */ - struct NSSCKFWMechanismStr { - NSSCKMDMechanism *mdMechanism; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; + NSSCKMDMechanism *mdMechanism; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; }; /* @@ -69,28 +68,25 @@ struct NSSCKFWMechanismStr { * */ NSS_IMPLEMENT NSSCKFWMechanism * -nssCKFWMechanism_Create -( - NSSCKMDMechanism *mdMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nssCKFWMechanism_Create( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - NSSCKFWMechanism *fwMechanism; - - - fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); - if (!fwMechanism) { - return (NSSCKFWMechanism *)NULL; - } - fwMechanism->mdMechanism = mdMechanism; - fwMechanism->mdToken = mdToken; - fwMechanism->fwToken = fwToken; - fwMechanism->mdInstance = mdInstance; - fwMechanism->fwInstance = fwInstance; - return fwMechanism; + NSSCKFWMechanism *fwMechanism; + + fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); + if (!fwMechanism) { + return (NSSCKFWMechanism *)NULL; + } + fwMechanism->mdMechanism = mdMechanism; + fwMechanism->mdToken = mdToken; + fwMechanism->fwToken = fwToken; + fwMechanism->mdInstance = mdInstance; + fwMechanism->fwInstance = fwInstance; + return fwMechanism; } /* @@ -98,24 +94,22 @@ nssCKFWMechanism_Create * */ NSS_IMPLEMENT void -nssCKFWMechanism_Destroy -( - NSSCKFWMechanism *fwMechanism -) +nssCKFWMechanism_Destroy( + NSSCKFWMechanism *fwMechanism) { - /* destroy any fw resources held by nssCKFWMechanism (currently none) */ - - if (!fwMechanism->mdMechanism->Destroy) { - /* destroys it's parent as well */ - fwMechanism->mdMechanism->Destroy( - fwMechanism->mdMechanism, - fwMechanism, - fwMechanism->mdInstance, - fwMechanism->fwInstance); - } - /* if the Destroy function wasn't supplied, then the mechanism is 'static', - * and there is nothing to destroy */ - return; + /* destroy any fw resources held by nssCKFWMechanism (currently none) */ + + if (!fwMechanism->mdMechanism->Destroy) { + /* destroys it's parent as well */ + fwMechanism->mdMechanism->Destroy( + fwMechanism->mdMechanism, + fwMechanism, + fwMechanism->mdInstance, + fwMechanism->fwInstance); + } + /* if the Destroy function wasn't supplied, then the mechanism is 'static', + * and there is nothing to destroy */ + return; } /* @@ -123,12 +117,10 @@ nssCKFWMechanism_Destroy * */ NSS_IMPLEMENT NSSCKMDMechanism * -nssCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -) +nssCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism) { - return fwMechanism->mdMechanism; + return fwMechanism->mdMechanism; } /* @@ -136,19 +128,17 @@ nssCKFWMechanism_GetMDMechanism * */ NSS_IMPLEMENT CK_ULONG -nssCKFWMechanism_GetMinKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetMinKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetMinKeySize) { - return 0; - } + if (!fwMechanism->mdMechanism->GetMinKeySize) { + return 0; + } - return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } /* @@ -156,19 +146,17 @@ nssCKFWMechanism_GetMinKeySize * */ NSS_IMPLEMENT CK_ULONG -nssCKFWMechanism_GetMaxKeySize -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetMaxKeySize( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetMaxKeySize) { - return 0; - } + if (!fwMechanism->mdMechanism->GetMaxKeySize) { + return 0; + } - return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } /* @@ -176,22 +164,19 @@ nssCKFWMechanism_GetMaxKeySize * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWMechanism_GetInHardware -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetInHardware( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GetInHardware) { - return CK_FALSE; - } + if (!fwMechanism->mdMechanism->GetInHardware) { + return CK_FALSE; + } - return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, - fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, pError); + return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); } - /* * the following are determined automatically by which of the cryptographic * functions are defined for this mechanism. @@ -201,16 +186,14 @@ nssCKFWMechanism_GetInHardware * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanEncrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanEncrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->EncryptInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->EncryptInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -218,16 +201,14 @@ nssCKFWMechanism_GetCanEncrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDecrypt -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDecrypt( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DecryptInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DecryptInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -235,16 +216,14 @@ nssCKFWMechanism_GetCanDecrypt * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDigest -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDigest( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DigestInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DigestInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -252,16 +231,14 @@ nssCKFWMechanism_GetCanDigest * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSign -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanSign( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->SignInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->SignInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -269,16 +246,14 @@ nssCKFWMechanism_GetCanSign * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanSignRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanSignRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->SignRecoverInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -286,16 +261,14 @@ nssCKFWMechanism_GetCanSignRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerify -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanVerify( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->VerifyInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->VerifyInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -303,16 +276,14 @@ nssCKFWMechanism_GetCanVerify * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanVerifyRecover -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanVerifyRecover( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->VerifyRecoverInit) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -320,16 +291,14 @@ nssCKFWMechanism_GetCanVerifyRecover * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerate -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanGenerate( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GenerateKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->GenerateKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -337,16 +306,14 @@ nssCKFWMechanism_GetCanGenerate * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanGenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanGenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->GenerateKeyPair) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -354,16 +321,14 @@ nssCKFWMechanism_GetCanGenerateKeyPair * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanUnwrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanUnwrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->UnwrapKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->UnwrapKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -371,16 +336,14 @@ nssCKFWMechanism_GetCanUnwrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanWrap -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanWrap( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->WrapKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->WrapKey) { + return CK_FALSE; + } + return CK_TRUE; } /* @@ -388,55 +351,50 @@ nssCKFWMechanism_GetCanWrap * */ NSS_EXTERN CK_BBOOL -nssCKFWMechanism_GetCanDerive -( - NSSCKFWMechanism *fwMechanism, - CK_RV *pError -) +nssCKFWMechanism_GetCanDerive( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError) { - if (!fwMechanism->mdMechanism->DeriveKey) { - return CK_FALSE; - } - return CK_TRUE; + if (!fwMechanism->mdMechanism->DeriveKey) { + return CK_FALSE; + } + return CK_TRUE; } /* * These are the actual crypto operations */ -/* +/* * nssCKFWMechanism_EncryptInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_EncryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_EncryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->EncryptInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->EncryptInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->EncryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->EncryptInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -448,58 +406,54 @@ nssCKFWMechanism_EncryptInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Encrypt, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_EncryptDecrypt); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Encrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_DecryptInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_DecryptInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_DecryptInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->DecryptInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->DecryptInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DecryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->DecryptInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -511,55 +465,51 @@ nssCKFWMechanism_DecryptInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Decrypt, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_EncryptDecrypt); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Decrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_DigestInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_DigestInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession -) +nssCKFWMechanism_DigestInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_Digest); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } - if (!fwMechanism->mdMechanism->DigestInit) { - return CKR_FUNCTION_FAILED; - } + if (!fwMechanism->mdMechanism->DigestInit) { + return CKR_FUNCTION_FAILED; + } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdOperation = fwMechanism->mdMechanism->DigestInit( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdOperation = fwMechanism->mdMechanism->DigestInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -569,58 +519,54 @@ nssCKFWMechanism_DigestInit fwMechanism->fwToken, fwMechanism->mdInstance, fwMechanism->fwInstance, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Digest, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_Digest); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Digest, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_Digest); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_SignInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_SignInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->SignInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->SignInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -632,58 +578,54 @@ nssCKFWMechanism_SignInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Sign, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Sign, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_VerifyInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_VerifyInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->VerifyInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->VerifyInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -695,58 +637,54 @@ nssCKFWMechanism_VerifyInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_Verify, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Verify, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_SignRecoverInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_SignRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_SignRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->SignRecoverInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->SignRecoverInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignRecoverInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -758,58 +696,54 @@ nssCKFWMechanism_SignRecoverInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_SignRecover, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_SignRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } -/* +/* * nssCKFWMechanism_VerifyRecoverInit * Start an encryption session. */ NSS_EXTERN CK_RV -nssCKFWMechanism_VerifyRecoverInit -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWMechanism_VerifyRecoverInit( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKMDCryptoOperation *mdOperation; - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - CK_RV error = CKR_OK; - - - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_SignVerify); - if (fwOperation) { - return CKR_OPERATION_ACTIVE; - } - - if (!fwMechanism->mdMechanism->VerifyRecoverInit) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = nssCKFWObject_GetMDObject(fwObject); - mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -821,59 +755,56 @@ nssCKFWMechanism_VerifyRecoverInit fwMechanism->fwInstance, mdObject, fwObject, - &error - ); - if (!mdOperation) { - goto loser; - } - - fwOperation = nssCKFWCryptoOperation_Create(mdOperation, - mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, - fwMechanism->mdInstance, fwMechanism->fwInstance, - NSSCKFWCryptoOperationType_VerifyRecover, &error); - if (fwOperation) { - nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, - NSSCKFWCryptoOperationState_SignVerify); - } + &error); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_VerifyRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } loser: - return error; + return error; } /* * nssCKFWMechanism_GenerateKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_GenerateKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_GenerateKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->GenerateKey) { - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->GenerateKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdObject = fwMechanism->mdMechanism->GenerateKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = fwMechanism->mdMechanism->GenerateKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -887,53 +818,51 @@ nssCKFWMechanism_GenerateKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } /* * nssCKFWMechanism_GenerateKeyPair */ NSS_EXTERN CK_RV -nssCKFWMechanism_GenerateKeyPair -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKFWObject **fwPublicKeyObject, - NSSCKFWObject **fwPrivateKeyObject -) +nssCKFWMechanism_GenerateKeyPair( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdPublicKeyObject; - NSSCKMDObject *mdPrivateKeyObject; - NSSArena *arena; - CK_RV error = CKR_OK; - - if (!fwMechanism->mdMechanism->GenerateKeyPair) { - return CKR_FUNCTION_FAILED; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); - if (!arena) { - if (CKR_OK == error) { - error = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdPublicKeyObject; + NSSCKMDObject *mdPrivateKeyObject; + NSSArena *arena; + CK_RV error = CKR_OK; + + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CKR_FUNCTION_FAILED; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); + if (!arena) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; } - return error; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - error = fwMechanism->mdMechanism->GenerateKeyPair( + mdSession = nssCKFWSession_GetMDSession(fwSession); + error = fwMechanism->mdMechanism->GenerateKeyPair( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -950,48 +879,46 @@ nssCKFWMechanism_GenerateKeyPair &mdPublicKeyObject, &mdPrivateKeyObject); - if (CKR_OK != error) { - return error; - } + if (CKR_OK != error) { + return error; + } - *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); - if (!*fwPublicKeyObject) { - return error; - } - *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + if (!*fwPublicKeyObject) { + return error; + } + *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); - return error; + return error; } /* * nssCKFWMechanism_GetWrapKeyLength */ NSS_EXTERN CK_ULONG -nssCKFWMechanism_GetWrapKeyLength -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwKeyObject, - CK_RV *pError -) +nssCKFWMechanism_GetWrapKeyLength( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKMDObject *mdKeyObject; - - if (!fwMechanism->mdMechanism->WrapKey) { - *pError = CKR_FUNCTION_FAILED; - return (CK_ULONG) 0; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); - return fwMechanism->mdMechanism->GetWrapKeyLength( + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + *pError = CKR_FUNCTION_FAILED; + return (CK_ULONG)0; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->GetWrapKeyLength( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1012,28 +939,26 @@ nssCKFWMechanism_GetWrapKeyLength * nssCKFWMechanism_WrapKey */ NSS_EXTERN CK_RV -nssCKFWMechanism_WrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSCKFWObject *fwKeyObject, - NSSItem *wrappedKey -) +nssCKFWMechanism_WrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKMDObject *mdKeyObject; - - if (!fwMechanism->mdMechanism->WrapKey) { - return CKR_FUNCTION_FAILED; - } - - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); - return fwMechanism->mdMechanism->WrapKey( + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->WrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1054,44 +979,42 @@ nssCKFWMechanism_WrapKey * nssCKFWMechanism_UnwrapKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_UnwrapKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwWrappingKeyObject, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_UnwrapKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKMDObject *mdWrappingKeyObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->UnwrapKey) { - /* we could simulate UnwrapKey using Decrypt and Create object, but + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->UnwrapKey) { + /* we could simulate UnwrapKey using Decrypt and Create object, but * 1) it's not clear that would work well, and 2) the low level token * may want to restrict unwrap key for a reason, so just fail it it * can't be done */ - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); - mdObject = fwMechanism->mdMechanism->UnwrapKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdObject = fwMechanism->mdMechanism->UnwrapKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1108,53 +1031,51 @@ nssCKFWMechanism_UnwrapKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } -/* +/* * nssCKFWMechanism_DeriveKey */ NSS_EXTERN NSSCKFWObject * -nssCKFWMechanism_DeriveKey -( - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKFWSession *fwSession, - NSSCKFWObject *fwBaseKeyObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWMechanism_DeriveKey( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDSession *mdSession; - NSSCKMDObject *mdObject; - NSSCKMDObject *mdBaseKeyObject; - NSSCKFWObject *fwObject = NULL; - NSSArena *arena; - - if (!fwMechanism->mdMechanism->DeriveKey) { - *pError = CKR_FUNCTION_FAILED; - return (NSSCKFWObject *)NULL; - } - - arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); - if (!arena) { - if (CKR_OK == *pError) { - *pError = CKR_GENERAL_ERROR; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdBaseKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->DeriveKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - return (NSSCKFWObject *)NULL; - } - mdSession = nssCKFWSession_GetMDSession(fwSession); - mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); - mdObject = fwMechanism->mdMechanism->DeriveKey( + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); + mdObject = fwMechanism->mdMechanism->DeriveKey( fwMechanism->mdMechanism, fwMechanism, pMechanism, @@ -1170,13 +1091,12 @@ nssCKFWMechanism_DeriveKey ulAttributeCount, pError); - if (!mdObject) { - return (NSSCKFWObject *)NULL; - } + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } - fwObject = nssCKFWObject_Create(arena, mdObject, - fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); - return fwObject; + return fwObject; } - diff --git a/lib/ckfw/mutex.c b/lib/ckfw/mutex.c index 0d74cf133..be569e196 100644 --- a/lib/ckfw/mutex.c +++ b/lib/ckfw/mutex.c @@ -31,7 +31,7 @@ */ struct NSSCKFWMutexStr { - PRLock *lock; + PRLock *lock; }; #ifdef DEBUG @@ -47,30 +47,24 @@ struct NSSCKFWMutexStr { */ static CK_RV -mutex_add_pointer -( - const NSSCKFWMutex *fwMutex -) +mutex_add_pointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } static CK_RV -mutex_remove_pointer -( - const NSSCKFWMutex *fwMutex -) +mutex_remove_pointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWMutex_verifyPointer -( - const NSSCKFWMutex *fwMutex -) +nssCKFWMutex_verifyPointer( + const NSSCKFWMutex *fwMutex) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -80,78 +74,74 @@ nssCKFWMutex_verifyPointer * */ NSS_EXTERN NSSCKFWMutex * -nssCKFWMutex_Create -( - CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState LockingState, - NSSArena *arena, - CK_RV *pError -) +nssCKFWMutex_Create( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError) { - NSSCKFWMutex *mutex; - - mutex = nss_ZNEW(arena, NSSCKFWMutex); - if (!mutex) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWMutex *)NULL; - } - *pError = CKR_OK; - mutex->lock = NULL; - if (LockingState == MultiThreaded) { - mutex->lock = PR_NewLock(); - if (!mutex->lock) { - *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */ + NSSCKFWMutex *mutex; + + mutex = nss_ZNEW(arena, NSSCKFWMutex); + if (!mutex) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWMutex *)NULL; + } + *pError = CKR_OK; + mutex->lock = NULL; + if (LockingState == MultiThreaded) { + mutex->lock = PR_NewLock(); + if (!mutex->lock) { + *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */ + } + } + + if (CKR_OK != *pError) { + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; } - } - - if( CKR_OK != *pError ) { - (void)nss_ZFreeIf(mutex); - return (NSSCKFWMutex *)NULL; - } #ifdef DEBUG - *pError = mutex_add_pointer(mutex); - if( CKR_OK != *pError ) { - if (mutex->lock) { - PR_DestroyLock(mutex->lock); + *pError = mutex_add_pointer(mutex); + if (CKR_OK != *pError) { + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; } - (void)nss_ZFreeIf(mutex); - return (NSSCKFWMutex *)NULL; - } #endif /* DEBUG */ - return mutex; -} + return mutex; +} /* * nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Destroy( + NSSCKFWMutex *mutex) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; #ifdef NSSDEBUG - rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - - if (mutex->lock) { - PR_DestroyLock(mutex->lock); - } + + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } #ifdef DEBUG - (void)mutex_remove_pointer(mutex); + (void)mutex_remove_pointer(mutex); #endif /* DEBUG */ - (void)nss_ZFreeIf(mutex); - return rv; + (void)nss_ZFreeIf(mutex); + return rv; } /* @@ -159,22 +149,20 @@ nssCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -nssCKFWMutex_Lock -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Lock( + NSSCKFWMutex *mutex) { #ifdef NSSDEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - if (mutex->lock) { - PR_Lock(mutex->lock); - } - - return CKR_OK; + if (mutex->lock) { + PR_Lock(mutex->lock); + } + + return CKR_OK; } /* @@ -182,29 +170,27 @@ nssCKFWMutex_Lock * */ NSS_EXTERN CK_RV -nssCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -) +nssCKFWMutex_Unlock( + NSSCKFWMutex *mutex) { - PRStatus nrv; + PRStatus nrv; #ifdef NSSDEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + if (CKR_OK != rv) { + return rv; + } #endif /* NSSDEBUG */ - if (!mutex->lock) - return CKR_OK; + if (!mutex->lock) + return CKR_OK; - nrv = PR_Unlock(mutex->lock); + nrv = PR_Unlock(mutex->lock); - /* if unlock fails, either we have a programming error, or we have - * some sort of hardware failure... in either case return CKR_DEVICE_ERROR. - */ - return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR; + /* if unlock fails, either we have a programming error, or we have + * some sort of hardware failure... in either case return CKR_DEVICE_ERROR. + */ + return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR; } /* @@ -212,19 +198,17 @@ nssCKFWMutex_Unlock * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Destroy( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - - return nssCKFWMutex_Destroy(mutex); + + return nssCKFWMutex_Destroy(mutex); } /* @@ -232,19 +216,17 @@ NSSCKFWMutex_Destroy * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Lock -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Lock( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - - return nssCKFWMutex_Lock(mutex); + + return nssCKFWMutex_Lock(mutex); } /* @@ -252,18 +234,15 @@ NSSCKFWMutex_Lock * */ NSS_EXTERN CK_RV -NSSCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -) +NSSCKFWMutex_Unlock( + NSSCKFWMutex *mutex) { #ifdef DEBUG - CK_RV rv = nssCKFWMutex_verifyPointer(mutex); - if( CKR_OK != rv ) { - return rv; - } + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if (CKR_OK != rv) { + return rv; + } #endif /* DEBUG */ - return nssCKFWMutex_Unlock(mutex); + return nssCKFWMutex_Unlock(mutex); } - diff --git a/lib/ckfw/nssckfw.h b/lib/ckfw/nssckfw.h index 4343eab6a..8807ac85d 100644 --- a/lib/ckfw/nssckfw.h +++ b/lib/ckfw/nssckfw.h @@ -8,7 +8,7 @@ /* * nssckfw.h * - * This file prototypes the publicly available calls of the + * This file prototypes the publicly available calls of the * NSS Cryptoki Framework. */ @@ -40,10 +40,8 @@ */ NSS_EXTERN NSSCKMDInstance * -NSSCKFWInstance_GetMDInstance -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetMDInstance( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_GetArena @@ -51,11 +49,9 @@ NSSCKFWInstance_GetMDInstance */ NSS_EXTERN NSSArena * -NSSCKFWInstance_GetArena -( - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +NSSCKFWInstance_GetArena( + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * NSSCKFWInstance_MayCreatePthreads @@ -63,10 +59,8 @@ NSSCKFWInstance_GetArena */ NSS_EXTERN CK_BBOOL -NSSCKFWInstance_MayCreatePthreads -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_MayCreatePthreads( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_CreateMutex @@ -74,12 +68,10 @@ NSSCKFWInstance_MayCreatePthreads */ NSS_EXTERN NSSCKFWMutex * -NSSCKFWInstance_CreateMutex -( - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +NSSCKFWInstance_CreateMutex( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); /* * NSSCKFWInstance_GetConfigurationData @@ -87,10 +79,8 @@ NSSCKFWInstance_CreateMutex */ NSS_EXTERN NSSUTF8 * -NSSCKFWInstance_GetConfigurationData -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetConfigurationData( + NSSCKFWInstance *fwInstance); /* * NSSCKFWInstance_GetInitArgs @@ -98,10 +88,8 @@ NSSCKFWInstance_GetConfigurationData */ NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR -NSSCKFWInstance_GetInitArgs -( - NSSCKFWInstance *fwInstance -); +NSSCKFWInstance_GetInitArgs( + NSSCKFWInstance *fwInstance); /* * NSSCKFWSlot @@ -118,10 +106,8 @@ NSSCKFWInstance_GetInitArgs */ NSS_EXTERN NSSCKMDSlot * -NSSCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot); /* * NSSCKFWSlot_GetFWInstance @@ -129,10 +115,8 @@ NSSCKFWSlot_GetMDSlot */ NSS_EXTERN NSSCKFWInstance * -NSSCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot); /* * NSSCKFWSlot_GetMDInstance @@ -140,10 +124,8 @@ NSSCKFWSlot_GetFWInstance */ NSS_EXTERN NSSCKMDInstance * -NSSCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -); +NSSCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot); /* * NSSCKFWToken @@ -161,10 +143,8 @@ NSSCKFWSlot_GetMDInstance */ NSS_EXTERN NSSCKMDToken * -NSSCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetMDToken( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetArena @@ -172,11 +152,9 @@ NSSCKFWToken_GetMDToken */ NSS_EXTERN NSSArena * -NSSCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -); +NSSCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError); /* * NSSCKFWToken_GetFWSlot @@ -184,10 +162,8 @@ NSSCKFWToken_GetArena */ NSS_EXTERN NSSCKFWSlot * -NSSCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetMDSlot @@ -195,10 +171,8 @@ NSSCKFWToken_GetFWSlot */ NSS_EXTERN NSSCKMDSlot * -NSSCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken); /* * NSSCKFWToken_GetSessionState @@ -206,10 +180,8 @@ NSSCKFWToken_GetMDSlot */ NSS_EXTERN CK_STATE -NSSCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -); +NSSCKFWToken_GetSessionState( + NSSCKFWToken *fwToken); /* * NSSCKFWMechanism @@ -225,10 +197,8 @@ NSSCKFWToken_GetSessionState */ NSS_EXTERN NSSCKMDMechanism * -NSSCKFWMechanism_GetMDMechanism -( - NSSCKFWMechanism *fwMechanism -); +NSSCKFWMechanism_GetMDMechanism( + NSSCKFWMechanism *fwMechanism); /* * NSSCKFWMechanism_GetParameter @@ -236,10 +206,8 @@ NSSCKFWMechanism_GetMDMechanism */ NSS_EXTERN NSSItem * -NSSCKFWMechanism_GetParameter -( - NSSCKFWMechanism *fwMechanism -); +NSSCKFWMechanism_GetParameter( + NSSCKFWMechanism *fwMechanism); /* * NSSCKFWSession @@ -259,10 +227,8 @@ NSSCKFWMechanism_GetParameter */ NSS_EXTERN NSSCKMDSession * -NSSCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_GetMDSession( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_GetArena @@ -270,11 +236,9 @@ NSSCKFWSession_GetMDSession */ NSS_EXTERN NSSArena * -NSSCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +NSSCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError); /* * NSSCKFWSession_CallNotification @@ -282,11 +246,9 @@ NSSCKFWSession_GetArena */ NSS_EXTERN CK_RV -NSSCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -); +NSSCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event); /* * NSSCKFWSession_IsRWSession @@ -294,10 +256,8 @@ NSSCKFWSession_CallNotification */ NSS_EXTERN CK_BBOOL -NSSCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_IsRWSession( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_IsSO @@ -305,10 +265,8 @@ NSSCKFWSession_IsRWSession */ NSS_EXTERN CK_BBOOL -NSSCKFWSession_IsSO -( - NSSCKFWSession *fwSession -); +NSSCKFWSession_IsSO( + NSSCKFWSession *fwSession); /* * NSSCKFWSession_GetCurrentCryptoOperation @@ -316,11 +274,9 @@ NSSCKFWSession_IsSO */ NSS_EXTERN NSSCKFWCryptoOperation * -NSSCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -); +NSSCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state); /* * NSSCKFWObject @@ -340,91 +296,75 @@ NSSCKFWSession_GetCurrentCryptoOperation * */ NSS_EXTERN NSSCKMDObject * -NSSCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -); +NSSCKFWObject_GetMDObject( + NSSCKFWObject *fwObject); /* * NSSCKFWObject_GetArena * */ NSS_EXTERN NSSArena * -NSSCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWObject_IsTokenObject * */ NSS_EXTERN CK_BBOOL -NSSCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -); +NSSCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject); /* * NSSCKFWObject_GetAttributeCount * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWObject_GetAttributeTypes * */ NSS_EXTERN CK_RV -NSSCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +NSSCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); /* * NSSCKFWObject_GetAttributeSize * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +NSSCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); /* * NSSCKFWObject_GetAttribute * */ NSS_EXTERN NSSItem * -NSSCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -); +NSSCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError); /* * NSSCKFWObject_GetObjectSize * */ NSS_EXTERN CK_ULONG -NSSCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -); +NSSCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError); /* * NSSCKFWFindObjects @@ -439,10 +379,8 @@ NSSCKFWObject_GetObjectSize */ NSS_EXTERN NSSCKMDFindObjects * -NSSCKFWFindObjects_GetMDFindObjects -( - NSSCKFWFindObjects * -); +NSSCKFWFindObjects_GetMDFindObjects( + NSSCKFWFindObjects *); /* * NSSCKFWMutex @@ -459,10 +397,8 @@ NSSCKFWFindObjects_GetMDFindObjects */ NSS_EXTERN CK_RV -NSSCKFWMutex_Destroy -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Destroy( + NSSCKFWMutex *mutex); /* * NSSCKFWMutex_Lock @@ -470,10 +406,8 @@ NSSCKFWMutex_Destroy */ NSS_EXTERN CK_RV -NSSCKFWMutex_Lock -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Lock( + NSSCKFWMutex *mutex); /* * NSSCKFWMutex_Unlock @@ -481,10 +415,7 @@ NSSCKFWMutex_Lock */ NSS_EXTERN CK_RV -NSSCKFWMutex_Unlock -( - NSSCKFWMutex *mutex -); +NSSCKFWMutex_Unlock( + NSSCKFWMutex *mutex); #endif /* NSSCKFW_H */ - diff --git a/lib/ckfw/nssckfwc.h b/lib/ckfw/nssckfwc.h index 3c11e96c7..734a67cf8 100644 --- a/lib/ckfw/nssckfwc.h +++ b/lib/ckfw/nssckfwc.h @@ -8,7 +8,7 @@ /* * nssckfwc.h * - * This file prototypes all of the NSS Cryptoki Framework "wrapper" + * This file prototypes all of the NSS Cryptoki Framework "wrapper" * which implement the PKCS#11 API. Technically, these are public * routines (with capital "NSS" prefixes), since they are called * from (generated) code within a Module using the Framework. @@ -104,34 +104,28 @@ * */ NSS_EXTERN CK_RV -NSSCKFWC_Initialize -( - NSSCKFWInstance **pFwInstance, - NSSCKMDInstance *mdInstance, - CK_VOID_PTR pInitArgs -); +NSSCKFWC_Initialize( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs); /* * NSSCKFWC_Finalize * */ NSS_EXTERN CK_RV -NSSCKFWC_Finalize -( - NSSCKFWInstance **pFwInstance -); +NSSCKFWC_Finalize( + NSSCKFWInstance **pFwInstance); /* * NSSCKFWC_GetInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetInfo -( - NSSCKFWInstance *fwInstance, - CK_INFO_PTR pInfo -); - +NSSCKFWC_GetInfo( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo); + /* * C_GetFunctionList is implemented entirely in the Module's file which * includes the Framework API insert file. It requires no "actual" @@ -143,871 +137,743 @@ NSSCKFWC_GetInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSlotList -( - NSSCKFWInstance *fwInstance, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount -); - +NSSCKFWC_GetSlotList( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + /* * NSSCKFWC_GetSlotInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSlotInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo -); +NSSCKFWC_GetSlotInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo); /* * NSSCKFWC_GetTokenInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetTokenInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo -); +NSSCKFWC_GetTokenInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo); /* * NSSCKFWC_WaitForSlotEvent * */ NSS_EXTERN CK_RV -NSSCKFWC_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved -); +NSSCKFWC_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); /* * NSSCKFWC_GetMechanismList * */ NSS_EXTERN CK_RV -NSSCKFWC_GetMechanismList -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount -); +NSSCKFWC_GetMechanismList( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); /* * NSSCKFWC_GetMechanismInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetMechanismInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo -); +NSSCKFWC_GetMechanismInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); /* * NSSCKFWC_InitToken * */ NSS_EXTERN CK_RV -NSSCKFWC_InitToken -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_CHAR_PTR pLabel -); +NSSCKFWC_InitToken( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel); /* * NSSCKFWC_InitPIN * */ NSS_EXTERN CK_RV -NSSCKFWC_InitPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -); +NSSCKFWC_InitPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen); /* * NSSCKFWC_SetPIN * */ NSS_EXTERN CK_RV -NSSCKFWC_SetPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_CHAR_PTR pNewPin, - CK_ULONG ulNewLen -); +NSSCKFWC_SetPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen); /* * NSSCKFWC_OpenSession * */ NSS_EXTERN CK_RV -NSSCKFWC_OpenSession -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession -); +NSSCKFWC_OpenSession( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); /* * NSSCKFWC_CloseSession * */ NSS_EXTERN CK_RV -NSSCKFWC_CloseSession -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_CloseSession( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CloseAllSessions * */ NSS_EXTERN CK_RV -NSSCKFWC_CloseAllSessions -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID -); +NSSCKFWC_CloseAllSessions( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID); /* * NSSCKFWC_GetSessionInfo * */ NSS_EXTERN CK_RV -NSSCKFWC_GetSessionInfo -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo -); +NSSCKFWC_GetSessionInfo( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); /* * NSSCKFWC_GetOperationState * */ NSS_EXTERN CK_RV -NSSCKFWC_GetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen -); +NSSCKFWC_GetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); /* * NSSCKFWC_SetOperationState * */ NSS_EXTERN CK_RV -NSSCKFWC_SetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey -); +NSSCKFWC_SetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); /* * NSSCKFWC_Login * */ NSS_EXTERN CK_RV -NSSCKFWC_Login -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -); +NSSCKFWC_Login( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen); /* * NSSCKFWC_Logout * */ NSS_EXTERN CK_RV -NSSCKFWC_Logout -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_Logout( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CreateObject * */ NSS_EXTERN CK_RV -NSSCKFWC_CreateObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject -); +NSSCKFWC_CreateObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); /* * NSSCKFWC_CopyObject * */ NSS_EXTERN CK_RV -NSSCKFWC_CopyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject -); +NSSCKFWC_CopyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); /* * NSSCKFWC_DestroyObject * */ NSS_EXTERN CK_RV -NSSCKFWC_DestroyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject -); +NSSCKFWC_DestroyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); /* * NSSCKFWC_GetObjectSize * */ NSS_EXTERN CK_RV -NSSCKFWC_GetObjectSize -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR pulSize -); +NSSCKFWC_GetObjectSize( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize); /* * NSSCKFWC_GetAttributeValue * */ NSS_EXTERN CK_RV -NSSCKFWC_GetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); - +NSSCKFWC_GetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + /* * NSSCKFWC_SetAttributeValue * */ NSS_EXTERN CK_RV -NSSCKFWC_SetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); +NSSCKFWC_SetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); /* * NSSCKFWC_FindObjectsInit * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjectsInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -); +NSSCKFWC_FindObjectsInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); /* * NSSCKFWC_FindObjects * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjects -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR phObject, - CK_ULONG ulMaxObjectCount, - CK_ULONG_PTR pulObjectCount -); +NSSCKFWC_FindObjects( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); /* * NSSCKFWC_FindObjectsFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_FindObjectsFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_FindObjectsFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_EncryptInit * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_EncryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Encrypt * */ NSS_EXTERN CK_RV -NSSCKFWC_Encrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen -); +NSSCKFWC_Encrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); /* * NSSCKFWC_EncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_EncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_EncryptFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_EncryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen -); +NSSCKFWC_EncryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); /* * NSSCKFWC_DecryptInit * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_DecryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Decrypt * */ NSS_EXTERN CK_RV -NSSCKFWC_Decrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -); +NSSCKFWC_Decrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); /* * NSSCKFWC_DecryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_DecryptFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen -); +NSSCKFWC_DecryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); /* * NSSCKFWC_DigestInit * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism -); +NSSCKFWC_DigestInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); /* * NSSCKFWC_Digest * */ NSS_EXTERN CK_RV -NSSCKFWC_Digest -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -); +NSSCKFWC_Digest( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); /* * NSSCKFWC_DigestUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen -); +NSSCKFWC_DigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen); /* * NSSCKFWC_DigestKey * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_DigestKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_DigestFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -); +NSSCKFWC_DigestFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); /* * NSSCKFWC_SignInit * */ NSS_EXTERN CK_RV -NSSCKFWC_SignInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_SignInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Sign * */ NSS_EXTERN CK_RV -NSSCKFWC_Sign -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_Sign( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_SignUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_SignUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -); +NSSCKFWC_SignUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); /* * NSSCKFWC_SignFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_SignFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_SignFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_SignRecoverInit * */ NSS_EXTERN CK_RV -NSSCKFWC_SignRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_SignRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_SignRecover * */ NSS_EXTERN CK_RV -NSSCKFWC_SignRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -); +NSSCKFWC_SignRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); /* * NSSCKFWC_VerifyInit * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_VerifyInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_Verify * */ NSS_EXTERN CK_RV -NSSCKFWC_Verify -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -); +NSSCKFWC_Verify( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); /* * NSSCKFWC_VerifyUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -); +NSSCKFWC_VerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); /* * NSSCKFWC_VerifyFinal * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -); +NSSCKFWC_VerifyFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); /* * NSSCKFWC_VerifyRecoverInit * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -); +NSSCKFWC_VerifyRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); /* * NSSCKFWC_VerifyRecover * */ NSS_EXTERN CK_RV -NSSCKFWC_VerifyRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -); +NSSCKFWC_VerifyRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); /* * NSSCKFWC_DigestEncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DigestEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_DigestEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_DecryptDigestUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptDigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptDigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_SignEncryptUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_SignEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -); +NSSCKFWC_SignEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); /* * NSSCKFWC_DecryptVerifyUpdate * */ NSS_EXTERN CK_RV -NSSCKFWC_DecryptVerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -); +NSSCKFWC_DecryptVerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); /* * NSSCKFWC_GenerateKey * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_GenerateKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_GenerateKeyPair * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateKeyPair -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey -); +NSSCKFWC_GenerateKeyPair( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); /* * NSSCKFWC_WrapKey * */ NSS_EXTERN CK_RV -NSSCKFWC_WrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen -); +NSSCKFWC_WrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); /* * NSSCKFWC_UnwrapKey * */ NSS_EXTERN CK_RV -NSSCKFWC_UnwrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_UnwrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_DeriveKey * */ NSS_EXTERN CK_RV -NSSCKFWC_DeriveKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -); +NSSCKFWC_DeriveKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); /* * NSSCKFWC_SeedRandom * */ NSS_EXTERN CK_RV -NSSCKFWC_SeedRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen -); +NSSCKFWC_SeedRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); /* * NSSCKFWC_GenerateRandom * */ NSS_EXTERN CK_RV -NSSCKFWC_GenerateRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen -); +NSSCKFWC_GenerateRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen); /* * NSSCKFWC_GetFunctionStatus * */ NSS_EXTERN CK_RV -NSSCKFWC_GetFunctionStatus -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_GetFunctionStatus( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); /* * NSSCKFWC_CancelFunction * */ NSS_EXTERN CK_RV -NSSCKFWC_CancelFunction -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -); +NSSCKFWC_CancelFunction( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession); #endif /* NSSCKFWC_H */ diff --git a/lib/ckfw/nssckfwt.h b/lib/ckfw/nssckfwt.h index 4c4fad2d5..cd015d515 100644 --- a/lib/ckfw/nssckfwt.h +++ b/lib/ckfw/nssckfwt.h @@ -51,7 +51,6 @@ typedef struct NSSCKFWMechanismStr NSSCKFWMechanism; struct NSSCKFWCryptoOperationStr; typedef struct NSSCKFWCryptoOperationStr NSSCKFWCryptoOperation; - /* * NSSCKFWSession * @@ -87,7 +86,7 @@ typedef struct NSSCKFWMutexStr NSSCKFWMutex; typedef enum { SingleThreaded, MultiThreaded -} CryptokiLockingState ; +} CryptokiLockingState; /* used as an index into an array, make sure it starts at '0' */ typedef enum { diff --git a/lib/ckfw/nssckmdt.h b/lib/ckfw/nssckmdt.h index 2c3aa2e2d..d98f9b02a 100644 --- a/lib/ckfw/nssckmdt.h +++ b/lib/ckfw/nssckmdt.h @@ -44,9 +44,9 @@ typedef struct NSSCKMDObjectStr NSSCKMDObject; */ typedef struct { - PRBool needsFreeing; - NSSItem* item; -} NSSCKFWItem ; + PRBool needsFreeing; + NSSItem *item; +} NSSCKFWItem; /* * NSSCKMDInstance @@ -61,152 +61,147 @@ typedef struct { */ struct NSSCKMDInstanceStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to initialize - * the Module. This routine is optional; if unimplemented, - * it won't be called. If this routine returns an error, - * then the initialization will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSUTF8 *configurationData - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. It is the last thing called before - * the NSSCKFWInstance's NSSArena is destroyed. This routine - * is optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to initialize + * the Module. This routine is optional; if unimplemented, + * it won't be called. If this routine returns an error, + * then the initialization will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. It is the last thing called before + * the NSSCKFWInstance's NSSArena is destroyed. This routine + * is optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* * This routine gets the number of slots. This value must - * never change, once the instance is initialized. This + * never change, once the instance is initialized. This * routine must be implemented. It may return zero on error. */ - CK_ULONG (PR_CALLBACK *GetNSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of the Cryptoki standard - * to which this Module conforms. This routine is optional; - * if unimplemented, the Framework uses the version to which - * ~it~ was implemented. - */ - CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing the manufacturer ID for this Module. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this Module library. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of this Module library. - * This routine is optional; if unimplemented, the Framework - * will assume a Module library version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetLibraryVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the Module wishes to - * handle session objects. This routine is optional. - * If this routine is NULL, or if it exists but returns - * CK_FALSE, the Framework will assume responsibility - * for managing session objects. - */ - CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs pointers to NSSCKMDSlot objects into - * the specified array; one for each slot supported by this - * instance. The Framework will determine the size needed - * for the array by calling GetNSlots. This routine is - * required. - */ - CK_RV (PR_CALLBACK *GetSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] - ); - - /* - * This call returns a pointer to the slot in which an event - * has occurred. If the block argument is CK_TRUE, the call - * should block until a slot event occurs; if CK_FALSE, it - * should check to see if an event has occurred, occurred, - * but return NULL (and set *pError to CK_NO_EVENT) if one - * hasn't. This routine is optional; if unimplemented, the - * Framework will assume that no event has happened. This - * routine may return NULL upon error. - */ - NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + CK_ULONG(PR_CALLBACK *GetNSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of the Cryptoki standard + * to which this Module conforms. This routine is optional; + * if unimplemented, the Framework uses the version to which + * ~it~ was implemented. + */ + CK_VERSION(PR_CALLBACK *GetCryptokiVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing the manufacturer ID for this Module. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this Module library. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of this Module library. + * This routine is optional; if unimplemented, the Framework + * will assume a Module library version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetLibraryVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the Module wishes to + * handle session objects. This routine is optional. + * If this routine is NULL, or if it exists but returns + * CK_FALSE, the Framework will assume responsibility + * for managing session objects. + */ + CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs pointers to NSSCKMDSlot objects into + * the specified array; one for each slot supported by this + * instance. The Framework will determine the size needed + * for the array by calling GetNSlots. This routine is + * required. + */ + CK_RV(PR_CALLBACK *GetSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]); + + /* + * This call returns a pointer to the slot in which an event + * has occurred. If the block argument is CK_TRUE, the call + * should block until a slot event occurs; if CK_FALSE, it + * should check to see if an event has occurred, occurred, + * but return NULL (and set *pError to CK_NO_EVENT) if one + * hasn't. This routine is optional; if unimplemented, the + * Framework will assume that no event has happened. This + * routine may return NULL upon error. + */ + NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - /* * NSSCKMDSlot * @@ -220,165 +215,161 @@ struct NSSCKMDInstanceStr { */ struct NSSCKMDSlotStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called during the Framework initialization - * step, after the Framework Instance has obtained the list - * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- - * specific initialization can be done here. This routine is - * optional; if unimplemented, it won't be called. Note that - * if this routine returns an error, the entire Framework - * initialization for this Module will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. This call (for each of the slots) - * is the last thing called before NSSCKMDInstance->Finalize. - * This routine is optional; if unimplemented, it merely - * won't be called. Note: In the rare circumstance that - * the Framework initialization cannot complete (due to, - * for example, memory limitations), this can be called with - * a NULL value for fwSlot. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this slot. Only the characters - * completely encoded in the first sixty-four bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of the manufacturer of this slot. - * Only the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if a token is present in this - * slot. This routine is optional; if unimplemented, CK_TRUE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetTokenPresent)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the slot supports removable - * tokens. This routine is optional; if unimplemented, CK_FALSE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this slot is a hardware - * device, or CK_FALSE if this slot is a software device. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's hardware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's firmware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine should return a pointer to an NSSCKMDToken - * object corresponding to the token in the specified slot. - * The NSSCKFWToken object passed in has an NSSArena - * available which is dedicated for this token. This routine - * must be implemented. This routine may return NULL upon - * error. - */ - NSSCKMDToken *(PR_CALLBACK *GetToken)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called during the Framework initialization + * step, after the Framework Instance has obtained the list + * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- + * specific initialization can be done here. This routine is + * optional; if unimplemented, it won't be called. Note that + * if this routine returns an error, the entire Framework + * initialization for this Module will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. This call (for each of the slots) + * is the last thing called before NSSCKMDInstance->Finalize. + * This routine is optional; if unimplemented, it merely + * won't be called. Note: In the rare circumstance that + * the Framework initialization cannot complete (due to, + * for example, memory limitations), this can be called with + * a NULL value for fwSlot. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this slot. Only the characters + * completely encoded in the first sixty-four bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of the manufacturer of this slot. + * Only the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if a token is present in this + * slot. This routine is optional; if unimplemented, CK_TRUE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetTokenPresent) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the slot supports removable + * tokens. This routine is optional; if unimplemented, CK_FALSE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRemovableDevice) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this slot is a hardware + * device, or CK_FALSE if this slot is a software device. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHardwareSlot) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's hardware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's firmware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine should return a pointer to an NSSCKMDToken + * object corresponding to the token in the specified slot. + * The NSSCKFWToken object passed in has an NSSArena + * available which is dedicated for this token. This routine + * must be implemented. This routine may return NULL upon + * error. + */ + NSSCKMDToken *(PR_CALLBACK *GetToken)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -394,444 +385,437 @@ struct NSSCKMDSlotStr { */ struct NSSCKMDTokenStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is used to prepare a Module token object for - * use. It is called after the NSSCKMDToken object is obtained - * from NSSCKMDSlot->GetToken. It is named "Setup" here because - * Cryptoki already defines "InitToken" to do the process of - * wiping out any existing state on a token and preparing it for - * a new use. This routine is optional; if unimplemented, it - * merely won't be called. - */ - CK_RV (PR_CALLBACK *Setup)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called by the Framework whenever it notices - * that the token object is invalid. (Typically this is when a - * routine indicates an error such as CKR_DEVICE_REMOVED). This - * call is the last thing called before the NSSArena in the - * corresponding NSSCKFWToken is destroyed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Invalidate)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine initialises the token in the specified slot. - * This routine is optional; if unimplemented, the Framework - * will fail this operation with an error of CKR_DEVICE_ERROR. - */ - - CK_RV (PR_CALLBACK *InitToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin, - NSSUTF8 *label - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's label. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLabel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's manufacturer ID. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's model name. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetModel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's serial number. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if the token has its own - * random number generator. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasRNG)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token is write-protected. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token requires a login. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetLoginRequired)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the normal user's PIN on this - * token has been initialised. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if a successful save of a - * session's cryptographic operations state ~always~ contains - * all keys needed to restore the state of the session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has its own - * hardware clock. This routine is optional; if unimplemented, - * CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has a protected - * authentication path. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token supports dual - * cryptographic operations within a single session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * XXX fgmr-- should we have a call to return all the flags - * at once, for folks who already know about Cryptoki? - */ - - /* - * This routine returns the maximum number of sessions that - * may be opened on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum number of read/write - * sesisons that may be opened on this token. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or - * CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum PIN code length that is - * supported on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMaxPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the minimum PIN code length that is - * supported on this token. This routine is optional; if - * unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or 0? - */ - CK_ULONG (PR_CALLBACK *GetMinPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which public objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which public objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which private objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which private objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * hardware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * firmware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs the current UTC time, as obtained from - * the token, into the sixteen-byte buffer in the form - * YYYYMMDDhhmmss00. This routine need only be implemented - * by token which indicate that they have a real-time clock. - * XXX fgmr-- think about time formats. - */ - CK_RV (PR_CALLBACK *GetUTCTime)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_CHAR utcTime[16] - ); - - /* - * This routine creates a session on the token, and returns - * the corresponding NSSCKMDSession object. The value of - * rw will be CK_TRUE if the session is to be a read/write - * session, or CK_FALSE otherwise. An NSSArena dedicated to - * the new session is available from the specified NSSCKFWSession. - * This routine may return NULL upon error. - */ - NSSCKMDSession *(PR_CALLBACK *OpenSession)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError - ); - - /* - * This routine returns the number of PKCS#11 Mechanisms - * supported by this token. This routine is optional; if - * unimplemented, zero is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMechanismCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs into the specified array the types - * of the mechanisms supported by this token. The Framework - * determines the size of the array by calling GetMechanismCount. - */ - CK_RV (PR_CALLBACK *GetMechanismTypes)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] - ); - - /* - * This routine returns a pointer to a Module mechanism - * object corresponding to a specified type. This routine - * need only exist for tokens implementing at least one - * mechanism. - */ - NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is used to prepare a Module token object for + * use. It is called after the NSSCKMDToken object is obtained + * from NSSCKMDSlot->GetToken. It is named "Setup" here because + * Cryptoki already defines "InitToken" to do the process of + * wiping out any existing state on a token and preparing it for + * a new use. This routine is optional; if unimplemented, it + * merely won't be called. + */ + CK_RV(PR_CALLBACK *Setup) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called by the Framework whenever it notices + * that the token object is invalid. (Typically this is when a + * routine indicates an error such as CKR_DEVICE_REMOVED). This + * call is the last thing called before the NSSArena in the + * corresponding NSSCKFWToken is destroyed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Invalidate)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine initialises the token in the specified slot. + * This routine is optional; if unimplemented, the Framework + * will fail this operation with an error of CKR_DEVICE_ERROR. + */ + + CK_RV(PR_CALLBACK *InitToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's label. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLabel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's manufacturer ID. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's model name. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetModel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's serial number. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if the token has its own + * random number generator. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasRNG) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token is write-protected. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token requires a login. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetLoginRequired) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the normal user's PIN on this + * token has been initialised. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if a successful save of a + * session's cryptographic operations state ~always~ contains + * all keys needed to restore the state of the session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has its own + * hardware clock. This routine is optional; if unimplemented, + * CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has a protected + * authentication path. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token supports dual + * cryptographic operations within a single session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * XXX fgmr-- should we have a call to return all the flags + * at once, for folks who already know about Cryptoki? + */ + + /* + * This routine returns the maximum number of sessions that + * may be opened on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum number of read/write + * sesisons that may be opened on this token. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or + * CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum PIN code length that is + * supported on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMaxPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum PIN code length that is + * supported on this token. This routine is optional; if + * unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or 0? + */ + CK_ULONG(PR_CALLBACK *GetMinPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which public objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which public objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which private objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which private objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * hardware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * firmware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs the current UTC time, as obtained from + * the token, into the sixteen-byte buffer in the form + * YYYYMMDDhhmmss00. This routine need only be implemented + * by token which indicate that they have a real-time clock. + * XXX fgmr-- think about time formats. + */ + CK_RV(PR_CALLBACK *GetUTCTime) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_CHAR utcTime[16]); + + /* + * This routine creates a session on the token, and returns + * the corresponding NSSCKMDSession object. The value of + * rw will be CK_TRUE if the session is to be a read/write + * session, or CK_FALSE otherwise. An NSSArena dedicated to + * the new session is available from the specified NSSCKFWSession. + * This routine may return NULL upon error. + */ + NSSCKMDSession *(PR_CALLBACK *OpenSession)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError); + + /* + * This routine returns the number of PKCS#11 Mechanisms + * supported by this token. This routine is optional; if + * unimplemented, zero is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMechanismCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs into the specified array the types + * of the mechanisms supported by this token. The Framework + * determines the size of the array by calling GetMechanismCount. + */ + CK_RV(PR_CALLBACK *GetMechanismTypes) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]); + + /* + * This routine returns a pointer to a Module mechanism + * object corresponding to a specified type. This routine + * need only exist for tokens implementing at least one + * mechanism. + */ + NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -847,279 +831,275 @@ struct NSSCKMDTokenStr { */ struct NSSCKMDSessionStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when a session is - * closed. This call is the last thing called before the - * NSSArena in the correspoinding NSSCKFWSession is destroyed. - * This routine is optional; if unimplemented, it merely won't - * be called. - */ - void (PR_CALLBACK *Close)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to get any device-specific error. - * This routine is optional. - */ - CK_ULONG (PR_CALLBACK *GetDeviceError)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to log in a user to the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Login)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_USER_TYPE userType, - NSSItem *pin, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to log out a user from the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Logout)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to initialize the normal user's PIN or - * password. This will only be called in the "read/write - * security officer functions" state. If this token has a - * protected authentication path, then the pin argument will - * be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *InitPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin - ); - - /* - * This routine is used to modify a user's PIN or password. This - * routine will only be called in the "read/write security officer - * functions" or "read/write user functions" state. If this token - * has a protected authentication path, then the pin arguments - * will be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *SetPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *oldPin, - NSSItem *newPin - ); - - /* - * This routine is used to find out how much space would be required - * to save the current operational state. This routine is optional; - * if unimplemented, the Framework will reject any attempts to save - * the operational state with the error CKR_STATE_UNSAVEABLE. This - * routine may return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetOperationStateLen)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is used to store the current operational state. This - * routine is only required if GetOperationStateLen is implemented - * and can return a nonzero value. The buffer in the specified item - * will be pre-allocated, and the length will specify the amount of - * space available (which may be more than GetOperationStateLen - * asked for, but which will not be smaller). - */ - CK_RV (PR_CALLBACK *GetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This routine is used to restore an operational state previously - * obtained with GetOperationState. The Framework will take pains - * to be sure that the state is (or was at one point) valid; if the - * Module notices that the state is invalid, it should return an - * error, but it is not required to be paranoid about the issue. - * [XXX fgmr-- should (can?) the framework verify the keys match up?] - * This routine is required only if GetOperationState is implemented. - */ - CK_RV (PR_CALLBACK *SetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *state, - NSSCKMDObject *mdEncryptionKey, - NSSCKFWObject *fwEncryptionKey, - NSSCKMDObject *mdAuthenticationKey, - NSSCKFWObject *fwAuthenticationKey - ); - - /* - * This routine is used to create an object. The specified template - * will only specify a session object if the Module has indicated - * that it wishes to handle its own session objects. This routine - * is optional; if unimplemented, the Framework will reject the - * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for - * token objects should come from the NSSArena available from the - * NSSCKFWToken object; space for session objects (if supported) - * should come from the NSSArena available from the NSSCKFWSession - * object. The appropriate NSSArena pointer will, as a convenience, - * be passed as the handyArenaPointer argument. This routine may - * return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CreateObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to make a copy of an object. It is entirely - * optional; if unimplemented, the Framework will try to use - * CreateObject instead. If the Module has indicated that it does - * not wish to handle session objects, then this routine will only - * be called to copy a token object to another token object. - * Otherwise, either the original object or the new may be of - * either the token or session variety. As with CreateObject, the - * handyArenaPointer will point to the appropriate arena for the - * new object. This routine may return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CopyObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdOldObject, - NSSCKFWObject *fwOldObject, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to begin an object search. This routine may - * be unimplemented only if the Module does not handle session - * objects, and if none of its tokens have token objects. The - * NSSCKFWFindObjects pointer has an NSSArena that may be used for - * storage for the life of this "find" operation. This routine may - * return NULL upon error. If the Module can determine immediately - * that the search will not find any matching objects, it may return - * NULL, and specify CKR_OK as the error. - */ - NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine seeds the random-number generator. It is - * optional, even if GetRandom is implemented. If unimplemented, - * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. - */ - CK_RV (PR_CALLBACK *SeedRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *seed - ); - - /* - * This routine gets random data. It is optional. If unimplemented, - * the Framework will issue the error CKR_RANDOM_NO_RNG. - */ - CK_RV (PR_CALLBACK *GetRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when a session is + * closed. This call is the last thing called before the + * NSSArena in the correspoinding NSSCKFWSession is destroyed. + * This routine is optional; if unimplemented, it merely won't + * be called. + */ + void(PR_CALLBACK *Close)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to get any device-specific error. + * This routine is optional. + */ + CK_ULONG(PR_CALLBACK *GetDeviceError) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to log in a user to the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Login) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_USER_TYPE userType, + NSSItem *pin, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to log out a user from the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Logout) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to initialize the normal user's PIN or + * password. This will only be called in the "read/write + * security officer functions" state. If this token has a + * protected authentication path, then the pin argument will + * be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *InitPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin); + + /* + * This routine is used to modify a user's PIN or password. This + * routine will only be called in the "read/write security officer + * functions" or "read/write user functions" state. If this token + * has a protected authentication path, then the pin arguments + * will be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *SetPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *oldPin, + NSSItem *newPin); + + /* + * This routine is used to find out how much space would be required + * to save the current operational state. This routine is optional; + * if unimplemented, the Framework will reject any attempts to save + * the operational state with the error CKR_STATE_UNSAVEABLE. This + * routine may return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetOperationStateLen) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is used to store the current operational state. This + * routine is only required if GetOperationStateLen is implemented + * and can return a nonzero value. The buffer in the specified item + * will be pre-allocated, and the length will specify the amount of + * space available (which may be more than GetOperationStateLen + * asked for, but which will not be smaller). + */ + CK_RV(PR_CALLBACK *GetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This routine is used to restore an operational state previously + * obtained with GetOperationState. The Framework will take pains + * to be sure that the state is (or was at one point) valid; if the + * Module notices that the state is invalid, it should return an + * error, but it is not required to be paranoid about the issue. + * [XXX fgmr-- should (can?) the framework verify the keys match up?] + * This routine is required only if GetOperationState is implemented. + */ + CK_RV(PR_CALLBACK *SetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *state, + NSSCKMDObject *mdEncryptionKey, + NSSCKFWObject *fwEncryptionKey, + NSSCKMDObject *mdAuthenticationKey, + NSSCKFWObject *fwAuthenticationKey); + + /* + * This routine is used to create an object. The specified template + * will only specify a session object if the Module has indicated + * that it wishes to handle its own session objects. This routine + * is optional; if unimplemented, the Framework will reject the + * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for + * token objects should come from the NSSArena available from the + * NSSCKFWToken object; space for session objects (if supported) + * should come from the NSSArena available from the NSSCKFWSession + * object. The appropriate NSSArena pointer will, as a convenience, + * be passed as the handyArenaPointer argument. This routine may + * return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CreateObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to make a copy of an object. It is entirely + * optional; if unimplemented, the Framework will try to use + * CreateObject instead. If the Module has indicated that it does + * not wish to handle session objects, then this routine will only + * be called to copy a token object to another token object. + * Otherwise, either the original object or the new may be of + * either the token or session variety. As with CreateObject, the + * handyArenaPointer will point to the appropriate arena for the + * new object. This routine may return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CopyObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdOldObject, + NSSCKFWObject *fwOldObject, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to begin an object search. This routine may + * be unimplemented only if the Module does not handle session + * objects, and if none of its tokens have token objects. The + * NSSCKFWFindObjects pointer has an NSSArena that may be used for + * storage for the life of this "find" operation. This routine may + * return NULL upon error. If the Module can determine immediately + * that the search will not find any matching objects, it may return + * NULL, and specify CKR_OK as the error. + */ + NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine seeds the random-number generator. It is + * optional, even if GetRandom is implemented. If unimplemented, + * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. + */ + CK_RV(PR_CALLBACK *SeedRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *seed); + + /* + * This routine gets random data. It is optional. If unimplemented, + * the Framework will issue the error CKR_RANDOM_NO_RNG. + */ + CK_RV(PR_CALLBACK *GetRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1135,54 +1115,52 @@ struct NSSCKMDSessionStr { */ struct NSSCKMDFindObjectsStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Final)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to obtain another pointer to an - * object matching the search criteria. This routine is - * required. If no (more) objects match the search, it - * should return NULL and set the error to CKR_OK. - */ - NSSCKMDObject *(PR_CALLBACK *Next)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Final)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to obtain another pointer to an + * object matching the search criteria. This routine is + * required. If no (more) objects match the search, it + * should return NULL and set the error to CKR_OK. + */ + NSSCKMDObject *(PR_CALLBACK *Next)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1199,182 +1177,179 @@ struct NSSCKMDFindObjectsStr { */ struct NSSCKMDCryptoOperationStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework clean up the mdCryptoOperation - * structure. - * This routine is optional; if unimplemented, it will be ignored. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * how many bytes do we need to finish this buffer? - * must be implemented if Final is implemented. - */ - CK_ULONG (PR_CALLBACK *GetFinalLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * how many bytes do we need to complete the next operation. - * used in both Update and UpdateFinal. - */ - CK_ULONG (PR_CALLBACK *GetOperationLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - CK_RV *pError - ); - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - * The respective final call with fail with CKR_FUNCTION_FAILED - * Final should not free the mdCryptoOperation. - */ - CK_RV(PR_CALLBACK *Final)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *outputBuffer - ); - - - /* - * This routine is called by the Framework to complete the - * next step in an encryption/decryption operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED. - * Update should not be implemented for signing/verification/digest - * mechanisms. - */ - CK_RV(PR_CALLBACK *Update)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete the - * next step in a signing/verification/digest operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED - * Update should not be implemented for encryption/decryption - * mechanisms. - */ - CK_RV(PR_CALLBACK *DigestUpdate)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer - ); - - /* - * This routine is called by the Framework to complete a - * single step operation. This routine is optional; if unimplemented, - * the framework will use the Update and Final functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateFinal)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete next - * step in a combined operation. The Decrypt/Encrypt mechanism - * should define and drive the combo step. - * This routine is optional; if unimplemented, - * the framework will use the appropriate Update functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateCombo)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDCryptoOperation *mdPeerCryptoOperation, - NSSCKFWCryptoOperation *fwPeerCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * Hash a key directly into the digest - */ - CK_RV(PR_CALLBACK *DigestKey)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework clean up the mdCryptoOperation + * structure. + * This routine is optional; if unimplemented, it will be ignored. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * how many bytes do we need to finish this buffer? + * must be implemented if Final is implemented. + */ + CK_ULONG(PR_CALLBACK *GetFinalLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * how many bytes do we need to complete the next operation. + * used in both Update and UpdateFinal. + */ + CK_ULONG(PR_CALLBACK *GetOperationLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + CK_RV *pError); + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + * The respective final call with fail with CKR_FUNCTION_FAILED + * Final should not free the mdCryptoOperation. + */ + CK_RV(PR_CALLBACK *Final) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in an encryption/decryption operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED. + * Update should not be implemented for signing/verification/digest + * mechanisms. + */ + CK_RV(PR_CALLBACK *Update) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in a signing/verification/digest operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED + * Update should not be implemented for encryption/decryption + * mechanisms. + */ + CK_RV(PR_CALLBACK *DigestUpdate) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer); + + /* + * This routine is called by the Framework to complete a + * single step operation. This routine is optional; if unimplemented, + * the framework will use the Update and Final functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateFinal) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete next + * step in a combined operation. The Decrypt/Encrypt mechanism + * should define and drive the combo step. + * This routine is optional; if unimplemented, + * the framework will use the appropriate Update functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateCombo) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDCryptoOperation *mdPeerCryptoOperation, + NSSCKFWCryptoOperation *fwPeerCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * Hash a key directly into the digest + */ + CK_RV(PR_CALLBACK *DigestKey) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1383,365 +1358,352 @@ struct NSSCKMDCryptoOperationStr { */ struct NSSCKMDMechanismStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This also frees the fwMechanism if appropriate. - * If it is not supplied, the Framework will assume that the Token - * Manages a static list of mechanisms and the function will not be called. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * This routine returns the minimum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMinKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the maximum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMaxKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is called to determine if the mechanism is - * implemented in hardware or software. It returns CK_TRUE - * if it is done in hardware. - */ - CK_BBOOL (PR_CALLBACK *GetInHardware)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * The crypto routines themselves. Most crypto operations may - * be performed in two ways, streaming and single-part. The - * streaming operations involve the use of (typically) three - * calls-- an Init method to set up the operation, an Update - * method to feed data to the operation, and a Final method to - * obtain the final result. Single-part operations involve - * one method, to perform the crypto operation all at once. - * - * The NSS Cryptoki Framework can implement the single-part - * operations in terms of the streaming operations on behalf - * of the Module. There are a few variances. - * - * Only the Init Functions are defined by the mechanism. Each - * init function will return a NSSCKFWCryptoOperation which - * can supply update, final, the single part updateFinal, and - * the combo updateCombo functions. - * - * For simplicity, the routines are listed in summary here: - * - * EncryptInit, - * DecryptInit, - * DigestInit, - * SignInit, - * SignRecoverInit; - * VerifyInit, - * VerifyRecoverInit; - * - * The key-management routines are - * - * GenerateKey - * GenerateKeyPair - * WrapKey - * UnwrapKey - * DeriveKey - * - * All of these routines based on the Cryptoki API; - * see PKCS#11 for further information. - */ - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - * Key management operations. - */ - - /* - * This routine generates a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *GenerateKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine generates a key pair. - */ - CK_RV (PR_CALLBACK *GenerateKeyPair)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKMDObject **pPublicKey, - NSSCKMDObject **pPrivateKey - ); - - /* - * This routine wraps a key. - */ - CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdWrappedKey, - NSSCKFWObject *fwWrappedKey, - CK_RV *pError - ); - - /* - * This routine wraps a key. - */ - CK_RV (PR_CALLBACK *WrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdKeyObject, - NSSCKFWObject *fwKeyObject, - NSSItem *wrappedKey - ); - - /* - * This routine unwraps a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine derives a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *DeriveKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdBaseKey, - NSSCKFWObject *fwBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This also frees the fwMechanism if appropriate. + * If it is not supplied, the Framework will assume that the Token + * Manages a static list of mechanisms and the function will not be called. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMinKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the maximum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMaxKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is called to determine if the mechanism is + * implemented in hardware or software. It returns CK_TRUE + * if it is done in hardware. + */ + CK_BBOOL(PR_CALLBACK *GetInHardware) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * The crypto routines themselves. Most crypto operations may + * be performed in two ways, streaming and single-part. The + * streaming operations involve the use of (typically) three + * calls-- an Init method to set up the operation, an Update + * method to feed data to the operation, and a Final method to + * obtain the final result. Single-part operations involve + * one method, to perform the crypto operation all at once. + * + * The NSS Cryptoki Framework can implement the single-part + * operations in terms of the streaming operations on behalf + * of the Module. There are a few variances. + * + * Only the Init Functions are defined by the mechanism. Each + * init function will return a NSSCKFWCryptoOperation which + * can supply update, final, the single part updateFinal, and + * the combo updateCombo functions. + * + * For simplicity, the routines are listed in summary here: + * + * EncryptInit, + * DecryptInit, + * DigestInit, + * SignInit, + * SignRecoverInit; + * VerifyInit, + * VerifyRecoverInit; + * + * The key-management routines are + * + * GenerateKey + * GenerateKeyPair + * WrapKey + * UnwrapKey + * DeriveKey + * + * All of these routines based on the Cryptoki API; + * see PKCS#11 for further information. + */ + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + * Key management operations. + */ + + /* + * This routine generates a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *GenerateKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine generates a key pair. + */ + CK_RV(PR_CALLBACK *GenerateKeyPair) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKMDObject **pPublicKey, + NSSCKMDObject **pPrivateKey); + + /* + * This routine wraps a key. + */ + CK_ULONG(PR_CALLBACK *GetWrapKeyLength) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdWrappedKey, + NSSCKFWObject *fwWrappedKey, + CK_RV *pError); + + /* + * This routine wraps a key. + */ + CK_RV(PR_CALLBACK *WrapKey) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey); + + /* + * This routine unwraps a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine derives a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *DeriveKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdBaseKey, + NSSCKFWObject *fwBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1756,190 +1718,187 @@ struct NSSCKMDMechanismStr { */ struct NSSCKMDObjectStr { - /* - * The implementation my use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when it is letting - * go of an object handle. It can be used by the Module to - * free any resources tied up by an object "in use." It is - * optional. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to completely destroy an object. - * It is optional. The parameter fwObject might be NULL - * if the framework runs out of memory at the wrong moment. - */ - CK_RV (PR_CALLBACK *Destroy)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This helper routine is used by the Framework, and is especially - * useful when it is managing session objects on behalf of the - * Module. This routine is optional; if unimplemented, the - * Framework will actually look up the CKA_TOKEN attribute. In the - * event of an error, just make something up-- the Framework will - * find out soon enough anyway. - */ - CK_BBOOL (PR_CALLBACK *IsTokenObject)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the number of attributes of which this - * object consists. It is mandatory. It can return zero on - * error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeCount)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine stuffs the attribute types into the provided array. - * The array size (as obtained from GetAttributeCount) is passed in - * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong - * (either too big or too small). - */ - CK_RV (PR_CALLBACK *GetAttributeTypes)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount - ); - - /* - * This routine returns the size (in bytes) of the specified - * attribute. It can return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns an NSSCKFWItem structure. - * The item pointer points to an NSSItem containing the attribute value. - * The needsFreeing bit tells the framework whether to call the - * FreeAttribute function . Upon error, an NSSCKFWItem structure - * with a NULL NSSItem item pointer will be returned - */ - NSSCKFWItem (PR_CALLBACK *GetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns CKR_OK if the attribute could be freed. - */ - CK_RV (PR_CALLBACK *FreeAttribute)( - NSSCKFWItem * item - ); - - /* - * This routine changes the specified attribute. If unimplemented, - * the object will be considered read-only. - */ - CK_RV (PR_CALLBACK *SetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value - ); - - /* - * This routine returns the storage requirements of this object, - * in bytes. Cryptoki doesn't strictly define the definition, - * but it should relate to the values returned by the "Get Memory" - * routines of the NSSCKMDToken. This routine is optional; if - * unimplemented, the Framework will consider this information - * sensitive. This routine may return zero on error. If the - * specified error is CKR_OK, zero will be accepted as a valid - * response. - */ - CK_ULONG (PR_CALLBACK *GetObjectSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The implementation my use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when it is letting + * go of an object handle. It can be used by the Module to + * free any resources tied up by an object "in use." It is + * optional. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to completely destroy an object. + * It is optional. The parameter fwObject might be NULL + * if the framework runs out of memory at the wrong moment. + */ + CK_RV(PR_CALLBACK *Destroy) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This helper routine is used by the Framework, and is especially + * useful when it is managing session objects on behalf of the + * Module. This routine is optional; if unimplemented, the + * Framework will actually look up the CKA_TOKEN attribute. In the + * event of an error, just make something up-- the Framework will + * find out soon enough anyway. + */ + CK_BBOOL(PR_CALLBACK *IsTokenObject) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the number of attributes of which this + * object consists. It is mandatory. It can return zero on + * error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeCount) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine stuffs the attribute types into the provided array. + * The array size (as obtained from GetAttributeCount) is passed in + * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong + * (either too big or too small). + */ + CK_RV(PR_CALLBACK *GetAttributeTypes) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); + + /* + * This routine returns the size (in bytes) of the specified + * attribute. It can return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns an NSSCKFWItem structure. + * The item pointer points to an NSSItem containing the attribute value. + * The needsFreeing bit tells the framework whether to call the + * FreeAttribute function . Upon error, an NSSCKFWItem structure + * with a NULL NSSItem item pointer will be returned + */ + NSSCKFWItem(PR_CALLBACK *GetAttribute)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns CKR_OK if the attribute could be freed. + */ + CK_RV(PR_CALLBACK *FreeAttribute) + ( + NSSCKFWItem *item); + + /* + * This routine changes the specified attribute. If unimplemented, + * the object will be considered read-only. + */ + CK_RV(PR_CALLBACK *SetAttribute) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); + + /* + * This routine returns the storage requirements of this object, + * in bytes. Cryptoki doesn't strictly define the definition, + * but it should relate to the values returned by the "Get Memory" + * routines of the NSSCKMDToken. This routine is optional; if + * unimplemented, the Framework will consider this information + * sensitive. This routine may return zero on error. If the + * specified error is CKR_OK, zero will be accepted as a valid + * response. + */ + CK_ULONG(PR_CALLBACK *GetObjectSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - #endif /* NSSCKMDT_H */ diff --git a/lib/ckfw/nssckt.h b/lib/ckfw/nssckt.h index 5ed534c25..b50a88f7b 100644 --- a/lib/ckfw/nssckt.h +++ b/lib/ckfw/nssckt.h @@ -10,4 +10,3 @@ typedef CK_ATTRIBUTE_TYPE CK_PTR CK_ATTRIBUTE_TYPE_PTR; #define CK_ENTRY #endif /* _NSSCKT_H_ */ - diff --git a/lib/ckfw/nssmkey/ckmk.h b/lib/ckfw/nssmkey/ckmk.h index 9d8202f6a..4f3ab82d7 100644 --- a/lib/ckfw/nssmkey/ckmk.h +++ b/lib/ckfw/nssmkey/ckmk.h @@ -36,9 +36,9 @@ * to this PKCS #11 module. */ struct ckmkRawObjectStr { - CK_ULONG n; - const CK_ATTRIBUTE_TYPE *types; - const NSSItem *items; + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; }; typedef struct ckmkRawObjectStr ckmkRawObject; @@ -46,40 +46,40 @@ typedef struct ckmkRawObjectStr ckmkRawObject; * Key/Cert Items */ struct ckmkItemObjectStr { - SecKeychainItemRef itemRef; - SecItemClass itemClass; - PRBool hasID; - NSSItem modify; - NSSItem private; - NSSItem encrypt; - NSSItem decrypt; - NSSItem derive; - NSSItem sign; - NSSItem signRecover; - NSSItem verify; - NSSItem verifyRecover; - NSSItem wrap; - NSSItem unwrap; - NSSItem label; - NSSItem subject; - NSSItem issuer; - NSSItem serial; - NSSItem derCert; - NSSItem id; - NSSItem modulus; - NSSItem exponent; - NSSItem privateExponent; - NSSItem prime1; - NSSItem prime2; - NSSItem exponent1; - NSSItem exponent2; - NSSItem coefficient; + SecKeychainItemRef itemRef; + SecItemClass itemClass; + PRBool hasID; + NSSItem modify; + NSSItem private; + NSSItem encrypt; + NSSItem decrypt; + NSSItem derive; + NSSItem sign; + NSSItem signRecover; + NSSItem verify; + NSSItem verifyRecover; + NSSItem wrap; + NSSItem unwrap; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + NSSItem id; + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; }; typedef struct ckmkItemObjectStr ckmkItemObject; typedef enum { - ckmkRaw, - ckmkItem, + ckmkRaw, + ckmkItem, } ckmkObjectType; /* @@ -87,112 +87,96 @@ typedef enum { * cfind as ckmkInternalObjects. */ struct ckmkInternalObjectStr { - ckmkObjectType type; - union { - ckmkRawObject raw; - ckmkItemObject item; - } u; - CK_OBJECT_CLASS objClass; - NSSItem hashKey; - unsigned char hashKeyData[128]; - NSSCKMDObject mdObject; + ckmkObjectType type; + union { + ckmkRawObject raw; + ckmkItemObject item; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; }; typedef struct ckmkInternalObjectStr ckmkInternalObject; /* our raw object data array */ NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[]; -NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects; - -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_ManufacturerID; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_LibraryDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_SlotDescription; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion; -NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenLabel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenModel; -NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenSerialNumber; - -NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance; -NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot; -NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken; +NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken; NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA; NSS_EXTERN NSSCKMDSession * -nss_ckmk_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -); +nss_ckmk_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError); NSS_EXTERN NSSCKMDFindObjects * -nss_ckmk_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckmk_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); /* * Object Utilities */ NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateMDObject -( - NSSArena *arena, - ckmkInternalObject *io, - CK_RV *pError -); +nss_ckmk_CreateMDObject( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError); NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -); +nss_ckmk_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); NSS_EXTERN const NSSItem * -nss_ckmk_FetchAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -); +nss_ckmk_FetchAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError); NSS_EXTERN void -nss_ckmk_DestroyInternalObject -( - ckmkInternalObject *io -); +nss_ckmk_DestroyInternalObject( + ckmkInternalObject *io); unsigned char * -nss_ckmk_DERUnwrap -( - unsigned char *src, - int size, - int *outSize, - unsigned char **next -); +nss_ckmk_DERUnwrap( + unsigned char *src, + int size, + int *outSize, + unsigned char **next); CK_ULONG -nss_ckmk_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -); +nss_ckmk_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError); -#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) +#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0]))) #ifdef DEBUG -#define CKMK_MACERR(str,err) cssmPerror(str,err) +#define CKMK_MACERR(str, err) cssmPerror(str, err) #else -#define CKMK_MACERR(str,err) +#define CKMK_MACERR(str, err) #endif - + #endif diff --git a/lib/ckfw/nssmkey/ckmkver.c b/lib/ckfw/nssmkey/ckmkver.c index 0f6897634..2b99f1e22 100644 --- a/lib/ckfw/nssmkey/ckmkver.c +++ b/lib/ckfw/nssmkey/ckmkver.c @@ -14,5 +14,4 @@ /* * Version information */ -const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; +const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; diff --git a/lib/ckfw/nssmkey/manchor.c b/lib/ckfw/nssmkey/manchor.c index 1b4d70bcd..6261eff95 100644 --- a/lib/ckfw/nssmkey/manchor.c +++ b/lib/ckfw/nssmkey/manchor.c @@ -6,12 +6,12 @@ * nssmkey/manchor.c * * This file "anchors" the actual cryptoki entry points in this module's - * shared library, which is required for dynamic loading. See the + * shared library, which is required for dynamic loading. See the * comments in nssck.api for more information. */ #include "ckmk.h" #define MODULE_NAME ckmk -#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckmk_mdInstance #include "nssck.api" diff --git a/lib/ckfw/nssmkey/mconstants.c b/lib/ckfw/nssmkey/mconstants.c index 89df4f25a..c26298ada 100644 --- a/lib/ckfw/nssmkey/mconstants.c +++ b/lib/ckfw/nssmkey/mconstants.c @@ -19,40 +19,43 @@ #include "nssmkey.h" NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_CryptokiVersion = { - NSS_CKMK_CRYPTOKI_VERSION_MAJOR, - NSS_CKMK_CRYPTOKI_VERSION_MINOR }; + nss_ckmk_CryptokiVersion = { + NSS_CKMK_CRYPTOKI_VERSION_MAJOR, + NSS_CKMK_CRYPTOKI_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + nss_ckmk_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_LibraryDescription = (NSSUTF8 *) "NSS Access to Mac OS X Key Ring"; + nss_ckmk_LibraryDescription = (NSSUTF8 *)"NSS Access to Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_LibraryVersion = { - NSS_CKMK_LIBRARY_VERSION_MAJOR, - NSS_CKMK_LIBRARY_VERSION_MINOR}; + nss_ckmk_LibraryVersion = { + NSS_CKMK_LIBRARY_VERSION_MAJOR, + NSS_CKMK_LIBRARY_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_SlotDescription = (NSSUTF8 *) "Mac OS X Key Ring"; + nss_ckmk_SlotDescription = (NSSUTF8 *)"Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_HardwareVersion = { - NSS_CKMK_HARDWARE_VERSION_MAJOR, - NSS_CKMK_HARDWARE_VERSION_MINOR }; + nss_ckmk_HardwareVersion = { + NSS_CKMK_HARDWARE_VERSION_MAJOR, + NSS_CKMK_HARDWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const CK_VERSION -nss_ckmk_FirmwareVersion = { - NSS_CKMK_FIRMWARE_VERSION_MAJOR, - NSS_CKMK_FIRMWARE_VERSION_MINOR }; + nss_ckmk_FirmwareVersion = { + NSS_CKMK_FIRMWARE_VERSION_MAJOR, + NSS_CKMK_FIRMWARE_VERSION_MINOR + }; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenLabel = (NSSUTF8 *) "Mac OS X Key Ring"; + nss_ckmk_TokenLabel = (NSSUTF8 *)"Mac OS X Key Ring"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenModel = (NSSUTF8 *) "1"; + nss_ckmk_TokenModel = (NSSUTF8 *)"1"; NSS_IMPLEMENT_DATA const NSSUTF8 * -nss_ckmk_TokenSerialNumber = (NSSUTF8 *) "1"; - + nss_ckmk_TokenSerialNumber = (NSSUTF8 *)"1"; diff --git a/lib/ckfw/nssmkey/mfind.c b/lib/ckfw/nssmkey/mfind.c index 8f22bdac8..41deef5e9 100644 --- a/lib/ckfw/nssmkey/mfind.c +++ b/lib/ckfw/nssmkey/mfind.c @@ -14,354 +14,343 @@ */ struct ckmkFOStr { - NSSArena *arena; - CK_ULONG n; - CK_ULONG i; - ckmkInternalObject **objs; + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckmkInternalObject **objs; }; static void -ckmk_mdFindObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdFindObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; - NSSArena *arena = fo->arena; - PRUint32 i; - - /* walk down an free the unused 'objs' */ - for (i=fo->i; i < fo->n ; i++) { - nss_ckmk_DestroyInternalObject(fo->objs[i]); - } - - nss_ZFreeIf(fo->objs); - nss_ZFreeIf(fo); - nss_ZFreeIf(mdFindObjects); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - - return; + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i = fo->i; i < fo->n; i++) { + nss_ckmk_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; } static NSSCKMDObject * -ckmk_mdFindObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +ckmk_mdFindObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; - ckmkInternalObject *io; + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + ckmkInternalObject *io; - if( fo->i == fo->n ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + if (fo->i == fo->n) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - io = fo->objs[ fo->i ]; - fo->i++; + io = fo->objs[fo->i]; + fo->i++; - return nss_ckmk_CreateMDObject(arena, io, pError); + return nss_ckmk_CreateMDObject(arena, io, pError); } static CK_BBOOL -ckmk_attrmatch -( - CK_ATTRIBUTE_PTR a, - ckmkInternalObject *o -) +ckmk_attrmatch( + CK_ATTRIBUTE_PTR a, + ckmkInternalObject *o) { - PRBool prb; - const NSSItem *b; - CK_RV error; - - b = nss_ckmk_FetchAttribute(o, a->type, &error); - if (b == NULL) { - return CK_FALSE; - } - - if( a->ulValueLen != b->size ) { - /* match a decoded serial number */ - if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { - int len; - unsigned char *data; - - data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL); - if ((len == a->ulValueLen) && - nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { - return CK_TRUE; - } + PRBool prb; + const NSSItem *b; + CK_RV error; + + b = nss_ckmk_FetchAttribute(o, a->type, &error); + if (b == NULL) { + return CK_FALSE; } - return CK_FALSE; - } - prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (a->ulValueLen != b->size) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data; + + data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } - if( PR_TRUE == prb ) { - return CK_TRUE; - } else { - return CK_FALSE; - } -} + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + if (PR_TRUE == prb) { + return CK_TRUE; + } + else { + return CK_FALSE; + } +} static CK_BBOOL -ckmk_match -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject *o -) +ckmk_match( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject *o) { - CK_ULONG i; + CK_ULONG i; - for( i = 0; i < ulAttributeCount; i++ ) { - if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) { - return CK_FALSE; + for (i = 0; i < ulAttributeCount; i++) { + if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } } - } - /* Every attribute passed */ - return CK_TRUE; + /* Every attribute passed */ + return CK_TRUE; } -#define CKMK_ITEM_CHUNK 20 - -#define PUT_OBJECT(obj, err, size, count, list) \ - { \ - if (count >= size) { \ - (list) = (list) ? \ - nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ - ((size)+CKMK_ITEM_CHUNK) ) : \ - nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ - ((size)+CKMK_ITEM_CHUNK) ) ; \ - if ((ckmkInternalObject **)NULL == list) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - (size) += CKMK_ITEM_CHUNK; \ - } \ - (list)[ count ] = (obj); \ - count++; \ - } - +#define CKMK_ITEM_CHUNK 20 + +#define PUT_OBJECT(obj, err, size, count, list) \ + { \ + if (count >= size) { \ + (list) = (list) ? \ + nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)) \ + : \ + nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)); \ + if ((ckmkInternalObject **)NULL == list) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + (size) += CKMK_ITEM_CHUNK; \ + } \ + (list)[count] = (obj); \ + count++; \ + } /* find all the certs that represent the appropriate object (cert, priv key, or * pub key) in the cert store. */ static PRUint32 collect_class( - CK_OBJECT_CLASS objClass, - SecItemClass itemClass, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject ***listp, - PRUint32 *sizep, - PRUint32 count, - CK_RV *pError -) + CK_OBJECT_CLASS objClass, + SecItemClass itemClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError) { - ckmkInternalObject *next = NULL; - SecKeychainSearchRef searchRef = 0; - SecKeychainItemRef itemRef = 0; - OSStatus error; - - /* future, build the attribute list based on the template - * so we can refine the search */ - error = SecKeychainSearchCreateFromAttributes( - NULL, itemClass, NULL, &searchRef); - - while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { - /* if we don't have an internal object structure, get one */ - if ((ckmkInternalObject *)NULL == next) { - next = nss_ZNEW(NULL, ckmkInternalObject); - if ((ckmkInternalObject *)NULL == next) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - } - /* fill in the relevant object data */ - next->type = ckmkItem; - next->objClass = objClass; - next->u.item.itemRef = itemRef; - next->u.item.itemClass = itemClass; - - /* see if this is one of the objects we are looking for */ - if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) { - /* yes, put it on the list */ - PUT_OBJECT(next, *pError, *sizep, count, *listp); - next = NULL; /* this one is on the list, need to allocate a new one now */ - } else { - /* no , release the current item and clear out the structure for reuse */ - CFRelease(itemRef); - /* don't cache the values we just loaded */ - nsslibc_memset(next, 0, sizeof(*next)); + ckmkInternalObject *next = NULL; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef itemRef = 0; + OSStatus error; + + /* future, build the attribute list based on the template + * so we can refine the search */ + error = SecKeychainSearchCreateFromAttributes( + NULL, itemClass, NULL, &searchRef); + + while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { + /* if we don't have an internal object structure, get one */ + if ((ckmkInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckmkInternalObject); + if ((ckmkInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + /* fill in the relevant object data */ + next->type = ckmkItem; + next->objClass = objClass; + next->u.item.itemRef = itemRef; + next->u.item.itemClass = itemClass; + + /* see if this is one of the objects we are looking for */ + if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next)) { + /* yes, put it on the list */ + PUT_OBJECT(next, *pError, *sizep, count, *listp); + next = NULL; /* this one is on the list, need to allocate a new one now */ + } + else { + /* no , release the current item and clear out the structure for reuse */ + CFRelease(itemRef); + /* don't cache the values we just loaded */ + nsslibc_memset(next, 0, sizeof(*next)); + } } - } loser: - if (searchRef) { - CFRelease(searchRef); - } - nss_ZFreeIf(next); - return count; + if (searchRef) { + CFRelease(searchRef); + } + nss_ZFreeIf(next); + return count; } static PRUint32 collect_objects( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - ckmkInternalObject ***listp, - CK_RV *pError -) + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + CK_RV *pError) { - PRUint32 i; - PRUint32 count = 0; - PRUint32 size = 0; - CK_OBJECT_CLASS objClass; - - /* - * first handle the static build in objects (if any) - */ - for( i = 0; i < nss_ckmk_nObjects; i++ ) { - ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i]; - - if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) { - PUT_OBJECT(o, *pError, size, count, *listp); + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for (i = 0; i < nss_ckmk_nObjects; i++) { + ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i]; + + if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o)) { + PUT_OBJECT(o, *pError, size, count, *listp); + } + } + + /* + * now handle the various object types + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, + pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + objClass = CK_INVALID_HANDLE; + } + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = collect_class(objClass, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + break; + } + if (CKR_OK != *pError) { + goto loser; } - } - - /* - * now handle the various object types - */ - objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, - pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - objClass = CK_INVALID_HANDLE; - } - *pError = CKR_OK; - switch (objClass) { - case CKO_CERTIFICATE: - count = collect_class(objClass, kSecCertificateItemClass, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PUBLIC_KEY: - count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - case CKO_PRIVATE_KEY: - count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - /* all of them */ - case CK_INVALID_HANDLE: - count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY, - pTemplate, ulAttributeCount, listp, - &size, count, pError); - break; - default: - break; - } - if (CKR_OK != *pError) { - goto loser; - } - - return count; + + return count; loser: - nss_ZFreeIf(*listp); - return 0; + nss_ZFreeIf(*listp); + return 0; } - NSS_IMPLEMENT NSSCKMDFindObjects * -nss_ckmk_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - /* This could be made more efficient. I'm rather rushed. */ - NSSArena *arena; - NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; - struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL; - ckmkInternalObject **temp = (ckmkInternalObject **)NULL; - - arena = NSSArena_Create(); - if( (NSSArena *)NULL == arena ) { - goto loser; - } - - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if( (NSSCKMDFindObjects *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo = nss_ZNEW(arena, struct ckmkFOStr); - if( (struct ckmkFOStr *)NULL == fo ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fo->arena = arena; - /* fo->n and fo->i are already zero */ - - rv->etc = (void *)fo; - rv->Final = ckmk_mdFindObjects_Final; - rv->Next = ckmk_mdFindObjects_Next; - rv->null = (void *)NULL; - - fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); - if (*pError != CKR_OK) { - goto loser; - } - - fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n); - if( (ckmkInternalObject **)NULL == fo->objs ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n); - nss_ZFreeIf(temp); - temp = (ckmkInternalObject **)NULL; - - return rv; - - loser: - nss_ZFreeIf(temp); - nss_ZFreeIf(fo); - nss_ZFreeIf(rv); - if ((NSSArena *)NULL != arena) { - NSSArena_Destroy(arena); - } - return (NSSCKMDFindObjects *)NULL; -} + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL; + ckmkInternalObject **temp = (ckmkInternalObject **)NULL; + + arena = NSSArena_Create(); + if ((NSSArena *)NULL == arena) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if ((NSSCKMDFindObjects *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct ckmkFOStr); + if ((struct ckmkFOStr *)NULL == fo) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + rv->etc = (void *)fo; + rv->Final = ckmk_mdFindObjects_Final; + rv->Next = ckmk_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n); + if ((ckmkInternalObject **)NULL == fo->objs) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckmkInternalObject **)NULL; + + return rv; + +loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} diff --git a/lib/ckfw/nssmkey/minst.c b/lib/ckfw/nssmkey/minst.c index 923ba105c..fcb96c652 100644 --- a/lib/ckfw/nssmkey/minst.c +++ b/lib/ckfw/nssmkey/minst.c @@ -7,7 +7,7 @@ /* * nssmkey/minstance.c * - * This file implements the NSSCKMDInstance object for the + * This file implements the NSSCKMDInstance object for the * "nssmkey" cryptoki module. */ @@ -16,96 +16,82 @@ */ static CK_ULONG -ckmk_mdInstance_GetNSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetNSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_VERSION -ckmk_mdInstance_GetCryptokiVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_GetCryptokiVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_CryptokiVersion; + return nss_ckmk_CryptokiVersion; } static NSSUTF8 * -ckmk_mdInstance_GetManufacturerID -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetManufacturerID( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static NSSUTF8 * -ckmk_mdInstance_GetLibraryDescription -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdInstance_GetLibraryDescription( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_LibraryDescription; + return (NSSUTF8 *)nss_ckmk_LibraryDescription; } static CK_VERSION -ckmk_mdInstance_GetLibraryVersion -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_GetLibraryVersion( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_LibraryVersion; + return nss_ckmk_LibraryVersion; } static CK_RV -ckmk_mdInstance_GetSlots -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] -) +ckmk_mdInstance_GetSlots( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]) { - slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot; - return CKR_OK; + slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot; + return CKR_OK; } static CK_BBOOL -ckmk_mdInstance_ModuleHandlesSessionObjects -( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdInstance_ModuleHandlesSessionObjects( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* we don't want to allow any session object creation, at least - * until we can investigate whether or not we can use those objects - */ - return CK_TRUE; + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; } NSS_IMPLEMENT_DATA const NSSCKMDInstance -nss_ckmk_mdInstance = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Finalize */ - ckmk_mdInstance_GetNSlots, - ckmk_mdInstance_GetCryptokiVersion, - ckmk_mdInstance_GetManufacturerID, - ckmk_mdInstance_GetLibraryDescription, - ckmk_mdInstance_GetLibraryVersion, - ckmk_mdInstance_ModuleHandlesSessionObjects, - /*NULL, /* HandleSessionObjects */ - ckmk_mdInstance_GetSlots, - NULL, /* WaitForSlotEvent */ - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckmk_mdInstance_GetNSlots, + ckmk_mdInstance_GetCryptokiVersion, + ckmk_mdInstance_GetManufacturerID, + ckmk_mdInstance_GetLibraryDescription, + ckmk_mdInstance_GetLibraryVersion, + ckmk_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckmk_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/nssmkey/mobject.c b/lib/ckfw/nssmkey/mobject.c index 2013e7e99..0b5f0a485 100644 --- a/lib/ckfw/nssmkey/mobject.c +++ b/lib/ckfw/nssmkey/mobject.c @@ -90,37 +90,45 @@ static const CK_KEY_TYPE ckk_rsa = CKK_RSA; static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; -static const NSSItem ckmk_trueItem = { - (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckmk_falseItem = { - (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; -static const NSSItem ckmk_x509Item = { - (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; -static const NSSItem ckmk_rsaItem = { - (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; -static const NSSItem ckmk_certClassItem = { - (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckmk_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckmk_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) +}; +static const NSSItem ckmk_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) +}; +static const NSSItem ckmk_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) +}; +static const NSSItem ckmk_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckmk_privKeyClassItem = { - (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; static const NSSItem ckmk_pubKeyClassItem = { - (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; -static const NSSItem ckmk_emptyItem = { - (void *)&ck_true, 0}; + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) +}; +static const NSSItem ckmk_emptyItem = { + (void *)&ck_true, 0 +}; /* * these are utilities. The chould be moved to a new utilities file. */ #ifdef DEBUG static void -itemdump(char *str, void *data, int size, CK_RV error) +itemdump(char *str, void *data, int size, CK_RV error) { - unsigned char *ptr = (unsigned char *)data; - int i; - fprintf(stderr,str); - for (i=0; i < size; i++) { - fprintf(stderr,"%02x ",(unsigned int) ptr[i]); - } - fprintf(stderr," (error = %d)\n", (int ) error); + unsigned char *ptr = (unsigned char *)data; + int i; + fprintf(stderr, str); + for (i = 0; i < size; i++) { + fprintf(stderr, "%02x ", (unsigned int)ptr[i]); + } + fprintf(stderr, " (error = %d)\n", (int)error); } #endif @@ -130,48 +138,46 @@ itemdump(char *str, void *data, int size, CK_RV error) * the ANS1_Decoder for this work... */ unsigned char * -nss_ckmk_DERUnwrap -( - unsigned char *src, - int size, - int *outSize, - unsigned char **next -) +nss_ckmk_DERUnwrap( + unsigned char *src, + int size, + int *outSize, + unsigned char **next) { - unsigned char *start = src; - unsigned int len = 0; - - /* initialize error condition return values */ - *outSize = 0; - if (next) { - *next = src; - } - - if (size < 2) { - return start; - } - src ++ ; /* skip the tag -- should check it against an expected value! */ - len = (unsigned) *src++; - if (len & 0x80) { - int count = len & 0x7f; - len =0; - - if (count+2 > size) { - return start; - } - while (count-- > 0) { - len = (len << 8) | (unsigned) *src++; - } - } - if (len + (src-start) > (unsigned int)size) { - return start; - } - if (next) { - *next = src+len; - } - *outSize = len; - - return src; + unsigned char *start = src; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src++; /* skip the tag -- should check it against an expected value! */ + len = (unsigned)*src++; + if (len & 0x80) { + int count = len & 0x7f; + len = 0; + + if (count + 2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned)*src++; + } + } + if (len + (src - start) > (unsigned int)size) { + return start; + } + if (next) { + *next = src + len; + } + *outSize = len; + + return src; } /* @@ -179,74 +185,68 @@ nss_ckmk_DERUnwrap * data for the item is owned by the template. */ CK_RV -nss_ckmk_GetAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - NSSItem *item -) +nss_ckmk_GetAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item) { - CK_ULONG i; - - for (i=0; i < templateSize; i++) { - if (template[i].type == type) { - item->data = template[i].pValue; - item->size = template[i].ulValueLen; - return CKR_OK; + CK_ULONG i; + + for (i = 0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } } - } - return CKR_TEMPLATE_INCOMPLETE; + return CKR_TEMPLATE_INCOMPLETE; } /* * get an attribute which is type CK_ULONG. */ CK_ULONG -nss_ckmk_GetULongAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckmk_GetULongAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - - *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (CK_ULONG) 0; - } - if (item.size != sizeof(CK_ULONG)) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (CK_ULONG) 0; - } - return *(CK_ULONG *)item.data; + NSSItem item; + + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG)0; + } + return *(CK_ULONG *)item.data; } /* * get an attribute which is type CK_BBOOL. */ CK_BBOOL -nss_ckmk_GetBoolAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_BBOOL defaultBool -) +nss_ckmk_GetBoolAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_BBOOL defaultBool) { - NSSItem item; - CK_RV error; - - error = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != error) { - return defaultBool; - } - if (item.size != sizeof(CK_BBOOL)) { - return defaultBool; - } - return *(CK_BBOOL *)item.data; + NSSItem item; + CK_RV error; + + error = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != error) { + return defaultBool; + } + if (item.size != sizeof(CK_BBOOL)) { + return defaultBool; + } + return *(CK_BBOOL *)item.data; } /* @@ -254,33 +254,31 @@ nss_ckmk_GetBoolAttribute * free the string. */ char * -nss_ckmk_GetStringAttribute -( - CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE *template, - CK_ULONG templateSize, - CK_RV *pError -) +nss_ckmk_GetStringAttribute( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError) { - NSSItem item; - char *str; - - /* get the attribute */ - *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); - if (CKR_OK != *pError) { - return (char *)NULL; - } - /* make sure it is null terminated */ - str = nss_ZNEWARRAY(NULL, char, item.size+1); - if ((char *)NULL == str) { - *pError = CKR_HOST_MEMORY; - return (char *)NULL; - } - - nsslibc_memcpy(str, item.data, item.size); - str[item.size] = 0; - - return str; + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size + 1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; } /* @@ -291,230 +289,225 @@ nss_ckmk_GetStringAttribute */ static CK_RV ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) -{ - int dataLen = srcLen; - int lenLen = 1; - int encLen; - int isSigned = 0; - int offset = 0; - unsigned char *data = NULL; - int i; - - if (*(unsigned char *)src & 0x80) { - dataLen++; - isSigned = 1; - } - - /* calculate the length of the length specifier */ - /* (NOTE: destroys dataLen value) */ - if (dataLen > 0x7f) { - do { - lenLen++; - dataLen >>= 8; - } while (dataLen); - } - - /* calculate our total length */ - dataLen = isSigned + srcLen; - encLen = 1 + lenLen + dataLen; - data = nss_ZNEWARRAY(NULL, unsigned char, encLen); - if ((unsigned char *)NULL == data) { - return CKR_HOST_MEMORY; - } - data[0] = DER_INTEGER; - if (1 == lenLen) { - data[1] = dataLen; - } else { - data[1] = 0x80 + lenLen; - for (i=0; i < lenLen; i++) { - data[i+1] = ((dataLen >> ((lenLen-i-1)*8)) & 0xff); - } - } - offset = lenLen+1; - - if (isSigned) { - data[offset++] = 0; - } - nsslibc_memcpy(&data[offset], src, srcLen); - dest->data = data; - dest->size = encLen; - return CKR_OK; -} +{ + int dataLen = srcLen; + int lenLen = 1; + int encLen; + int isSigned = 0; + int offset = 0; + unsigned char *data = NULL; + int i; + + if (*(unsigned char *)src & 0x80) { + dataLen++; + isSigned = 1; + } + + /* calculate the length of the length specifier */ + /* (NOTE: destroys dataLen value) */ + if (dataLen > 0x7f) { + do { + lenLen++; + dataLen >>= 8; + } while (dataLen); + } + /* calculate our total length */ + dataLen = isSigned + srcLen; + encLen = 1 + lenLen + dataLen; + data = nss_ZNEWARRAY(NULL, unsigned char, encLen); + if ((unsigned char *)NULL == data) { + return CKR_HOST_MEMORY; + } + data[0] = DER_INTEGER; + if (1 == lenLen) { + data[1] = dataLen; + } + else { + data[1] = 0x80 + lenLen; + for (i = 0; i < lenLen; i++) { + data[i + 1] = ((dataLen >> ((lenLen - + i - 1) * + 8)) & + 0xff); + } + } + offset = lenLen + 1; + + if (isSigned) { + data[offset++] = 0; + } + nsslibc_memcpy(&data[offset], src, srcLen); + dest->data = data; + dest->size = encLen; + return CKR_OK; +} /* * Get a Keyring attribute. If content is set to true, then we get the * content, not the attribute. */ static CK_RV -ckmk_GetCommonAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - PRBool content, - NSSItem *item, - char *dbString -) +ckmk_GetCommonAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + PRBool content, + NSSItem *item, + char *dbString) { - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttributeInfo attrInfo; - PRUint32 len = 0; - PRUint32 dataLen = 0; - PRUint32 attrFormat = 0; - void *dataVal = 0; - void *out = NULL; - CK_RV error = CKR_OK; - OSStatus macErr; - - attrInfo.count = 1; - attrInfo.tag = &itemAttr; - attrInfo.format = &attrFormat; - - macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, - &attrInfo, NULL, &attrList, &len, &out); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - return CKR_ATTRIBUTE_TYPE_INVALID; - } - dataLen = content ? len : attrList->attr->length; - dataVal = content ? out : attrList->attr->data; - - /* Apple's documentation says this value is DER Encoded, but it clearly isn't - * der encode it before we ship it back off to NSS - */ - if ( kSecSerialNumberItemAttr == itemAttr ) { - error = ckmk_encodeInt(item, dataVal, dataLen); - goto loser; /* logically 'done' if error == CKR_OK */ - } - item->data = nss_ZNEWARRAY(NULL, char, dataLen); - if (NULL == item->data) { - error = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(item->data, dataVal, dataLen); - item->size = dataLen; + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + PRUint32 len = 0; + PRUint32 dataLen = 0; + PRUint32 attrFormat = 0; + void *dataVal = 0; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, + &attrInfo, NULL, &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + return CKR_ATTRIBUTE_TYPE_INVALID; + } + dataLen = content ? len : attrList->attr->length; + dataVal = content ? out : attrList->attr->data; + + /* Apple's documentation says this value is DER Encoded, but it clearly isn't + * der encode it before we ship it back off to NSS + */ + if (kSecSerialNumberItemAttr == itemAttr) { + error = ckmk_encodeInt(item, dataVal, dataLen); + goto loser; /* logically 'done' if error == CKR_OK */ + } + item->data = nss_ZNEWARRAY(NULL, char, dataLen); + if (NULL == item->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(item->data, dataVal, dataLen); + item->size = dataLen; loser: - SecKeychainItemFreeAttributesAndData(attrList, out); - return error; + SecKeychainItemFreeAttributesAndData(attrList, out); + return error; } /* * change an attribute (does not operate on the content). */ static CK_RV -ckmk_updateAttribute -( - SecKeychainItemRef itemRef, - SecItemAttr itemAttr, - void *data, - PRUint32 len, - char *dbString -) +ckmk_updateAttribute( + SecKeychainItemRef itemRef, + SecItemAttr itemAttr, + void *data, + PRUint32 len, + char *dbString) { - SecKeychainAttributeList attrList; - SecKeychainAttribute attrAttr; - OSStatus macErr; - CK_RV error = CKR_OK; - - attrList.count = 1; - attrList.attr = &attrAttr; - attrAttr.tag = itemAttr; - attrAttr.data = data; - attrAttr.length = len; - macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - error = CKR_ATTRIBUTE_TYPE_INVALID; - } - return error; + SecKeychainAttributeList attrList; + SecKeychainAttribute attrAttr; + OSStatus macErr; + CK_RV error = CKR_OK; + + attrList.count = 1; + attrList.attr = &attrAttr; + attrAttr.tag = itemAttr; + attrAttr.data = data; + attrAttr.length = len; + macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + } + return error; } /* * get an attribute (does not operate on the content) */ static CK_RV -ckmk_GetDataAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - NSSItem *item, - char *dbString -) +ckmk_GetDataAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString) { - return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); + return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); } /* * get an attribute we know is a BOOL. */ static CK_RV -ckmk_GetBoolAttribute -( - ckmkInternalObject *io, - SecItemAttr itemAttr, - NSSItem *item, - char *dbString -) +ckmk_GetBoolAttribute( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString) { - SecKeychainAttribute attr; - SecKeychainAttributeList attrList; - CK_BBOOL *boolp = NULL; - PRUint32 len = 0;; - void *out = NULL; - CK_RV error = CKR_OK; - OSStatus macErr; - - attr.tag = itemAttr; - attr.length = 0; - attr.data = NULL; - attrList.count = 1; - attrList.attr = &attr; - - boolp = nss_ZNEW(NULL, CK_BBOOL); - if ((CK_BBOOL *)NULL == boolp) { - error = CKR_HOST_MEMORY; - goto loser; - } - - macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, - &attrList, &len, &out); - if (noErr != macErr) { - CKMK_MACERR(dbString, macErr); - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } - if (sizeof(PRUint32) != attr.length) { - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } - *boolp = *(PRUint32 *)attr.data ? 1 : 0; - item->data = boolp; - boolp = NULL; - item->size = sizeof(CK_BBOOL); + SecKeychainAttribute attr; + SecKeychainAttributeList attrList; + CK_BBOOL *boolp = NULL; + PRUint32 len = 0; + ; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attr.tag = itemAttr; + attr.length = 0; + attr.data = NULL; + attrList.count = 1; + attrList.attr = &attr; + + boolp = nss_ZNEW(NULL, CK_BBOOL); + if ((CK_BBOOL *)NULL == boolp) { + error = CKR_HOST_MEMORY; + goto loser; + } + + macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, + &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + if (sizeof(PRUint32) != attr.length) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + *boolp = *(PRUint32 *)attr.data ? 1 : 0; + item->data = boolp; + boolp = NULL; + item->size = sizeof(CK_BBOOL); loser: - nss_ZFreeIf(boolp); - SecKeychainItemFreeContent(&attrList, out); - return error; + nss_ZFreeIf(boolp); + SecKeychainItemFreeContent(&attrList, out); + return error; } - /* * macros for fetching attributes into a cache and returning the * appropriate value. These operate inside switch statements */ #define CKMK_HANDLE_ITEM(func, io, type, loc, item, error, str) \ - if (0 == (item)->loc.size) { \ - error = func(io, type, &(item)->loc, str); \ - } \ + if (0 == (item)->loc.size) { \ + error = func(io, type, &(item)->loc, str); \ + } \ return (CKR_OK == (error)) ? &(item)->loc : NULL; #define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \ - if (0 == (item)->loc.size) { \ - (void) func(io, type, &(item)->loc, str); \ - } \ - return &(item)->loc ; + if (0 == (item)->loc.size) { \ + (void) func(io, type, &(item)->loc, str); \ + } \ + return &(item)->loc; #define CKMK_HANDLE_BOOL_ITEM(io, type, loc, item, error, str) \ CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str) @@ -527,379 +520,364 @@ loser: * fetch the unique identifier for each object type. */ static void -ckmk_FetchHashKey -( - ckmkInternalObject *io -) +ckmk_FetchHashKey( + ckmkInternalObject *io) { - NSSItem *key = &io->hashKey; - - if (io->objClass == CKO_CERTIFICATE) { - ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, - PR_TRUE, key, "Fetching HashKey (cert)"); - } else { - ckmk_GetCommonAttribute(io, kSecKeyLabel, - PR_FALSE, key, "Fetching HashKey (key)"); - } + NSSItem *key = &io->hashKey; + + if (io->objClass == CKO_CERTIFICATE) { + ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, + PR_TRUE, key, "Fetching HashKey (cert)"); + } + else { + ckmk_GetCommonAttribute(io, kSecKeyLabel, + PR_FALSE, key, "Fetching HashKey (key)"); + } } /* * Apple mucks with the actual subject and issuer, so go fetch * the real ones ourselves. */ -static void -ckmk_fetchCert -( - ckmkInternalObject *io -) +static void +ckmk_fetchCert( + ckmkInternalObject *io) { - CK_RV error; - unsigned char * cert, *next; - int certSize, thisEntrySize; + CK_RV error; + unsigned char *cert, *next; + int certSize, thisEntrySize; + + error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, + &io->u.item.derCert, "Fetching Value (cert)"); + if (CKR_OK != error) { + return; + } + /* unwrap the cert bundle */ + cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, + io->u.item.derCert.size, + &certSize, NULL); + /* unwrap the cert itself */ + /* cert == certdata */ + cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); + + /* skip the optional version */ + if ((cert[0] & 0xa0) == 0xa0) { + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + } + /* skip the serial number */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; - error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, - &io->u.item.derCert, "Fetching Value (cert)"); - if (CKR_OK != error) { - return; - } - /* unwrap the cert bundle */ - cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, - io->u.item.derCert.size, - &certSize, NULL); - /* unwrap the cert itself */ - /* cert == certdata */ - cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); - - /* skip the optional version */ - if ((cert[0] & 0xa0) == 0xa0) { + /* skip the OID */ nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); certSize -= next - cert; cert = next; - } - /* skip the serial number */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* skip the OID */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* save the (wrapped) issuer */ - io->u.item.issuer.data = cert; - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - io->u.item.issuer.size = next - cert; - certSize -= io->u.item.issuer.size; - cert = next; - - /* skip the OID */ - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - certSize -= next - cert; - cert = next; - - /* save the (wrapped) subject */ - io->u.item.subject.data = cert; - nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); - io->u.item.subject.size = next - cert; - certSize -= io->u.item.subject.size; - cert = next; + + /* save the (wrapped) issuer */ + io->u.item.issuer.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.issuer.size = next - cert; + certSize -= io->u.item.issuer.size; + cert = next; + + /* skip the OID */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + + /* save the (wrapped) subject */ + io->u.item.subject.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.subject.size = next - cert; + certSize -= io->u.item.subject.size; + cert = next; } -static void -ckmk_fetchModulus -( - ckmkInternalObject *io -) +static void +ckmk_fetchModulus( + ckmkInternalObject *io) { - NSSItem item; - PRInt32 modLen; - CK_RV error; - - /* we can't reliably get the modulus for private keys through CSSM (sigh). - * For NSS this is OK because we really only use this to get the modulus - * length (unless we are trying to get a public key from a private keys, - * something CSSM ALSO does not do!). - */ - error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, - "Key Fetch Modulus"); - if (CKR_OK != error) { - return; - } + NSSItem item; + PRInt32 modLen; + CK_RV error; + + /* we can't reliably get the modulus for private keys through CSSM (sigh). + * For NSS this is OK because we really only use this to get the modulus + * length (unless we are trying to get a public key from a private keys, + * something CSSM ALSO does not do!). + */ + error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, + "Key Fetch Modulus"); + if (CKR_OK != error) { + return; + } - modLen = *(PRInt32 *)item.data; - modLen = modLen/8; /* convert from bits to bytes */ + modLen = *(PRInt32 *)item.data; + modLen = modLen / 8; /* convert from bits to bytes */ - nss_ZFreeIf(item.data); - io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); - if (NULL == io->u.item.modulus.data) { - return; - } - *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will + nss_ZFreeIf(item.data); + io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); + if (NULL == io->u.item.modulus.data) { + return; + } + *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will * drop the first byte */ - io->u.item.modulus.size = modLen; - return; + io->u.item.modulus.size = modLen; + return; } const NSSItem * -ckmk_FetchCertAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchCertAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - switch(type) { - case CKA_CLASS: - return &ckmk_certClassItem; - case CKA_TOKEN: - case CKA_MODIFIABLE: - return &ckmk_trueItem; - case CKA_PRIVATE: - return &ckmk_falseItem; - case CKA_CERTIFICATE_TYPE: - return &ckmk_x509Item; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, - "Cert:Label attr") - case CKA_SUBJECT: - /* OK, well apple does provide an subject and issuer attribute, but they - * decided to cannonicalize that value. Probably a good move for them, - * but makes it useless for most users of PKCS #11.. Get the real subject - * from the certificate */ - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->subject; - case CKA_ISSUER: - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->issuer; - case CKA_SERIAL_NUMBER: - CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, - "Cert:Serial Number attr") - case CKA_VALUE: - if (0 == item->derCert.size) { - ckmk_fetchCert(io); - } - return &item->derCert; - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, - "Cert:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - break; - } - return NULL; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + switch (type) { + case CKA_CLASS: + return &ckmk_certClassItem; + case CKA_TOKEN: + case CKA_MODIFIABLE: + return &ckmk_trueItem; + case CKA_PRIVATE: + return &ckmk_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckmk_x509Item; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, + "Cert:Label attr") + case CKA_SUBJECT: + /* OK, well apple does provide an subject and issuer attribute, but they + * decided to cannonicalize that value. Probably a good move for them, + * but makes it useless for most users of PKCS #11.. Get the real subject + * from the certificate */ + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->subject; + case CKA_ISSUER: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->issuer; + case CKA_SERIAL_NUMBER: + CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, + "Cert:Serial Number attr") + case CKA_VALUE: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->derCert; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, + "Cert:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; } const NSSItem * -ckmk_FetchPubKeyAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchPubKeyAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - - switch(type) { - case CKA_CLASS: - return &ckmk_pubKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - return &ckmk_trueItem; - case CKA_KEY_TYPE: - return &ckmk_rsaItem; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, - "PubKey:Label attr") - case CKA_ENCRYPT: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, - "PubKey:Encrypt attr") - case CKA_VERIFY: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, - "PubKey:Verify attr") - case CKA_VERIFY_RECOVER: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, - item, *pError, "PubKey:VerifyRecover attr") - case CKA_PRIVATE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, - "PubKey:Private attr") - case CKA_MODIFIABLE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, - "PubKey:Modify attr") - case CKA_DERIVE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, - "PubKey:Derive attr") - case CKA_WRAP: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, - "PubKey:Wrap attr") - case CKA_SUBJECT: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, - "PubKey:Subect attr") - case CKA_MODULUS: - return &ckmk_emptyItem; - case CKA_PUBLIC_EXPONENT: - return &ckmk_emptyItem; - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, - "PubKey:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - break; - } - return NULL; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch (type) { + case CKA_CLASS: + return &ckmk_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PubKey:Label attr") + case CKA_ENCRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, + "PubKey:Encrypt attr") + case CKA_VERIFY: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, + "PubKey:Verify attr") + case CKA_VERIFY_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, + item, *pError, "PubKey:VerifyRecover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PubKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PubKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PubKey:Derive attr") + case CKA_WRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, + "PubKey:Wrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PubKey:Subect attr") + case CKA_MODULUS: + return &ckmk_emptyItem; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PubKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; } const NSSItem * -ckmk_FetchPrivKeyAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +ckmk_FetchPrivKeyAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - ckmkItemObject *item = &io->u.item; - *pError = CKR_OK; - - switch(type) { - case CKA_CLASS: - return &ckmk_privKeyClassItem; - case CKA_TOKEN: - case CKA_LOCAL: - return &ckmk_trueItem; - case CKA_SENSITIVE: - case CKA_EXTRACTABLE: /* will probably move in the future */ - case CKA_ALWAYS_SENSITIVE: - case CKA_NEVER_EXTRACTABLE: - return &ckmk_falseItem; - case CKA_KEY_TYPE: - return &ckmk_rsaItem; - case CKA_LABEL: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, - "PrivateKey:Label attr") - case CKA_DECRYPT: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, - "PrivateKey:Decrypt attr") - case CKA_SIGN: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, - "PrivateKey:Sign attr") - case CKA_SIGN_RECOVER: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, - "PrivateKey:Sign Recover attr") - case CKA_PRIVATE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, - "PrivateKey:Private attr") - case CKA_MODIFIABLE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, - "PrivateKey:Modify attr") - case CKA_DERIVE: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, - "PrivateKey:Derive attr") - case CKA_UNWRAP: - CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, - "PrivateKey:Unwrap attr") - case CKA_SUBJECT: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, - "PrivateKey:Subject attr") - case CKA_MODULUS: - if (0 == item->modulus.size) { - ckmk_fetchModulus(io); - } - return &item->modulus; - case CKA_PUBLIC_EXPONENT: - return &ckmk_emptyItem; + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch (type) { + case CKA_CLASS: + return &ckmk_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_SENSITIVE: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckmk_falseItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PrivateKey:Label attr") + case CKA_DECRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, + "PrivateKey:Decrypt attr") + case CKA_SIGN: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, + "PrivateKey:Sign attr") + case CKA_SIGN_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, + "PrivateKey:Sign Recover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PrivateKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PrivateKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PrivateKey:Derive attr") + case CKA_UNWRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, + "PrivateKey:Unwrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PrivateKey:Subject attr") + case CKA_MODULUS: + if (0 == item->modulus.size) { + ckmk_fetchModulus(io); + } + return &item->modulus; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; #ifdef notdef - /* the following are sensitive attributes. We could implement them for - * sensitive keys using the key export function, but it's better to - * just support wrap through this token. That will more reliably allow us - * to export any private key that is truly exportable. - */ - case CKA_PRIVATE_EXPONENT: - CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, - item, *pError) - case CKA_PRIME_1: - CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) - case CKA_PRIME_2: - CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) - case CKA_EXPONENT_1: - CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) - case CKA_EXPONENT_2: - CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) - case CKA_COEFFICIENT: - CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, - item, *pError) + /* the following are sensitive attributes. We could implement them for + * sensitive keys using the key export function, but it's better to + * just support wrap through this token. That will more reliably allow us + * to export any private key that is truly exportable. + */ + case CKA_PRIVATE_EXPONENT: + CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, + item, *pError) + case CKA_PRIME_1: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) + case CKA_PRIME_2: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) + case CKA_EXPONENT_1: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) + case CKA_EXPONENT_2: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) + case CKA_COEFFICIENT: + CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, + item, *pError) #endif - case CKA_ID: - CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, - "PrivateKey:ID attr") - default: - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return NULL; - } + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PrivateKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } } const NSSItem * -nss_ckmk_FetchAttribute -( - ckmkInternalObject *io, - CK_ATTRIBUTE_TYPE type, - CK_RV *pError -) +nss_ckmk_FetchAttribute( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError) { - CK_ULONG i; - const NSSItem * value = NULL; - - if (io->type == ckmkRaw) { - for( i = 0; i < io->u.raw.n; i++ ) { - if( type == io->u.raw.types[i] ) { - return &io->u.raw.items[i]; - } + CK_ULONG i; + const NSSItem *value = NULL; + + if (io->type == ckmkRaw) { + for (i = 0; i < io->u.raw.n; i++) { + if (type == io->u.raw.types[i]) { + return &io->u.raw.items[i]; + } + } + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + value = ckmk_FetchCertAttribute(io, type, pError); + break; + case CKO_PRIVATE_KEY: + value = ckmk_FetchPrivKeyAttribute(io, type, pError); + break; + case CKO_PUBLIC_KEY: + value = ckmk_FetchPubKeyAttribute(io, type, pError); + break; + default: + *pError = CKR_OBJECT_HANDLE_INVALID; + return NULL; } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return NULL; - } - /* deal with the common attributes */ - switch (io->objClass) { - case CKO_CERTIFICATE: - value = ckmk_FetchCertAttribute(io, type, pError); - break; - case CKO_PRIVATE_KEY: - value = ckmk_FetchPrivKeyAttribute(io, type, pError); - break; - case CKO_PUBLIC_KEY: - value = ckmk_FetchPubKeyAttribute(io, type, pError); - break; - default: - *pError = CKR_OBJECT_HANDLE_INVALID; - return NULL; - } #ifdef DEBUG - if (CKA_ID == type) { - itemdump("id: ", value->data, value->size, *pError); - } + if (CKA_ID == type) { + itemdump("id: ", value->data, value->size, *pError); + } #endif - return value; + return value; } -static void -ckmk_removeObjectFromHash -( - ckmkInternalObject *io -); +static void +ckmk_removeObjectFromHash( + ckmkInternalObject *io); /* * * These are the MSObject functions we need to implement * * Finalize - unneeded (actually we should clean up the hashtables) - * Destroy + * Destroy * IsTokenObject - CK_TRUE * GetAttributeCount * GetAttributeTypes @@ -910,541 +888,516 @@ ckmk_removeObjectFromHash */ static CK_RV -ckmk_mdObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - OSStatus macErr; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + OSStatus macErr; - if (ckmkRaw == io->type) { - /* there is not 'object write protected' error, use the next best thing */ - return CKR_TOKEN_WRITE_PROTECTED; - } + if (ckmkRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; + } - /* This API is done well. The following 4 lines are the complete apple - * specific part of this implementation */ - macErr = SecKeychainItemDelete(io->u.item.itemRef); - if (noErr != macErr) { - CKMK_MACERR("Delete object", macErr); - } + /* This API is done well. The following 4 lines are the complete apple + * specific part of this implementation */ + macErr = SecKeychainItemDelete(io->u.item.itemRef); + if (noErr != macErr) { + CKMK_MACERR("Delete object", macErr); + } - /* remove it from the hash */ - ckmk_removeObjectFromHash(io); + /* remove it from the hash */ + ckmk_removeObjectFromHash(io); - /* free the puppy.. */ - nss_ckmk_DestroyInternalObject(io); + /* free the puppy.. */ + nss_ckmk_DestroyInternalObject(io); - return CKR_OK; + return CKR_OK; } static CK_BBOOL -ckmk_mdObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_ULONG -ckmk_mdObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - - if (ckmkRaw == io->type) { - return io->u.raw.n; - } - switch (io->objClass) { - case CKO_CERTIFICATE: - return certAttrsCount; - case CKO_PUBLIC_KEY: - return pubKeyAttrsCount; - case CKO_PRIVATE_KEY: - return privKeyAttrsCount; - default: - break; - } - return 0; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + + if (ckmkRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; } static CK_RV -ckmk_mdObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +ckmk_mdObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - CK_ULONG i; - CK_RV error = CKR_OK; - const CK_ATTRIBUTE_TYPE *attrs = NULL; - CK_ULONG size = ckmk_mdObject_GetAttributeCount( - mdObject, fwObject, mdSession, fwSession, - mdToken, fwToken, mdInstance, fwInstance, &error); - - if( size != ulCount ) { - return CKR_BUFFER_TOO_SMALL; - } - if (io->type == ckmkRaw) { - attrs = io->u.raw.types; - } else switch(io->objClass) { - case CKO_CERTIFICATE: - attrs = certAttrs; - break; - case CKO_PUBLIC_KEY: - attrs = pubKeyAttrs; - break; - case CKO_PRIVATE_KEY: - attrs = privKeyAttrs; - break; - default: - return CKR_OK; - } - - for( i = 0; i < size; i++) { - typeArray[i] = attrs[i]; - } - - return CKR_OK; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckmk_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if (size != ulCount) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckmkRaw) { + attrs = io->u.raw.types; + } + else + switch (io->objClass) { + case CKO_CERTIFICATE: + attrs = + certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = + pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = + privKeyAttrs; + break; + default: + return CKR_OK; + } + + for (i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; } static CK_ULONG -ckmk_mdObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckmk_mdObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - const NSSItem *b; + const NSSItem *b; - b = nss_ckmk_FetchAttribute(io, attribute, pError); + b = nss_ckmk_FetchAttribute(io, attribute, pError); - if ((const NSSItem *)NULL == b) { - return 0; - } - return b->size; + if ((const NSSItem *)NULL == b) { + return 0; + } + return b->size; } static CK_RV -ckmk_mdObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +ckmk_mdObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - SecKeychainItemRef itemRef; - - if (io->type == ckmkRaw) { - return CKR_TOKEN_WRITE_PROTECTED; - } - itemRef = io->u.item.itemRef; - - switch (io->objClass) { - case CKO_PRIVATE_KEY: - case CKO_PUBLIC_KEY: - switch (attribute) { - case CKA_ID: - ckmk_updateAttribute(itemRef, kSecKeyLabel, - value->data, value->size, "Set Attr Key ID"); + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + SecKeychainItemRef itemRef; + + if (io->type == ckmkRaw) { + return CKR_TOKEN_WRITE_PROTECTED; + } + itemRef = io->u.item.itemRef; + + switch (io->objClass) { + case CKO_PRIVATE_KEY: + case CKO_PUBLIC_KEY: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecKeyLabel, + value->data, value->size, "Set Attr Key ID"); #ifdef DEBUG - itemdump("key id: ", value->data, value->size, CKR_OK); + itemdump("key id: ", value->data, value->size, CKR_OK); #endif - break; - case CKA_LABEL: - ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, - value->size, "Set Attr Key Label"); - break; - default: - break; - } - break; - - case CKO_CERTIFICATE: - switch (attribute) { - case CKA_ID: - ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, - value->data, value->size, "Set Attr Cert ID"); - break; - case CKA_LABEL: - ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, - value->size, "Set Attr Cert Label"); - break; - default: - break; - } - break; - - default: - break; - } - return CKR_OK; + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, + value->size, "Set Attr Key Label"); + break; + default: + break; + } + break; + + case CKO_CERTIFICATE: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + value->data, value->size, "Set Attr Cert ID"); + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, + value->size, "Set Attr Cert Label"); + break; + default: + break; + } + break; + + default: + break; + } + return CKR_OK; } static NSSCKFWItem -ckmk_mdObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +ckmk_mdObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem mdItem; - ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; - - mdItem.needsFreeing = PR_FALSE; - mdItem.item = (NSSItem*)nss_ckmk_FetchAttribute(io, attribute, pError); + NSSCKFWItem mdItem; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem *)nss_ckmk_FetchAttribute(io, attribute, pError); - return mdItem; + return mdItem; } static CK_ULONG -ckmk_mdObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - CK_ULONG rv = 1; + CK_ULONG rv = 1; - /* size is irrelevant to this token */ - return rv; + /* size is irrelevant to this token */ + return rv; } static const NSSCKMDObject -ckmk_prototype_mdObject = { - (void *)NULL, /* etc */ - NULL, /* Finalize */ - ckmk_mdObject_Destroy, - ckmk_mdObject_IsTokenObject, - ckmk_mdObject_GetAttributeCount, - ckmk_mdObject_GetAttributeTypes, - ckmk_mdObject_GetAttributeSize, - ckmk_mdObject_GetAttribute, - NULL, /* FreeAttribute */ - ckmk_mdObject_SetAttribute, - ckmk_mdObject_GetObjectSize, - (void *)NULL /* null terminator */ -}; + ckmk_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckmk_mdObject_Destroy, + ckmk_mdObject_IsTokenObject, + ckmk_mdObject_GetAttributeCount, + ckmk_mdObject_GetAttributeTypes, + ckmk_mdObject_GetAttributeSize, + ckmk_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckmk_mdObject_SetAttribute, + ckmk_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ + }; static nssHash *ckmkInternalObjectHash = NULL; NSS_IMPLEMENT NSSCKMDObject * -nss_ckmk_CreateMDObject -( - NSSArena *arena, - ckmkInternalObject *io, - CK_RV *pError -) +nss_ckmk_CreateMDObject( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError) { - if ((nssHash *)NULL == ckmkInternalObjectHash) { - ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); - } - if (ckmkItem == io->type) { - /* the hash key, not a cryptographic key */ - NSSItem *key = &io->hashKey; - ckmkInternalObject *old_o = NULL; + if ((nssHash *)NULL == ckmkInternalObjectHash) { + ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckmkItem == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckmkInternalObject *old_o = NULL; + + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + old_o = (ckmkInternalObject *) + nssHash_Lookup(ckmkInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckmkInternalObjectHash, key, io); + } + else if (old_o != io) { + nss_ckmk_DestroyInternalObject(io); + io = old_o; + } + } - if (key->size == 0) { - ckmk_FetchHashKey(io); - } - old_o = (ckmkInternalObject *) - nssHash_Lookup(ckmkInternalObjectHash, key); - if (!old_o) { - nssHash_Add(ckmkInternalObjectHash, key, io); - } else if (old_o != io) { - nss_ckmk_DestroyInternalObject(io); - io = old_o; - } - } - - if ( (void*)NULL == io->mdObject.etc) { - (void) nsslibc_memcpy(&io->mdObject,&ckmk_prototype_mdObject, - sizeof(ckmk_prototype_mdObject)); - io->mdObject.etc = (void *)io; - } - return &io->mdObject; + if ((void *)NULL == io->mdObject.etc) { + (void)nsslibc_memcpy(&io->mdObject, &ckmk_prototype_mdObject, + sizeof(ckmk_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; } static void -ckmk_removeObjectFromHash -( - ckmkInternalObject *io -) +ckmk_removeObjectFromHash( + ckmkInternalObject *io) { - NSSItem *key = &io->hashKey; + NSSItem *key = &io->hashKey; - if ((nssHash *)NULL == ckmkInternalObjectHash) { + if ((nssHash *)NULL == ckmkInternalObjectHash) { + return; + } + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + nssHash_Remove(ckmkInternalObjectHash, key); return; - } - if (key->size == 0) { - ckmk_FetchHashKey(io); - } - nssHash_Remove(ckmkInternalObjectHash, key); - return; } - void -nss_ckmk_DestroyInternalObject -( - ckmkInternalObject *io -) +nss_ckmk_DestroyInternalObject( + ckmkInternalObject *io) { - switch (io->type) { - case ckmkRaw: + switch (io->type) { + case ckmkRaw: + return; + case ckmkItem: + nss_ZFreeIf(io->u.item.modify.data); + nss_ZFreeIf(io->u.item.private.data); + nss_ZFreeIf(io->u.item.encrypt.data); + nss_ZFreeIf(io->u.item.decrypt.data); + nss_ZFreeIf(io->u.item.derive.data); + nss_ZFreeIf(io->u.item.sign.data); + nss_ZFreeIf(io->u.item.signRecover.data); + nss_ZFreeIf(io->u.item.verify.data); + nss_ZFreeIf(io->u.item.verifyRecover.data); + nss_ZFreeIf(io->u.item.wrap.data); + nss_ZFreeIf(io->u.item.unwrap.data); + nss_ZFreeIf(io->u.item.label.data); + /*nss_ZFreeIf(io->u.item.subject.data); */ + /*nss_ZFreeIf(io->u.item.issuer.data); */ + nss_ZFreeIf(io->u.item.serial.data); + nss_ZFreeIf(io->u.item.modulus.data); + nss_ZFreeIf(io->u.item.exponent.data); + nss_ZFreeIf(io->u.item.privateExponent.data); + nss_ZFreeIf(io->u.item.prime1.data); + nss_ZFreeIf(io->u.item.prime2.data); + nss_ZFreeIf(io->u.item.exponent1.data); + nss_ZFreeIf(io->u.item.exponent2.data); + nss_ZFreeIf(io->u.item.coefficient.data); + break; + } + nss_ZFreeIf(io); return; - case ckmkItem: - nss_ZFreeIf(io->u.item.modify.data); - nss_ZFreeIf(io->u.item.private.data); - nss_ZFreeIf(io->u.item.encrypt.data); - nss_ZFreeIf(io->u.item.decrypt.data); - nss_ZFreeIf(io->u.item.derive.data); - nss_ZFreeIf(io->u.item.sign.data); - nss_ZFreeIf(io->u.item.signRecover.data); - nss_ZFreeIf(io->u.item.verify.data); - nss_ZFreeIf(io->u.item.verifyRecover.data); - nss_ZFreeIf(io->u.item.wrap.data); - nss_ZFreeIf(io->u.item.unwrap.data); - nss_ZFreeIf(io->u.item.label.data); - /*nss_ZFreeIf(io->u.item.subject.data); */ - /*nss_ZFreeIf(io->u.item.issuer.data); */ - nss_ZFreeIf(io->u.item.serial.data); - nss_ZFreeIf(io->u.item.modulus.data); - nss_ZFreeIf(io->u.item.exponent.data); - nss_ZFreeIf(io->u.item.privateExponent.data); - nss_ZFreeIf(io->u.item.prime1.data); - nss_ZFreeIf(io->u.item.prime2.data); - nss_ZFreeIf(io->u.item.exponent1.data); - nss_ZFreeIf(io->u.item.exponent2.data); - nss_ZFreeIf(io->u.item.coefficient.data); - break; - } - nss_ZFreeIf(io); - return; } - static ckmkInternalObject * -nss_ckmk_NewInternalObject -( - CK_OBJECT_CLASS objClass, - SecKeychainItemRef itemRef, - SecItemClass itemClass, - CK_RV *pError -) +nss_ckmk_NewInternalObject( + CK_OBJECT_CLASS objClass, + SecKeychainItemRef itemRef, + SecItemClass itemClass, + CK_RV *pError) { - ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); + ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); - if ((ckmkInternalObject *)NULL == io) { - *pError = CKR_HOST_MEMORY; + if ((ckmkInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + return io; + } + io->type = ckmkItem; + io->objClass = objClass; + io->u.item.itemRef = itemRef; + io->u.item.itemClass = itemClass; return io; - } - io->type = ckmkItem; - io->objClass = objClass; - io->u.item.itemRef = itemRef; - io->u.item.itemClass = itemClass; - return io; } /* - * Apple doesn't alway have a default keyChain set by the OS, use the + * Apple doesn't alway have a default keyChain set by the OS, use the * SearchList to try to find one. */ static CK_RV -ckmk_GetSafeDefaultKeychain -( - SecKeychainRef *keychainRef -) +ckmk_GetSafeDefaultKeychain( + SecKeychainRef *keychainRef) { - OSStatus macErr; - CFArrayRef searchList = 0; - CK_RV error = CKR_OK; - - macErr = SecKeychainCopyDefault(keychainRef); - if (noErr != macErr) { - int searchCount = 0; - if (errSecNoDefaultKeychain != macErr) { - CKMK_MACERR("Getting default key chain", macErr); - error = CKR_GENERAL_ERROR; - goto loser; - } - /* ok, we don't have a default key chain, find one */ - macErr = SecKeychainCopySearchList(&searchList); + OSStatus macErr; + CFArrayRef searchList = 0; + CK_RV error = CKR_OK; + + macErr = SecKeychainCopyDefault(keychainRef); if (noErr != macErr) { - CKMK_MACERR("failed to find a keyring searchList", macErr); - error = CKR_DEVICE_REMOVED; - goto loser; - } - searchCount = CFArrayGetCount(searchList); - if (searchCount < 1) { - error = CKR_DEVICE_REMOVED; - goto loser; - } - *keychainRef = - (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); - if (0 == *keychainRef) { - error = CKR_DEVICE_REMOVED; - goto loser; - } - /* should we set it as default? */ - } + int searchCount = 0; + if (errSecNoDefaultKeychain != macErr) { + CKMK_MACERR("Getting default key chain", macErr); + error = CKR_GENERAL_ERROR; + goto loser; + } + /* ok, we don't have a default key chain, find one */ + macErr = SecKeychainCopySearchList(&searchList); + if (noErr != macErr) { + CKMK_MACERR("failed to find a keyring searchList", macErr); + error = CKR_DEVICE_REMOVED; + goto loser; + } + searchCount = CFArrayGetCount(searchList); + if (searchCount < 1) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + *keychainRef = + (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); + if (0 == *keychainRef) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + /* should we set it as default? */ + } loser: - if (0 != searchList) { - CFRelease(searchList); - } - return error; + if (0 != searchList) { + CFRelease(searchList); + } + return error; } static ckmkInternalObject * -nss_ckmk_CreateCertificate -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreateCertificate( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem value; - ckmkInternalObject *io = NULL; - OSStatus macErr; - SecCertificateRef certRef; - SecKeychainItemRef itemRef; - SecKeychainRef keychainRef; - CSSM_DATA certData; - - *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, - ulAttributeCount, &value); - if (CKR_OK != *pError) { - goto loser; - } - - certData.Data = value.data; - certData.Length = value.size; - macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_BER, &certRef); - if (noErr != macErr) { - CKMK_MACERR("Create cert from data Failed", macErr); - *pError = CKR_GENERAL_ERROR; /* need to map macErr */ - goto loser; - } - - *pError = ckmk_GetSafeDefaultKeychain(&keychainRef); - if (CKR_OK != *pError) { - goto loser; - } - - macErr = SecCertificateAddToKeychain( certRef, keychainRef); - itemRef = (SecKeychainItemRef) certRef; - if (errSecDuplicateItem != macErr) { - NSSItem keyID = { NULL, 0 }; - char *nickname = NULL; - CK_RV dummy; + NSSItem value; + ckmkInternalObject *io = NULL; + OSStatus macErr; + SecCertificateRef certRef; + SecKeychainItemRef itemRef; + SecKeychainRef keychainRef; + CSSM_DATA certData; + + *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + if (CKR_OK != *pError) { + goto loser; + } + certData.Data = value.data; + certData.Length = value.size; + macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_BER, &certRef); if (noErr != macErr) { - CKMK_MACERR("Add cert to keychain Failed", macErr); - *pError = CKR_GENERAL_ERROR; /* need to map macErr */ - goto loser; - } - /* these two are optional */ - nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &dummy); - /* we've added a new one, update the attributes in the key ring */ - if (nickname) { - ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, - strlen(nickname)+1, "Modify Cert Label"); - nss_ZFreeIf(nickname); + CKMK_MACERR("Create cert from data Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; } - dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, - ulAttributeCount, &keyID); - if (CKR_OK == dummy) { - dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, - keyID.data, keyID.size, "Modify Cert ID"); + + *pError = ckmk_GetSafeDefaultKeychain(&keychainRef); + if (CKR_OK != *pError) { + goto loser; } - } - io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, - kSecCertificateItemClass, pError); - if ((ckmkInternalObject *)NULL != io) { - itemRef = 0; - } + macErr = SecCertificateAddToKeychain(certRef, keychainRef); + itemRef = (SecKeychainItemRef)certRef; + if (errSecDuplicateItem != macErr) { + NSSItem keyID = { NULL, 0 }; + char *nickname = NULL; + CK_RV dummy; + + if (noErr != macErr) { + CKMK_MACERR("Add cert to keychain Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; + } + /* these two are optional */ + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + /* we've added a new one, update the attributes in the key ring */ + if (nickname) { + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, + strlen(nickname) + 1, "Modify Cert Label"); + nss_ZFreeIf(nickname); + } + dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK == dummy) { + dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + keyID.data, keyID.size, "Modify Cert ID"); + } + } + + io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, + kSecCertificateItemClass, pError); + if ((ckmkInternalObject *)NULL != io) { + itemRef = 0; + } loser: - if (0 != itemRef) { - CFRelease(itemRef); - } - if (0 != keychainRef) { - CFRelease(keychainRef); - } - - return io; + if (0 != itemRef) { + CFRelease(itemRef); + } + if (0 != keychainRef) { + CFRelease(keychainRef); + } + + return io; } /* @@ -1457,8 +1410,8 @@ struct ckmk_AttributeStr { typedef struct ckmk_AttributeStr ckmk_Attribute; /* -** A PKCS#8 private key info object -*/ + ** A PKCS#8 private key info object + */ struct PrivateKeyInfoStr { PLArenaPool *arena; SECItem version; @@ -1470,23 +1423,23 @@ typedef struct PrivateKeyInfoStr PrivateKeyInfo; const SEC_ASN1Template ckmk_RSAPrivateKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,version) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,modulus) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,publicExponent) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,privateExponent) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime1) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime2) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent1) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent2) }, - { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,coefficient) }, - { 0 } -}; + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, modulus) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, publicExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, privateExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient) }, + { 0 } +}; const SEC_ASN1Template ckmk_AttributeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute) }, { SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType) }, - { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), - SEC_AnyTemplate }, + { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), + SEC_AnyTemplate }, { 0 } }; @@ -1499,91 +1452,89 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) /* ASN1 Templates for new decoder/encoder */ const SEC_ASN1Template ckmk_PrivateKeyInfoTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo) }, - { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo,version) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo,algorithm), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo,privateKey) }, + { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo, version) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo, algorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo, privateKey) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, + offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, { 0 } }; #define CKMK_PRIVATE_KEY_INFO_VERSION 0 static CK_RV -ckmk_CreateRSAKeyBlob -( - RSAPrivateKey *lk, - NSSItem *keyBlob -) +ckmk_CreateRSAKeyBlob( + RSAPrivateKey *lk, + NSSItem *keyBlob) { - PrivateKeyInfo *pki = NULL; - PLArenaPool *arena = NULL; - SECOidTag algorithm = SEC_OID_UNKNOWN; - void *dummy; - SECStatus rv; - SECItem *encodedKey = NULL; - CK_RV error = CKR_OK; - - arena = PORT_NewArena(2048); /* XXX different size? */ - if(!arena) { - error = CKR_HOST_MEMORY; - goto loser; - } - - pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); - if(!pki) { - error = CKR_HOST_MEMORY; - goto loser; - } - pki->arena = arena; - - dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, - ckmk_RSAPrivateKeyTemplate); - algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; - - if (!dummy) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, - (SECItem*)NULL); - if (rv != SECSuccess) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, &pki->version, - CKMK_PRIVATE_KEY_INFO_VERSION); - if (!dummy) { - error = CKR_DEVICE_ERROR; /* should map NSS SECError */ - goto loser; - } - - encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, - ckmk_PrivateKeyInfoTemplate); - if (!encodedKey) { - error = CKR_DEVICE_ERROR; - goto loser; - } - - keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); - if (NULL == keyBlob->data) { - error = CKR_HOST_MEMORY; - goto loser; - } - nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); - keyBlob->size = encodedKey->len; + PrivateKeyInfo *pki = NULL; + PLArenaPool *arena = NULL; + SECOidTag algorithm = SEC_OID_UNKNOWN; + void *dummy; + SECStatus rv; + SECItem *encodedKey = NULL; + CK_RV error = CKR_OK; + + arena = PORT_NewArena(2048); /* XXX different size? */ + if (!arena) { + error = CKR_HOST_MEMORY; + goto loser; + } + + pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); + if (!pki) { + error = CKR_HOST_MEMORY; + goto loser; + } + pki->arena = arena; + + dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, + ckmk_RSAPrivateKeyTemplate); + algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; + + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, + (SECItem *)NULL); + if (rv != SECSuccess) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + dummy = SEC_ASN1EncodeInteger(arena, &pki->version, + CKMK_PRIVATE_KEY_INFO_VERSION); + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, + ckmk_PrivateKeyInfoTemplate); + if (!encodedKey) { + error = CKR_DEVICE_ERROR; + goto loser; + } + + keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); + if (NULL == keyBlob->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); + keyBlob->size = encodedKey->len; loser: - if(arena) { - PORT_FreeArena(arena, PR_TRUE); - } - if (encodedKey) { - SECITEM_FreeItem(encodedKey, PR_TRUE); - } - - return error; + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } + if (encodedKey) { + SECITEM_FreeItem(encodedKey, PR_TRUE); + } + + return error; } /* * There MUST be a better way to do this. For now, find the key based on the @@ -1591,334 +1542,327 @@ loser: */ #define IMPORTED_NAME "Imported Private Key" static CK_RV -ckmk_FindImportedKey -( - SecKeychainRef keychainRef, - SecItemClass itemClass, - SecKeychainItemRef *outItemRef -) +ckmk_FindImportedKey( + SecKeychainRef keychainRef, + SecItemClass itemClass, + SecKeychainItemRef *outItemRef) { - OSStatus macErr; - SecKeychainSearchRef searchRef = 0; - SecKeychainItemRef newItemRef; - - macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, - NULL, &searchRef); - if (noErr != macErr) { - CKMK_MACERR("Can't search for Key", macErr); - return CKR_GENERAL_ERROR; - } - while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttributeInfo attrInfo; - SecItemAttr itemAttr = kSecKeyPrintName; - PRUint32 attrFormat = 0; OSStatus macErr; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef newItemRef; - attrInfo.count = 1; - attrInfo.tag = &itemAttr; - attrInfo.format = &attrFormat; - - macErr = SecKeychainItemCopyAttributesAndData(newItemRef, - &attrInfo, NULL, &attrList, NULL, NULL); - if (noErr == macErr) { - if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, - attrList->attr->length, NULL) == 0) { - *outItemRef = newItemRef; - CFRelease (searchRef); - SecKeychainItemFreeAttributesAndData(attrList, NULL); - return CKR_OK; - } - SecKeychainItemFreeAttributesAndData(attrList, NULL); - } - CFRelease(newItemRef); - } - CFRelease (searchRef); - return CKR_GENERAL_ERROR; /* we can come up with something better! */ + macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, + NULL, &searchRef); + if (noErr != macErr) { + CKMK_MACERR("Can't search for Key", macErr); + return CKR_GENERAL_ERROR; + } + while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + SecItemAttr itemAttr = kSecKeyPrintName; + PRUint32 attrFormat = 0; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(newItemRef, + &attrInfo, NULL, &attrList, NULL, NULL); + if (noErr == macErr) { + if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, + attrList->attr->length, NULL) == 0) { + *outItemRef = newItemRef; + CFRelease(searchRef); + SecKeychainItemFreeAttributesAndData(attrList, NULL); + return CKR_OK; + } + SecKeychainItemFreeAttributesAndData(attrList, NULL); + } + CFRelease(newItemRef); + } + CFRelease(searchRef); + return CKR_GENERAL_ERROR; /* we can come up with something better! */ } static ckmkInternalObject * -nss_ckmk_CreatePrivateKey -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreatePrivateKey( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSItem attribute; - RSAPrivateKey lk; - NSSItem keyID; - char *nickname = NULL; - ckmkInternalObject *io = NULL; - CK_KEY_TYPE keyType; - OSStatus macErr; - SecKeychainItemRef itemRef = 0; - NSSItem keyBlob = { NULL, 0 }; - CFDataRef dataRef = 0; - SecExternalFormat inputFormat = kSecFormatBSAFE; - /*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ - SecExternalItemType itemType = kSecItemTypePrivateKey; - SecKeyImportExportParameters keyParams ; - SecKeychainRef targetKeychain = 0; - unsigned char zero = 0; - CK_RV error; - - keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - keyParams.flags = 0; - keyParams.passphrase = 0; - keyParams.alertTitle = 0; - keyParams.alertPrompt = 0; - keyParams.accessRef = 0; /* default */ - keyParams.keyUsage = 0; /* will get filled in */ - keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ - keyType = nss_ckmk_GetULongAttribute - (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - if (CKK_RSA != keyType) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (ckmkInternalObject *)NULL; - } - if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; - } - if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; - } - if (nss_ckmk_GetBoolAttribute(CKA_SIGN, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyUsage |= CSSM_KEYUSE_SIGN; - } - if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, - pTemplate, ulAttributeCount, CK_FALSE)) { - keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; - } - if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; - } - if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, - pTemplate, ulAttributeCount, CK_TRUE)) { - keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; - } - - lk.version.type = siUnsignedInteger; - lk.version.data = &zero; - lk.version.len = 1; - - *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.modulus.type = siUnsignedInteger; - lk.modulus.data = attribute.data; - lk.modulus.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.publicExponent.type = siUnsignedInteger; - lk.publicExponent.data = attribute.data; - lk.publicExponent.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.privateExponent.type = siUnsignedInteger; - lk.privateExponent.data = attribute.data; - lk.privateExponent.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.prime1.type = siUnsignedInteger; - lk.prime1.data = attribute.data; - lk.prime1.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.prime2.type = siUnsignedInteger; - lk.prime2.data = attribute.data; - lk.prime2.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.exponent1.type = siUnsignedInteger; - lk.exponent1.data = attribute.data; - lk.exponent1.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.exponent2.type = siUnsignedInteger; - lk.exponent2.data = attribute.data; - lk.exponent2.len = attribute.size; - - *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, - ulAttributeCount, &attribute); - if (CKR_OK != *pError) { - return (ckmkInternalObject *)NULL; - } - lk.coefficient.type = siUnsignedInteger; - lk.coefficient.data = attribute.data; - lk.coefficient.len = attribute.size; - - /* ASN1 Encode the pkcs8 structure... look at softoken to see how this - * is done... */ - error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob); - if (CKR_OK != error) { - goto loser; - } - - dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size); - if (0 == dataRef) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); - if (CKR_OK != *pError) { - goto loser; - } - - - /* the itemArray that is returned is useless. the item does not - * is 'not on the key chain' so none of the modify calls work on it. - * It also has a key that isn't the same key as the one in the actual - * key chain. In short it isn't the item we want, and it gives us zero - * information about the item we want, so don't even bother with it... - */ - macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, - &keyParams, targetKeychain, NULL); - if (noErr != macErr) { - CKMK_MACERR("Import Private Key", macErr); - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - *pError = ckmk_FindImportedKey(targetKeychain, - CSSM_DL_DB_RECORD_PRIVATE_KEY, - &itemRef); - if (CKR_OK != *pError) { + NSSItem attribute; + RSAPrivateKey lk; + NSSItem keyID; + char *nickname = NULL; + ckmkInternalObject *io = NULL; + CK_KEY_TYPE keyType; + OSStatus macErr; + SecKeychainItemRef itemRef = 0; + NSSItem keyBlob = { NULL, 0 }; + CFDataRef dataRef = 0; + SecExternalFormat inputFormat = kSecFormatBSAFE; + /*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ + SecExternalItemType itemType = kSecItemTypePrivateKey; + SecKeyImportExportParameters keyParams; + SecKeychainRef targetKeychain = 0; + unsigned char zero = 0; + CK_RV error; + + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; + keyParams.flags = 0; + keyParams.passphrase = 0; + keyParams.alertTitle = 0; + keyParams.alertPrompt = 0; + keyParams.accessRef = 0; /* default */ + keyParams.keyUsage = 0; /* will get filled in */ + keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ + keyType = nss_ckmk_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckmkInternalObject *)NULL; + } + if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; + } + if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; + } + if (nss_ckmk_GetBoolAttribute(CKA_SIGN, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_SIGN; + } + if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, + pTemplate, ulAttributeCount, CK_FALSE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; + } + + lk.version.type = siUnsignedInteger; + lk.version.data = &zero; + lk.version.len = 1; + + *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.modulus.type = siUnsignedInteger; + lk.modulus.data = attribute.data; + lk.modulus.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.publicExponent.type = siUnsignedInteger; + lk.publicExponent.data = attribute.data; + lk.publicExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.privateExponent.type = siUnsignedInteger; + lk.privateExponent.data = attribute.data; + lk.privateExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime1.type = siUnsignedInteger; + lk.prime1.data = attribute.data; + lk.prime1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime2.type = siUnsignedInteger; + lk.prime2.data = attribute.data; + lk.prime2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent1.type = siUnsignedInteger; + lk.exponent1.data = attribute.data; + lk.exponent1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent2.type = siUnsignedInteger; + lk.exponent2.data = attribute.data; + lk.exponent2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.coefficient.type = siUnsignedInteger; + lk.coefficient.data = attribute.data; + lk.coefficient.len = attribute.size; + + /* ASN1 Encode the pkcs8 structure... look at softoken to see how this + * is done... */ + error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob); + if (CKR_OK != error) { + goto loser; + } + + dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size); + if (0 == dataRef) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); + if (CKR_OK != *pError) { + goto loser; + } + + /* the itemArray that is returned is useless. the item does not + * is 'not on the key chain' so none of the modify calls work on it. + * It also has a key that isn't the same key as the one in the actual + * key chain. In short it isn't the item we want, and it gives us zero + * information about the item we want, so don't even bother with it... + */ + macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, + &keyParams, targetKeychain, NULL); + if (noErr != macErr) { + CKMK_MACERR("Import Private Key", macErr); + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = ckmk_FindImportedKey(targetKeychain, + CSSM_DL_DB_RECORD_PRIVATE_KEY, + &itemRef); + if (CKR_OK != *pError) { #ifdef DEBUG - fprintf(stderr,"couldn't find key in keychain \n"); + fprintf(stderr, "couldn't find key in keychain \n"); #endif - goto loser; - } - + goto loser; + } - /* set the CKA_ID and the CKA_LABEL */ - error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + /* set the CKA_ID and the CKA_LABEL */ + error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, ulAttributeCount, &keyID); - if (CKR_OK == error) { - error = ckmk_updateAttribute(itemRef, kSecKeyLabel, - keyID.data, keyID.size, "Modify Key ID"); + if (CKR_OK == error) { + error = ckmk_updateAttribute(itemRef, kSecKeyLabel, + keyID.data, keyID.size, "Modify Key ID"); #ifdef DEBUG - itemdump("key id: ", keyID.data, keyID.size, error); + itemdump("key id: ", keyID.data, keyID.size, error); #endif - } - nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, - ulAttributeCount, &error); - if (nickname) { - ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, - strlen(nickname)+1, "Modify Key Label"); - } else { + } + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &error); + if (nickname) { + ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, + strlen(nickname) + 1, "Modify Key Label"); + } + else { #define DEFAULT_NICKNAME "NSS Imported Key" - ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, - sizeof(DEFAULT_NICKNAME), "Modify Key Label"); - } + ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, + sizeof(DEFAULT_NICKNAME), "Modify Key Label"); + } - io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, - CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); - if ((ckmkInternalObject *)NULL == io) { - CFRelease(itemRef); - } + io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, + CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); + if ((ckmkInternalObject *)NULL == io) { + CFRelease(itemRef); + } - return io; + return io; loser: - /* free the key blob */ - if (keyBlob.data) { - nss_ZFreeIf(keyBlob.data); - } - if (0 != targetKeychain) { - CFRelease(targetKeychain); - } - if (0 != dataRef) { - CFRelease(dataRef); - } - return io; + /* free the key blob */ + if (keyBlob.data) { + nss_ZFreeIf(keyBlob.data); + } + if (0 != targetKeychain) { + CFRelease(targetKeychain); + } + if (0 != dataRef) { + CFRelease(dataRef); + } + return io; } - NSS_EXTERN NSSCKMDObject * -nss_ckmk_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nss_ckmk_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_OBJECT_CLASS objClass; - ckmkInternalObject *io = NULL; - CK_BBOOL isToken; - - /* - * only create token objects - */ - isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, - ulAttributeCount, CK_FALSE); - if (!isToken) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKMDObject *) NULL; - } - - /* - * only create keys and certs. - */ - objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, - ulAttributeCount, pError); - if (CKR_OK != *pError) { - return (NSSCKMDObject *) NULL; - } + CK_OBJECT_CLASS objClass; + ckmkInternalObject *io = NULL; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, CK_FALSE); + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *)NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *)NULL; + } #ifdef notdef - if (objClass == CKO_PUBLIC_KEY) { - return CKR_OK; /* fake public key creation, happens as a side effect of - * private key creation */ - } + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } #endif - if (objClass == CKO_CERTIFICATE) { - io = nss_ckmk_CreateCertificate(fwSession, pTemplate, - ulAttributeCount, pError); - } else if (objClass == CKO_PRIVATE_KEY) { - io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, - ulAttributeCount, pError); - } else { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - } - - if ((ckmkInternalObject *)NULL == io) { - return (NSSCKMDObject *) NULL; - } - return nss_ckmk_CreateMDObject(NULL, io, pError); + if (objClass == CKO_CERTIFICATE) { + io = nss_ckmk_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } + else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } + else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckmkInternalObject *)NULL == io) { + return (NSSCKMDObject *)NULL; + } + return nss_ckmk_CreateMDObject(NULL, io, pError); } diff --git a/lib/ckfw/nssmkey/mrsa.c b/lib/ckfw/nssmkey/mrsa.c index 8cf46adbc..00175b47a 100644 --- a/lib/ckfw/nssmkey/mrsa.c +++ b/lib/ckfw/nssmkey/mrsa.c @@ -9,196 +9,183 @@ * to NSS's S/MIME code. The following two functions currently are not * part of the SecKey.h interface. */ -OSStatus -SecKeyGetCredentials -( - SecKeyRef keyRef, - CSSM_ACL_AUTHORIZATION_TAG authTag, - int type, - const CSSM_ACCESS_CREDENTIALS **creds -); +OSStatus +SecKeyGetCredentials( + SecKeyRef keyRef, + CSSM_ACL_AUTHORIZATION_TAG authTag, + int type, + const CSSM_ACCESS_CREDENTIALS **creds); /* this function could be implemented using 'SecKeychainItemCopyKeychain' and * 'SecKeychainGetCSPHandle' */ -OSStatus -SecKeyGetCSPHandle -( - SecKeyRef keyRef, - CSSM_CSP_HANDLE *cspHandle -); - - -typedef struct ckmkInternalCryptoOperationRSAPrivStr - ckmkInternalCryptoOperationRSAPriv; -struct ckmkInternalCryptoOperationRSAPrivStr -{ - NSSCKMDCryptoOperation mdOperation; - NSSCKMDMechanism *mdMechanism; - ckmkInternalObject *iKey; - NSSItem *buffer; - CSSM_CC_HANDLE cssmContext; +OSStatus +SecKeyGetCSPHandle( + SecKeyRef keyRef, + CSSM_CSP_HANDLE *cspHandle); + +typedef struct ckmkInternalCryptoOperationRSAPrivStr + ckmkInternalCryptoOperationRSAPriv; +struct ckmkInternalCryptoOperationRSAPrivStr { + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckmkInternalObject *iKey; + NSSItem *buffer; + CSSM_CC_HANDLE cssmContext; }; typedef enum { - CKMK_DECRYPT, - CKMK_SIGN + CKMK_DECRYPT, + CKMK_SIGN } ckmkRSAOpType; /* * ckmk_mdCryptoOperationRSAPriv_Create */ static NSSCKMDCryptoOperation * -ckmk_mdCryptoOperationRSAPriv_Create -( - const NSSCKMDCryptoOperation *proto, - NSSCKMDMechanism *mdMechanism, - NSSCKMDObject *mdKey, - ckmkRSAOpType type, - CK_RV *pError -) +ckmk_mdCryptoOperationRSAPriv_Create( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + ckmkRSAOpType type, + CK_RV *pError) { - ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc; - const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError); - const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError); - ckmkInternalCryptoOperationRSAPriv *iOperation; - SecKeyRef privateKey; - OSStatus macErr; - CSSM_RETURN cssmErr; - const CSSM_KEY *cssmKey; - CSSM_CSP_HANDLE cspHandle; - const CSSM_ACCESS_CREDENTIALS *creds = NULL; - CSSM_CC_HANDLE cssmContext; - CSSM_ACL_AUTHORIZATION_TAG authType; - - /* make sure we have the right objects */ - if (((const NSSItem *)NULL == classItem) || - (sizeof(CK_OBJECT_CLASS) != classItem->size) || - (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || - ((const NSSItem *)NULL == keyType) || - (sizeof(CK_KEY_TYPE) != keyType->size) || - (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { - *pError = CKR_KEY_TYPE_INCONSISTENT; - return (NSSCKMDCryptoOperation *)NULL; - } - - privateKey = (SecKeyRef) iKey->u.item.itemRef; - macErr = SecKeyGetCSSMKey(privateKey, &cssmKey); - if (noErr != macErr) { - CKMK_MACERR("Getting CSSM Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - macErr = SecKeyGetCSPHandle(privateKey, &cspHandle); - if (noErr != macErr) { - CKMK_MACERR("Getting CSP for Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - switch (type) { - case CKMK_DECRYPT: - authType = CSSM_ACL_AUTHORIZATION_DECRYPT; - break; - case CKMK_SIGN: - authType = CSSM_ACL_AUTHORIZATION_SIGN; - break; - default: - *pError = CKR_GENERAL_ERROR; + ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError); + const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError); + ckmkInternalCryptoOperationRSAPriv *iOperation; + SecKeyRef privateKey; + OSStatus macErr; + CSSM_RETURN cssmErr; + const CSSM_KEY *cssmKey; + CSSM_CSP_HANDLE cspHandle; + const CSSM_ACCESS_CREDENTIALS *creds = NULL; + CSSM_CC_HANDLE cssmContext; + CSSM_ACL_AUTHORIZATION_TAG authType; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + privateKey = (SecKeyRef)iKey->u.item.itemRef; + macErr = SecKeyGetCSSMKey(privateKey, &cssmKey); + if (noErr != macErr) { + CKMK_MACERR("Getting CSSM Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + macErr = SecKeyGetCSPHandle(privateKey, &cspHandle); + if (noErr != macErr) { + CKMK_MACERR("Getting CSP for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + switch (type) { + case CKMK_DECRYPT: + authType = CSSM_ACL_AUTHORIZATION_DECRYPT; + break; + case CKMK_SIGN: + authType = CSSM_ACL_AUTHORIZATION_SIGN; + break; + default: + *pError = CKR_GENERAL_ERROR; #ifdef DEBUG - fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); + fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type); #endif - return (NSSCKMDCryptoOperation *)NULL; - } - - macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds); - if (noErr != macErr) { - CKMK_MACERR("Getting Credentials for Key", macErr); - *pError = CKR_KEY_HANDLE_INVALID; - return (NSSCKMDCryptoOperation *)NULL; - } - - switch (type) { - case CKMK_DECRYPT: - cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, - creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext); - break; - case CKMK_SIGN: - cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, - creds, cssmKey, &cssmContext); - break; - default: - *pError = CKR_GENERAL_ERROR; + return (NSSCKMDCryptoOperation *)NULL; + } + + macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds); + if (noErr != macErr) { + CKMK_MACERR("Getting Credentials for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + + switch (type) { + case CKMK_DECRYPT: + cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext); + break; + case CKMK_SIGN: + cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, &cssmContext); + break; + default: + *pError = CKR_GENERAL_ERROR; #ifdef DEBUG - fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); + fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type); #endif - return (NSSCKMDCryptoOperation *)NULL; - } - if (noErr != cssmErr) { - CKMK_MACERR("Getting Context for Key", cssmErr); - *pError = CKR_GENERAL_ERROR; - return (NSSCKMDCryptoOperation *)NULL; - } - - iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv); - if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDCryptoOperation *)NULL; - } - iOperation->mdMechanism = mdMechanism; - iOperation->iKey = iKey; - iOperation->cssmContext = cssmContext; - - nsslibc_memcpy(&iOperation->mdOperation, - proto, sizeof(NSSCKMDCryptoOperation)); - iOperation->mdOperation.etc = iOperation; - - return &iOperation->mdOperation; + return (NSSCKMDCryptoOperation *)NULL; + } + if (noErr != cssmErr) { + CKMK_MACERR("Getting Context for Key", cssmErr); + *pError = CKR_GENERAL_ERROR; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv); + if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->cssmContext = cssmContext; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; } static void -ckmk_mdCryptoOperationRSAPriv_Destroy -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdCryptoOperationRSAPriv_Destroy( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - - if (iOperation->buffer) { - nssItem_Destroy(iOperation->buffer); - } - if (iOperation->cssmContext) { - CSSM_DeleteContext(iOperation->cssmContext); - } - nss_ZFreeIf(iOperation); - return; + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + if (iOperation->cssmContext) { + CSSM_DeleteContext(iOperation->cssmContext); + } + nss_ZFreeIf(iOperation); + return; } static CK_ULONG -ckmk_mdCryptoOperationRSA_GetFinalLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdCryptoOperationRSA_GetFinalLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - const NSSItem *modulus = - nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError); + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError); - return modulus->size; + return modulus->size; } - /* * ckmk_mdCryptoOperationRSADecrypt_GetOperationLength * we won't know the length until we actually decrypt the @@ -206,105 +193,101 @@ ckmk_mdCryptoOperationRSA_GetFinalLength * the block, we'll save if for when the block is asked for */ static CK_ULONG -ckmk_mdCryptoOperationRSADecrypt_GetOperationLength -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - CK_RV *pError -) +ckmk_mdCryptoOperationRSADecrypt_GetOperationLength( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - CSSM_DATA cssmInput; - CSSM_DATA cssmOutput = { 0, NULL }; - PRUint32 bytesDecrypted; - CSSM_DATA remainder = { 0, NULL }; - NSSItem output; - CSSM_RETURN cssmErr; - - if (iOperation->buffer) { + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + PRUint32 bytesDecrypted; + CSSM_DATA remainder = { 0, NULL }; + NSSItem output; + CSSM_RETURN cssmErr; + + if (iOperation->buffer) { + return iOperation->buffer->size; + } + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_DecryptData(iOperation->cssmContext, + &cssmInput, 1, &cssmOutput, 1, + &bytesDecrypted, &remainder); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Decrypt Failed", cssmErr); + *pError = CKR_DATA_INVALID; + return 0; + } + /* we didn't suppy any buffers, so it should all be in remainder */ + output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length); + if (NULL == output.data) { + free(cssmOutput.Data); + free(remainder.Data); + *pError = CKR_HOST_MEMORY; + return 0; + } + output.size = bytesDecrypted + remainder.Length; + + if (0 != bytesDecrypted) { + nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted); + free(cssmOutput.Data); + } + if (0 != remainder.Length) { + nsslibc_memcpy(((char *)output.data) + bytesDecrypted, + remainder.Data, remainder.Length); + free(remainder.Data); + } + + iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL); + nss_ZFreeIf(output.data); + if ((NSSItem *)NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + return iOperation->buffer->size; - } - - cssmInput.Data = input->data; - cssmInput.Length = input->size; - - cssmErr = CSSM_DecryptData(iOperation->cssmContext, - &cssmInput, 1, &cssmOutput, 1, - &bytesDecrypted, &remainder); - if (CSSM_OK != cssmErr) { - CKMK_MACERR("Decrypt Failed", cssmErr); - *pError = CKR_DATA_INVALID; - return 0; - } - /* we didn't suppy any buffers, so it should all be in remainder */ - output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length); - if (NULL == output.data) { - free(cssmOutput.Data); - free(remainder.Data); - *pError = CKR_HOST_MEMORY; - return 0; - } - output.size = bytesDecrypted + remainder.Length; - - if (0 != bytesDecrypted) { - nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted); - free(cssmOutput.Data); - } - if (0 != remainder.Length) { - nsslibc_memcpy(((char *)output.data)+bytesDecrypted, - remainder.Data, remainder.Length); - free(remainder.Data); - } - - iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL); - nss_ZFreeIf(output.data); - if ((NSSItem *) NULL == iOperation->buffer) { - *pError = CKR_HOST_MEMORY; - return 0; - } - - return iOperation->buffer->size; } /* * ckmk_mdCryptoOperationRSADecrypt_UpdateFinal * - * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to * have been called previously. */ static CK_RV -ckmk_mdCryptoOperationRSADecrypt_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckmk_mdCryptoOperationRSADecrypt_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - NSSItem *buffer = iOperation->buffer; - - if ((NSSItem *)NULL == buffer) { - return CKR_GENERAL_ERROR; - } - nsslibc_memcpy(output->data, buffer->data, buffer->size); - output->size = buffer->size; - return CKR_OK; + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; } /* @@ -312,199 +295,185 @@ ckmk_mdCryptoOperationRSADecrypt_UpdateFinal * */ static CK_RV -ckmk_mdCryptoOperationRSASign_UpdateFinal -( - NSSCKMDCryptoOperation *mdOperation, - NSSCKFWCryptoOperation *fwOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *input, - NSSItem *output -) +ckmk_mdCryptoOperationRSASign_UpdateFinal( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output) { - ckmkInternalCryptoOperationRSAPriv *iOperation = - (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; - CSSM_DATA cssmInput; - CSSM_DATA cssmOutput = { 0, NULL }; - CSSM_RETURN cssmErr; - - cssmInput.Data = input->data; - cssmInput.Length = input->size; - - cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1, - CSSM_ALGID_NONE, &cssmOutput); - if (CSSM_OK != cssmErr) { - CKMK_MACERR("Signed Failed", cssmErr); - return CKR_FUNCTION_FAILED; - } - if (cssmOutput.Length > output->size) { + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + CSSM_RETURN cssmErr; + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1, + CSSM_ALGID_NONE, &cssmOutput); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Signed Failed", cssmErr); + return CKR_FUNCTION_FAILED; + } + if (cssmOutput.Length > output->size) { + free(cssmOutput.Data); + return CKR_BUFFER_TOO_SMALL; + } + nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length); free(cssmOutput.Data); - return CKR_BUFFER_TOO_SMALL; - } - nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length); - free(cssmOutput.Data); - output->size = cssmOutput.Length; + output->size = cssmOutput.Length; - return CKR_OK; + return CKR_OK; } - NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckmk_mdCryptoOperationRSADecrypt_proto = { - NULL, /* etc */ - ckmk_mdCryptoOperationRSAPriv_Destroy, - NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ - ckmk_mdCryptoOperationRSADecrypt_GetOperationLength, - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckmk_mdCryptoOperationRSADecrypt_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckmk_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckmk_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation -ckmk_mdCryptoOperationRSASign_proto = { - NULL, /* etc */ - ckmk_mdCryptoOperationRSAPriv_Destroy, - ckmk_mdCryptoOperationRSA_GetFinalLength, - NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ - NULL, /* Final - not needed for one shot operation */ - NULL, /* Update - not needed for one shot operation */ - NULL, /* DigetUpdate - not needed for one shot operation */ - ckmk_mdCryptoOperationRSASign_UpdateFinal, - NULL, /* UpdateCombo - not needed for one shot operation */ - NULL, /* DigetKey - not needed for one shot operation */ - (void *)NULL /* null terminator */ -}; + ckmk_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + ckmk_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ + }; /********** NSSCKMDMechansim functions ***********************/ /* * ckmk_mdMechanismRSA_Destroy */ static void -ckmk_mdMechanismRSA_Destroy -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdMechanismRSA_Destroy( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nss_ZFreeIf(fwMechanism); + nss_ZFreeIf(fwMechanism); } /* * ckmk_mdMechanismRSA_GetMinKeySize */ static CK_ULONG -ckmk_mdMechanismRSA_GetMinKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdMechanismRSA_GetMinKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 384; + return 384; } /* * ckmk_mdMechanismRSA_GetMaxKeySize */ static CK_ULONG -ckmk_mdMechanismRSA_GetMaxKeySize -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdMechanismRSA_GetMaxKeySize( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return 16384; + return 16384; } /* * ckmk_mdMechanismRSA_DecryptInit */ -static NSSCKMDCryptoOperation * -ckmk_mdMechanismRSA_DecryptInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_DecryptInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckmk_mdCryptoOperationRSAPriv_Create( - &ckmk_mdCryptoOperationRSADecrypt_proto, - mdMechanism, mdKey, CKMK_DECRYPT, pError); + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, CKMK_DECRYPT, pError); } /* * ckmk_mdMechanismRSA_SignInit */ -static NSSCKMDCryptoOperation * -ckmk_mdMechanismRSA_SignInit -( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM *pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError -) +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_SignInit( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError) { - return ckmk_mdCryptoOperationRSAPriv_Create( - &ckmk_mdCryptoOperationRSASign_proto, - mdMechanism, mdKey, CKMK_SIGN, pError); + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, CKMK_SIGN, pError); } - NSS_IMPLEMENT_DATA const NSSCKMDMechanism -nss_ckmk_mdMechanismRSA = { - (void *)NULL, /* etc */ - ckmk_mdMechanismRSA_Destroy, - ckmk_mdMechanismRSA_GetMinKeySize, - ckmk_mdMechanismRSA_GetMaxKeySize, - NULL, /* GetInHardware - default false */ - NULL, /* EncryptInit - default errs */ - ckmk_mdMechanismRSA_DecryptInit, - NULL, /* DigestInit - default errs*/ - ckmk_mdMechanismRSA_SignInit, - NULL, /* VerifyInit - default errs */ - ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */ - NULL, /* VerifyRecoverInit - default errs */ - NULL, /* GenerateKey - default errs */ - NULL, /* GenerateKeyPair - default errs */ - NULL, /* GetWrapKeyLength - default errs */ - NULL, /* WrapKey - default errs */ - NULL, /* UnwrapKey - default errs */ - NULL, /* DeriveKey - default errs */ - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckmk_mdMechanismRSA_Destroy, + ckmk_mdMechanismRSA_GetMinKeySize, + ckmk_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckmk_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckmk_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/nssmkey/msession.c b/lib/ckfw/nssmkey/msession.c index 6e1e1954e..e6a29244a 100644 --- a/lib/ckfw/nssmkey/msession.c +++ b/lib/ckfw/nssmkey/msession.c @@ -7,87 +7,81 @@ /* * nssmkey/msession.c * - * This file implements the NSSCKMDSession object for the + * This file implements the NSSCKMDSession object for the * "nssmkey" cryptoki module. */ static NSSCKMDFindObjects * -ckmk_mdSession_FindObjectsInit -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckmk_mdSession_FindObjectsInit( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); } static NSSCKMDObject * -ckmk_mdSession_CreateObject -( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +ckmk_mdSession_CreateObject( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); + return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); } NSS_IMPLEMENT NSSCKMDSession * -nss_ckmk_CreateSession -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nss_ckmk_CreateSession( + NSSCKFWSession *fwSession, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDSession *rv; + NSSArena *arena; + NSSCKMDSession *rv; - arena = NSSCKFWSession_GetArena(fwSession, pError); - if( (NSSArena *)NULL == arena ) { - return (NSSCKMDSession *)NULL; - } + arena = NSSCKFWSession_GetArena(fwSession, pError); + if ((NSSArena *)NULL == arena) { + return (NSSCKMDSession *)NULL; + } - rv = nss_ZNEW(arena, NSSCKMDSession); - if( (NSSCKMDSession *)NULL == rv ) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDSession *)NULL; - } + rv = nss_ZNEW(arena, NSSCKMDSession); + if ((NSSCKMDSession *)NULL == rv) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } - /* - * rv was zeroed when allocated, so we only - * need to set the non-zero members. - */ + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ - rv->etc = (void *)fwSession; - /* rv->Close */ - /* rv->GetDeviceError */ - /* rv->Login */ - /* rv->Logout */ - /* rv->InitPIN */ - /* rv->SetPIN */ - /* rv->GetOperationStateLen */ - /* rv->GetOperationState */ - /* rv->SetOperationState */ - rv->CreateObject = ckmk_mdSession_CreateObject; - /* rv->CopyObject */ - rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit; - /* rv->SeedRandom */ - /* rv->GetRandom */ - /* rv->null */ + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckmk_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ - return rv; + return rv; } diff --git a/lib/ckfw/nssmkey/mslot.c b/lib/ckfw/nssmkey/mslot.c index 7a432124d..b2747ff7b 100644 --- a/lib/ckfw/nssmkey/mslot.c +++ b/lib/ckfw/nssmkey/mslot.c @@ -12,80 +12,70 @@ */ static NSSUTF8 * -ckmk_mdSlot_GetSlotDescription -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetSlotDescription( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_SlotDescription; + return (NSSUTF8 *)nss_ckmk_SlotDescription; } static NSSUTF8 * -ckmk_mdSlot_GetManufacturerID -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetManufacturerID( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static CK_VERSION -ckmk_mdSlot_GetHardwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdSlot_GetHardwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_HardwareVersion; + return nss_ckmk_HardwareVersion; } static CK_VERSION -ckmk_mdSlot_GetFirmwareVersion -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdSlot_GetFirmwareVersion( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_FirmwareVersion; + return nss_ckmk_FirmwareVersion; } static NSSCKMDToken * -ckmk_mdSlot_GetToken -( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdSlot_GetToken( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSCKMDToken *)&nss_ckmk_mdToken; + return (NSSCKMDToken *)&nss_ckmk_mdToken; } NSS_IMPLEMENT_DATA const NSSCKMDSlot -nss_ckmk_mdSlot = { - (void *)NULL, /* etc */ - NULL, /* Initialize */ - NULL, /* Destroy */ - ckmk_mdSlot_GetSlotDescription, - ckmk_mdSlot_GetManufacturerID, - NULL, /* GetTokenPresent -- defaults to true */ - NULL, /* GetRemovableDevice -- defaults to false */ - NULL, /* GetHardwareSlot -- defaults to false */ - ckmk_mdSlot_GetHardwareVersion, - ckmk_mdSlot_GetFirmwareVersion, - ckmk_mdSlot_GetToken, - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckmk_mdSlot_GetSlotDescription, + ckmk_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckmk_mdSlot_GetHardwareVersion, + ckmk_mdSlot_GetFirmwareVersion, + ckmk_mdSlot_GetToken, + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/nssmkey/mtoken.c b/lib/ckfw/nssmkey/mtoken.c index a0278072c..e18d61240 100644 --- a/lib/ckfw/nssmkey/mtoken.c +++ b/lib/ckfw/nssmkey/mtoken.c @@ -12,197 +12,173 @@ */ static NSSUTF8 * -ckmk_mdToken_GetLabel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetLabel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenLabel; + return (NSSUTF8 *)nss_ckmk_TokenLabel; } static NSSUTF8 * -ckmk_mdToken_GetManufacturerID -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetManufacturerID( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_ManufacturerID; + return (NSSUTF8 *)nss_ckmk_ManufacturerID; } static NSSUTF8 * -ckmk_mdToken_GetModel -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetModel( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenModel; + return (NSSUTF8 *)nss_ckmk_TokenModel; } static NSSUTF8 * -ckmk_mdToken_GetSerialNumber -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +ckmk_mdToken_GetSerialNumber( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - return (NSSUTF8 *)nss_ckmk_TokenSerialNumber; + return (NSSUTF8 *)nss_ckmk_TokenSerialNumber; } static CK_BBOOL -ckmk_mdToken_GetIsWriteProtected -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetIsWriteProtected( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_FALSE; + return CK_FALSE; } /* fake out Mozilla so we don't try to initialize the token */ static CK_BBOOL -ckmk_mdToken_GetUserPinInitialized -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetUserPinInitialized( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return CK_TRUE; + return CK_TRUE; } static CK_VERSION -ckmk_mdToken_GetHardwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetHardwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_HardwareVersion; + return nss_ckmk_HardwareVersion; } static CK_VERSION -ckmk_mdToken_GetFirmwareVersion -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetFirmwareVersion( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return nss_ckmk_FirmwareVersion; + return nss_ckmk_FirmwareVersion; } static NSSCKMDSession * -ckmk_mdToken_OpenSession -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError -) +ckmk_mdToken_OpenSession( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError) { - return nss_ckmk_CreateSession(fwSession, pError); + return nss_ckmk_CreateSession(fwSession, pError); } static CK_ULONG -ckmk_mdToken_GetMechanismCount -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +ckmk_mdToken_GetMechanismCount( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - return (CK_ULONG)1; + return (CK_ULONG)1; } static CK_RV -ckmk_mdToken_GetMechanismTypes -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] -) +ckmk_mdToken_GetMechanismTypes( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]) { - types[0] = CKM_RSA_PKCS; - return CKR_OK; + types[0] = CKM_RSA_PKCS; + return CKR_OK; } static NSSCKMDMechanism * -ckmk_mdToken_GetMechanism -( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +ckmk_mdToken_GetMechanism( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - if (which != CKM_RSA_PKCS) { - *pError = CKR_MECHANISM_INVALID; - return (NSSCKMDMechanism *)NULL; - } - return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA; + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA; } NSS_IMPLEMENT_DATA const NSSCKMDToken -nss_ckmk_mdToken = { - (void *)NULL, /* etc */ - NULL, /* Setup */ - NULL, /* Invalidate */ - NULL, /* InitToken -- default errs */ - ckmk_mdToken_GetLabel, - ckmk_mdToken_GetManufacturerID, - ckmk_mdToken_GetModel, - ckmk_mdToken_GetSerialNumber, - NULL, /* GetHasRNG -- default is false */ - ckmk_mdToken_GetIsWriteProtected, - NULL, /* GetLoginRequired -- default is false */ - ckmk_mdToken_GetUserPinInitialized, - NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ - NULL, /* GetHasClockOnToken -- default is false */ - NULL, /* GetHasProtectedAuthenticationPath -- default is false */ - NULL, /* GetSupportsDualCryptoOperations -- default is false */ - NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetMaxPinLen -- irrelevant */ - NULL, /* GetMinPinLen -- irrelevant */ - NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ - ckmk_mdToken_GetHardwareVersion, - ckmk_mdToken_GetFirmwareVersion, - NULL, /* GetUTCTime -- no clock */ - ckmk_mdToken_OpenSession, - ckmk_mdToken_GetMechanismCount, - ckmk_mdToken_GetMechanismTypes, - ckmk_mdToken_GetMechanism, - (void *)NULL /* null terminator */ -}; + nss_ckmk_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckmk_mdToken_GetLabel, + ckmk_mdToken_GetManufacturerID, + ckmk_mdToken_GetModel, + ckmk_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckmk_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckmk_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckmk_mdToken_GetHardwareVersion, + ckmk_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckmk_mdToken_OpenSession, + ckmk_mdToken_GetMechanismCount, + ckmk_mdToken_GetMechanismTypes, + ckmk_mdToken_GetMechanism, + (void *)NULL /* null terminator */ + }; diff --git a/lib/ckfw/nssmkey/nssmkey.h b/lib/ckfw/nssmkey/nssmkey.h index bce77bf13..ba58233e6 100644 --- a/lib/ckfw/nssmkey/nssmkey.h +++ b/lib/ckfw/nssmkey/nssmkey.h @@ -18,7 +18,7 @@ #define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2 #define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20 -/* These version numbers detail the changes +/* These version numbers detail the changes * to the list of trusted certificates. * * NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear @@ -33,7 +33,7 @@ #define NSS_CKMK_HARDWARE_VERSION_MAJOR 1 #define NSS_CKMK_HARDWARE_VERSION_MINOR 0 -/* These version numbers detail the semantic changes to ckbi itself +/* These version numbers detail the semantic changes to ckbi itself * (new PKCS #11 objects), etc. */ #define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1 #define NSS_CKMK_FIRMWARE_VERSION_MINOR 0 diff --git a/lib/ckfw/nssmkey/staticobj.c b/lib/ckfw/nssmkey/staticobj.c index 0ccc86141..5f3bb7c72 100644 --- a/lib/ckfw/nssmkey/staticobj.c +++ b/lib/ckfw/nssmkey/staticobj.c @@ -17,20 +17,20 @@ static const CK_BBOOL ck_false = CK_FALSE; static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; /* example of a static object */ -static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1[] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL }; -static const NSSItem nss_ckmk_items_1 [] = { - { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } +static const NSSItem nss_ckmk_items_1[] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } }; ckmkInternalObject nss_ckmk_data[] = { - { ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} }, + { ckmkRaw, { { 5, nss_ckmk_types_1, nss_ckmk_items_1 } }, CKO_DATA, { NULL } }, }; const PRUint32 nss_ckmk_nObjects = 1; diff --git a/lib/ckfw/object.c b/lib/ckfw/object.c index 661977e6d..bb2663aa2 100644 --- a/lib/ckfw/object.c +++ b/lib/ckfw/object.c @@ -50,16 +50,16 @@ */ struct NSSCKFWObjectStr { - NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ - NSSArena *arena; - NSSCKMDObject *mdObject; - NSSCKMDSession *mdSession; - NSSCKFWSession *fwSession; - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; - NSSCKMDInstance *mdInstance; - NSSCKFWInstance *fwInstance; - CK_OBJECT_HANDLE hObject; + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + CK_OBJECT_HANDLE hObject; }; #ifdef DEBUG @@ -75,123 +75,114 @@ struct NSSCKFWObjectStr { */ static CK_RV -object_add_pointer -( - const NSSCKFWObject *fwObject -) +object_add_pointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } static CK_RV -object_remove_pointer -( - const NSSCKFWObject *fwObject -) +object_remove_pointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWObject_verifyPointer -( - const NSSCKFWObject *fwObject -) +nssCKFWObject_verifyPointer( + const NSSCKFWObject *fwObject) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ - /* * nssCKFWObject_Create * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWObject_Create -( - NSSArena *arena, - NSSCKMDObject *mdObject, - NSSCKFWSession *fwSession, - NSSCKFWToken *fwToken, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nssCKFWObject_Create( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - NSSCKFWObject *fwObject; - nssCKFWHash *mdObjectHash; + NSSCKFWObject *fwObject; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + if (PR_SUCCESS != nssArena_verifyPointer(arena)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } #endif /* NSSDEBUG */ - if (!fwToken) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); - if (!mdObjectHash) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } - - if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) { - fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); - return fwObject; - } - - fwObject = nss_ZNEW(arena, NSSCKFWObject); - if (!fwObject) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } - - fwObject->arena = arena; - fwObject->mdObject = mdObject; - fwObject->fwSession = fwSession; - - if (fwSession) { - fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); - } - - fwObject->fwToken = fwToken; - fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); - fwObject->fwInstance = fwInstance; - fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!fwObject->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + if (!fwToken) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); + if (!mdObjectHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; } - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } - *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); - if( CKR_OK != *pError ) { - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } + if (nssCKFWHash_Exists(mdObjectHash, mdObject)) { + fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); + return fwObject; + } + + fwObject = nss_ZNEW(arena, NSSCKFWObject); + if (!fwObject) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + fwObject->arena = arena; + fwObject->mdObject = mdObject; + fwObject->fwSession = fwSession; + + if (fwSession) { + fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); + } + + fwObject->fwToken = fwToken; + fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); + fwObject->fwInstance = fwInstance; + fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwObject->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); + if (CKR_OK != *pError) { + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } #ifdef DEBUG - *pError = object_add_pointer(fwObject); - if( CKR_OK != *pError ) { - nssCKFWHash_Remove(mdObjectHash, mdObject); - nss_ZFreeIf(fwObject); - return (NSSCKFWObject *)NULL; - } + *pError = object_add_pointer(fwObject); + if (CKR_OK != *pError) { + nssCKFWHash_Remove(mdObjectHash, mdObject); + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwObject; + *pError = CKR_OK; + return fwObject; } /* @@ -199,45 +190,43 @@ nssCKFWObject_Create * */ NSS_IMPLEMENT void -nssCKFWObject_Finalize -( - NSSCKFWObject *fwObject, - PRBool removeFromHash -) +nssCKFWObject_Finalize( + NSSCKFWObject *fwObject, + PRBool removeFromHash) { - nssCKFWHash *mdObjectHash; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwObject->mutex); + (void)nssCKFWMutex_Destroy(fwObject->mutex); - if (fwObject->mdObject->Finalize) { - fwObject->mdObject->Finalize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - } + if (fwObject->mdObject->Finalize) { + fwObject->mdObject->Finalize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } - if (removeFromHash) { - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); - if (mdObjectHash) { - nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + if (removeFromHash) { + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } } - } - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - nss_ZFreeIf(fwObject); + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); #ifdef DEBUG - (void)object_remove_pointer(fwObject); + (void)object_remove_pointer(fwObject); #endif /* DEBUG */ - return; + return; } /* @@ -245,42 +234,40 @@ nssCKFWObject_Finalize * */ NSS_IMPLEMENT void -nssCKFWObject_Destroy -( - NSSCKFWObject *fwObject -) +nssCKFWObject_Destroy( + NSSCKFWObject *fwObject) { - nssCKFWHash *mdObjectHash; + nssCKFWHash *mdObjectHash; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwObject->mutex); + (void)nssCKFWMutex_Destroy(fwObject->mutex); - if (fwObject->mdObject->Destroy) { - fwObject->mdObject->Destroy(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - } + if (fwObject->mdObject->Destroy) { + fwObject->mdObject->Destroy(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } - mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); - if (mdObjectHash) { - nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); - } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - nss_ZFreeIf(fwObject); + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); #ifdef DEBUG - (void)object_remove_pointer(fwObject); + (void)object_remove_pointer(fwObject); #endif /* DEBUG */ - return; + return; } /* @@ -288,18 +275,16 @@ nssCKFWObject_Destroy * */ NSS_IMPLEMENT NSSCKMDObject * -nssCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -) +nssCKFWObject_GetMDObject( + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (NSSCKMDObject *)NULL; + } #endif /* NSSDEBUG */ - return fwObject->mdObject; + return fwObject->mdObject; } /* @@ -307,24 +292,22 @@ nssCKFWObject_GetMDObject * */ NSS_IMPLEMENT NSSArena * -nssCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwObject->arena; + return fwObject->arena; } /* @@ -332,30 +315,28 @@ nssCKFWObject_GetArena * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_SetHandle -( - NSSCKFWObject *fwObject, - CK_OBJECT_HANDLE hObject -) +nssCKFWObject_SetHandle( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_OBJECT_HANDLE)0 != fwObject->hObject ) { - return CKR_GENERAL_ERROR; - } + if ((CK_OBJECT_HANDLE)0 != fwObject->hObject) { + return CKR_GENERAL_ERROR; + } - fwObject->hObject = hObject; + fwObject->hObject = hObject; - return CKR_OK; + return CKR_OK; } /* @@ -363,18 +344,16 @@ nssCKFWObject_SetHandle * */ NSS_IMPLEMENT CK_OBJECT_HANDLE -nssCKFWObject_GetHandle -( - NSSCKFWObject *fwObject -) +nssCKFWObject_GetHandle( + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (CK_OBJECT_HANDLE)0; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (CK_OBJECT_HANDLE)0; + } #endif /* NSSDEBUG */ - return fwObject->hObject; + return fwObject->hObject; } /* @@ -382,44 +361,42 @@ nssCKFWObject_GetHandle * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -) +nssCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject) { - CK_BBOOL b = CK_FALSE; + CK_BBOOL b = CK_FALSE; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->IsTokenObject) { - NSSItem item; - NSSItem *pItem; - CK_RV rv = CKR_OK; + if (!fwObject->mdObject->IsTokenObject) { + NSSItem item; + NSSItem *pItem; + CK_RV rv = CKR_OK; - item.data = (void *)&b; - item.size = sizeof(b); + item.data = (void *)&b; + item.size = sizeof(b); - pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item, - (NSSArena *)NULL, &rv); - if (!pItem) { - /* Error of some type */ - b = CK_FALSE; - goto done; - } + pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item, + (NSSArena *)NULL, &rv); + if (!pItem) { + /* Error of some type */ + b = CK_FALSE; + goto done; + } - goto done; - } + goto done; + } - b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); - done: - return b; +done: + return b; } /* @@ -427,42 +404,40 @@ nssCKFWObject_IsTokenObject * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeCount) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG)0; - } + if (!fwObject->mdObject->GetAttributeCount) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - pError); + rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -470,42 +445,40 @@ nssCKFWObject_GetAttributeCount * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nssCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeTypes) { - return CKR_GENERAL_ERROR; - } + if (!fwObject->mdObject->GetAttributeTypes) { + return CKR_GENERAL_ERROR; + } - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + return error; + } - error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - typeArray, ulCount); + error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + typeArray, ulCount); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return error; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return error; } /* @@ -513,43 +486,41 @@ nssCKFWObject_GetAttributeTypes * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nssCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttributeSize) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG )0; - } + if (!fwObject->mdObject->GetAttributeSize) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, pError); + rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -563,97 +534,98 @@ nssCKFWObject_GetAttributeSize * specified. */ NSS_IMPLEMENT NSSItem * -nssCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -) +nssCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError) { - NSSItem *rv = (NSSItem *)NULL; - NSSCKFWItem mdItem; + NSSItem *rv = (NSSItem *)NULL; + NSSCKFWItem mdItem; #ifdef NSSDEBUG - if (!pError) { - return (NSSItem *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetAttribute) { - *pError = CKR_GENERAL_ERROR; - return (NSSItem *)NULL; - } + if (!fwObject->mdObject->GetAttribute) { + *pError = CKR_GENERAL_ERROR; + return (NSSItem *)NULL; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } - mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, pError); + mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); - if (!mdItem.item) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } + if (!mdItem.item) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } - goto done; - } + goto done; + } - if (!itemOpt) { - rv = nss_ZNEW(arenaOpt, NSSItem); - if (!rv) { - *pError = CKR_HOST_MEMORY; - goto done; + if (!itemOpt) { + rv = nss_ZNEW(arenaOpt, NSSItem); + if (!rv) { + *pError = CKR_HOST_MEMORY; + goto done; + } + } + else { + rv = itemOpt; } - } else { - rv = itemOpt; - } - if (!rv->data) { - rv->size = mdItem.item->size; - rv->data = nss_ZAlloc(arenaOpt, rv->size); if (!rv->data) { - *pError = CKR_HOST_MEMORY; - if (!itemOpt) { - nss_ZFreeIf(rv); - } - rv = (NSSItem *)NULL; - goto done; - } - } else { - if( rv->size >= mdItem.item->size ) { - rv->size = mdItem.item->size; - } else { - *pError = CKR_BUFFER_TOO_SMALL; - /* Should we set rv->size to mdItem->size? */ - /* rv can't have been allocated */ - rv = (NSSItem *)NULL; - goto done; - } - } - - (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size); - - if (PR_TRUE == mdItem.needsFreeing) { - PR_ASSERT(fwObject->mdObject->FreeAttribute); - if (fwObject->mdObject->FreeAttribute) { - *pError = fwObject->mdObject->FreeAttribute(&mdItem); - } - } - - done: - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + rv->size = mdItem.item->size; + rv->data = nss_ZAlloc(arenaOpt, rv->size); + if (!rv->data) { + *pError = CKR_HOST_MEMORY; + if (!itemOpt) { + nss_ZFreeIf(rv); + } + rv = (NSSItem *)NULL; + goto done; + } + } + else { + if (rv->size >= mdItem.item->size) { + rv->size = mdItem.item->size; + } + else { + *pError = CKR_BUFFER_TOO_SMALL; + /* Should we set rv->size to mdItem->size? */ + /* rv can't have been allocated */ + rv = (NSSItem *)NULL; + goto done; + } + } + + (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size); + + if (PR_TRUE == mdItem.needsFreeing) { + PR_ASSERT(fwObject->mdObject->FreeAttribute); + if (fwObject->mdObject->FreeAttribute) { + *pError = fwObject->mdObject->FreeAttribute(&mdItem); + } + } + +done: + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -661,128 +633,128 @@ nssCKFWObject_GetAttribute * */ NSS_IMPLEMENT CK_RV -nssCKFWObject_SetAttribute -( - NSSCKFWObject *fwObject, - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nssCKFWObject_SetAttribute( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } -#endif /* NSSDEBUG */ - - if( CKA_TOKEN == attribute ) { - /* - * We're changing from a session object to a token object or - * vice-versa. - */ - - CK_ATTRIBUTE a; - NSSCKFWObject *newFwObject; - NSSCKFWObject swab; - - a.type = CKA_TOKEN; - a.pValue = value->data; - a.ulValueLen = value->size; - - newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, - &a, 1, &error); - if (!newFwObject) { - if( CKR_OK == error ) { - error = CKR_GENERAL_ERROR; - } - return error; - } - - /* - * Actually, I bet the locking is worse than this.. this part of - * the code could probably use some scrutiny and reworking. - */ - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - nssCKFWObject_Destroy(newFwObject); - return error; - } - - error = nssCKFWMutex_Lock(newFwObject->mutex); - if( CKR_OK != error ) { - nssCKFWMutex_Unlock(fwObject->mutex); - nssCKFWObject_Destroy(newFwObject); - return error; + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; } +#endif /* NSSDEBUG */ - /* - * Now, we have our new object, but it has a new fwObject pointer, - * while we have to keep the existing one. So quick swap the contents. - */ - swab = *fwObject; - *fwObject = *newFwObject; - *newFwObject = swab; - - /* But keep the mutexes the same */ - swab.mutex = fwObject->mutex; - fwObject->mutex = newFwObject->mutex; - newFwObject->mutex = swab.mutex; - - (void)nssCKFWMutex_Unlock(newFwObject->mutex); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - - /* - * Either remove or add this to the list of session objects - */ - - if( CK_FALSE == *(CK_BBOOL *)value->data ) { - /* - * New one is a session object, except since we "stole" the fwObject, it's - * not in the list. Add it. - */ - nssCKFWSession_RegisterSessionObject(fwSession, fwObject); - } else { - /* - * New one is a token object, except since we "stole" the fwObject, it's - * in the list. Remove it. - */ - if (fwObject->fwSession) { - nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); - } - } - - /* - * Now delete the old object. Remember the names have changed. - */ - nssCKFWObject_Destroy(newFwObject); - - return CKR_OK; - } else { - /* - * An "ordinary" change. - */ - if (!fwObject->mdObject->SetAttribute) { - /* We could fake it with copying, like above.. later */ - return CKR_ATTRIBUTE_READ_ONLY; + if (CKA_TOKEN == attribute) { + /* + * We're changing from a session object to a token object or + * vice-versa. + */ + + CK_ATTRIBUTE a; + NSSCKFWObject *newFwObject; + NSSCKFWObject swab; + + a.type = CKA_TOKEN; + a.pValue = value->data; + a.ulValueLen = value->size; + + newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, + &a, 1, &error); + if (!newFwObject) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; + } + + /* + * Actually, I bet the locking is worse than this.. this part of + * the code could probably use some scrutiny and reworking. + */ + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + nssCKFWObject_Destroy(newFwObject); + return error; + } + + error = nssCKFWMutex_Lock(newFwObject->mutex); + if (CKR_OK != error) { + nssCKFWMutex_Unlock(fwObject->mutex); + nssCKFWObject_Destroy(newFwObject); + return error; + } + + /* + * Now, we have our new object, but it has a new fwObject pointer, + * while we have to keep the existing one. So quick swap the contents. + */ + swab = *fwObject; + *fwObject = *newFwObject; + *newFwObject = swab; + + /* But keep the mutexes the same */ + swab.mutex = fwObject->mutex; + fwObject->mutex = newFwObject->mutex; + newFwObject->mutex = swab.mutex; + + (void)nssCKFWMutex_Unlock(newFwObject->mutex); + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + /* + * Either remove or add this to the list of session objects + */ + + if (CK_FALSE == *(CK_BBOOL *)value->data) { + /* + * New one is a session object, except since we "stole" the fwObject, it's + * not in the list. Add it. + */ + nssCKFWSession_RegisterSessionObject(fwSession, fwObject); + } + else { + /* + * New one is a token object, except since we "stole" the fwObject, it's + * in the list. Remove it. + */ + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + } + + /* + * Now delete the old object. Remember the names have changed. + */ + nssCKFWObject_Destroy(newFwObject); + + return CKR_OK; } - - error = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != error ) { - return error; + else { + /* + * An "ordinary" change. + */ + if (!fwObject->mdObject->SetAttribute) { + /* We could fake it with copying, like above.. later */ + return CKR_ATTRIBUTE_READ_ONLY; + } + + error = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != error) { + return error; + } + + error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, value); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + return error; } - - error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - attribute, value); - - (void)nssCKFWMutex_Unlock(fwObject->mutex); - - return error; - } } /* @@ -790,42 +762,40 @@ nssCKFWObject_SetAttribute * */ NSS_IMPLEMENT CK_ULONG -nssCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +nssCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwObject->mdObject->GetObjectSize) { - *pError = CKR_INFORMATION_SENSITIVE; - return (CK_ULONG)0; - } + if (!fwObject->mdObject->GetObjectSize) { + *pError = CKR_INFORMATION_SENSITIVE; + return (CK_ULONG)0; + } - *pError = nssCKFWMutex_Lock(fwObject->mutex); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } - rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject, - fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, - fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, - pError); + rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); - (void)nssCKFWMutex_Unlock(fwObject->mutex); - return rv; + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; } /* @@ -833,18 +803,16 @@ nssCKFWObject_GetObjectSize * */ NSS_IMPLEMENT NSSCKMDObject * -NSSCKFWObject_GetMDObject -( - NSSCKFWObject *fwObject -) +NSSCKFWObject_GetMDObject( + NSSCKFWObject *fwObject) { #ifdef DEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return (NSSCKMDObject *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetMDObject(fwObject); + return nssCKFWObject_GetMDObject(fwObject); } /* @@ -852,24 +820,22 @@ NSSCKFWObject_GetMDObject * */ NSS_IMPLEMENT NSSArena * -NSSCKFWObject_GetArena -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetArena( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetArena(fwObject, pError); + return nssCKFWObject_GetArena(fwObject, pError); } /* @@ -877,18 +843,16 @@ NSSCKFWObject_GetArena * */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWObject_IsTokenObject -( - NSSCKFWObject *fwObject -) +NSSCKFWObject_IsTokenObject( + NSSCKFWObject *fwObject) { #ifdef DEBUG - if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWObject_IsTokenObject(fwObject); + return nssCKFWObject_IsTokenObject(fwObject); } /* @@ -896,24 +860,22 @@ NSSCKFWObject_IsTokenObject * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetAttributeCount -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetAttributeCount( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeCount(fwObject, pError); + return nssCKFWObject_GetAttributeCount(fwObject, pError); } /* @@ -921,27 +883,25 @@ NSSCKFWObject_GetAttributeCount * */ NSS_IMPLEMENT CK_RV -NSSCKFWObject_GetAttributeTypes -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +NSSCKFWObject_GetAttributeTypes( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { #ifdef DEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - error = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != error) { + return error; + } - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) { + return CKR_ARGUMENTS_BAD; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount); + return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount); } /* @@ -949,25 +909,23 @@ NSSCKFWObject_GetAttributeTypes * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetAttributeSize -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +NSSCKFWObject_GetAttributeSize( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError); + return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError); } /* @@ -975,27 +933,25 @@ NSSCKFWObject_GetAttributeSize * */ NSS_IMPLEMENT NSSItem * -NSSCKFWObject_GetAttribute -( - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *itemOpt, - NSSArena *arenaOpt, - CK_RV *pError -) +NSSCKFWObject_GetAttribute( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSItem *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSItem *)NULL; - } + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSItem *)NULL; + } #endif /* DEBUG */ - return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError); + return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError); } /* @@ -1003,22 +959,20 @@ NSSCKFWObject_GetAttribute * */ NSS_IMPLEMENT CK_ULONG -NSSCKFWObject_GetObjectSize -( - NSSCKFWObject *fwObject, - CK_RV *pError -) +NSSCKFWObject_GetObjectSize( + NSSCKFWObject *fwObject, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } #endif /* DEBUG */ - return nssCKFWObject_GetObjectSize(fwObject, pError); + return nssCKFWObject_GetObjectSize(fwObject, pError); } diff --git a/lib/ckfw/session.c b/lib/ckfw/session.c index 4f9a7ce8c..39d7f4f89 100644 --- a/lib/ckfw/session.c +++ b/lib/ckfw/session.c @@ -61,26 +61,26 @@ */ struct NSSCKFWSessionStr { - NSSArena *arena; - NSSCKMDSession *mdSession; - NSSCKFWToken *fwToken; - NSSCKMDToken *mdToken; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - CK_VOID_PTR pApplication; - CK_NOTIFY Notify; - - /* - * Everything above is set at creation time, and then not modified. - * The items below are atomic. No locking required. If we fear - * about pointer-copies being nonatomic, we'll lock fwFindObjects. - */ - - CK_BBOOL rw; - NSSCKFWFindObjects *fwFindObjects; - NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; - nssCKFWHash *sessionObjectHash; - CK_SESSION_HANDLE hSession; + NSSArena *arena; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_VOID_PTR pApplication; + CK_NOTIFY Notify; + + /* + * Everything above is set at creation time, and then not modified. + * The items below are atomic. No locking required. If we fear + * about pointer-copies being nonatomic, we'll lock fwFindObjects. + */ + + CK_BBOOL rw; + NSSCKFWFindObjects *fwFindObjects; + NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; + nssCKFWHash *sessionObjectHash; + CK_SESSION_HANDLE hSession; }; #ifdef DEBUG @@ -96,30 +96,24 @@ struct NSSCKFWSessionStr { */ static CK_RV -session_add_pointer -( - const NSSCKFWSession *fwSession -) +session_add_pointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } static CK_RV -session_remove_pointer -( - const NSSCKFWSession *fwSession -) +session_remove_pointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWSession_verifyPointer -( - const NSSCKFWSession *fwSession -) +nssCKFWSession_verifyPointer( + const NSSCKFWSession *fwSession) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -129,95 +123,91 @@ nssCKFWSession_verifyPointer * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWSession_Create -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -) +nssCKFWSession_Create( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError) { - NSSArena *arena = (NSSArena *)NULL; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSession *)NULL; - } + if (!pError) { + return (NSSCKFWSession *)NULL; + } - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWSession *)NULL; - } + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSession *)NULL; + } - fwSession = nss_ZNEW(arena, NSSCKFWSession); - if (!fwSession) { - *pError = CKR_HOST_MEMORY; - goto loser; - } + fwSession = nss_ZNEW(arena, NSSCKFWSession); + if (!fwSession) { + *pError = CKR_HOST_MEMORY; + goto loser; + } - fwSession->arena = arena; - fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ - fwSession->fwToken = fwToken; - fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); + fwSession->arena = arena; + fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ + fwSession->fwToken = fwToken; + fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); - fwSlot = nssCKFWToken_GetFWSlot(fwToken); - fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); - fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + fwSlot = nssCKFWToken_GetFWSlot(fwToken); + fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); - fwSession->rw = rw; - fwSession->pApplication = pApplication; - fwSession->Notify = Notify; + fwSession->rw = rw; + fwSession->pApplication = pApplication; + fwSession->Notify = Notify; - fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; + fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; - fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); - if (!fwSession->sessionObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); + if (!fwSession->sessionObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; } - goto loser; - } #ifdef DEBUG - *pError = session_add_pointer(fwSession); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = session_add_pointer(fwSession); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - return fwSession; + return fwSession; - loser: - if (arena) { - if (fwSession && fwSession->sessionObjectHash) { - (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); +loser: + if (arena) { + if (fwSession && fwSession->sessionObjectHash) { + (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); + } + NSSArena_Destroy(arena); } - NSSArena_Destroy(arena); - } - return (NSSCKFWSession *)NULL; + return (NSSCKFWSession *)NULL; } static void -nss_ckfw_session_object_destroy_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfw_session_object_destroy_iterator( + const void *key, + void *value, + void *closure) { - NSSCKFWObject *fwObject = (NSSCKFWObject *)value; - nssCKFWObject_Finalize(fwObject, PR_TRUE); + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + nssCKFWObject_Finalize(fwObject, PR_TRUE); } /* @@ -225,51 +215,49 @@ nss_ckfw_session_object_destroy_iterator * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Destroy -( - NSSCKFWSession *fwSession, - CK_BBOOL removeFromTokenHash -) +nssCKFWSession_Destroy( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash) { - CK_RV error = CKR_OK; - nssCKFWHash *sessionObjectHash; - NSSCKFWCryptoOperationState i; + CK_RV error = CKR_OK; + nssCKFWHash *sessionObjectHash; + NSSCKFWCryptoOperationState i; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( removeFromTokenHash ) { - error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); - } + if (removeFromTokenHash) { + error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); + } - /* - * Invalidate session objects - */ + /* + * Invalidate session objects + */ - sessionObjectHash = fwSession->sessionObjectHash; - fwSession->sessionObjectHash = (nssCKFWHash *)NULL; + sessionObjectHash = fwSession->sessionObjectHash; + fwSession->sessionObjectHash = (nssCKFWHash *)NULL; - nssCKFWHash_Iterate(sessionObjectHash, - nss_ckfw_session_object_destroy_iterator, - (void *)NULL); + nssCKFWHash_Iterate(sessionObjectHash, + nss_ckfw_session_object_destroy_iterator, + (void *)NULL); - for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) { - if (fwSession->fwOperationArray[i]) { - nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); + for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) { + if (fwSession->fwOperationArray[i]) { + nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); + } } - } #ifdef DEBUG - (void)session_remove_pointer(fwSession); + (void)session_remove_pointer(fwSession); #endif /* DEBUG */ - (void)nssCKFWHash_Destroy(sessionObjectHash); - NSSArena_Destroy(fwSession->arena); + (void)nssCKFWHash_Destroy(sessionObjectHash); + NSSArena_Destroy(fwSession->arena); - return error; + return error; } /* @@ -277,18 +265,16 @@ nssCKFWSession_Destroy * */ NSS_IMPLEMENT NSSCKMDSession * -nssCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetMDSession( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKMDSession *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKMDSession *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->mdSession; + return fwSession->mdSession; } /* @@ -296,24 +282,22 @@ nssCKFWSession_GetMDSession * */ NSS_IMPLEMENT NSSArena * -nssCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->arena; + return fwSession->arena; } /* @@ -321,34 +305,32 @@ nssCKFWSession_GetArena * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -) +nssCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event) { - CK_RV error = CKR_OK; - CK_SESSION_HANDLE handle; + CK_RV error = CKR_OK; + CK_SESSION_HANDLE handle; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_NOTIFY)NULL == fwSession->Notify ) { - return CKR_OK; - } + if ((CK_NOTIFY)NULL == fwSession->Notify) { + return CKR_OK; + } - handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); - if( (CK_SESSION_HANDLE)0 == handle ) { - return CKR_GENERAL_ERROR; - } + handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); + if ((CK_SESSION_HANDLE)0 == handle) { + return CKR_GENERAL_ERROR; + } - error = fwSession->Notify(handle, event, fwSession->pApplication); + error = fwSession->Notify(handle, event, fwSession->pApplication); - return error; + return error; } /* @@ -356,18 +338,16 @@ nssCKFWSession_CallNotification * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -) +nssCKFWSession_IsRWSession( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - return fwSession->rw; + return fwSession->rw; } /* @@ -375,31 +355,29 @@ nssCKFWSession_IsRWSession * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSession_IsSO -( - NSSCKFWSession *fwSession -) +nssCKFWSession_IsSO( + NSSCKFWSession *fwSession) { - CK_STATE state; + CK_STATE state; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - state = nssCKFWToken_GetSessionState(fwSession->fwToken); - switch( state ) { - case CKS_RO_PUBLIC_SESSION: - case CKS_RO_USER_FUNCTIONS: - case CKS_RW_PUBLIC_SESSION: - case CKS_RW_USER_FUNCTIONS: - return CK_FALSE; - case CKS_RW_SO_FUNCTIONS: - return CK_TRUE; - default: - return CK_FALSE; - } + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + switch (state) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + return CK_FALSE; + case CKS_RW_SO_FUNCTIONS: + return CK_TRUE; + default: + return CK_FALSE; + } } /* @@ -407,18 +385,16 @@ nssCKFWSession_IsSO * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWSession_GetFWSlot -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetFWSlot( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - return nssCKFWToken_GetFWSlot(fwSession->fwToken); + return nssCKFWToken_GetFWSlot(fwSession->fwToken); } /* @@ -426,18 +402,16 @@ nssCKFWSession_GetFWSlot * */ NSS_IMPLEMENT CK_STATE -nssCKFWSession_GetSessionState -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetSessionState( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKS_RO_PUBLIC_SESSION; /* whatever */ - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } #endif /* NSSDEBUG */ - return nssCKFWToken_GetSessionState(fwSession->fwToken); + return nssCKFWToken_GetSessionState(fwSession->fwToken); } /* @@ -445,33 +419,31 @@ nssCKFWSession_GetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetFWFindObjects -( - NSSCKFWSession *fwSession, - NSSCKFWFindObjects *fwFindObjects -) +nssCKFWSession_SetFWFindObjects( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - /* fwFindObjects may be null */ +/* fwFindObjects may be null */ #endif /* NSSDEBUG */ - if ((fwSession->fwFindObjects) && - (fwFindObjects)) { - return CKR_OPERATION_ACTIVE; - } + if ((fwSession->fwFindObjects) && + (fwFindObjects)) { + return CKR_OPERATION_ACTIVE; + } - fwSession->fwFindObjects = fwFindObjects; + fwSession->fwFindObjects = fwFindObjects; - return CKR_OK; + return CKR_OK; } /* @@ -479,29 +451,27 @@ nssCKFWSession_SetFWFindObjects * */ NSS_IMPLEMENT NSSCKFWFindObjects * -nssCKFWSession_GetFWFindObjects -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetFWFindObjects( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWFindObjects *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWFindObjects *)NULL; - } + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWFindObjects *)NULL; + } #endif /* NSSDEBUG */ - if (!fwSession->fwFindObjects) { - *pError = CKR_OPERATION_NOT_INITIALIZED; - return (NSSCKFWFindObjects *)NULL; - } + if (!fwSession->fwFindObjects) { + *pError = CKR_OPERATION_NOT_INITIALIZED; + return (NSSCKFWFindObjects *)NULL; + } - return fwSession->fwFindObjects; + return fwSession->fwFindObjects; } /* @@ -509,34 +479,32 @@ nssCKFWSession_GetFWFindObjects * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetMDSession -( - NSSCKFWSession *fwSession, - NSSCKMDSession *mdSession -) +nssCKFWSession_SetMDSession( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!mdSession) { - return CKR_ARGUMENTS_BAD; - } + if (!mdSession) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } - fwSession->mdSession = mdSession; + fwSession->mdSession = mdSession; - return CKR_OK; + return CKR_OK; } /* @@ -544,30 +512,28 @@ nssCKFWSession_SetMDSession * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetHandle -( - NSSCKFWSession *fwSession, - CK_SESSION_HANDLE hSession -) +nssCKFWSession_SetHandle( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) { - return CKR_GENERAL_ERROR; - } + if ((CK_SESSION_HANDLE)0 != fwSession->hSession) { + return CKR_GENERAL_ERROR; + } - fwSession->hSession = hSession; + fwSession->hSession = hSession; - return CKR_OK; + return CKR_OK; } /* @@ -575,18 +541,16 @@ nssCKFWSession_SetHandle * */ NSS_IMPLEMENT CK_SESSION_HANDLE -nssCKFWSession_GetHandle -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetHandle( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return NULL; + } #endif /* NSSDEBUG */ - return fwSession->hSession; + return fwSession->hSession; } /* @@ -594,25 +558,23 @@ nssCKFWSession_GetHandle * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_RegisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWSession_RegisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKR_GENERAL_ERROR; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (fwSession->sessionObjectHash) { - rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); - } + if (fwSession->sessionObjectHash) { + rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + } - return rv; + return rv; } /* @@ -620,23 +582,21 @@ nssCKFWSession_RegisterSessionObject * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DeregisterSessionObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject -) +nssCKFWSession_DeregisterSessionObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CKR_GENERAL_ERROR; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (fwSession->sessionObjectHash) { - nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); - } + if (fwSession->sessionObjectHash) { + nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); + } - return CKR_OK; + return CKR_OK; } /* @@ -644,28 +604,26 @@ nssCKFWSession_DeregisterSessionObject * */ NSS_IMPLEMENT CK_ULONG -nssCKFWSession_GetDeviceError -( - NSSCKFWSession *fwSession -) +nssCKFWSession_GetDeviceError( + NSSCKFWSession *fwSession) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (CK_ULONG)0; + } - if (!fwSession->mdSession) { - return (CK_ULONG)0; - } + if (!fwSession->mdSession) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetDeviceError) { - return (CK_ULONG)0; - } + if (!fwSession->mdSession->GetDeviceError) { + return (CK_ULONG)0; + } - return fwSession->mdSession->GetDeviceError(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance); + return fwSession->mdSession->GetDeviceError(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); } /* @@ -673,116 +631,119 @@ nssCKFWSession_GetDeviceError * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Login -( - NSSCKFWSession *fwSession, - CK_USER_TYPE userType, - NSSItem *pin -) +nssCKFWSession_Login( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin) { - CK_RV error = CKR_OK; - CK_STATE oldState; - CK_STATE newState; + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - switch( userType ) { - case CKU_SO: - case CKU_USER: - break; - default: - return CKR_USER_TYPE_INVALID; - } + switch (userType) { + case CKU_SO: + case CKU_USER: + break; + default: + return CKR_USER_TYPE_INVALID; + } - if (!pin) { - if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) { - return CKR_ARGUMENTS_BAD; + if (!pin) { + if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); - - /* - * It's not clear what happens when you're already logged in. - * I'll just fail; but if we decide to change, the logic is - * all right here. - */ - - if( CKU_SO == userType ) { - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - /* - * There's no such thing as a read-only security officer - * session, so fail. The error should be CKR_SESSION_READ_ONLY, - * except that C_Login isn't defined to return that. So we'll - * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. - */ - return CKR_SESSION_READ_ONLY_EXISTS; - case CKS_RO_USER_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - case CKS_RW_PUBLIC_SESSION: - newState = CKS_RW_SO_FUNCTIONS; - break; - case CKS_RW_USER_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - case CKS_RW_SO_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - default: - return CKR_GENERAL_ERROR; - } - } else /* CKU_USER == userType */ { - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - newState = CKS_RO_USER_FUNCTIONS; - break; - case CKS_RO_USER_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - case CKS_RW_PUBLIC_SESSION: - newState = CKS_RW_USER_FUNCTIONS; - break; - case CKS_RW_USER_FUNCTIONS: - return CKR_USER_ALREADY_LOGGED_IN; - case CKS_RW_SO_FUNCTIONS: - return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; - default: - return CKR_GENERAL_ERROR; - } - } - - /* - * So now we're in one of three cases: - * - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; - * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; - * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; - */ - - if (!fwSession->mdSession->Login) { + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + /* - * The Module doesn't want to be informed (or check the pin) - * it'll just rely on the Framework as needed. + * It's not clear what happens when you're already logged in. + * I'll just fail; but if we decide to change, the logic is + * all right here. */ - ; - } else { - error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, userType, pin, oldState, newState); - if( CKR_OK != error ) { - return error; - } - } - - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); - return CKR_OK; + + if (CKU_SO == userType) { + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + /* + * There's no such thing as a read-only security officer + * session, so fail. The error should be CKR_SESSION_READ_ONLY, + * except that C_Login isn't defined to return that. So we'll + * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. + */ + return CKR_SESSION_READ_ONLY_EXISTS; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = + CKS_RW_SO_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } + else /* CKU_USER == userType */ { + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + newState = + CKS_RO_USER_FUNCTIONS; + break; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = + CKS_RW_USER_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } + + /* + * So now we're in one of three cases: + * + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; + * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; + */ + + if (!fwSession->mdSession->Login) { + /* + * The Module doesn't want to be informed (or check the pin) + * it'll just rely on the Framework as needed. + */ + ; + } + else { + error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, userType, pin, oldState, newState); + if (CKR_OK != error) { + return error; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return CKR_OK; } /* @@ -790,74 +751,73 @@ nssCKFWSession_Login * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Logout -( - NSSCKFWSession *fwSession -) +nssCKFWSession_Logout( + NSSCKFWSession *fwSession) { - CK_RV error = CKR_OK; - CK_STATE oldState; - CK_STATE newState; + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); - - switch( oldState ) { - case CKS_RO_PUBLIC_SESSION: - return CKR_USER_NOT_LOGGED_IN; - case CKS_RO_USER_FUNCTIONS: - newState = CKS_RO_PUBLIC_SESSION; - break; - case CKS_RW_PUBLIC_SESSION: - return CKR_USER_NOT_LOGGED_IN; - case CKS_RW_USER_FUNCTIONS: - newState = CKS_RW_PUBLIC_SESSION; - break; - case CKS_RW_SO_FUNCTIONS: - newState = CKS_RW_PUBLIC_SESSION; - break; - default: - return CKR_GENERAL_ERROR; - } - - /* - * So now we're in one of three cases: - * - * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; - * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; - * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; - */ - - if (!fwSession->mdSession->Logout) { + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + + switch (oldState) { + case CKS_RO_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RO_USER_FUNCTIONS: + newState = CKS_RO_PUBLIC_SESSION; + break; + case CKS_RW_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RW_USER_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + case CKS_RW_SO_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + default: + return CKR_GENERAL_ERROR; + } + /* - * The Module doesn't want to be informed. Okay. + * So now we're in one of three cases: + * + * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; */ - ; - } else { - error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, oldState, newState); - if( CKR_OK != error ) { - /* - * Now what?! A failure really should end up with the Framework - * considering it logged out, right? - */ - ; - } - } - - (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); - return error; + + if (!fwSession->mdSession->Logout) { + /* + * The Module doesn't want to be informed. Okay. + */ + ; + } + else { + error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, oldState, newState); + if (CKR_OK != error) { + /* + * Now what?! A failure really should end up with the Framework + * considering it logged out, right? + */ + ; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return error; } /* @@ -865,47 +825,45 @@ nssCKFWSession_Logout * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_InitPIN -( - NSSCKFWSession *fwSession, - NSSItem *pin -) +nssCKFWSession_InitPIN( + NSSCKFWSession *fwSession, + NSSItem *pin) { - CK_RV error = CKR_OK; - CK_STATE state; + CK_RV error = CKR_OK; + CK_STATE state; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - state = nssCKFWToken_GetSessionState(fwSession->fwToken); - if( CKS_RW_SO_FUNCTIONS != state ) { - return CKR_USER_NOT_LOGGED_IN; - } + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + if (CKS_RW_SO_FUNCTIONS != state) { + return CKR_USER_NOT_LOGGED_IN; + } - if (!pin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!pin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession->InitPIN) { - return CKR_TOKEN_WRITE_PROTECTED; - } + if (!fwSession->mdSession->InitPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } - error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, pin); + error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pin); - return error; + return error; } /* @@ -913,49 +871,47 @@ nssCKFWSession_InitPIN * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetPIN -( - NSSCKFWSession *fwSession, - NSSItem *oldPin, - NSSItem *newPin -) +nssCKFWSession_SetPIN( + NSSCKFWSession *fwSession, + NSSItem *oldPin, + NSSItem *newPin) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!newPin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!newPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!oldPin) { - CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); - if( CK_TRUE != has ) { - return CKR_ARGUMENTS_BAD; + if (!oldPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if (CK_TRUE != has) { + return CKR_ARGUMENTS_BAD; + } } - } - if (!fwSession->mdSession->SetPIN) { - return CKR_TOKEN_WRITE_PROTECTED; - } + if (!fwSession->mdSession->SetPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } - error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, oldPin, newPin); + error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, oldPin, newPin); - return error; + return error; } /* @@ -963,54 +919,52 @@ nssCKFWSession_SetPIN * */ NSS_IMPLEMENT CK_ULONG -nssCKFWSession_GetOperationStateLen -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +nssCKFWSession_GetOperationStateLen( + NSSCKFWSession *fwSession, + CK_RV *pError) { - CK_ULONG mdAmt; - CK_ULONG fwAmt; + CK_ULONG mdAmt; + CK_ULONG fwAmt; #ifdef NSSDEBUG - if (!pError) { - return (CK_ULONG)0; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (CK_ULONG)0; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (CK_ULONG)0; - } + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (CK_ULONG)0; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetOperationStateLen) { - *pError = CKR_STATE_UNSAVEABLE; - return (CK_ULONG)0; - } + if (!fwSession->mdSession->GetOperationStateLen) { + *pError = CKR_STATE_UNSAVEABLE; + return (CK_ULONG)0; + } - /* - * We could check that the session is actually in some state.. - */ + /* + * We could check that the session is actually in some state.. + */ - mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, pError); + mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pError); - if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) { - return (CK_ULONG)0; - } + if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) { + return (CK_ULONG)0; + } - /* - * Add a bit of sanity-checking - */ - fwAmt = mdAmt + 2*sizeof(CK_ULONG); + /* + * Add a bit of sanity-checking + */ + fwAmt = mdAmt + 2 * sizeof(CK_ULONG); - return fwAmt; + return fwAmt; } /* @@ -1018,82 +972,80 @@ nssCKFWSession_GetOperationStateLen * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_GetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *buffer -) +nssCKFWSession_GetOperationState( + NSSCKFWSession *fwSession, + NSSItem *buffer) { - CK_RV error = CKR_OK; - CK_ULONG fwAmt; - CK_ULONG *ulBuffer; - NSSItem i2; - CK_ULONG n, i; + CK_RV error = CKR_OK; + CK_ULONG fwAmt; + CK_ULONG *ulBuffer; + NSSItem i2; + CK_ULONG n, i; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!buffer) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } - if (!buffer->data) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetOperationState) { - return CKR_STATE_UNSAVEABLE; - } + if (!fwSession->mdSession->GetOperationState) { + return CKR_STATE_UNSAVEABLE; + } - /* - * Sanity-check the caller's buffer. - */ + /* + * Sanity-check the caller's buffer. + */ - error = CKR_OK; - fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); - if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) { - return error; - } + error = CKR_OK; + fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) { + return error; + } - if( buffer->size < fwAmt ) { - return CKR_BUFFER_TOO_SMALL; - } + if (buffer->size < fwAmt) { + return CKR_BUFFER_TOO_SMALL; + } - ulBuffer = (CK_ULONG *)buffer->data; + ulBuffer = (CK_ULONG *)buffer->data; - i2.size = buffer->size - 2*sizeof(CK_ULONG); - i2.data = (void *)&ulBuffer[2]; + i2.size = buffer->size - 2 * sizeof(CK_ULONG); + i2.data = (void *)&ulBuffer[2]; - error = fwSession->mdSession->GetOperationState(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, &i2); + error = fwSession->mdSession->GetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, &i2); - if( CKR_OK != error ) { - return error; - } - - /* - * Add a little integrety/identity check. - * NOTE: right now, it's pretty stupid. - * A CRC or something would be better. - */ - - ulBuffer[0] = 0x434b4657; /* CKFW */ - ulBuffer[1] = 0; - n = i2.size/sizeof(CK_ULONG); - for( i = 0; i < n; i++ ) { - ulBuffer[1] ^= ulBuffer[2+i]; - } - - return CKR_OK; + if (CKR_OK != error) { + return error; + } + + /* + * Add a little integrety/identity check. + * NOTE: right now, it's pretty stupid. + * A CRC or something would be better. + */ + + ulBuffer[0] = 0x434b4657; /* CKFW */ + ulBuffer[1] = 0; + n = i2.size / sizeof(CK_ULONG); + for (i = 0; i < n; i++) { + ulBuffer[1] ^= ulBuffer[2 + i]; + } + + return CKR_OK; } /* @@ -1101,126 +1053,125 @@ nssCKFWSession_GetOperationState * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SetOperationState -( - NSSCKFWSession *fwSession, - NSSItem *state, - NSSCKFWObject *encryptionKey, - NSSCKFWObject *authenticationKey -) +nssCKFWSession_SetOperationState( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey) { - CK_RV error = CKR_OK; - CK_ULONG *ulBuffer; - CK_ULONG n, i; - CK_ULONG x; - NSSItem s; - NSSCKMDObject *mdek; - NSSCKMDObject *mdak; + CK_RV error = CKR_OK; + CK_ULONG *ulBuffer; + CK_ULONG n, i; + CK_ULONG x; + NSSItem s; + NSSCKMDObject *mdek; + NSSCKMDObject *mdak; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!state) { - return CKR_ARGUMENTS_BAD; - } + if (!state) { + return CKR_ARGUMENTS_BAD; + } - if (!state->data) { - return CKR_ARGUMENTS_BAD; - } + if (!state->data) { + return CKR_ARGUMENTS_BAD; + } - if (encryptionKey) { - error = nssCKFWObject_verifyPointer(encryptionKey); - if( CKR_OK != error ) { - return error; + if (encryptionKey) { + error = nssCKFWObject_verifyPointer(encryptionKey); + if (CKR_OK != error) { + return error; + } } - } - if (authenticationKey) { - error = nssCKFWObject_verifyPointer(authenticationKey); - if( CKR_OK != error ) { - return error; + if (authenticationKey) { + error = nssCKFWObject_verifyPointer(authenticationKey); + if (CKR_OK != error) { + return error; + } } - } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - ulBuffer = (CK_ULONG *)state->data; - if( 0x43b4657 != ulBuffer[0] ) { - return CKR_SAVED_STATE_INVALID; - } - n = (state->size / sizeof(CK_ULONG)) - 2; - x = (CK_ULONG)0; - for( i = 0; i < n; i++ ) { - x ^= ulBuffer[2+i]; - } - - if( x != ulBuffer[1] ) { - return CKR_SAVED_STATE_INVALID; - } - - if (!fwSession->mdSession->SetOperationState) { - return CKR_GENERAL_ERROR; - } - - s.size = state->size - 2*sizeof(CK_ULONG); - s.data = (void *)&ulBuffer[2]; - - if (encryptionKey) { - mdek = nssCKFWObject_GetMDObject(encryptionKey); - } else { - mdek = (NSSCKMDObject *)NULL; - } - - if (authenticationKey) { - mdak = nssCKFWObject_GetMDObject(authenticationKey); - } else { - mdak = (NSSCKMDObject *)NULL; - } - - error = fwSession->mdSession->SetOperationState(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); - - if( CKR_OK != error ) { - return error; - } + ulBuffer = (CK_ULONG *)state->data; + if (0x43b4657 != ulBuffer[0]) { + return CKR_SAVED_STATE_INVALID; + } + n = (state->size / sizeof(CK_ULONG)) - 2; + x = (CK_ULONG)0; + for (i = 0; i < n; i++) { + x ^= ulBuffer[2 + i]; + } + + if (x != ulBuffer[1]) { + return CKR_SAVED_STATE_INVALID; + } + + if (!fwSession->mdSession->SetOperationState) { + return CKR_GENERAL_ERROR; + } - /* - * Here'd we restore any session data - */ - - return CKR_OK; + s.size = state->size - 2 * sizeof(CK_ULONG); + s.data = (void *)&ulBuffer[2]; + + if (encryptionKey) { + mdek = nssCKFWObject_GetMDObject(encryptionKey); + } + else { + mdek = (NSSCKMDObject *)NULL; + } + + if (authenticationKey) { + mdak = nssCKFWObject_GetMDObject(authenticationKey); + } + else { + mdak = (NSSCKMDObject *)NULL; + } + + error = fwSession->mdSession->SetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); + + if (CKR_OK != error) { + return error; + } + + /* + * Here'd we restore any session data + */ + + return CKR_OK; } static CK_BBOOL -nss_attributes_form_token_object -( - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount -) +nss_attributes_form_token_object( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount) { - CK_ULONG i; - CK_BBOOL rv; - - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* If we sanity-check, we can remove this sizeof check */ - if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) { - (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); - return rv; - } else { - return CK_FALSE; - } + CK_ULONG i; + CK_BBOOL rv; + + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* If we sanity-check, we can remove this sizeof check */ + if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) { + (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); + return rv; + } + else { + return CK_FALSE; + } + } } - } - return CK_FALSE; + return CK_FALSE; } /* @@ -1228,133 +1179,136 @@ nss_attributes_form_token_object * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWSession_CreateObject -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_CreateObject( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSArena *arena; - NSSCKMDObject *mdObject; - NSSCKFWObject *fwObject; - CK_BBOOL isTokenObject; + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject; + CK_BBOOL isTokenObject; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != pError ) { - return (NSSCKFWObject *)NULL; - } - - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } -#endif /* NSSDEBUG */ - - /* - * Here would be an excellent place to sanity-check the object. - */ + if (!pError) { + return (NSSCKFWObject *)NULL; + } - isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); - if( CK_TRUE == isTokenObject ) { - /* === TOKEN OBJECT === */ + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != pError) { + return (NSSCKFWObject *)NULL; + } - if (!fwSession->mdSession->CreateObject) { - *pError = CKR_TOKEN_WRITE_PROTECTED; - return (NSSCKFWObject *)NULL; + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; } - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); - if (!arena) { - if( CKR_OK == *pError ) { + if (!fwSession->mdSession) { *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; + return (NSSCKFWObject *)NULL; } +#endif /* NSSDEBUG */ - goto callmdcreateobject; - } else { - /* === SESSION OBJECT === */ + /* + * Here would be an excellent place to sanity-check the object. + */ - arena = nssCKFWSession_GetArena(fwSession, pError); - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; + isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); + if (CK_TRUE == isTokenObject) { + /* === TOKEN OBJECT === */ + + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; } + else { + /* === SESSION OBJECT === */ + + arena = nssCKFWSession_GetArena(fwSession, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } - if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance) ) { - /* --- module handles the session object -- */ + if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)) { + /* --- module handles the session object -- */ - if (!fwSession->mdSession->CreateObject) { - *pError = CKR_GENERAL_ERROR; + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; + } + else { + /* --- framework handles the session object -- */ + mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, + arena, pTemplate, ulAttributeCount, pError); + goto gotmdobject; + } + } + +callmdcreateobject: + mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, + ulAttributeCount, pError); + +gotmdobject: + if (!mdObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } return (NSSCKFWObject *)NULL; - } - - goto callmdcreateobject; - } else { - /* --- framework handles the session object -- */ - mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, - arena, pTemplate, ulAttributeCount, pError); - goto gotmdobject; - } - } - - callmdcreateobject: - mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, - ulAttributeCount, pError); - - gotmdobject: - if (!mdObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; - } - - fwObject = nssCKFWObject_Create(arena, mdObject, - isTokenObject ? NULL : fwSession, - fwSession->fwToken, fwSession->fwInstance, pError); - if (!fwObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - - if (mdObject->Destroy) { - (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, - fwSession->mdSession, fwSession, fwSession->mdToken, - fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); - } - - return (NSSCKFWObject *)NULL; - } - - if( CK_FALSE == isTokenObject ) { - if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) { - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); - if( CKR_OK != *pError ) { - nssCKFWObject_Finalize(fwObject, PR_TRUE); + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + isTokenObject ? + NULL + : + fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + if (!fwObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + + if (mdObject->Destroy) { + (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, + fwSession->mdSession, fwSession, fwSession->mdToken, + fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); + } + return (NSSCKFWObject *)NULL; - } } - } - - return fwObject; + + if (CK_FALSE == isTokenObject) { + if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + if (CKR_OK != *pError) { + nssCKFWObject_Finalize(fwObject, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } + + return fwObject; } /* @@ -1362,222 +1316,233 @@ nssCKFWSession_CreateObject * */ NSS_IMPLEMENT NSSCKFWObject * -nssCKFWSession_CopyObject -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_CopyObject( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - CK_BBOOL oldIsToken; - CK_BBOOL newIsToken; - CK_ULONG i; - NSSCKFWObject *rv; + CK_BBOOL oldIsToken; + CK_BBOOL newIsToken; + CK_ULONG i; + NSSCKFWObject *rv; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - *pError = nssCKFWObject_verifyPointer(fwObject); - if( CKR_OK != *pError ) { - return (NSSCKFWObject *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWObject *)NULL; - } -#endif /* NSSDEBUG */ - - /* - * Sanity-check object - */ + if (!pError) { + return (NSSCKFWObject *)NULL; + } - if (!fwObject) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWObject *)NULL; - } + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } - oldIsToken = nssCKFWObject_IsTokenObject(fwObject); + *pError = nssCKFWObject_verifyPointer(fwObject); + if (CKR_OK != *pError) { + return (NSSCKFWObject *)NULL; + } - newIsToken = oldIsToken; - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* Since we sanity-checked the object, we know this is the right size. */ - (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); - break; + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; } - } +#endif /* NSSDEBUG */ - /* - * If the Module handles its session objects, or if both the new - * and old object are token objects, use CopyObject if it exists. - */ + /* + * Sanity-check object + */ - if ((fwSession->mdSession->CopyObject) && - (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || - (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance))) ) { - /* use copy object */ - NSSArena *arena; - NSSCKMDObject *mdOldObject; - NSSCKMDObject *mdObject; + if (!fwObject) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } - mdOldObject = nssCKFWObject_GetMDObject(fwObject); + oldIsToken = nssCKFWObject_IsTokenObject(fwObject); - if( CK_TRUE == newIsToken ) { - arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); - } else { - arena = nssCKFWSession_GetArena(fwSession, pError); - } - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; + newIsToken = oldIsToken; + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* Since we sanity-checked the object, we know this is the right size. */ + (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + break; + } } - mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, mdOldObject, - fwObject, arena, pTemplate, ulAttributeCount, pError); - if (!mdObject) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWObject *)NULL; - } + /* + * If the Module handles its session objects, or if both the new + * and old object are token objects, use CopyObject if it exists. + */ - rv = nssCKFWObject_Create(arena, mdObject, - newIsToken ? NULL : fwSession, - fwSession->fwToken, fwSession->fwInstance, pError); + if ((fwSession->mdSession->CopyObject) && + (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || + (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)))) { + /* use copy object */ + NSSArena *arena; + NSSCKMDObject *mdOldObject; + NSSCKMDObject *mdObject; - if( CK_FALSE == newIsToken ) { - if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) { - *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); - if( CKR_OK != *pError ) { - nssCKFWObject_Finalize(rv, PR_TRUE); - return (NSSCKFWObject *)NULL; + mdOldObject = nssCKFWObject_GetMDObject(fwObject); + + if (CK_TRUE == newIsToken) { + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + } + else { + arena = nssCKFWSession_GetArena(fwSession, pError); + } + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; } - } - } - return rv; - } else { - /* use create object */ - NSSArena *tmpArena; - CK_ATTRIBUTE_PTR newTemplate; - CK_ULONG i, j, n, newLength, k; - CK_ATTRIBUTE_TYPE_PTR oldTypes; - NSSCKFWObject *rv; - - n = nssCKFWObject_GetAttributeCount(fwObject, pError); - if( (0 == n) && (CKR_OK != *pError) ) { - return (NSSCKFWObject *)NULL; - } + mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, mdOldObject, + fwObject, arena, pTemplate, ulAttributeCount, pError); + if (!mdObject) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } - tmpArena = NSSArena_Create(); - if (!tmpArena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } + rv = nssCKFWObject_Create(arena, mdObject, + newIsToken ? + NULL + : + fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + + if (CK_FALSE == newIsToken) { + if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); + if (CKR_OK != *pError) { + nssCKFWObject_Finalize(rv, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } - oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); - if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) { - NSSArena_Destroy(tmpArena); - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; + return rv; } + else { + /* use create object */ + NSSArena *tmpArena; + CK_ATTRIBUTE_PTR newTemplate; + CK_ULONG i, j, n, newLength, k; + CK_ATTRIBUTE_TYPE_PTR oldTypes; + NSSCKFWObject *rv; + + n = nssCKFWObject_GetAttributeCount(fwObject, pError); + if ((0 == n) && (CKR_OK != *pError)) { + return (NSSCKFWObject *)NULL; + } - *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); - if( CKR_OK != *pError ) { - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; - } + tmpArena = NSSArena_Create(); + if (!tmpArena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } - newLength = n; - for( i = 0; i < ulAttributeCount; i++ ) { - for( j = 0; j < n; j++ ) { - if( oldTypes[j] == pTemplate[i].type ) { - if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { - /* Removing the attribute */ - newLength--; - } - break; + oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); + if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; } - } - if( j == n ) { - /* Not found */ - newLength++; - } - } - - newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); - if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) { - NSSArena_Destroy(tmpArena); - *pError = CKR_HOST_MEMORY; - return (NSSCKFWObject *)NULL; - } - - k = 0; - for( j = 0; j < n; j++ ) { - for( i = 0; i < ulAttributeCount; i++ ) { - if( oldTypes[j] == pTemplate[i].type ) { - if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { - /* This attribute is being deleted */ - ; - } else { - /* This attribute is being replaced */ - newTemplate[k].type = pTemplate[i].type; - newTemplate[k].pValue = pTemplate[i].pValue; - newTemplate[k].ulValueLen = pTemplate[i].ulValueLen; - k++; - } - break; + + *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); + if (CKR_OK != *pError) { + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; } - } - if( i == ulAttributeCount ) { - /* This attribute is being copied over from the old object */ - NSSItem item, *it; - item.size = 0; - item.data = (void *)NULL; - it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], - &item, tmpArena, pError); - if (!it) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; + + newLength = n; + for (i = 0; i < ulAttributeCount; i++) { + for (j = 0; j < n; j++) { + if (oldTypes[j] == pTemplate[i].type) { + if ((CK_VOID_PTR)NULL == + pTemplate[i].pValue) { + /* Removing the attribute */ + newLength--; + } + break; + } + } + if (j == n) { + /* Not found */ + newLength++; + } } - newTemplate[k].type = oldTypes[j]; - newTemplate[k].pValue = it->data; - newTemplate[k].ulValueLen = it->size; - k++; - } - } - /* assert that k == newLength */ - rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); - if (!rv) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - NSSArena_Destroy(tmpArena); - return (NSSCKFWObject *)NULL; - } + newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); + if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } - NSSArena_Destroy(tmpArena); - return rv; - } + k = 0; + for (j = 0; j < n; j++) { + for (i = 0; i < ulAttributeCount; i++) { + if (oldTypes[j] == pTemplate[i].type) { + if ((CK_VOID_PTR)NULL == + pTemplate[i].pValue) { + /* This attribute is being deleted */ + ; + } + else { + /* This attribute is being replaced */ + newTemplate[k].type = + pTemplate[i].type; + newTemplate[k].pValue = + pTemplate[i].pValue; + newTemplate[k].ulValueLen = + pTemplate[i].ulValueLen; + k++; + } + break; + } + } + if (i == ulAttributeCount) { + /* This attribute is being copied over from the old object */ + NSSItem item, *it; + item.size = 0; + item.data = (void *)NULL; + it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], + &item, tmpArena, pError); + if (!it) { + if (CKR_OK == + *pError) { + *pError = + CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + newTemplate[k].type = oldTypes[j]; + newTemplate[k].pValue = it->data; + newTemplate[k].ulValueLen = it->size; + k++; + } + } + /* assert that k == newLength */ + + rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); + if (!rv) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + + NSSArena_Destroy(tmpArena); + return rv; + } } /* @@ -1585,135 +1550,142 @@ nssCKFWSession_CopyObject * */ NSS_IMPLEMENT NSSCKFWFindObjects * -nssCKFWSession_FindObjectsInit -( - NSSCKFWSession *fwSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError -) +nssCKFWSession_FindObjectsInit( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError) { - NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; - NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; + NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; + NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWFindObjects *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSCKFWFindObjects *)NULL; - } - - if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWFindObjects *)NULL; - } - - if (!fwSession->mdSession) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWFindObjects *)NULL; - } -#endif /* NSSDEBUG */ - - if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( - fwSession->fwInstance) ) { - CK_ULONG i; + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } - /* - * Does the search criteria restrict us to token or session - * objects? - */ + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSCKFWFindObjects *)NULL; + } - for( i = 0; i < ulAttributeCount; i++ ) { - if( CKA_TOKEN == pTemplate[i].type ) { - /* Yes, it does. */ - CK_BBOOL isToken; - if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) { - *pError = CKR_ATTRIBUTE_VALUE_INVALID; - return (NSSCKFWFindObjects *)NULL; - } - (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWFindObjects *)NULL; + } - if( CK_TRUE == isToken ) { - /* Pass it on to the module's search routine */ - if (!fwSession->mdSession->FindObjectsInit) { - goto wrap; - } - - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); - } else { - /* Do the search ourselves */ - mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, - pTemplate, ulAttributeCount, pError); - } + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWFindObjects *)NULL; + } +#endif /* NSSDEBUG */ - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWFindObjects *)NULL; + if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance)) { + CK_ULONG i; + + /* + * Does the search criteria restrict us to token or session + * objects? + */ + + for (i = 0; i < ulAttributeCount; i++) { + if (CKA_TOKEN == pTemplate[i].type) { + /* Yes, it does. */ + CK_BBOOL isToken; + if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) { + *pError = + CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKFWFindObjects *)NULL; + } + (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + + if (CK_TRUE == isToken) { + /* Pass it on to the module's search routine */ + if (!fwSession->mdSession->FindObjectsInit) { + goto wrap; + } + + mdfo1 = + fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + } + else { + /* Do the search ourselves */ + mdfo1 = + nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + } + + if (!mdfo1) { + if (CKR_OK == + *pError) { + *pError = + CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + goto wrap; + } } - - goto wrap; - } - } - if( i == ulAttributeCount ) { - /* No, it doesn't. Do a hybrid search. */ - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); + if (i == ulAttributeCount) { + /* No, it doesn't. Do a hybrid search. */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + + if (!mdfo1) { + if (CKR_OK == *pError) { + *pError = + CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + if (!mdfo2) { + if (CKR_OK == *pError) { + *pError = + CKR_GENERAL_ERROR; + } + if (mdfo1->Final) { + mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); + } + return (NSSCKFWFindObjects *)NULL; + } - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + goto wrap; } - return (NSSCKFWFindObjects *)NULL; - } + /*NOTREACHED*/ + } + else { + /* Module handles all its own objects. Pass on to module's search */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); - mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, - pTemplate, ulAttributeCount, pError); - if (!mdfo2) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - if (mdfo1->Final) { - mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance); + if (!mdfo1) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; } - return (NSSCKFWFindObjects *)NULL; - } - - goto wrap; - } - /*NOTREACHED*/ - } else { - /* Module handles all its own objects. Pass on to module's search */ - mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, - fwSession, fwSession->mdToken, fwSession->fwToken, - fwSession->mdInstance, fwSession->fwInstance, - pTemplate, ulAttributeCount, pError); - if (!mdfo1) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWFindObjects *)NULL; + goto wrap; } - goto wrap; - } - - wrap: - return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, - fwSession->fwInstance, mdfo1, mdfo2, pError); +wrap: + return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, + fwSession->fwInstance, mdfo1, mdfo2, pError); } /* @@ -1721,46 +1693,44 @@ nssCKFWSession_FindObjectsInit * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_SeedRandom -( - NSSCKFWSession *fwSession, - NSSItem *seed -) +nssCKFWSession_SeedRandom( + NSSCKFWSession *fwSession, + NSSItem *seed) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!seed) { - return CKR_ARGUMENTS_BAD; - } + if (!seed) { + return CKR_ARGUMENTS_BAD; + } - if (!seed->data) { - return CKR_ARGUMENTS_BAD; - } + if (!seed->data) { + return CKR_ARGUMENTS_BAD; + } - if( 0 == seed->size ) { - return CKR_ARGUMENTS_BAD; - } + if (0 == seed->size) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->SeedRandom) { - return CKR_RANDOM_SEED_NOT_SUPPORTED; - } + if (!fwSession->mdSession->SeedRandom) { + return CKR_RANDOM_SEED_NOT_SUPPORTED; + } - error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, seed); + error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, seed); - return error; + return error; } /* @@ -1768,565 +1738,548 @@ nssCKFWSession_SeedRandom * */ NSS_IMPLEMENT CK_RV -nssCKFWSession_GetRandom -( - NSSCKFWSession *fwSession, - NSSItem *buffer -) +nssCKFWSession_GetRandom( + NSSCKFWSession *fwSession, + NSSItem *buffer) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!buffer) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } - if (!buffer->data) { - return CKR_ARGUMENTS_BAD; - } + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - if (!fwSession->mdSession->GetRandom) { - if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) { - return CKR_GENERAL_ERROR; - } else { - return CKR_RANDOM_NO_RNG; + if (!fwSession->mdSession->GetRandom) { + if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) { + return CKR_GENERAL_ERROR; + } + else { + return CKR_RANDOM_NO_RNG; + } } - } - if( 0 == buffer->size ) { - return CKR_OK; - } + if (0 == buffer->size) { + return CKR_OK; + } - error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, - fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, - fwSession->fwInstance, buffer); + error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, buffer); - return error; + return error; } - /* * nssCKFWSession_SetCurrentCryptoOperation */ NSS_IMPLEMENT void -nssCKFWSession_SetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperation * fwOperation, - NSSCKFWCryptoOperationState state -) +nssCKFWSession_SetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperationState state) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return; + } - if ( state >= NSSCKFWCryptoOperationState_Max) { - return; - } + if (state >= NSSCKFWCryptoOperationState_Max) { + return; + } - if (!fwSession->mdSession) { - return; - } + if (!fwSession->mdSession) { + return; + } #endif /* NSSDEBUG */ - fwSession->fwOperationArray[state] = fwOperation; - return; + fwSession->fwOperationArray[state] = fwOperation; + return; } /* * nssCKFWSession_GetCurrentCryptoOperation */ NSS_IMPLEMENT NSSCKFWCryptoOperation * -nssCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -) +nssCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if ( state >= NSSCKFWCryptoOperationState_Max) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if (!fwSession->mdSession) { - return (NSSCKFWCryptoOperation *)NULL; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (!fwSession->mdSession) { + return (NSSCKFWCryptoOperation *)NULL; + } #endif /* NSSDEBUG */ - return fwSession->fwOperationArray[state]; + return fwSession->fwOperationArray[state]; } /* * nssCKFWSession_Final */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Final -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_Final( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem outputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem outputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* handle buffer issues, note for Verify, the type is an input buffer. */ - if (NSSCKFWCryptoOperationType_Verify == type) { - if ((CK_BYTE_PTR)NULL == outBuf) { - error = CKR_ARGUMENTS_BAD; - goto done; + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; } - } else { - CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); - CK_ULONG maxBufLen = *outBufLen; - if (CKR_OK != error) { - goto done; + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; } - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; + + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } } + else { + CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + CK_ULONG maxBufLen = *outBufLen; - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; + if (CKR_OK != error) { + goto done; + } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } } - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); done: - if (CKR_BUFFER_TOO_SMALL == error) { + if (CKR_BUFFER_TOO_SMALL == error) { + return error; + } + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); return error; - } - /* clean up our state */ - nssCKFWCryptoOperation_Destroy(fwOperation); - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); - return error; } /* * nssCKFWSession_Update */ NSS_IMPLEMENT CK_RV -nssCKFWSession_Update -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_Update( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - CK_ULONG len; - CK_ULONG maxBufLen; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG len; + CK_ULONG maxBufLen; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; - /* handle buffer issues, note for Verify, the type is an input buffer. */ - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, - &error); - if (CKR_OK != error) { - return error; - } - maxBufLen = *outBufLen; + /* handle buffer issues, note for Verify, the type is an input buffer. */ + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, + &error); + if (CKR_OK != error) { + return error; + } + maxBufLen = *outBufLen; - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - return nssCKFWCryptoOperation_Update(fwOperation, - &inputBuffer, &outputBuffer); + return nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); } /* * nssCKFWSession_DigestUpdate */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestUpdate -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen -) +nssCKFWSession_DigestUpdate( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); - return error; + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + return error; } /* * nssCKFWSession_DigestUpdate */ NSS_IMPLEMENT CK_RV -nssCKFWSession_DigestKey -( - NSSCKFWSession *fwSession, - NSSCKFWObject *fwKey -) +nssCKFWSession_DigestKey( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem *inputBuffer; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem *inputBuffer; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_Digest); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (NSSCKFWCryptoOperationType_Digest != - nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); - if (CKR_FUNCTION_FAILED != error) { - return error; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (NSSCKFWCryptoOperationType_Digest != + nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); + if (CKR_FUNCTION_FAILED != error) { + return error; + } - /* no machine depended way for this to happen, do it by hand */ - inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); - if (!inputBuffer) { - /* couldn't get the value, just fail then */ + /* no machine depended way for this to happen, do it by hand */ + inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); + if (!inputBuffer) { + /* couldn't get the value, just fail then */ + return error; + } + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); + nssItem_Destroy(inputBuffer); return error; - } - error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); - nssItem_Destroy(inputBuffer); - return error; } /* * nssCKFWSession_UpdateFinal */ NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateFinal -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType type, - NSSCKFWCryptoOperationState state, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_UpdateFinal( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - PRBool isEncryptDecrypt; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + PRBool isEncryptDecrypt; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; - isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) || - (NSSCKFWCryptoOperationType_Decrypt == type)) ; + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - /* handle buffer issues, note for Verify, the type is an input buffer. */ - if (NSSCKFWCryptoOperationType_Verify == type) { - if ((CK_BYTE_PTR)NULL == outBuf) { - error = CKR_ARGUMENTS_BAD; - goto done; + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; } - } else { - CK_ULONG maxBufLen = *outBufLen; - CK_ULONG len; - len = (isEncryptDecrypt) ? - nssCKFWCryptoOperation_GetOperationLength(fwOperation, - &inputBuffer, &error) : - nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) || + (NSSCKFWCryptoOperationType_Decrypt == type)); - if (CKR_OK != error) { - goto done; + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } } + else { + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; + + len = (isEncryptDecrypt) ? + nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error) + : + nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + + if (CKR_OK != error) { + goto done; + } - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } } - } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; - error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, - &inputBuffer, &outputBuffer); + error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, + &inputBuffer, &outputBuffer); - /* UpdateFinal isn't support, manually use Update and Final */ - if (CKR_FUNCTION_FAILED == error) { - error = isEncryptDecrypt ? - nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) : - nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + /* UpdateFinal isn't support, manually use Update and Final */ + if (CKR_FUNCTION_FAILED == error) { + error = isEncryptDecrypt ? + nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) + : + nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); - if (CKR_OK == error) { - error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + if (CKR_OK == error) { + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + } } - } - done: - if (CKR_BUFFER_TOO_SMALL == error) { - /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. - * the crypto state to be freed */ - return error; - } + if (CKR_BUFFER_TOO_SMALL == error) { + /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. + * the crypto state to be freed */ + return error; + } - /* clean up our state */ - nssCKFWCryptoOperation_Destroy(fwOperation); - nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); - return error; + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); + return error; } NSS_IMPLEMENT CK_RV -nssCKFWSession_UpdateCombo -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationType encryptType, - NSSCKFWCryptoOperationType digestType, - NSSCKFWCryptoOperationState digestState, - CK_BYTE_PTR inBuf, - CK_ULONG inBufLen, - CK_BYTE_PTR outBuf, - CK_ULONG_PTR outBufLen -) +nssCKFWSession_UpdateCombo( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen) { - NSSCKFWCryptoOperation *fwOperation; - NSSCKFWCryptoOperation *fwPeerOperation; - NSSItem inputBuffer; - NSSItem outputBuffer; - CK_ULONG maxBufLen = *outBufLen; - CK_ULONG len; - CK_RV error = CKR_OK; + NSSCKFWCryptoOperation *fwOperation; + NSSCKFWCryptoOperation *fwPeerOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } - if (!fwSession->mdSession) { - return CKR_GENERAL_ERROR; - } + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } #endif /* NSSDEBUG */ - /* make sure we have a valid operation initialized */ - fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - NSSCKFWCryptoOperationState_EncryptDecrypt); - if (!fwOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - /* make sure we have a valid operation initialized */ - fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, - digestState); - if (!fwPeerOperation) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - /* make sure it's the correct type */ - if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { - return CKR_OPERATION_NOT_INITIALIZED; - } - - inputBuffer.data = inBuf; - inputBuffer.size = inBufLen; - len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, - &inputBuffer, &error); - if (CKR_OK != error) { - return error; - } - - *outBufLen = len; - if ((CK_BYTE_PTR)NULL == outBuf) { - return CKR_OK; - } - - if (len > maxBufLen) { - return CKR_BUFFER_TOO_SMALL; - } + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - outputBuffer.data = outBuf; - outputBuffer.size = *outBufLen; + /* make sure it's the correct type */ + if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + /* make sure we have a valid operation initialized */ + fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + digestState); + if (!fwPeerOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } - error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, - &inputBuffer, &outputBuffer); - if (CKR_FUNCTION_FAILED == error) { - PRBool isEncrypt = - (PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType); + /* make sure it's the correct type */ + if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } - if (isEncrypt) { - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, - &inputBuffer); - if (CKR_OK != error) { + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error); + if (CKR_OK != error) { return error; - } } - error = nssCKFWCryptoOperation_Update(fwOperation, - &inputBuffer, &outputBuffer); - if (CKR_OK != error) { - return error; + + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; } - if (!isEncrypt) { - error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, - &outputBuffer); + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; } - } - return error; -} + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, + &inputBuffer, &outputBuffer); + if (CKR_FUNCTION_FAILED == error) { + PRBool isEncrypt = + (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType); + + if (isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &inputBuffer); + if (CKR_OK != error) { + return error; + } + } + error = nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); + if (CKR_OK != error) { + return error; + } + if (!isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &outputBuffer); + } + } + return error; +} /* * NSSCKFWSession_GetMDSession @@ -2334,18 +2287,16 @@ nssCKFWSession_UpdateCombo */ NSS_IMPLEMENT NSSCKMDSession * -NSSCKFWSession_GetMDSession -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_GetMDSession( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return (NSSCKMDSession *)NULL; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return (NSSCKMDSession *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetMDSession(fwSession); + return nssCKFWSession_GetMDSession(fwSession); } /* @@ -2354,24 +2305,22 @@ NSSCKFWSession_GetMDSession */ NSS_IMPLEMENT NSSArena * -NSSCKFWSession_GetArena -( - NSSCKFWSession *fwSession, - CK_RV *pError -) +NSSCKFWSession_GetArena( + NSSCKFWSession *fwSession, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetArena(fwSession, pError); + return nssCKFWSession_GetArena(fwSession, pError); } /* @@ -2380,22 +2329,20 @@ NSSCKFWSession_GetArena */ NSS_IMPLEMENT CK_RV -NSSCKFWSession_CallNotification -( - NSSCKFWSession *fwSession, - CK_NOTIFICATION event -) +NSSCKFWSession_CallNotification( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event) { #ifdef DEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* DEBUG */ - return nssCKFWSession_CallNotification(fwSession, event); + return nssCKFWSession_CallNotification(fwSession, event); } /* @@ -2404,18 +2351,16 @@ NSSCKFWSession_CallNotification */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWSession_IsRWSession -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_IsRWSession( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWSession_IsRWSession(fwSession); + return nssCKFWSession_IsRWSession(fwSession); } /* @@ -2424,37 +2369,33 @@ NSSCKFWSession_IsRWSession */ NSS_IMPLEMENT CK_BBOOL -NSSCKFWSession_IsSO -( - NSSCKFWSession *fwSession -) +NSSCKFWSession_IsSO( + NSSCKFWSession *fwSession) { #ifdef DEBUG - if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) { + return CK_FALSE; + } #endif /* DEBUG */ - return nssCKFWSession_IsSO(fwSession); + return nssCKFWSession_IsSO(fwSession); } NSS_IMPLEMENT NSSCKFWCryptoOperation * -NSSCKFWSession_GetCurrentCryptoOperation -( - NSSCKFWSession *fwSession, - NSSCKFWCryptoOperationState state -) +NSSCKFWSession_GetCurrentCryptoOperation( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state) { #ifdef DEBUG - CK_RV error = CKR_OK; - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return (NSSCKFWCryptoOperation *)NULL; - } - - if ( state >= NSSCKFWCryptoOperationState_Max) { - return (NSSCKFWCryptoOperation *)NULL; - } + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } #endif /* DEBUG */ - return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); } diff --git a/lib/ckfw/sessobj.c b/lib/ckfw/sessobj.c index 113b0f45d..a144de288 100644 --- a/lib/ckfw/sessobj.c +++ b/lib/ckfw/sessobj.c @@ -5,7 +5,7 @@ /* * sessobj.c * - * This file contains an NSSCKMDObject implementation for session + * This file contains an NSSCKMDObject implementation for session * objects. The framework uses this implementation to manage * session objects when a Module doesn't wish to be bothered. */ @@ -32,11 +32,11 @@ */ struct nssCKMDSessionObjectStr { - CK_ULONG n; - NSSArena *arena; - NSSItem *attributes; - CK_ATTRIBUTE_TYPE_PTR types; - nssCKFWHash *hash; + CK_ULONG n; + NSSArena *arena; + NSSItem *attributes; + CK_ATTRIBUTE_TYPE_PTR types; + nssCKFWHash *hash; }; typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject; @@ -53,31 +53,25 @@ typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject; */ static CK_RV -nss_ckmdSessionObject_add_pointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_add_pointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } static CK_RV -nss_ckmdSessionObject_remove_pointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_remove_pointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } #ifdef NSS_DEBUG static CK_RV -nss_ckmdSessionObject_verifyPointer -( - const NSSCKMDObject *mdObject -) +nss_ckmdSessionObject_verifyPointer( + const NSSCKMDObject *mdObject) { - return CKR_OK; + return CKR_OK; } #endif @@ -87,234 +81,214 @@ nss_ckmdSessionObject_verifyPointer * We must forward-declare these routines */ static void -nss_ckmdSessionObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_RV -nss_ckmdSessionObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_BBOOL -nss_ckmdSessionObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdSessionObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static CK_ULONG -nss_ckmdSessionObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); static CK_RV -nss_ckmdSessionObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -); +nss_ckmdSessionObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); static CK_ULONG -nss_ckmdSessionObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); static NSSCKFWItem -nss_ckmdSessionObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -); +nss_ckmdSessionObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); static CK_RV -nss_ckmdSessionObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -); +nss_ckmdSessionObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); static CK_ULONG -nss_ckmdSessionObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -); +nss_ckmdSessionObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); /* * nssCKMDSessionObject_Create * */ NSS_IMPLEMENT NSSCKMDObject * -nssCKMDSessionObject_Create -( - NSSCKFWToken *fwToken, - NSSArena *arena, - CK_ATTRIBUTE_PTR attributes, - CK_ULONG ulCount, - CK_RV *pError -) +nssCKMDSessionObject_Create( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError) { - NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL; - nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL; - CK_ULONG i; - nssCKFWHash *hash; - - *pError = CKR_OK; - - mdso = nss_ZNEW(arena, nssCKMDSessionObject); - if (!mdso) { - goto loser; - } - - mdso->arena = arena; - mdso->n = ulCount; - mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount); - if (!mdso->attributes) { - goto loser; - } - - mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount); - if (!mdso->types) { - goto loser; - } - for( i = 0; i < ulCount; i++ ) { - mdso->types[i] = attributes[i].type; - mdso->attributes[i].size = attributes[i].ulValueLen; - mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen); - if (!mdso->attributes[i].data) { - goto loser; + NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL; + CK_ULONG i; + nssCKFWHash *hash; + + *pError = CKR_OK; + + mdso = nss_ZNEW(arena, nssCKMDSessionObject); + if (!mdso) { + goto loser; + } + + mdso->arena = arena; + mdso->n = ulCount; + mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount); + if (!mdso->attributes) { + goto loser; + } + + mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount); + if (!mdso->types) { + goto loser; + } + for (i = 0; i < ulCount; i++) { + mdso->types[i] = attributes[i].type; + mdso->attributes[i].size = attributes[i].ulValueLen; + mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen); + if (!mdso->attributes[i].data) { + goto loser; + } + (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue, + attributes[i].ulValueLen); + } + + mdObject = nss_ZNEW(arena, NSSCKMDObject); + if (!mdObject) { + goto loser; + } + + mdObject->etc = (void *)mdso; + mdObject->Finalize = nss_ckmdSessionObject_Finalize; + mdObject->Destroy = nss_ckmdSessionObject_Destroy; + mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject; + mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount; + mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes; + mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize; + mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute; + mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute; + mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize; + + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + mdso->hash = hash; + + *pError = nssCKFWHash_Add(hash, mdObject, mdObject); + if (CKR_OK != *pError) { + goto loser; } - (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue, - attributes[i].ulValueLen); - } - - mdObject = nss_ZNEW(arena, NSSCKMDObject); - if (!mdObject) { - goto loser; - } - - mdObject->etc = (void *)mdso; - mdObject->Finalize = nss_ckmdSessionObject_Finalize; - mdObject->Destroy = nss_ckmdSessionObject_Destroy; - mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject; - mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount; - mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes; - mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize; - mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute; - mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute; - mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize; - - hash = nssCKFWToken_GetSessionObjectHash(fwToken); - if (!hash) { - *pError = CKR_GENERAL_ERROR; - goto loser; - } - - mdso->hash = hash; - - *pError = nssCKFWHash_Add(hash, mdObject, mdObject); - if( CKR_OK != *pError ) { - goto loser; - } #ifdef DEBUG - if(( *pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK ) { - goto loser; - } + if ((*pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK) { + goto loser; + } #endif /* DEBUG */ - return mdObject; + return mdObject; - loser: - if (mdso) { - if (mdso->attributes) { - for( i = 0; i < ulCount; i++ ) { - nss_ZFreeIf(mdso->attributes[i].data); - } - nss_ZFreeIf(mdso->attributes); +loser: + if (mdso) { + if (mdso->attributes) { + for (i = 0; i < ulCount; i++) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + } + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); } - nss_ZFreeIf(mdso->types); - nss_ZFreeIf(mdso); - } - nss_ZFreeIf(mdObject); - if (*pError == CKR_OK) { - *pError = CKR_HOST_MEMORY; - } - return (NSSCKMDObject *)NULL; + nss_ZFreeIf(mdObject); + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return (NSSCKMDObject *)NULL; } /* @@ -322,20 +296,18 @@ nssCKMDSessionObject_Create * */ static void -nss_ckmdSessionObject_Finalize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_Finalize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - /* This shouldn't ever be called */ - return; + /* This shouldn't ever be called */ + return; } /* @@ -344,48 +316,46 @@ nss_ckmdSessionObject_Finalize */ static CK_RV -nss_ckmdSessionObject_Destroy -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_Destroy( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - nssCKMDSessionObject *mdso; - CK_ULONG i; + nssCKMDSessionObject *mdso; + CK_ULONG i; #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return error; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - mdso = (nssCKMDSessionObject *)mdObject->etc; + mdso = (nssCKMDSessionObject *)mdObject->etc; - nssCKFWHash_Remove(mdso->hash, mdObject); + nssCKFWHash_Remove(mdso->hash, mdObject); - for( i = 0; i < mdso->n; i++ ) { - nss_ZFreeIf(mdso->attributes[i].data); - } - nss_ZFreeIf(mdso->attributes); - nss_ZFreeIf(mdso->types); - nss_ZFreeIf(mdso); - nss_ZFreeIf(mdObject); + for (i = 0; i < mdso->n; i++) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); + nss_ZFreeIf(mdObject); #ifdef DEBUG - (void)nss_ckmdSessionObject_remove_pointer(mdObject); + (void)nss_ckmdSessionObject_remove_pointer(mdObject); #endif /* DEBUG */ - return CKR_OK; + return CKR_OK; } /* @@ -394,28 +364,26 @@ nss_ckmdSessionObject_Destroy */ static CK_BBOOL -nss_ckmdSessionObject_IsTokenObject -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdSessionObject_IsTokenObject( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject) ) { - return CK_FALSE; - } + if (CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - /* - * This implementation is only ever used for session objects. - */ - return CK_FALSE; + /* + * This implementation is only ever used for session objects. + */ + return CK_FALSE; } /* @@ -423,37 +391,35 @@ nss_ckmdSessionObject_IsTokenObject * */ static CK_ULONG -nss_ckmdSessionObject_GetAttributeCount -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttributeCount( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nssCKMDSessionObject *obj; + nssCKMDSessionObject *obj; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - return obj->n; + return obj->n; } /* @@ -461,44 +427,43 @@ nss_ckmdSessionObject_GetAttributeCount * */ static CK_RV -nss_ckmdSessionObject_GetAttributeTypes -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount -) +nss_ckmdSessionObject_GetAttributeTypes( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount) { #ifdef NSSDEBUG - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #endif /* NSSDEBUG */ - nssCKMDSessionObject *obj; + nssCKMDSessionObject *obj; #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return error; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return error; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - if( ulCount < obj->n ) { - return CKR_BUFFER_TOO_SMALL; - } + if (ulCount < obj->n) { + return CKR_BUFFER_TOO_SMALL; + } - (void)nsslibc_memcpy(typeArray, obj->types, - sizeof(CK_ATTRIBUTE_TYPE) * obj->n); + (void)nsslibc_memcpy(typeArray, obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * + obj->n); - return CKR_OK; + return CKR_OK; } /* @@ -506,46 +471,44 @@ nss_ckmdSessionObject_GetAttributeTypes * */ static CK_ULONG -nss_ckmdSessionObject_GetAttributeSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttributeSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - nssCKMDSessionObject *obj; - CK_ULONG i; + nssCKMDSessionObject *obj; + CK_ULONG i; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - return (CK_ULONG)(obj->attributes[i].size); + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + return (CK_ULONG)(obj->attributes[i].size); + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return 0; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; } /* @@ -553,50 +516,48 @@ nss_ckmdSessionObject_GetAttributeSize * */ static NSSCKFWItem -nss_ckmdSessionObject_GetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError -) +nss_ckmdSessionObject_GetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError) { - NSSCKFWItem item; - nssCKMDSessionObject *obj; - CK_ULONG i; + NSSCKFWItem item; + nssCKMDSessionObject *obj; + CK_ULONG i; - item.needsFreeing = PR_FALSE; - item.item = NULL; + item.needsFreeing = PR_FALSE; + item.item = NULL; #ifdef NSSDEBUG - if (!pError) { - return item; - } + if (!pError) { + return item; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return item; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return item; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - item.item = &obj->attributes[i]; - return item; + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + item.item = &obj->attributes[i]; + return item; + } } - } - *pError = CKR_ATTRIBUTE_TYPE_INVALID; - return item; + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return item; } /* @@ -612,79 +573,77 @@ nss_ckmdSessionObject_GetAttribute * more easily. Do this later. */ static CK_RV -nss_ckmdSessionObject_SetAttribute -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value -) +nss_ckmdSessionObject_SetAttribute( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value) { - nssCKMDSessionObject *obj; - CK_ULONG i; - NSSItem n; - NSSItem *ra; - CK_ATTRIBUTE_TYPE_PTR rt; + nssCKMDSessionObject *obj; + CK_ULONG i; + NSSItem n; + NSSItem *ra; + CK_ATTRIBUTE_TYPE_PTR rt; #ifdef NSSDEBUG - CK_RV error; + CK_RV error; #endif /* NSSDEBUG */ #ifdef NSSDEBUG - error = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != error ) { - return 0; - } + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != error) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - n.size = value->size; - n.data = nss_ZAlloc(obj->arena, n.size); - if (!n.data) { - return CKR_HOST_MEMORY; - } - (void)nsslibc_memcpy(n.data, value->data, n.size); + n.size = value->size; + n.data = nss_ZAlloc(obj->arena, n.size); + if (!n.data) { + return CKR_HOST_MEMORY; + } + (void)nsslibc_memcpy(n.data, value->data, n.size); + + for (i = 0; i < obj->n; i++) { + if (attribute == obj->types[i]) { + nss_ZFreeIf(obj->attributes[i].data); + obj->attributes[i] = n; + return CKR_OK; + } + } + + /* + * It's new. + */ + + ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1)); + if (!ra) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; + } + obj->attributes = ra; - for( i = 0; i < obj->n; i++ ) { - if( attribute == obj->types[i] ) { - nss_ZFreeIf(obj->attributes[i].data); - obj->attributes[i] = n; - return CKR_OK; + rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1)); + if (!rt) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; } - } - - /* - * It's new. - */ - - ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1)); - if (!ra) { - nss_ZFreeIf(n.data); - return CKR_HOST_MEMORY; - } - obj->attributes = ra; - - rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, - sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1)); - if (!rt) { - nss_ZFreeIf(n.data); - return CKR_HOST_MEMORY; - } - - obj->types = rt; - obj->attributes[obj->n] = n; - obj->types[obj->n] = attribute; - obj->n++; - - return CKR_OK; + + obj->types = rt; + obj->attributes[obj->n] = n; + obj->types[obj->n] = attribute; + obj->n++; + + return CKR_OK; } /* @@ -692,47 +651,45 @@ nss_ckmdSessionObject_SetAttribute * */ static CK_ULONG -nss_ckmdSessionObject_GetObjectSize -( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError -) +nss_ckmdSessionObject_GetObjectSize( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError) { - nssCKMDSessionObject *obj; - CK_ULONG i; - CK_ULONG rv = (CK_ULONG)0; + nssCKMDSessionObject *obj; + CK_ULONG i; + CK_ULONG rv = (CK_ULONG)0; #ifdef NSSDEBUG - if (!pError) { - return 0; - } + if (!pError) { + return 0; + } - *pError = nss_ckmdSessionObject_verifyPointer(mdObject); - if( CKR_OK != *pError ) { - return 0; - } + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if (CKR_OK != *pError) { + return 0; + } - /* We could even check all the other arguments, for sanity. */ +/* We could even check all the other arguments, for sanity. */ #endif /* NSSDEBUG */ - obj = (nssCKMDSessionObject *)mdObject->etc; + obj = (nssCKMDSessionObject *)mdObject->etc; - for( i = 0; i < obj->n; i++ ) { - rv += obj->attributes[i].size; - } + for (i = 0; i < obj->n; i++) { + rv += obj->attributes[i].size; + } - rv += sizeof(NSSItem) * obj->n; - rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n; - rv += sizeof(nssCKMDSessionObject); + rv += sizeof(NSSItem) * obj->n; + rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n; + rv += sizeof(nssCKMDSessionObject); - return rv; + return rv; } /* @@ -747,18 +704,17 @@ nss_ckmdSessionObject_GetObjectSize */ struct nodeStr { - struct nodeStr *next; - NSSCKMDObject *mdObject; + struct nodeStr *next; + NSSCKMDObject *mdObject; }; struct nssCKMDFindSessionObjectsStr { - NSSArena *arena; - CK_RV error; - CK_ATTRIBUTE_PTR pTemplate; - CK_ULONG ulCount; - struct nodeStr *list; - nssCKFWHash *hash; - + NSSArena *arena; + CK_RV error; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulCount; + struct nodeStr *list; + nssCKFWHash *hash; }; typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects; @@ -775,31 +731,25 @@ typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects; */ static CK_RV -nss_ckmdFindSessionObjects_add_pointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_add_pointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } static CK_RV -nss_ckmdFindSessionObjects_remove_pointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_remove_pointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } #ifdef NSS_DEBUG static CK_RV -nss_ckmdFindSessionObjects_verifyPointer -( - const NSSCKMDFindObjects *mdFindObjects -) +nss_ckmdFindSessionObjects_verifyPointer( + const NSSCKMDFindObjects *mdFindObjects) { - return CKR_OK; + return CKR_OK; } #endif @@ -809,104 +759,98 @@ nss_ckmdFindSessionObjects_verifyPointer * We must forward-declare these routines. */ static void -nss_ckmdFindSessionObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -); +nss_ckmdFindSessionObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); static NSSCKMDObject * -nss_ckmdFindSessionObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -); +nss_ckmdFindSessionObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); static CK_BBOOL -items_match -( - NSSItem *a, - CK_VOID_PTR pValue, - CK_ULONG ulValueLen -) +items_match( + NSSItem *a, + CK_VOID_PTR pValue, + CK_ULONG ulValueLen) { - if( a->size != ulValueLen ) { - return CK_FALSE; - } + if (a->size != ulValueLen) { + return CK_FALSE; + } - if( PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL) ) { - return CK_TRUE; - } else { - return CK_FALSE; - } + if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) { + return CK_TRUE; + } + else { + return CK_FALSE; + } } /* * Our hashtable iterator */ static void -findfcn -( - const void *key, - void *value, - void *closure -) +findfcn( + const void *key, + void *value, + void *closure) { - NSSCKMDObject *mdObject = (NSSCKMDObject *)value; - nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc; - nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure; - CK_ULONG i, j; - struct nodeStr *node; - - if( CKR_OK != mdfso->error ) { - return; - } + NSSCKMDObject *mdObject = (NSSCKMDObject *)value; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc; + nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure; + CK_ULONG i, j; + struct nodeStr *node; + + if (CKR_OK != mdfso->error) { + return; + } - for( i = 0; i < mdfso->ulCount; i++ ) { - CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i]; + for (i = 0; i < mdfso->ulCount; i++) { + CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i]; + + for (j = 0; j < mdso->n; j++) { + if (mdso->types[j] == p->type) { + if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) { + return; + } + else { + break; + } + } + } - for( j = 0; j < mdso->n; j++ ) { - if( mdso->types[j] == p->type ) { - if( !items_match(&mdso->attributes[j], p->pValue, p->ulValueLen) ) { - return; - } else { - break; + if (j == mdso->n) { + /* Attribute not found */ + return; } - } } - if( j == mdso->n ) { - /* Attribute not found */ - return; + /* Matches */ + node = nss_ZNEW(mdfso->arena, struct nodeStr); + if ((struct nodeStr *)NULL == node) { + mdfso->error = CKR_HOST_MEMORY; + return; } - } - - /* Matches */ - node = nss_ZNEW(mdfso->arena, struct nodeStr); - if( (struct nodeStr *)NULL == node ) { - mdfso->error = CKR_HOST_MEMORY; - return; - } - node->mdObject = mdObject; - node->next = mdfso->list; - mdfso->list = node; + node->mdObject = mdObject; + node->next = mdfso->list; + mdfso->list = node; - return; + return; } /* @@ -914,162 +858,157 @@ findfcn * */ NSS_IMPLEMENT NSSCKMDFindObjects * -nssCKMDFindSessionObjects_Create -( - NSSCKFWToken *fwToken, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_RV *pError -) +nssCKMDFindSessionObjects_Create( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError) { - NSSArena *arena; - nssCKMDFindSessionObjects *mdfso; - nssCKFWHash *hash; - NSSCKMDFindObjects *rv; + NSSArena *arena; + nssCKMDFindSessionObjects *mdfso; + nssCKFWHash *hash; + NSSCKMDFindObjects *rv; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKMDFindObjects *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKMDFindObjects *)NULL; - } - - if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKMDFindObjects *)NULL; - } + if (!pError) { + return (NSSCKMDFindObjects *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKMDFindObjects *)NULL; + } + + if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKMDFindObjects *)NULL; + } #endif /* NSSDEBUG */ - *pError = CKR_OK; + *pError = CKR_OK; - hash = nssCKFWToken_GetSessionObjectHash(fwToken); - if (!hash) { - *pError= CKR_GENERAL_ERROR; - return (NSSCKMDFindObjects *)NULL; - } + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKMDFindObjects *)NULL; + } - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - return (NSSCKMDFindObjects *)NULL; - } + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } - mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects); - if (!mdfso) { - goto loser; - } + mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects); + if (!mdfso) { + goto loser; + } - rv = nss_ZNEW(arena, NSSCKMDFindObjects); - if(rv == NULL) { - goto loser; - } + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if (rv == NULL) { + goto loser; + } - mdfso->error = CKR_OK; - mdfso->pTemplate = pTemplate; - mdfso->ulCount = ulCount; - mdfso->hash = hash; + mdfso->error = CKR_OK; + mdfso->pTemplate = pTemplate; + mdfso->ulCount = ulCount; + mdfso->hash = hash; - nssCKFWHash_Iterate(hash, findfcn, mdfso); + nssCKFWHash_Iterate(hash, findfcn, mdfso); - if( CKR_OK != mdfso->error ) { - goto loser; - } + if (CKR_OK != mdfso->error) { + goto loser; + } - rv->etc = (void *)mdfso; - rv->Final = nss_ckmdFindSessionObjects_Final; - rv->Next = nss_ckmdFindSessionObjects_Next; + rv->etc = (void *)mdfso; + rv->Final = nss_ckmdFindSessionObjects_Final; + rv->Next = nss_ckmdFindSessionObjects_Next; #ifdef DEBUG - if( (*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK ) { - goto loser; - } -#endif /* DEBUG */ - mdfso->arena = arena; + if ((*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK) { + goto loser; + } +#endif /* DEBUG */ + mdfso->arena = arena; - return rv; + return rv; loser: - if (arena) { - NSSArena_Destroy(arena); - } - if (*pError == CKR_OK) { - *pError = CKR_HOST_MEMORY; - } - return NULL; + if (arena) { + NSSArena_Destroy(arena); + } + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return NULL; } static void -nss_ckmdFindSessionObjects_Final -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance -) +nss_ckmdFindSessionObjects_Final( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance) { - nssCKMDFindSessionObjects *mdfso; + nssCKMDFindSessionObjects *mdfso; #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { - return; - } + if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) { + return; + } #endif /* NSSDEBUG */ - mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; - if (mdfso->arena) NSSArena_Destroy(mdfso->arena); + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + if (mdfso->arena) + NSSArena_Destroy(mdfso->arena); #ifdef DEBUG - (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects); + (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects); #endif /* DEBUG */ - return; + return; } static NSSCKMDObject * -nss_ckmdFindSessionObjects_Next -( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError -) +nss_ckmdFindSessionObjects_Next( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError) { - nssCKMDFindSessionObjects *mdfso; - NSSCKMDObject *rv = (NSSCKMDObject *)NULL; + nssCKMDFindSessionObjects *mdfso; + NSSCKMDObject *rv = (NSSCKMDObject *)NULL; #ifdef NSSDEBUG - if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { - return (NSSCKMDObject *)NULL; - } + if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) { + return (NSSCKMDObject *)NULL; + } #endif /* NSSDEBUG */ - mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; - while (!rv) { - if( (struct nodeStr *)NULL == mdfso->list ) { - *pError = CKR_OK; - return (NSSCKMDObject *)NULL; - } + while (!rv) { + if ((struct nodeStr *)NULL == mdfso->list) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } - if( nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject) ) { - rv = mdfso->list->mdObject; - } + if (nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject)) { + rv = mdfso->list->mdObject; + } - mdfso->list = mdfso->list->next; - } + mdfso->list = mdfso->list->next; + } - return rv; + return rv; } diff --git a/lib/ckfw/slot.c b/lib/ckfw/slot.c index 658aedb65..fa3ffbced 100644 --- a/lib/ckfw/slot.c +++ b/lib/ckfw/slot.c @@ -46,35 +46,35 @@ */ struct NSSCKFWSlotStr { - NSSCKFWMutex *mutex; - NSSCKMDSlot *mdSlot; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - CK_SLOT_ID slotID; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The fwToken points to the token currently in the slot, and - * it is in a consistant state. - * - * Note that the calls accessing the cached descriptions will - * call the NSSCKMDSlot methods with the mutex locked. Those - * methods may then call the public NSSCKFWSlot routines. Those - * public routines only access the constant data above, so there's - * no problem. But be careful if you add to this object; mutexes - * are in general not reentrant, so don't create deadlock situations. - */ - - NSSUTF8 *slotDescription; - NSSUTF8 *manufacturerID; - CK_VERSION hardwareVersion; - CK_VERSION firmwareVersion; - NSSCKFWToken *fwToken; + NSSCKFWMutex *mutex; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_SLOT_ID slotID; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The fwToken points to the token currently in the slot, and + * it is in a consistant state. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDSlot methods with the mutex locked. Those + * methods may then call the public NSSCKFWSlot routines. Those + * public routines only access the constant data above, so there's + * no problem. But be careful if you add to this object; mutexes + * are in general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *slotDescription; + NSSUTF8 *manufacturerID; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + NSSCKFWToken *fwToken; }; #ifdef DEBUG @@ -90,30 +90,24 @@ struct NSSCKFWSlotStr { */ static CK_RV -slot_add_pointer -( - const NSSCKFWSlot *fwSlot -) +slot_add_pointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } static CK_RV -slot_remove_pointer -( - const NSSCKFWSlot *fwSlot -) +slot_remove_pointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWSlot_verifyPointer -( - const NSSCKFWSlot *fwSlot -) +nssCKFWSlot_verifyPointer( + const NSSCKFWSlot *fwSlot) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -123,86 +117,84 @@ nssCKFWSlot_verifyPointer * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWSlot_Create -( - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *mdSlot, - CK_SLOT_ID slotID, - CK_RV *pError -) +nssCKFWSlot_Create( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError) { - NSSCKFWSlot *fwSlot; - NSSCKMDInstance *mdInstance; - NSSArena *arena; + NSSCKFWSlot *fwSlot; + NSSCKMDInstance *mdInstance; + NSSArena *arena; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSlot *)NULL; - } - - *pError = nssCKFWInstance_verifyPointer(fwInstance); - if( CKR_OK != *pError ) { - return (NSSCKFWSlot *)NULL; - } -#endif /* NSSDEBUG */ + if (!pError) { + return (NSSCKFWSlot *)NULL; + } - mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); - if (!mdInstance) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWSlot *)NULL; - } + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if (CKR_OK != *pError) { + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ - arena = nssCKFWInstance_GetArena(fwInstance, pError); - if (!arena) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + if (!mdInstance) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; } - } - fwSlot = nss_ZNEW(arena, NSSCKFWSlot); - if (!fwSlot) { - *pError = CKR_HOST_MEMORY; - return (NSSCKFWSlot *)NULL; - } + arena = nssCKFWInstance_GetArena(fwInstance, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + } - fwSlot->mdSlot = mdSlot; - fwSlot->fwInstance = fwInstance; - fwSlot->mdInstance = mdInstance; - fwSlot->slotID = slotID; + fwSlot = nss_ZNEW(arena, NSSCKFWSlot); + if (!fwSlot) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSlot *)NULL; + } - fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); - if (!fwSlot->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwSlot->mdSlot = mdSlot; + fwSlot->fwInstance = fwInstance; + fwSlot->mdInstance = mdInstance; + fwSlot->slotID = slotID; + + fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwSlot->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; } - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; - } - if (mdSlot->Initialize) { - *pError = CKR_OK; - *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance); - if( CKR_OK != *pError ) { - (void)nssCKFWMutex_Destroy(fwSlot->mutex); - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; + if (mdSlot->Initialize) { + *pError = CKR_OK; + *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance); + if (CKR_OK != *pError) { + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; + } } - } #ifdef DEBUG - *pError = slot_add_pointer(fwSlot); - if( CKR_OK != *pError ) { - if (mdSlot->Destroy) { - mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance); + *pError = slot_add_pointer(fwSlot); + if (CKR_OK != *pError) { + if (mdSlot->Destroy) { + mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance); + } + + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; } - - (void)nssCKFWMutex_Destroy(fwSlot->mutex); - (void)nss_ZFreeIf(fwSlot); - return (NSSCKFWSlot *)NULL; - } #endif /* DEBUG */ - return fwSlot; + return fwSlot; } /* @@ -210,35 +202,33 @@ nssCKFWSlot_Create * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_Destroy -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_Destroy( + NSSCKFWSlot *fwSlot) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - if (fwSlot->fwToken) { - nssCKFWToken_Destroy(fwSlot->fwToken); - } + if (fwSlot->fwToken) { + nssCKFWToken_Destroy(fwSlot->fwToken); + } - (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nssCKFWMutex_Destroy(fwSlot->mutex); - if (fwSlot->mdSlot->Destroy) { - fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); - } + if (fwSlot->mdSlot->Destroy) { + fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); + } #ifdef DEBUG - error = slot_remove_pointer(fwSlot); + error = slot_remove_pointer(fwSlot); #endif /* DEBUG */ - (void)nss_ZFreeIf(fwSlot); - return error; + (void)nss_ZFreeIf(fwSlot); + return error; } /* @@ -246,18 +236,16 @@ nssCKFWSlot_Destroy * */ NSS_IMPLEMENT NSSCKMDSlot * -nssCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->mdSlot; + return fwSlot->mdSlot; } /* @@ -266,18 +254,16 @@ nssCKFWSlot_GetMDSlot */ NSS_IMPLEMENT NSSCKFWInstance * -nssCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKFWInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKFWInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->fwInstance; + return fwSlot->fwInstance; } /* @@ -286,18 +272,16 @@ nssCKFWSlot_GetFWInstance */ NSS_IMPLEMENT NSSCKMDInstance * -nssCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDInstance *)NULL; + } #endif /* NSSDEBUG */ - return fwSlot->mdInstance; + return fwSlot->mdInstance; } /* @@ -305,18 +289,16 @@ nssCKFWSlot_GetMDInstance * */ NSS_IMPLEMENT CK_SLOT_ID -nssCKFWSlot_GetSlotID -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetSlotID( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (CK_SLOT_ID)0; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (CK_SLOT_ID)0; + } #endif /* NSSDEBUG */ - return fwSlot->slotID; + return fwSlot->slotID; } /* @@ -324,49 +306,48 @@ nssCKFWSlot_GetSlotID * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_GetSlotDescription -( - NSSCKFWSlot *fwSlot, - CK_CHAR slotDescription[64] -) +nssCKFWSlot_GetSlotDescription( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == slotDescription ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == slotDescription) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != error ) { - return error; - } - - if (!fwSlot->slotDescription) { - if (fwSlot->mdSlot->GetSlotDescription) { - fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, - fwSlot->fwInstance, &error); - if ((!fwSlot->slotDescription) && (CKR_OK != error)) { - goto done; - } - } else { - fwSlot->slotDescription = (NSSUTF8 *) ""; + error = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != error) { + return error; + } + + if (!fwSlot->slotDescription) { + if (fwSlot->mdSlot->GetSlotDescription) { + fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->slotDescription) && (CKR_OK != error)) { + goto done; + } + } + else { + fwSlot->slotDescription = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; } /* @@ -374,49 +355,48 @@ nssCKFWSlot_GetSlotDescription * */ NSS_IMPLEMENT CK_RV -nssCKFWSlot_GetManufacturerID -( - NSSCKFWSlot *fwSlot, - CK_CHAR manufacturerID[32] -) +nssCKFWSlot_GetManufacturerID( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != error ) { - return error; - } - - if (!fwSlot->manufacturerID) { - if (fwSlot->mdSlot->GetManufacturerID) { - fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, - fwSlot->fwInstance, &error); - if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwSlot->manufacturerID = (NSSUTF8 *) ""; + error = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != error) { + return error; + } + + if (!fwSlot->manufacturerID) { + if (fwSlot->mdSlot->GetManufacturerID) { + fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } + else { + fwSlot->manufacturerID = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; } /* @@ -424,23 +404,21 @@ nssCKFWSlot_GetManufacturerID * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetTokenPresent -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetTokenPresent( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetTokenPresent) { - return CK_TRUE; - } + if (!fwSlot->mdSlot->GetTokenPresent) { + return CK_TRUE; + } - return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -448,23 +426,21 @@ nssCKFWSlot_GetTokenPresent * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetRemovableDevice -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetRemovableDevice( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetRemovableDevice) { - return CK_FALSE; - } + if (!fwSlot->mdSlot->GetRemovableDevice) { + return CK_FALSE; + } - return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -472,23 +448,21 @@ nssCKFWSlot_GetRemovableDevice * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWSlot_GetHardwareSlot -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetHardwareSlot( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwSlot->mdSlot->GetHardwareSlot) { - return CK_FALSE; - } + if (!fwSlot->mdSlot->GetHardwareSlot) { + return CK_FALSE; + } - return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance); + return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); } /* @@ -496,43 +470,42 @@ nssCKFWSlot_GetHardwareSlot * */ NSS_IMPLEMENT CK_VERSION -nssCKFWSlot_GetHardwareVersion -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetHardwareVersion( + NSSCKFWSlot *fwSlot) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwSlot->hardwareVersion.major) || + (0 != fwSlot->hardwareVersion.minor)) { + rv = fwSlot->hardwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetHardwareVersion) { + fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } + else { + fwSlot->hardwareVersion.major = 0; + fwSlot->hardwareVersion.minor = 1; + } - if( (0 != fwSlot->hardwareVersion.major) || - (0 != fwSlot->hardwareVersion.minor) ) { rv = fwSlot->hardwareVersion; - goto done; - } - - if (fwSlot->mdSlot->GetHardwareVersion) { - fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } else { - fwSlot->hardwareVersion.major = 0; - fwSlot->hardwareVersion.minor = 1; - } - - rv = fwSlot->hardwareVersion; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; } /* @@ -540,100 +513,98 @@ nssCKFWSlot_GetHardwareVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWSlot_GetFirmwareVersion -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_GetFirmwareVersion( + NSSCKFWSlot *fwSlot) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwSlot->firmwareVersion.major) || + (0 != fwSlot->firmwareVersion.minor)) { + rv = fwSlot->firmwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetFirmwareVersion) { + fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } + else { + fwSlot->firmwareVersion.major = 0; + fwSlot->firmwareVersion.minor = 1; + } - if( (0 != fwSlot->firmwareVersion.major) || - (0 != fwSlot->firmwareVersion.minor) ) { rv = fwSlot->firmwareVersion; - goto done; - } - - if (fwSlot->mdSlot->GetFirmwareVersion) { - fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( - fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } else { - fwSlot->firmwareVersion.major = 0; - fwSlot->firmwareVersion.minor = 1; - } - - rv = fwSlot->firmwareVersion; - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return rv; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; } /* * nssCKFWSlot_GetToken - * + * */ NSS_IMPLEMENT NSSCKFWToken * -nssCKFWSlot_GetToken -( - NSSCKFWSlot *fwSlot, - CK_RV *pError -) +nssCKFWSlot_GetToken( + NSSCKFWSlot *fwSlot, + CK_RV *pError) { - NSSCKMDToken *mdToken; - NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWToken *)NULL; - } - - *pError = nssCKFWSlot_verifyPointer(fwSlot); - if( CKR_OK != *pError ) { - return (NSSCKFWToken *)NULL; - } -#endif /* NSSDEBUG */ - - *pError = nssCKFWMutex_Lock(fwSlot->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWToken *)NULL; - } + if (!pError) { + return (NSSCKFWToken *)NULL; + } - if (!fwSlot->fwToken) { - if (!fwSlot->mdSlot->GetToken) { - *pError = CKR_GENERAL_ERROR; - fwToken = (NSSCKFWToken *)NULL; - goto done; + *pError = nssCKFWSlot_verifyPointer(fwSlot); + if (CKR_OK != *pError) { + return (NSSCKFWToken *)NULL; } +#endif /* NSSDEBUG */ - mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot, - fwSlot->mdInstance, fwSlot->fwInstance, pError); - if (!mdToken) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - return (NSSCKFWToken *)NULL; + *pError = nssCKFWMutex_Lock(fwSlot->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWToken *)NULL; } - fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); - fwSlot->fwToken = fwToken; - } else { - fwToken = fwSlot->fwToken; - } + if (!fwSlot->fwToken) { + if (!fwSlot->mdSlot->GetToken) { + *pError = CKR_GENERAL_ERROR; + fwToken = (NSSCKFWToken *)NULL; + goto done; + } + + mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance, pError); + if (!mdToken) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWToken *)NULL; + } + + fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); + fwSlot->fwToken = fwToken; + } + else { + fwToken = fwSlot->fwToken; + } - done: - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return fwToken; +done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return fwToken; } /* @@ -641,25 +612,23 @@ nssCKFWSlot_GetToken * */ NSS_IMPLEMENT void -nssCKFWSlot_ClearToken -( - NSSCKFWSlot *fwSlot -) +nssCKFWSlot_ClearToken( + NSSCKFWSlot *fwSlot) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { - /* Now what? */ - return; - } + if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) { + /* Now what? */ + return; + } - fwSlot->fwToken = (NSSCKFWToken *)NULL; - (void)nssCKFWMutex_Unlock(fwSlot->mutex); - return; + fwSlot->fwToken = (NSSCKFWToken *)NULL; + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return; } /* @@ -668,18 +637,16 @@ nssCKFWSlot_ClearToken */ NSS_IMPLEMENT NSSCKMDSlot * -NSSCKFWSlot_GetMDSlot -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetMDSlot( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetMDSlot(fwSlot); + return nssCKFWSlot_GetMDSlot(fwSlot); } /* @@ -688,18 +655,16 @@ NSSCKFWSlot_GetMDSlot */ NSS_IMPLEMENT NSSCKFWInstance * -NSSCKFWSlot_GetFWInstance -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetFWInstance( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKFWInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKFWInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetFWInstance(fwSlot); + return nssCKFWSlot_GetFWInstance(fwSlot); } /* @@ -708,16 +673,14 @@ NSSCKFWSlot_GetFWInstance */ NSS_IMPLEMENT NSSCKMDInstance * -NSSCKFWSlot_GetMDInstance -( - NSSCKFWSlot *fwSlot -) +NSSCKFWSlot_GetMDInstance( + NSSCKFWSlot *fwSlot) { #ifdef DEBUG - if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { - return (NSSCKMDInstance *)NULL; - } + if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) { + return (NSSCKMDInstance *)NULL; + } #endif /* DEBUG */ - return nssCKFWSlot_GetMDInstance(fwSlot); + return nssCKFWSlot_GetMDInstance(fwSlot); } diff --git a/lib/ckfw/token.c b/lib/ckfw/token.c index 4a9757643..d8d37fc8d 100644 --- a/lib/ckfw/token.c +++ b/lib/ckfw/token.c @@ -75,49 +75,49 @@ */ struct NSSCKFWTokenStr { - NSSCKFWMutex *mutex; - NSSArena *arena; - NSSCKMDToken *mdToken; - NSSCKFWSlot *fwSlot; - NSSCKMDSlot *mdSlot; - NSSCKFWInstance *fwInstance; - NSSCKMDInstance *mdInstance; - - /* - * Everything above is set at creation time, and then not modified. - * The invariants the mutex protects are: - * - * 1) Each of the cached descriptions (versions, etc.) are in an - * internally consistant state. - * - * 2) The session counts and hashes are consistant. - * - * 3) The object hashes are consistant. - * - * Note that the calls accessing the cached descriptions will call - * the NSSCKMDToken methods with the mutex locked. Those methods - * may then call the public NSSCKFWToken routines. Those public - * routines only access the constant data above and the atomic - * CK_STATE session state variable below, so there's no problem. - * But be careful if you add to this object; mutexes are in - * general not reentrant, so don't create deadlock situations. - */ - - NSSUTF8 *label; - NSSUTF8 *manufacturerID; - NSSUTF8 *model; - NSSUTF8 *serialNumber; - CK_VERSION hardwareVersion; - CK_VERSION firmwareVersion; - - CK_ULONG sessionCount; - CK_ULONG rwSessionCount; - nssCKFWHash *sessions; - nssCKFWHash *sessionObjectHash; - nssCKFWHash *mdObjectHash; - nssCKFWHash *mdMechanismHash; - - CK_STATE state; + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDToken *mdToken; + NSSCKFWSlot *fwSlot; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session counts and hashes are consistant. + * + * 3) The object hashes are consistant. + * + * Note that the calls accessing the cached descriptions will call + * the NSSCKMDToken methods with the mutex locked. Those methods + * may then call the public NSSCKFWToken routines. Those public + * routines only access the constant data above and the atomic + * CK_STATE session state variable below, so there's no problem. + * But be careful if you add to this object; mutexes are in + * general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *label; + NSSUTF8 *manufacturerID; + NSSUTF8 *model; + NSSUTF8 *serialNumber; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + + CK_ULONG sessionCount; + CK_ULONG rwSessionCount; + nssCKFWHash *sessions; + nssCKFWHash *sessionObjectHash; + nssCKFWHash *mdObjectHash; + nssCKFWHash *mdMechanismHash; + + CK_STATE state; }; #ifdef DEBUG @@ -133,30 +133,24 @@ struct NSSCKFWTokenStr { */ static CK_RV -token_add_pointer -( - const NSSCKFWToken *fwToken -) +token_add_pointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } static CK_RV -token_remove_pointer -( - const NSSCKFWToken *fwToken -) +token_remove_pointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } NSS_IMPLEMENT CK_RV -nssCKFWToken_verifyPointer -( - const NSSCKFWToken *fwToken -) +nssCKFWToken_verifyPointer( + const NSSCKFWToken *fwToken) { - return CKR_OK; + return CKR_OK; } #endif /* DEBUG */ @@ -166,154 +160,148 @@ nssCKFWToken_verifyPointer * */ NSS_IMPLEMENT NSSCKFWToken * -nssCKFWToken_Create -( - NSSCKFWSlot *fwSlot, - NSSCKMDToken *mdToken, - CK_RV *pError -) +nssCKFWToken_Create( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError) { - NSSArena *arena = (NSSArena *)NULL; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - CK_BBOOL called_setup = CK_FALSE; - - /* - * We have already verified the arguments in nssCKFWSlot_GetToken. - */ - - arena = NSSArena_Create(); - if (!arena) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwToken = nss_ZNEW(arena, NSSCKFWToken); - if (!fwToken) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - - fwToken->arena = arena; - fwToken->mdToken = mdToken; - fwToken->fwSlot = fwSlot; - fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); - fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - fwToken->sessionCount = 0; - fwToken->rwSessionCount = 0; - - fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError); - if (!fwToken->mutex) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError); - if (!fwToken->sessions) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; - } - - if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( - fwToken->fwInstance) ) { - fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->sessionObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto loser; + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_BBOOL called_setup = CK_FALSE; + + /* + * We have already verified the arguments in nssCKFWSlot_GetToken. + */ + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + goto loser; } - } - fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->mdObjectHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwToken = nss_ZNEW(arena, NSSCKFWToken); + if (!fwToken) { + *pError = CKR_HOST_MEMORY; + goto loser; } - goto loser; - } - fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance, - arena, pError); - if (!fwToken->mdMechanismHash) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + fwToken->arena = arena; + fwToken->mdToken = mdToken; + fwToken->fwSlot = fwSlot; + fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; + + fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError); + if (!fwToken->mutex) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; } - goto loser; - } - /* More here */ + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError); + if (!fwToken->sessions) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } - if (mdToken->Setup) { - *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - if( CKR_OK != *pError ) { - goto loser; + if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwToken->fwInstance)) { + fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->sessionObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } } - } - called_setup = CK_TRUE; + fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdObjectHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdMechanismHash) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + /* More here */ + + if (mdToken->Setup) { + *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + if (CKR_OK != *pError) { + goto loser; + } + } + + called_setup = CK_TRUE; #ifdef DEBUG - *pError = token_add_pointer(fwToken); - if( CKR_OK != *pError ) { - goto loser; - } + *pError = token_add_pointer(fwToken); + if (CKR_OK != *pError) { + goto loser; + } #endif /* DEBUG */ - *pError = CKR_OK; - return fwToken; + *pError = CKR_OK; + return fwToken; - loser: +loser: - if( CK_TRUE == called_setup ) { - if (mdToken->Invalidate) { - mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + if (CK_TRUE == called_setup) { + if (mdToken->Invalidate) { + mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } } - } - if (arena) { - (void)NSSArena_Destroy(arena); - } + if (arena) { + (void)NSSArena_Destroy(arena); + } - return (NSSCKFWToken *)NULL; + return (NSSCKFWToken *)NULL; } static void -nss_ckfwtoken_session_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfwtoken_session_iterator( + const void *key, + void *value, + void *closure) { - /* - * Remember that the fwToken->mutex is locked - */ - NSSCKFWSession *fwSession = (NSSCKFWSession *)value; - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - return; + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWSession *fwSession = (NSSCKFWSession *)value; + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + return; } static void -nss_ckfwtoken_object_iterator -( - const void *key, - void *value, - void *closure -) +nss_ckfwtoken_object_iterator( + const void *key, + void *value, + void *closure) { - /* - * Remember that the fwToken->mutex is locked - */ - NSSCKFWObject *fwObject = (NSSCKFWObject *)value; - (void)nssCKFWObject_Finalize(fwObject, CK_FALSE); - return; + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + (void)nssCKFWObject_Finalize(fwObject, CK_FALSE); + return; } /* @@ -321,56 +309,54 @@ nss_ckfwtoken_object_iterator * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_Destroy -( - NSSCKFWToken *fwToken -) +nssCKFWToken_Destroy( + NSSCKFWToken *fwToken) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - (void)nssCKFWMutex_Destroy(fwToken->mutex); - - if (fwToken->mdToken->Invalidate) { - fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); - } - /* we can destroy the list without locking now because no one else is - * referencing us (or _Destroy was invalidly called!) - */ - nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, - (void *)NULL); - nssCKFWHash_Destroy(fwToken->sessions); - - /* session objects go away when their sessions are removed */ - if (fwToken->sessionObjectHash) { - nssCKFWHash_Destroy(fwToken->sessionObjectHash); - } - - /* free up the token objects */ - if (fwToken->mdObjectHash) { - nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator, - (void *)NULL); - nssCKFWHash_Destroy(fwToken->mdObjectHash); - } - if (fwToken->mdMechanismHash) { - nssCKFWHash_Destroy(fwToken->mdMechanismHash); - } - - nssCKFWSlot_ClearToken(fwToken->fwSlot); - + (void)nssCKFWMutex_Destroy(fwToken->mutex); + + if (fwToken->mdToken->Invalidate) { + fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + /* we can destroy the list without locking now because no one else is + * referencing us (or _Destroy was invalidly called!) + */ + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->sessions); + + /* session objects go away when their sessions are removed */ + if (fwToken->sessionObjectHash) { + nssCKFWHash_Destroy(fwToken->sessionObjectHash); + } + + /* free up the token objects */ + if (fwToken->mdObjectHash) { + nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->mdObjectHash); + } + if (fwToken->mdMechanismHash) { + nssCKFWHash_Destroy(fwToken->mdMechanismHash); + } + + nssCKFWSlot_ClearToken(fwToken->fwSlot); + #ifdef DEBUG - error = token_remove_pointer(fwToken); + error = token_remove_pointer(fwToken); #endif /* DEBUG */ - (void)NSSArena_Destroy(fwToken->arena); - return error; + (void)NSSArena_Destroy(fwToken->arena); + return error; } /* @@ -378,18 +364,16 @@ nssCKFWToken_Destroy * */ NSS_IMPLEMENT NSSCKMDToken * -nssCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDToken( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDToken *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDToken *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdToken; + return fwToken->mdToken; } /* @@ -397,24 +381,22 @@ nssCKFWToken_GetMDToken * */ NSS_IMPLEMENT NSSArena * -nssCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -) +nssCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError) { #ifdef NSSDEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSArena *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->arena; + return fwToken->arena; } /* @@ -422,18 +404,16 @@ nssCKFWToken_GetArena * */ NSS_IMPLEMENT NSSCKFWSlot * -nssCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKFWSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->fwSlot; + return fwToken->fwSlot; } /* @@ -441,18 +421,16 @@ nssCKFWToken_GetFWSlot * */ NSS_IMPLEMENT NSSCKMDSlot * -nssCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDSlot *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdSlot; + return fwToken->mdSlot; } /* @@ -460,29 +438,27 @@ nssCKFWToken_GetMDSlot * */ NSS_IMPLEMENT CK_STATE -nssCKFWToken_GetSessionState -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionState( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKS_RO_PUBLIC_SESSION; /* whatever */ - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } #endif /* NSSDEBUG */ - /* - * BTW, do not lock the token in this method. - */ + /* + * BTW, do not lock the token in this method. + */ - /* - * Theoretically, there is no state if there aren't any - * sessions open. But then we'd need to worry about - * reporting an error, etc. What the heck-- let's just - * revert to CKR_RO_PUBLIC_SESSION as the "default." - */ + /* + * Theoretically, there is no state if there aren't any + * sessions open. But then we'd need to worry about + * reporting an error, etc. What the heck-- let's just + * revert to CKR_RO_PUBLIC_SESSION as the "default." + */ - return fwToken->state; + return fwToken->state; } /* @@ -490,56 +466,55 @@ nssCKFWToken_GetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_InitToken -( - NSSCKFWToken *fwToken, - NSSItem *pin, - NSSUTF8 *label -) +nssCKFWToken_InitToken( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label) { - CK_RV error; + CK_RV error; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return CKR_ARGUMENTS_BAD; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if( fwToken->sessionCount > 0 ) { - error = CKR_SESSION_EXISTS; - goto done; - } + if (fwToken->sessionCount > 0) { + error = CKR_SESSION_EXISTS; + goto done; + } - if (!fwToken->mdToken->InitToken) { - error = CKR_DEVICE_ERROR; - goto done; - } + if (!fwToken->mdToken->InitToken) { + error = CKR_DEVICE_ERROR; + goto done; + } - if (!pin) { - if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { - ; /* okay */ - } else { - error = CKR_PIN_INCORRECT; - goto done; + if (!pin) { + if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) { + ; /* okay */ + } + else { + error = CKR_PIN_INCORRECT; + goto done; + } } - } - if (!label) { - label = (NSSUTF8 *) ""; - } + if (!label) { + label = (NSSUTF8 *)""; + } - error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, pin, label); + error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, pin, label); - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -547,48 +522,47 @@ nssCKFWToken_InitToken * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetLabel -( - NSSCKFWToken *fwToken, - CK_CHAR label[32] -) +nssCKFWToken_GetLabel( + NSSCKFWToken *fwToken, + CK_CHAR label[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == label ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == label) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->label) { - if (fwToken->mdToken->GetLabel) { - fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->label) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->label = (NSSUTF8 *) ""; + if (!fwToken->label) { + if (fwToken->mdToken->GetLabel) { + fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->label) && (CKR_OK != error)) { + goto done; + } + } + else { + fwToken->label = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -596,48 +570,47 @@ nssCKFWToken_GetLabel * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetManufacturerID -( - NSSCKFWToken *fwToken, - CK_CHAR manufacturerID[32] -) +nssCKFWToken_GetManufacturerID( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == manufacturerID ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == manufacturerID) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->manufacturerID) { - if (fwToken->mdToken->GetManufacturerID) { - fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->manufacturerID) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->manufacturerID = (NSSUTF8 *)""; + if (!fwToken->manufacturerID) { + if (fwToken->mdToken->GetManufacturerID) { + fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } + else { + fwToken->manufacturerID = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -645,48 +618,47 @@ nssCKFWToken_GetManufacturerID * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetModel -( - NSSCKFWToken *fwToken, - CK_CHAR model[16] -) +nssCKFWToken_GetModel( + NSSCKFWToken *fwToken, + CK_CHAR model[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == model ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == model) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->model) { - if (fwToken->mdToken->GetModel) { - fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->model) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->model = (NSSUTF8 *)""; + if (!fwToken->model) { + if (fwToken->mdToken->GetModel) { + fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->model) && (CKR_OK != error)) { + goto done; + } + } + else { + fwToken->model = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -694,73 +666,69 @@ nssCKFWToken_GetModel * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetSerialNumber -( - NSSCKFWToken *fwToken, - CK_CHAR serialNumber[16] -) +nssCKFWToken_GetSerialNumber( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - if( (CK_CHAR_PTR)NULL == serialNumber ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == serialNumber) { + return CKR_ARGUMENTS_BAD; + } - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if (!fwToken->serialNumber) { - if (fwToken->mdToken->GetSerialNumber) { - fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); - if ((!fwToken->serialNumber) && (CKR_OK != error)) { - goto done; - } - } else { - fwToken->serialNumber = (NSSUTF8 *)""; + if (!fwToken->serialNumber) { + if (fwToken->mdToken->GetSerialNumber) { + fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->serialNumber) && (CKR_OK != error)) { + goto done; + } + } + else { + fwToken->serialNumber = (NSSUTF8 *)""; + } } - } - (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' '); - error = CKR_OK; + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' '); + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } - /* * nssCKFWToken_GetHasRNG * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasRNG -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasRNG( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasRNG) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasRNG) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -768,23 +736,21 @@ nssCKFWToken_GetHasRNG * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetIsWriteProtected -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetIsWriteProtected( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetIsWriteProtected) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetIsWriteProtected) { + return CK_FALSE; + } - return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -792,23 +758,21 @@ nssCKFWToken_GetIsWriteProtected * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetLoginRequired -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetLoginRequired( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetLoginRequired) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetLoginRequired) { + return CK_FALSE; + } - return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -816,23 +780,21 @@ nssCKFWToken_GetLoginRequired * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetUserPinInitialized -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetUserPinInitialized( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetUserPinInitialized) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetUserPinInitialized) { + return CK_FALSE; + } - return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -840,23 +802,21 @@ nssCKFWToken_GetUserPinInitialized * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetRestoreKeyNotNeeded -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRestoreKeyNotNeeded( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetRestoreKeyNotNeeded) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetRestoreKeyNotNeeded) { + return CK_FALSE; + } - return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -864,23 +824,21 @@ nssCKFWToken_GetRestoreKeyNotNeeded * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasClockOnToken -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasClockOnToken( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasClockOnToken) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasClockOnToken) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -888,23 +846,21 @@ nssCKFWToken_GetHasClockOnToken * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetHasProtectedAuthenticationPath -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHasProtectedAuthenticationPath( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) { + return CK_FALSE; + } - return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); } /* @@ -912,23 +868,21 @@ nssCKFWToken_GetHasProtectedAuthenticationPath * */ NSS_IMPLEMENT CK_BBOOL -nssCKFWToken_GetSupportsDualCryptoOperations -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSupportsDualCryptoOperations( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_FALSE; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_FALSE; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetSupportsDualCryptoOperations) { - return CK_FALSE; - } + if (!fwToken->mdToken->GetSupportsDualCryptoOperations) { + return CK_FALSE; + } - return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken, - fwToken, fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); } /* @@ -936,23 +890,21 @@ nssCKFWToken_GetSupportsDualCryptoOperations * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxSessionCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxSessionCount) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -960,23 +912,21 @@ nssCKFWToken_GetMaxSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxRwSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxRwSessionCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxRwSessionCount) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxRwSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -984,23 +934,21 @@ nssCKFWToken_GetMaxRwSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMaxPinLen -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMaxPinLen( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMaxPinLen) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMaxPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1008,23 +956,21 @@ nssCKFWToken_GetMaxPinLen * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMinPinLen -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMinPinLen( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMinPinLen) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetMinPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1032,23 +978,21 @@ nssCKFWToken_GetMinPinLen * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetTotalPublicMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetTotalPublicMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetTotalPublicMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetTotalPublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1056,23 +1000,21 @@ nssCKFWToken_GetTotalPublicMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetFreePublicMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFreePublicMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetFreePublicMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetFreePublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1080,23 +1022,21 @@ nssCKFWToken_GetFreePublicMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetTotalPrivateMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetTotalPrivateMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetTotalPrivateMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetTotalPrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1104,23 +1044,21 @@ nssCKFWToken_GetTotalPrivateMemory * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetFreePrivateMemory -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFreePrivateMemory( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CK_UNAVAILABLE_INFORMATION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CK_UNAVAILABLE_INFORMATION; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetFreePrivateMemory) { - return CK_UNAVAILABLE_INFORMATION; - } + if (!fwToken->mdToken->GetFreePrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } - return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1128,44 +1066,43 @@ nssCKFWToken_GetFreePrivateMemory * */ NSS_IMPLEMENT CK_VERSION -nssCKFWToken_GetHardwareVersion -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetHardwareVersion( + NSSCKFWToken *fwToken) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwToken->hardwareVersion.major) || + (0 != fwToken->hardwareVersion.minor)) { + rv = fwToken->hardwareVersion; + goto done; + } + + if (fwToken->mdToken->GetHardwareVersion) { + fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } + else { + fwToken->hardwareVersion.major = 0; + fwToken->hardwareVersion.minor = 1; + } - if( (0 != fwToken->hardwareVersion.major) || - (0 != fwToken->hardwareVersion.minor) ) { rv = fwToken->hardwareVersion; - goto done; - } - - if (fwToken->mdToken->GetHardwareVersion) { - fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( - fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } else { - fwToken->hardwareVersion.major = 0; - fwToken->hardwareVersion.minor = 1; - } - - rv = fwToken->hardwareVersion; - - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1173,44 +1110,43 @@ nssCKFWToken_GetHardwareVersion * */ NSS_IMPLEMENT CK_VERSION -nssCKFWToken_GetFirmwareVersion -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetFirmwareVersion( + NSSCKFWToken *fwToken) { - CK_VERSION rv; + CK_VERSION rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + rv.major = rv.minor = 0; + return rv; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - rv.major = rv.minor = 0; - return rv; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + rv.major = rv.minor = 0; + return rv; + } + + if ((0 != fwToken->firmwareVersion.major) || + (0 != fwToken->firmwareVersion.minor)) { + rv = fwToken->firmwareVersion; + goto done; + } + + if (fwToken->mdToken->GetFirmwareVersion) { + fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } + else { + fwToken->firmwareVersion.major = 0; + fwToken->firmwareVersion.minor = 1; + } - if( (0 != fwToken->firmwareVersion.major) || - (0 != fwToken->firmwareVersion.minor) ) { rv = fwToken->firmwareVersion; - goto done; - } - - if (fwToken->mdToken->GetFirmwareVersion) { - fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( - fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } else { - fwToken->firmwareVersion.major = 0; - fwToken->firmwareVersion.minor = 1; - } - - rv = fwToken->firmwareVersion; - - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1218,86 +1154,96 @@ nssCKFWToken_GetFirmwareVersion * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetUTCTime -( - NSSCKFWToken *fwToken, - CK_CHAR utcTime[16] -) +nssCKFWToken_GetUTCTime( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16]) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } - if( (CK_CHAR_PTR)NULL == utcTime ) { - return CKR_ARGUMENTS_BAD; - } + if ((CK_CHAR_PTR)NULL == utcTime) { + return CKR_ARGUMENTS_BAD; + } #endif /* DEBUG */ - if( CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken) ) { - /* return CKR_DEVICE_ERROR; */ - (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' '); - return CKR_OK; - } - - if (!fwToken->mdToken->GetUTCTime) { - /* It said it had one! */ - return CKR_GENERAL_ERROR; - } - - error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, utcTime); - if( CKR_OK != error ) { - return error; - } - - /* Sanity-check the data */ - { - /* Format is YYYYMMDDhhmmss00 */ - int i; - int Y, M, D, h, m, s; - static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - - for( i = 0; i < 16; i++ ) { - if( (utcTime[i] < '0') || (utcTime[i] > '9') ) { - goto badtime; - } + if (CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken)) { + /* return CKR_DEVICE_ERROR; */ + (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' '); + return CKR_OK; } - Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) + - ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0'); - M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0'); - D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0'); - h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); - m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); - s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - - if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ - if( (M < 1) || (M > 12) ) goto badtime; - if( (D < 1) || (D > 31) ) goto badtime; - - if( D > dims[M-1] ) goto badtime; /* per-month check */ - if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */ + if (!fwToken->mdToken->GetUTCTime) { + /* It said it had one! */ + return CKR_GENERAL_ERROR; + } - if( (h < 0) || (h > 23) ) goto badtime; - if( (m < 0) || (m > 60) ) goto badtime; - if( (s < 0) || (s > 61) ) goto badtime; + error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, utcTime); + if (CKR_OK != error) { + return error; + } - /* 60m and 60 or 61s is only allowed for leap seconds. */ - if( (60 == m) || (s >= 60) ) { - if( (23 != h) || (60 != m) || (s < 60) ) goto badtime; - /* leap seconds can only happen on June 30 or Dec 31.. I think */ - /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */ + /* Sanity-check the data */ + { + /* Format is YYYYMMDDhhmmss00 */ + int i; + int Y, M, D, h, m, s; + static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; + + for (i = 0; i < 16; i++) { + if ((utcTime[i] < '0') || (utcTime[i] > '9')) { + goto badtime; + } + } + + Y = ((utcTime[0] - '0') * 1000) + ((utcTime[1] - '0') * 100) + + ((utcTime[2] - '0') * 10) + (utcTime[3] - '0'); + M = ((utcTime[4] - '0') * 10) + (utcTime[5] - '0'); + D = ((utcTime[6] - '0') * 10) + (utcTime[7] - '0'); + h = ((utcTime[8] - '0') * 10) + (utcTime[9] - '0'); + m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); + s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); + + if ((Y < 1990) || (Y > 3000)) + goto badtime; /* Y3K problem. heh heh heh */ + if ((M < 1) || (M > 12)) + goto badtime; + if ((D < 1) || (D > 31)) + goto badtime; + + if (D > dims[M - 1]) + goto badtime; /* per-month check */ + if ((2 == M) && (((Y % 4) || !(Y % + 100)) && + (Y % 400)) && + (D > 28)) + goto badtime; /* leap years */ + + if ((h < 0) || (h > 23)) + goto badtime; + if ((m < 0) || (m > 60)) + goto badtime; + if ((s < 0) || (s > 61)) + goto badtime; + + /* 60m and 60 or 61s is only allowed for leap seconds. */ + if ((60 == m) || (s >= 60)) { + if ((23 != h) || (60 != m) || (s < 60)) + goto badtime; + /* leap seconds can only happen on June 30 or Dec 31.. I think */ + /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */ + } } - } - return CKR_OK; + return CKR_OK; - badtime: - return CKR_GENERAL_ERROR; +badtime: + return CKR_GENERAL_ERROR; } /* @@ -1305,108 +1251,107 @@ nssCKFWToken_GetUTCTime * */ NSS_IMPLEMENT NSSCKFWSession * -nssCKFWToken_OpenSession -( - NSSCKFWToken *fwToken, - CK_BBOOL rw, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_RV *pError -) +nssCKFWToken_OpenSession( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError) { - NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL; - NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL; + NSSCKMDSession *mdSession; #ifdef NSSDEBUG - if (!pError) { - return (NSSCKFWSession *)NULL; - } - - *pError = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } - - switch( rw ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - *pError = CKR_ARGUMENTS_BAD; - return (NSSCKFWSession *)NULL; - } + if (!pError) { + return (NSSCKFWSession *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } + + switch (rw) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSession *)NULL; + } #endif /* NSSDEBUG */ - *pError = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != *pError ) { - return (NSSCKFWSession *)NULL; - } + *pError = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != *pError) { + return (NSSCKFWSession *)NULL; + } - if( CK_TRUE == rw ) { - /* Read-write session desired */ - if( CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken) ) { - *pError = CKR_TOKEN_WRITE_PROTECTED; - goto done; + if (CK_TRUE == rw) { + /* Read-write session desired */ + if (CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken)) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + goto done; + } } - } else { - /* Read-only session desired */ - if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) { - *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; - goto done; + else { + /* Read-only session desired */ + if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) { + *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; + goto done; + } } - } - /* We could compare sesion counts to any limits we know of, I guess.. */ + /* We could compare sesion counts to any limits we know of, I guess.. */ - if (!fwToken->mdToken->OpenSession) { - /* - * I'm not sure that the Module actually needs to implement - * mdSessions -- the Framework can keep track of everything - * needed, really. But I'll sort out that detail later.. - */ - *pError = CKR_GENERAL_ERROR; - goto done; - } - - fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError); - if (!fwSession) { - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; - } - goto done; - } - - mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, fwSession, - rw, pError); - if (!mdSession) { - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - if( CKR_OK == *pError ) { - *pError = CKR_GENERAL_ERROR; + if (!fwToken->mdToken->OpenSession) { + /* + * I'm not sure that the Module actually needs to implement + * mdSessions -- the Framework can keep track of everything + * needed, really. But I'll sort out that detail later.. + */ + *pError = CKR_GENERAL_ERROR; + goto done; } - goto done; - } - *pError = nssCKFWSession_SetMDSession(fwSession, mdSession); - if( CKR_OK != *pError ) { - if (mdSession->Close) { - mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError); + if (!fwSession) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto done; } - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - goto done; - } - *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession); - if( CKR_OK != *pError ) { - (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); - fwSession = (NSSCKFWSession *)NULL; - goto done; - } + mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, fwSession, + rw, pError); + if (!mdSession) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + goto done; + } - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return fwSession; + *pError = nssCKFWSession_SetMDSession(fwSession, mdSession); + if (CKR_OK != *pError) { + if (mdSession->Close) { + mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + goto done; + } + + *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession); + if (CKR_OK != *pError) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + fwSession = (NSSCKFWSession *)NULL; + goto done; + } + +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return fwSession; } /* @@ -1414,23 +1359,21 @@ nssCKFWToken_OpenSession * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetMechanismCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMechanismCount( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return 0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return 0; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMechanismCount) { - return 0; - } + if (!fwToken->mdToken->GetMechanismCount) { + return 0; + } - return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } /* @@ -1438,110 +1381,103 @@ nssCKFWToken_GetMechanismCount * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_GetMechanismTypes -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE types[] -) +nssCKFWToken_GetMechanismTypes( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[]) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKR_ARGUMENTS_BAD; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKR_ARGUMENTS_BAD; + } - if (!types) { - return CKR_ARGUMENTS_BAD; - } + if (!types) { + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - if (!fwToken->mdToken->GetMechanismTypes) { - /* - * This should only be called with a sufficiently-large - * "types" array, which can only be done if GetMechanismCount - * is implemented. If that's implemented (and returns nonzero), - * then this should be too. So return an error. - */ - return CKR_GENERAL_ERROR; - } + if (!fwToken->mdToken->GetMechanismTypes) { + /* + * This should only be called with a sufficiently-large + * "types" array, which can only be done if GetMechanismCount + * is implemented. If that's implemented (and returns nonzero), + * then this should be too. So return an error. + */ + return CKR_GENERAL_ERROR; + } - return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, types); + return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, types); } - /* * nssCKFWToken_GetMechanism * */ NSS_IMPLEMENT NSSCKFWMechanism * -nssCKFWToken_GetMechanism -( - NSSCKFWToken *fwToken, - CK_MECHANISM_TYPE which, - CK_RV *pError -) +nssCKFWToken_GetMechanism( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError) { - NSSCKMDMechanism *mdMechanism; - if (!fwToken->mdMechanismHash) { - *pError = CKR_GENERAL_ERROR; - return (NSSCKFWMechanism *)NULL; - } - - if (!fwToken->mdToken->GetMechanism) { - /* - * If we don't implement any GetMechanism function, then we must - * not support any. - */ - *pError = CKR_MECHANISM_INVALID; - return (NSSCKFWMechanism *)NULL; - } - - /* lookup in hash table */ - mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance, which, pError); - if (!mdMechanism) { - return (NSSCKFWMechanism *) NULL; - } - /* store in hash table */ - return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken, - fwToken->mdInstance, fwToken->fwInstance); + NSSCKMDMechanism *mdMechanism; + if (!fwToken->mdMechanismHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWMechanism *)NULL; + } + + if (!fwToken->mdToken->GetMechanism) { + /* + * If we don't implement any GetMechanism function, then we must + * not support any. + */ + *pError = CKR_MECHANISM_INVALID; + return (NSSCKFWMechanism *)NULL; + } + + /* lookup in hash table */ + mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, which, pError); + if (!mdMechanism) { + return (NSSCKFWMechanism *)NULL; + } + /* store in hash table */ + return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); } NSS_IMPLEMENT CK_RV -nssCKFWToken_SetSessionState -( - NSSCKFWToken *fwToken, - CK_STATE newState -) +nssCKFWToken_SetSessionState( + NSSCKFWToken *fwToken, + CK_STATE newState) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } - - switch( newState ) { - case CKS_RO_PUBLIC_SESSION: - case CKS_RO_USER_FUNCTIONS: - case CKS_RW_PUBLIC_SESSION: - case CKS_RW_USER_FUNCTIONS: - case CKS_RW_SO_FUNCTIONS: - break; - default: - return CKR_ARGUMENTS_BAD; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } + + switch (newState) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + case CKS_RW_SO_FUNCTIONS: + break; + default: + return CKR_ARGUMENTS_BAD; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - fwToken->state = newState; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return CKR_OK; + fwToken->state = newState; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return CKR_OK; } /* @@ -1549,101 +1485,96 @@ nssCKFWToken_SetSessionState * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_RemoveSession -( - NSSCKFWToken *fwToken, - NSSCKFWSession *fwSession -) +nssCKFWToken_RemoveSession( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } - error = nssCKFWSession_verifyPointer(fwSession); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWSession_verifyPointer(fwSession); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) { - error = CKR_SESSION_HANDLE_INVALID; - goto done; - } + if (CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession)) { + error = CKR_SESSION_HANDLE_INVALID; + goto done; + } - nssCKFWHash_Remove(fwToken->sessions, fwSession); - fwToken->sessionCount--; + nssCKFWHash_Remove(fwToken->sessions, fwSession); + fwToken->sessionCount--; - if( nssCKFWSession_IsRWSession(fwSession) ) { - fwToken->rwSessionCount--; - } + if (nssCKFWSession_IsRWSession(fwSession)) { + fwToken->rwSessionCount--; + } - if( 0 == fwToken->sessionCount ) { - fwToken->rwSessionCount = 0; /* sanity */ - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - } + if (0 == fwToken->sessionCount) { + fwToken->rwSessionCount = 0; /* sanity */ + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + } - error = CKR_OK; + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } - /* * nssCKFWToken_CloseAllSessions * */ NSS_IMPLEMENT CK_RV -nssCKFWToken_CloseAllSessions -( - NSSCKFWToken *fwToken -) +nssCKFWToken_CloseAllSessions( + NSSCKFWToken *fwToken) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; #ifdef NSSDEBUG - error = nssCKFWToken_verifyPointer(fwToken); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWToken_verifyPointer(fwToken); + if (CKR_OK != error) { + return error; + } #endif /* NSSDEBUG */ - error = nssCKFWMutex_Lock(fwToken->mutex); - if( CKR_OK != error ) { - return error; - } + error = nssCKFWMutex_Lock(fwToken->mutex); + if (CKR_OK != error) { + return error; + } - nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL); + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL); - nssCKFWHash_Destroy(fwToken->sessions); + nssCKFWHash_Destroy(fwToken->sessions); - fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error); - if (!fwToken->sessions) { - if( CKR_OK == error ) { - error = CKR_GENERAL_ERROR; + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error); + if (!fwToken->sessions) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + goto done; } - goto done; - } - fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ - fwToken->sessionCount = 0; - fwToken->rwSessionCount = 0; + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; - error = CKR_OK; + error = CKR_OK; - done: - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return error; +done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; } /* @@ -1651,26 +1582,24 @@ nssCKFWToken_CloseAllSessions * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->sessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->sessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1678,26 +1607,24 @@ nssCKFWToken_GetSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetRwSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRwSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->rwSessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1705,26 +1632,24 @@ nssCKFWToken_GetRwSessionCount * */ NSS_IMPLEMENT CK_ULONG -nssCKFWToken_GetRoSessionCount -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetRoSessionCount( + NSSCKFWToken *fwToken) { - CK_ULONG rv; + CK_ULONG rv; #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (CK_ULONG)0; + } #endif /* NSSDEBUG */ - if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { - return (CK_ULONG)0; - } + if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) { + return (CK_ULONG)0; + } - rv = fwToken->sessionCount - fwToken->rwSessionCount; - (void)nssCKFWMutex_Unlock(fwToken->mutex); - return rv; + rv = fwToken->sessionCount - fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; } /* @@ -1732,18 +1657,16 @@ nssCKFWToken_GetRoSessionCount * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetSessionObjectHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetSessionObjectHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->sessionObjectHash; + return fwToken->sessionObjectHash; } /* @@ -1751,18 +1674,16 @@ nssCKFWToken_GetSessionObjectHash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetMDObjectHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetMDObjectHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdObjectHash; + return fwToken->mdObjectHash; } /* @@ -1770,18 +1691,16 @@ nssCKFWToken_GetMDObjectHash * */ NSS_IMPLEMENT nssCKFWHash * -nssCKFWToken_GetObjectHandleHash -( - NSSCKFWToken *fwToken -) +nssCKFWToken_GetObjectHandleHash( + NSSCKFWToken *fwToken) { #ifdef NSSDEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (nssCKFWHash *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (nssCKFWHash *)NULL; + } #endif /* NSSDEBUG */ - return fwToken->mdObjectHash; + return fwToken->mdObjectHash; } /* @@ -1790,18 +1709,16 @@ nssCKFWToken_GetObjectHandleHash */ NSS_IMPLEMENT NSSCKMDToken * -NSSCKFWToken_GetMDToken -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetMDToken( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDToken *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDToken *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetMDToken(fwToken); + return nssCKFWToken_GetMDToken(fwToken); } /* @@ -1810,24 +1727,22 @@ NSSCKFWToken_GetMDToken */ NSS_IMPLEMENT NSSArena * -NSSCKFWToken_GetArena -( - NSSCKFWToken *fwToken, - CK_RV *pError -) +NSSCKFWToken_GetArena( + NSSCKFWToken *fwToken, + CK_RV *pError) { #ifdef DEBUG - if (!pError) { - return (NSSArena *)NULL; - } - - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - *pError = CKR_ARGUMENTS_BAD; - return (NSSArena *)NULL; - } + if (!pError) { + return (NSSArena *)NULL; + } + + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSArena *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetArena(fwToken, pError); + return nssCKFWToken_GetArena(fwToken, pError); } /* @@ -1836,18 +1751,16 @@ NSSCKFWToken_GetArena */ NSS_IMPLEMENT NSSCKFWSlot * -NSSCKFWToken_GetFWSlot -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetFWSlot( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKFWSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKFWSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetFWSlot(fwToken); + return nssCKFWToken_GetFWSlot(fwToken); } /* @@ -1856,18 +1769,16 @@ NSSCKFWToken_GetFWSlot */ NSS_IMPLEMENT NSSCKMDSlot * -NSSCKFWToken_GetMDSlot -( - NSSCKFWToken *fwToken -) +NSSCKFWToken_GetMDSlot( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return (NSSCKMDSlot *)NULL; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return (NSSCKMDSlot *)NULL; + } #endif /* DEBUG */ - return nssCKFWToken_GetMDSlot(fwToken); + return nssCKFWToken_GetMDSlot(fwToken); } /* @@ -1876,16 +1787,14 @@ NSSCKFWToken_GetMDSlot */ NSS_IMPLEMENT CK_STATE -NSSCKFWSession_GetSessionState -( - NSSCKFWToken *fwToken -) +NSSCKFWSession_GetSessionState( + NSSCKFWToken *fwToken) { #ifdef DEBUG - if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { - return CKS_RO_PUBLIC_SESSION; - } + if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) { + return CKS_RO_PUBLIC_SESSION; + } #endif /* DEBUG */ - return nssCKFWToken_GetSessionState(fwToken); + return nssCKFWToken_GetSessionState(fwToken); } diff --git a/lib/ckfw/wrap.c b/lib/ckfw/wrap.c index 3a0b0df21..7a8d42f8e 100644 --- a/lib/ckfw/wrap.c +++ b/lib/ckfw/wrap.c @@ -92,41 +92,46 @@ /* figure out out locking semantics */ static CK_RV nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, - CryptokiLockingState *pLocking_state) { - int functionCount = 0; + CryptokiLockingState *pLocking_state) +{ + int functionCount = 0; - /* parsed according to (PKCS #11 Section 11.4) */ - /* no args, the degenerate version of case 1 */ - if (!pInitArgs) { - *pLocking_state = SingleThreaded; - return CKR_OK; - } + /* parsed according to (PKCS #11 Section 11.4) */ + /* no args, the degenerate version of case 1 */ + if (!pInitArgs) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } - /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ - if (pInitArgs->flags & CKF_OS_LOCKING_OK) { - *pLocking_state = MultiThreaded; - return CKR_OK; - } - if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; - if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; - if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; - if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; - - /* CKF_OS_LOCKING_OK is not set, and not functions supplied, - * explicit case 1 */ - if (0 == functionCount) { - *pLocking_state = SingleThreaded; - return CKR_OK; - } - - /* OS_LOCKING_OK is not set and functions have been supplied. Since - * ckfw uses nssbase library which explicitly calls NSPR, and since - * there is no way to reliably override these explicit calls to NSPR, - * therefore we can't support applications which have their own threading - * module. Return CKR_CANT_LOCK if they supplied the correct number of - * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will - * fail the initialize */ - return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; + /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ + if (pInitArgs->flags & CKF_OS_LOCKING_OK) { + *pLocking_state = MultiThreaded; + return CKR_OK; + } + if ((CK_CREATEMUTEX)NULL != pInitArgs->CreateMutex) + functionCount++; + if ((CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex) + functionCount++; + if ((CK_LOCKMUTEX)NULL != pInitArgs->LockMutex) + functionCount++; + if ((CK_UNLOCKMUTEX)NULL != pInitArgs->UnlockMutex) + functionCount++; + + /* CKF_OS_LOCKING_OK is not set, and not functions supplied, + * explicit case 1 */ + if (0 == functionCount) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } + + /* OS_LOCKING_OK is not set and functions have been supplied. Since + * ckfw uses nssbase library which explicitly calls NSPR, and since + * there is no way to reliably override these explicit calls to NSPR, + * therefore we can't support applications which have their own threading + * module. Return CKR_CANT_LOCK if they supplied the correct number of + * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will + * fail the initialize */ + return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; } static PRInt32 liveInstances; @@ -136,60 +141,58 @@ static PRInt32 liveInstances; * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Initialize -( - NSSCKFWInstance **pFwInstance, - NSSCKMDInstance *mdInstance, - CK_VOID_PTR pInitArgs -) +NSSCKFWC_Initialize( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs) { - CK_RV error = CKR_OK; - CryptokiLockingState locking_state; - - if( (NSSCKFWInstance **)NULL == pFwInstance ) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - if (*pFwInstance) { - error = CKR_CRYPTOKI_ALREADY_INITIALIZED; - goto loser; - } - - if (!mdInstance) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); - if( CKR_OK != error ) { - goto loser; - } - - *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); - if (!*pFwInstance) { - goto loser; - } - PR_ATOMIC_INCREMENT(&liveInstances); - return CKR_OK; - - loser: - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CANT_LOCK: - case CKR_CRYPTOKI_ALREADY_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_NEED_TO_CREATE_THREADS: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CryptokiLockingState locking_state; + + if ((NSSCKFWInstance **)NULL == pFwInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (*pFwInstance) { + error = CKR_CRYPTOKI_ALREADY_INITIALIZED; + goto loser; + } + + if (!mdInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + error = nssCKFW_GetThreadSafeState(pInitArgs, &locking_state); + if (CKR_OK != error) { + goto loser; + } + + *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); + if (!*pFwInstance) { + goto loser; + } + PR_ATOMIC_INCREMENT(&liveInstances); + return CKR_OK; + +loser: + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CANT_LOCK: + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NEED_TO_CREATE_THREADS: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -197,59 +200,57 @@ NSSCKFWC_Initialize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Finalize -( - NSSCKFWInstance **pFwInstance -) +NSSCKFWC_Finalize( + NSSCKFWInstance **pFwInstance) { - CK_RV error = CKR_OK; - - if( (NSSCKFWInstance **)NULL == pFwInstance ) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - if (!*pFwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - error = nssCKFWInstance_Destroy(*pFwInstance); - - /* In any case */ - *pFwInstance = (NSSCKFWInstance *)NULL; - - loser: - switch( error ) { - PRInt32 remainingInstances; - case CKR_OK: - remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); - if (!remainingInstances) { - nssArena_Shutdown(); - } - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - error = CKR_GENERAL_ERROR; - break; - } - - /* - * A thread's error stack is automatically destroyed when the thread - * terminates or, for the primordial thread, by PR_Cleanup. On - * Windows with MinGW, the thread private data destructor PR_Free - * registered by this module is actually a thunk for PR_Free defined - * in this module. When the thread that unloads this module terminates - * or calls PR_Cleanup, the thunk for PR_Free is already gone with the - * module. Therefore we need to destroy the error stack before the - * module is unloaded. - */ - nss_DestroyErrorStack(); - return error; + CK_RV error = CKR_OK; + + if ((NSSCKFWInstance **)NULL == pFwInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (!*pFwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + error = nssCKFWInstance_Destroy(*pFwInstance); + + /* In any case */ + *pFwInstance = (NSSCKFWInstance *)NULL; + +loser: + switch (error) { + PRInt32 remainingInstances; + case CKR_OK: + remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); + if (!remainingInstances) { + nssArena_Shutdown(); + } + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } + + /* + * A thread's error stack is automatically destroyed when the thread + * terminates or, for the primordial thread, by PR_Cleanup. On + * Windows with MinGW, the thread private data destructor PR_Free + * registered by this module is actually a thunk for PR_Free defined + * in this module. When the thread that unloads this module terminates + * or calls PR_Cleanup, the thunk for PR_Free is already gone with the + * module. Therefore we need to destroy the error stack before the + * module is unloaded. + */ + nss_DestroyErrorStack(); + return error; } /* @@ -257,57 +258,55 @@ NSSCKFWC_Finalize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetInfo -( - NSSCKFWInstance *fwInstance, - CK_INFO_PTR pInfo -) +NSSCKFWC_GetInfo( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo) { - CK_RV error = CKR_OK; + CK_RV error = CKR_OK; - if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } + if ((CK_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } - /* - * A purify error here means a caller error - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); + /* + * A purify error here means a caller error + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); - pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); + pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); - error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } + error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } - pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); + pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); - error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); - if( CKR_OK != error ) { - goto loser; - } + error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); + if (CKR_OK != error) { + goto loser; + } - pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); + pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); - return CKR_OK; + return CKR_OK; - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - error = CKR_GENERAL_ERROR; - break; - } +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } - return error; + return error; } - + /* * C_GetFunctionList is implemented entirely in the Module's file which * includes the Framework API insert file. It requires no "actual" @@ -319,179 +318,176 @@ NSSCKFWC_GetInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSlotList -( - NSSCKFWInstance *fwInstance, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount -) +NSSCKFWC_GetSlotList( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - switch( tokenPresent ) { - case CK_TRUE: - case CK_FALSE: - break; - default: - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { - *pulCount = nSlots; - return CKR_OK; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); + CK_RV error = CKR_OK; + CK_ULONG nSlots; - if( *pulCount < nSlots ) { - *pulCount = nSlots; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } else { - CK_ULONG i; - *pulCount = nSlots; - - /* - * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we - * just index one when we need it. + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + switch (tokenPresent) { + case CK_TRUE: + case CK_FALSE: + break; + default: + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList) { + *pulCount = nSlots; + return CKR_OK; + } + + /* + * A purify error here indicates caller error. */ + (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); - for( i = 0; i < nSlots; i++ ) { - pSlotList[i] = i+1; + if (*pulCount < nSlots) { + *pulCount = nSlots; + error = CKR_BUFFER_TOO_SMALL; + goto loser; } + else { + CK_ULONG i; + *pulCount = nSlots; - return CKR_OK; - } - - loser: - switch( error ) { - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + /* + * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we + * just index one when we need it. + */ + + for (i = 0; i < nSlots; i++) { + pSlotList[i] = i + 1; + } + + return CKR_OK; + } + +loser: + switch (error) { + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } - + /* * NSSCKFWC_GetSlotInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSlotInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo -) +NSSCKFWC_GetSlotInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } - - if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { - pInfo->flags |= CKF_TOKEN_PRESENT; - } - - if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { - pInfo->flags |= CKF_REMOVABLE_DEVICE; - } - - if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { - pInfo->flags |= CKF_HW_SLOT; - } - - pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); - pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } + + if (nssCKFWSlot_GetTokenPresent(fwSlot)) { + pInfo->flags |= CKF_TOKEN_PRESENT; + } + + if (nssCKFWSlot_GetRemovableDevice(fwSlot)) { + pInfo->flags |= CKF_REMOVABLE_DEVICE; + } + + if (nssCKFWSlot_GetHardwareSlot(fwSlot)) { + pInfo->flags |= CKF_HW_SLOT; + } + + pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); + pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); + + return CKR_OK; + +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + } + + return error; } /* @@ -499,156 +495,154 @@ NSSCKFWC_GetSlotInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetTokenInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo -) +NSSCKFWC_GetTokenInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - error = nssCKFWToken_GetLabel(fwToken, pInfo->label); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetModel(fwToken, pInfo->model); - if( CKR_OK != error ) { - goto loser; - } - - error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); - if( CKR_OK != error ) { - goto loser; - } - - if( nssCKFWToken_GetHasRNG(fwToken) ) { - pInfo->flags |= CKF_RNG; - } - - if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { - pInfo->flags |= CKF_WRITE_PROTECTED; - } - - if( nssCKFWToken_GetLoginRequired(fwToken) ) { - pInfo->flags |= CKF_LOGIN_REQUIRED; - } - - if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { - pInfo->flags |= CKF_USER_PIN_INITIALIZED; - } - - if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { - pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; - } - - if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { - pInfo->flags |= CKF_CLOCK_ON_TOKEN; - } - - if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { - pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; - } - - if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { - pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; - } - - pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); - pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); - pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); - pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); - pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); - pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); - pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); - pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); - pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); - pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); - pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); - pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); - - error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_GetLabel(fwToken, pInfo->label); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetModel(fwToken, pInfo->model); + if (CKR_OK != error) { + goto loser; + } + + error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); + if (CKR_OK != error) { + goto loser; + } + + if (nssCKFWToken_GetHasRNG(fwToken)) { + pInfo->flags |= CKF_RNG; + } + + if (nssCKFWToken_GetIsWriteProtected(fwToken)) { + pInfo->flags |= CKF_WRITE_PROTECTED; + } + + if (nssCKFWToken_GetLoginRequired(fwToken)) { + pInfo->flags |= CKF_LOGIN_REQUIRED; + } + + if (nssCKFWToken_GetUserPinInitialized(fwToken)) { + pInfo->flags |= CKF_USER_PIN_INITIALIZED; + } + + if (nssCKFWToken_GetRestoreKeyNotNeeded(fwToken)) { + pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; + } + + if (nssCKFWToken_GetHasClockOnToken(fwToken)) { + pInfo->flags |= CKF_CLOCK_ON_TOKEN; + } + + if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) { + pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; + } + + if (nssCKFWToken_GetSupportsDualCryptoOperations(fwToken)) { + pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; + } + + pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); + pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); + pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); + pInfo->ulRwSessionCount = nssCKFWToken_GetRwSessionCount(fwToken); + pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); + pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); + pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); + pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); + pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); + pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); + pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); + pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); + + error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -656,82 +650,80 @@ NSSCKFWC_GetTokenInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_WaitForSlotEvent -( - NSSCKFWInstance *fwInstance, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved -) +NSSCKFWC_WaitForSlotEvent( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - CK_BBOOL block; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - if( flags & ~CKF_DONT_BLOCK ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); - if (!fwSlot) { - goto loser; - } - - for( i = 0; i < nSlots; i++ ) { - if( fwSlot == slots[i] ) { - *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); - return CKR_OK; - } - } - - error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ - - loser: - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_NO_EVENT: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + CK_BBOOL block; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if (flags & ~CKF_DONT_BLOCK) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_VOID_PTR)CK_NULL_PTR != pReserved) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); + if (!fwSlot) { + goto loser; + } + + for (i = 0; i < nSlots; i++) { + if (fwSlot == slots[i]) { + *pSlot = (CK_SLOT_ID)(CK_ULONG)(i + 1); + return CKR_OK; + } + } + + error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ + +loser: + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NO_EVENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -739,113 +731,112 @@ NSSCKFWC_WaitForSlotEvent * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetMechanismList -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount -) +NSSCKFWC_GetMechanismList( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - CK_ULONG count; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - count = nssCKFWToken_GetMechanismCount(fwToken); - - if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { - *pulCount = count; - return CKR_OK; - } + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_ULONG count; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + count = nssCKFWToken_GetMechanismCount(fwToken); + + if ((CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList) { + *pulCount = count; + return CKR_OK; + } + + if (*pulCount < count) { + *pulCount = count; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); - if( *pulCount < count ) { *pulCount = count; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); + if (0 != count) { + error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); + } + else { + error = CKR_OK; + } - *pulCount = count; + if (CKR_OK == error) { + return CKR_OK; + } - if( 0 != count ) { - error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); - } else { - error = CKR_OK; - } +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } - if( CKR_OK == error ) { - return CKR_OK; - } - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + return error; } /* @@ -853,139 +844,137 @@ NSSCKFWC_GetMechanismList * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetMechanismInfo -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo -) +NSSCKFWC_GetMechanismInfo( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); - if (!fwMechanism) { - goto loser; - } - - pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); - pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); - - if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { - pInfo->flags |= CKF_HW; - } - if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { - pInfo->flags |= CKF_ENCRYPT; - } - if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { - pInfo->flags |= CKF_DECRYPT; - } - if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { - pInfo->flags |= CKF_DIGEST; - } - if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { - pInfo->flags |= CKF_SIGN; - } - if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { - pInfo->flags |= CKF_SIGN_RECOVER; - } - if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { - pInfo->flags |= CKF_VERIFY; - } - if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { - pInfo->flags |= CKF_VERIFY_RECOVER; - } - if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { - pInfo->flags |= CKF_GENERATE; - } - if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { - pInfo->flags |= CKF_GENERATE_KEY_PAIR; - } - if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { - pInfo->flags |= CKF_WRAP; - } - if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { - pInfo->flags |= CKF_UNWRAP; - } - if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { - pInfo->flags |= CKF_DERIVE; - } - nssCKFWMechanism_Destroy(fwMechanism); - - return error; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + if ((CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); + if (!fwMechanism) { + goto loser; + } + + pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); + pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); + + if (nssCKFWMechanism_GetInHardware(fwMechanism, &error)) { + pInfo->flags |= CKF_HW; + } + if (nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error)) { + pInfo->flags |= CKF_ENCRYPT; + } + if (nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error)) { + pInfo->flags |= CKF_DECRYPT; + } + if (nssCKFWMechanism_GetCanDigest(fwMechanism, &error)) { + pInfo->flags |= CKF_DIGEST; + } + if (nssCKFWMechanism_GetCanSign(fwMechanism, &error)) { + pInfo->flags |= CKF_SIGN; + } + if (nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error)) { + pInfo->flags |= CKF_SIGN_RECOVER; + } + if (nssCKFWMechanism_GetCanVerify(fwMechanism, &error)) { + pInfo->flags |= CKF_VERIFY; + } + if (nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error)) { + pInfo->flags |= CKF_VERIFY_RECOVER; + } + if (nssCKFWMechanism_GetCanGenerate(fwMechanism, &error)) { + pInfo->flags |= CKF_GENERATE; + } + if (nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error)) { + pInfo->flags |= CKF_GENERATE_KEY_PAIR; + } + if (nssCKFWMechanism_GetCanWrap(fwMechanism, &error)) { + pInfo->flags |= CKF_WRAP; + } + if (nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error)) { + pInfo->flags |= CKF_UNWRAP; + } + if (nssCKFWMechanism_GetCanDerive(fwMechanism, &error)) { + pInfo->flags |= CKF_DERIVE; + } + nssCKFWMechanism_Destroy(fwMechanism); + + return error; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -993,94 +982,92 @@ NSSCKFWC_GetMechanismInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_InitToken -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_CHAR_PTR pLabel -) +NSSCKFWC_InitToken( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSItem pin; - NSSUTF8 *label; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - label = (NSSUTF8 *)pLabel; /* identity conversion */ - - error = nssCKFWToken_InitToken(fwToken, &pin, label); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - case CKR_TOKEN_NOT_PRESENT: - if (fwToken) - nssCKFWToken_Destroy(fwToken); - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INCORRECT: - case CKR_PIN_LOCKED: - case CKR_SESSION_EXISTS: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_RECOGNIZED: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSItem pin; + NSSUTF8 *label; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + label = (NSSUTF8 *)pLabel; /* identity conversion */ + + error = nssCKFWToken_InitToken(fwToken, &pin, label); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1088,73 +1075,72 @@ NSSCKFWC_InitToken * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_InitPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -) +NSSCKFWC_InitPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem pin, *arg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { - arg = (NSSItem *)NULL; - } else { - arg = &pin; - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - } - - error = nssCKFWSession_InitPIN(fwSession, arg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INVALID: - case CKR_PIN_LEN_RANGE: - case CKR_SESSION_READ_ONLY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { + arg = (NSSItem *)NULL; + } + else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_InitPIN(fwSession, arg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_SESSION_READ_ONLY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1162,84 +1148,84 @@ NSSCKFWC_InitPIN * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetPIN -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_CHAR_PTR pNewPin, - CK_ULONG ulNewLen -) +NSSCKFWC_SetPIN( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem oldPin, newPin, *oldArg, *newArg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { - oldArg = (NSSItem *)NULL; - } else { - oldArg = &oldPin; - oldPin.size = (PRUint32)ulOldLen; - oldPin.data = (void *)pOldPin; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { - newArg = (NSSItem *)NULL; - } else { - newArg = &newPin; - newPin.size = (PRUint32)ulNewLen; - newPin.data = (void *)pNewPin; - } - - error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_INCORRECT: - case CKR_PIN_INVALID: - case CKR_PIN_LEN_RANGE: - case CKR_PIN_LOCKED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem oldPin, newPin, *oldArg, *newArg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) { + oldArg = (NSSItem *)NULL; + } + else { + oldArg = &oldPin; + oldPin.size = (PRUint32)ulOldLen; + oldPin.data = (void *)pOldPin; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) { + newArg = (NSSItem *)NULL; + } + else { + newArg = &newPin; + newPin.size = (PRUint32)ulNewLen; + newPin.data = (void *)pNewPin; + } + + error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1247,128 +1233,128 @@ NSSCKFWC_SetPIN * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_OpenSession -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession -) +NSSCKFWC_OpenSession( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - NSSCKFWSession *fwSession; - CK_BBOOL rw; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - if( flags & CKF_RW_SESSION ) { - rw = CK_TRUE; - } else { - rw = CK_FALSE; - } - - if( flags & CKF_SERIAL_SESSION ) { - ; - } else { - error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - goto loser; - } - - if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phSession = (CK_SESSION_HANDLE)0; - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, - Notify, &error); - if (!fwSession) { - goto loser; - } - - *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, - fwSession, &error); - if( (CK_SESSION_HANDLE)0 == *phSession ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_COUNT: - case CKR_SESSION_EXISTS: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - case CKR_SESSION_READ_WRITE_SO_EXISTS: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_PRESENT: - case CKR_TOKEN_NOT_RECOGNIZED: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWSession *fwSession; + CK_BBOOL rw; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if (flags & CKF_RW_SESSION) { + rw = CK_TRUE; + } + else { + rw = CK_FALSE; + } + + if (flags & CKF_SERIAL_SESSION) { + ; + } + else { + error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; + goto loser; + } + + if (flags & ~(CKF_RW_SESSION | CKF_SERIAL_SESSION)) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if ((CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phSession = (CK_SESSION_HANDLE)0; + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, + Notify, &error); + if (!fwSession) { + goto loser; + } + + *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, + fwSession, &error); + if ((CK_SESSION_HANDLE)0 == *phSession) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_COUNT: + case CKR_SESSION_EXISTS: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + case CKR_SESSION_READ_WRITE_SO_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1376,58 +1362,56 @@ NSSCKFWC_OpenSession * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CloseSession -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_CloseSession( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); - error = nssCKFWSession_Destroy(fwSession, CK_TRUE); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); + error = nssCKFWSession_Destroy(fwSession, CK_TRUE); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1435,78 +1419,76 @@ NSSCKFWC_CloseSession * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CloseAllSessions -( - NSSCKFWInstance *fwInstance, - CK_SLOT_ID slotID -) +NSSCKFWC_CloseAllSessions( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID) { - CK_RV error = CKR_OK; - CK_ULONG nSlots; - NSSCKFWSlot **slots; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); - if( (CK_ULONG)0 == nSlots ) { - goto loser; - } - - if( (slotID < 1) || (slotID > nSlots) ) { - error = CKR_SLOT_ID_INVALID; - goto loser; - } - - slots = nssCKFWInstance_GetSlots(fwInstance, &error); - if( (NSSCKFWSlot **)NULL == slots ) { - goto loser; - } - - fwSlot = slots[ slotID-1 ]; - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - error = nssCKFWToken_CloseAllSessions(fwToken); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SLOT_ID_INVALID: - case CKR_TOKEN_NOT_PRESENT: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if ((CK_ULONG)0 == nSlots) { + goto loser; + } + + if ((slotID < 1) || (slotID > nSlots)) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if ((NSSCKFWSlot **)NULL == slots) { + goto loser; + } + + fwSlot = slots[slotID - 1]; + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_CloseAllSessions(fwToken); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1514,80 +1496,78 @@ NSSCKFWC_CloseAllSessions * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetSessionInfo -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo -) +NSSCKFWC_GetSessionInfo( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; - goto loser; - } - - pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); - pInfo->state = nssCKFWSession_GetSessionState(fwSession); - - if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { - pInfo->flags |= CKF_RW_SESSION; - } - - pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ - - pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); + pInfo->state = nssCKFWSession_GetSessionState(fwSession); + + if (CK_TRUE == nssCKFWSession_IsRWSession(fwSession)) { + pInfo->flags |= CKF_RW_SESSION; + } + + pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ + + pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1595,88 +1575,86 @@ NSSCKFWC_GetSessionInfo * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen -) +NSSCKFWC_GetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - CK_ULONG len; - NSSItem buf; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - len = nssCKFWSession_GetOperationStateLen(fwSession, &error); - if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + CK_ULONG len; + NSSItem buf; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + len = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if (((CK_ULONG)0 == len) && (CKR_OK != error)) { + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) { + *pulOperationStateLen = len; + return CKR_OK; + } + + if (*pulOperationStateLen < len) { + *pulOperationStateLen = len; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + buf.size = (PRUint32)*pulOperationStateLen; + buf.data = (void *)pOperationState; *pulOperationStateLen = len; + error = nssCKFWSession_GetOperationState(fwSession, &buf); + + if (CKR_OK != error) { + goto loser; + } + return CKR_OK; - } - if( *pulOperationStateLen < len ) { - *pulOperationStateLen = len; - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - buf.size = (PRUint32)*pulOperationStateLen; - buf.data = (void *)pOperationState; - *pulOperationStateLen = len; - error = nssCKFWSession_GetOperationState(fwSession, &buf); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_STATE_UNSAVEABLE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_STATE_UNSAVEABLE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1684,100 +1662,100 @@ NSSCKFWC_GetOperationState * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetOperationState -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey -) +NSSCKFWC_SetOperationState( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *eKey; - NSSCKFWObject *aKey; - NSSItem state; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * We could loop through the buffer, to catch any purify errors - * in a place with a "user error" note. - */ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *eKey; + NSSCKFWObject *aKey; + NSSItem state; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * We could loop through the buffer, to catch any purify errors + * in a place with a "user error" note. + */ + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) { + eKey = (NSSCKFWObject *)NULL; + } + else { + eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); + if (!eKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { - eKey = (NSSCKFWObject *)NULL; - } else { - eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); - if (!eKey) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - } - - if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { - aKey = (NSSCKFWObject *)NULL; - } else { - aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); - if (!aKey) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - } - - state.data = pOperationState; - state.size = ulOperationStateLen; - - error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_CHANGED: - case CKR_KEY_NEEDED: - case CKR_KEY_NOT_NEEDED: - case CKR_SAVED_STATE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) { + aKey = (NSSCKFWObject *)NULL; + } + else { + aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); + if (!aKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } + + state.data = pOperationState; + state.size = ulOperationStateLen; + + error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_CHANGED: + case CKR_KEY_NEEDED: + case CKR_KEY_NOT_NEEDED: + case CKR_SAVED_STATE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1785,77 +1763,76 @@ NSSCKFWC_SetOperationState * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Login -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen -) +NSSCKFWC_Login( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem pin, *arg; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { - arg = (NSSItem *)NULL; - } else { - arg = &pin; - pin.size = (PRUint32)ulPinLen; - pin.data = (void *)pPin; - } - - error = nssCKFWSession_Login(fwSession, userType, arg); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_PIN_EXPIRED: - case CKR_PIN_INCORRECT: - case CKR_PIN_LOCKED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY_EXISTS: - case CKR_USER_ALREADY_LOGGED_IN: - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - case CKR_USER_PIN_NOT_INITIALIZED: - case CKR_USER_TOO_MANY_TYPES: - case CKR_USER_TYPE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { + arg = (NSSItem *)NULL; + } + else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_Login(fwSession, userType, arg); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_EXPIRED: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY_EXISTS: + case CKR_USER_ALREADY_LOGGED_IN: + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + case CKR_USER_PIN_NOT_INITIALIZED: + case CKR_USER_TOO_MANY_TYPES: + case CKR_USER_TYPE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1863,57 +1840,55 @@ NSSCKFWC_Login * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Logout -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_Logout( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Logout(fwSession); - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Logout(fwSession); + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -1921,85 +1896,83 @@ NSSCKFWC_Logout * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CreateObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject -) +NSSCKFWC_CreateObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phObject = (CK_OBJECT_HANDLE)0; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; - fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, - ulCount, &error); - if (!fwObject) { - goto loser; - } + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - if( (CK_OBJECT_HANDLE)0 == *phObject ) { - nssCKFWObject_Destroy(fwObject); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, + ulCount, &error); + if (!fwObject) { + goto loser; + } + + *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + if ((CK_OBJECT_HANDLE)0 == *phObject) { + nssCKFWObject_Destroy(fwObject); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2007,94 +1980,92 @@ NSSCKFWC_CreateObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CopyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject -) +NSSCKFWC_CopyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwNewObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *phNewObject = (CK_OBJECT_HANDLE)0; - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, - pTemplate, ulCount, &error); - if (!fwNewObject) { - goto loser; - } - - *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwNewObject, &error); - if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { - nssCKFWObject_Destroy(fwNewObject); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwNewObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phNewObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, + pTemplate, ulCount, &error); + if (!fwNewObject) { + goto loser; + } + + *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwNewObject, &error); + if ((CK_OBJECT_HANDLE)0 == *phNewObject) { + nssCKFWObject_Destroy(fwNewObject); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2102,65 +2073,63 @@ NSSCKFWC_CopyObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DestroyObject -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject -) +NSSCKFWC_DestroyObject( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); - nssCKFWObject_Destroy(fwObject); - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); + nssCKFWObject_Destroy(fwObject); + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2168,77 +2137,75 @@ NSSCKFWC_DestroyObject * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetObjectSize -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR pulSize -) +NSSCKFWC_GetObjectSize( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - *pulSize = (CK_ULONG)0; - - *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); - if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_INFORMATION_SENSITIVE: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ULONG_PTR)CK_NULL_PTR == pulSize) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *pulSize = (CK_ULONG)0; + + *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); + if (((CK_ULONG)0 == *pulSize) && (CKR_OK != error)) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_INFORMATION_SENSITIVE: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2246,229 +2213,236 @@ NSSCKFWC_GetObjectSize * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_GetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - CK_BBOOL sensitive = CK_FALSE; - CK_BBOOL invalid = CK_FALSE; - CK_BBOOL tooSmall = CK_FALSE; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - for( i = 0; i < ulCount; i++ ) { - CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, - pTemplate[i].type, &error); - if( (CK_ULONG)0 == size ) { - switch( error ) { - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_INFORMATION_SENSITIVE: - sensitive = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; - case CKR_ATTRIBUTE_TYPE_INVALID: - invalid = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; - case CKR_OK: - break; - default: - goto loser; - } - } - - if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { - pTemplate[i].ulValueLen = size; - } else { - NSSItem it, *p; - - if( pTemplate[i].ulValueLen < size ) { - tooSmall = CK_TRUE; - continue; - } - - it.size = (PRUint32)pTemplate[i].ulValueLen; - it.data = (void *)pTemplate[i].pValue; - p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, - (NSSArena *)NULL, &error); - if (!p) { - switch( error ) { + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_BBOOL sensitive = CK_FALSE; + CK_BBOOL invalid = CK_FALSE; + CK_BBOOL tooSmall = CK_FALSE; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for (i = 0; i < ulCount; i++) { + CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, + pTemplate[i].type, &error); + if ((CK_ULONG)0 == size) { + switch (error) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_OK: + break; + default: + goto loser; + } + } + + if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) { + pTemplate[i].ulValueLen = size; + } + else { + NSSItem it, *p; + + if (pTemplate[i].ulValueLen < size) { + tooSmall = CK_TRUE; + continue; + } + + it.size = (PRUint32)pTemplate[i].ulValueLen; + it.data = (void *)pTemplate[i].pValue; + p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, + (NSSArena *)NULL, &error); + if (!p) { + switch (error) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = + CK_TRUE; + pTemplate[i].ulValueLen = + (CK_ULONG)(-1); + continue; + default: + goto loser; + } + } + + pTemplate[i].ulValueLen = size; + } + } + + if (sensitive) { + error = CKR_ATTRIBUTE_SENSITIVE; + goto loser; + } + else if (invalid) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + else if (tooSmall) { + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; case CKR_ATTRIBUTE_SENSITIVE: - case CKR_INFORMATION_SENSITIVE: - sensitive = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; case CKR_ATTRIBUTE_TYPE_INVALID: - invalid = CK_TRUE; - pTemplate[i].ulValueLen = (CK_ULONG)(-1); - continue; + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; default: - goto loser; - } - } - - pTemplate[i].ulValueLen = size; - } - } - - if( sensitive ) { - error = CKR_ATTRIBUTE_SENSITIVE; - goto loser; - } else if( invalid ) { - error = CKR_ATTRIBUTE_TYPE_INVALID; - goto loser; - } else if( tooSmall ) { - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } - + /* * NSSCKFWC_SetAttributeValue * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SetAttributeValue -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_SetAttributeValue( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); - if (!fwObject) { - error = CKR_OBJECT_HANDLE_INVALID; - goto loser; - } - - if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - for (i=0; i < ulCount; i++) { - NSSItem value; - - value.data = pTemplate[i].pValue; - value.size = pTemplate[i].ulValueLen; - - error = nssCKFWObject_SetAttribute(fwObject, fwSession, - pTemplate[i].type, &value); - - if( CKR_OK != error ) { - goto loser; - } - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OBJECT_HANDLE_INVALID: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for (i = 0; i < ulCount; i++) { + NSSItem value; + + value.data = pTemplate[i].pValue; + value.size = pTemplate[i].ulValueLen; + + error = nssCKFWObject_SetAttribute(fwObject, fwSession, + pTemplate[i].type, &value); + + if (CKR_OK != error) { + goto loser; + } + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2476,85 +2450,83 @@ NSSCKFWC_SetAttributeValue * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjectsInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount -) +NSSCKFWC_FindObjectsInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (fwFindObjects) { - error = CKR_OPERATION_ACTIVE; - goto loser; - } - - if( CKR_OPERATION_NOT_INITIALIZED != error ) { - goto loser; - } - - fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, - pTemplate, ulCount, &error); - if (!fwFindObjects) { - goto loser; - } - - error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); - - if( CKR_OK != error ) { - nssCKFWFindObjects_Destroy(fwFindObjects); - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if (((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0)) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (fwFindObjects) { + error = CKR_OPERATION_ACTIVE; + goto loser; + } + + if (CKR_OPERATION_NOT_INITIALIZED != error) { + goto loser; + } + + fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, + pTemplate, ulCount, &error); + if (!fwFindObjects) { + goto loser; + } + + error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); + + if (CKR_OK != error) { + nssCKFWFindObjects_Destroy(fwFindObjects); + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2562,93 +2534,91 @@ NSSCKFWC_FindObjectsInit * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjects -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR phObject, - CK_ULONG ulMaxObjectCount, - CK_ULONG_PTR pulObjectCount -) +NSSCKFWC_FindObjects( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - CK_ULONG i; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* - * A purify error here indicates caller error. - */ - (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); - *pulObjectCount = (CK_ULONG)0; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (!fwFindObjects) { - goto loser; - } + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } - for( i = 0; i < ulMaxObjectCount; i++ ) { - NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, - NULL, &error); - if (!fwObject) { - break; - } - - phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); - if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { - phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - } - if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { - /* This isn't right either, is it? */ - nssCKFWObject_Destroy(fwObject); - goto loser; - } - } - - *pulObjectCount = i; - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); + *pulObjectCount = (CK_ULONG)0; + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + goto loser; + } + + for (i = 0; i < ulMaxObjectCount; i++) { + NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, + NULL, &error); + if (!fwObject) { + break; + } + + phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); + if ((CK_OBJECT_HANDLE)0 == phObject[i]) { + phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + } + if ((CK_OBJECT_HANDLE)0 == phObject[i]) { + /* This isn't right either, is it? */ + nssCKFWObject_Destroy(fwObject); + goto loser; + } + } + + *pulObjectCount = i; + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2656,67 +2626,65 @@ NSSCKFWC_FindObjects * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_FindObjectsFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_FindObjectsFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWFindObjects *fwFindObjects; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); - if (!fwFindObjects) { - error = CKR_OPERATION_NOT_INITIALIZED; - goto loser; - } - - nssCKFWFindObjects_Destroy(fwFindObjects); - error = nssCKFWSession_SetFWFindObjects(fwSession, - (NSSCKFWFindObjects *)NULL); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + error = CKR_OPERATION_NOT_INITIALIZED; + goto loser; + } + + nssCKFWFindObjects_Destroy(fwFindObjects); + error = nssCKFWSession_SetFWFindObjects(fwSession, + (NSSCKFWFindObjects *)NULL); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -2724,97 +2692,95 @@ NSSCKFWC_FindObjectsFinal * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_EncryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, - fwSession, fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2822,64 +2788,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Encrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen -) +NSSCKFWC_Encrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_CLOSED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2887,63 +2851,61 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_EncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Update(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -2951,61 +2913,59 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_EncryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen -) +NSSCKFWC_EncryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pLastEncryptedPart, pulLastEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastEncryptedPart, pulLastEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3013,97 +2973,95 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_DecryptInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, - fwSession, fwObject); - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3111,71 +3069,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Decrypt -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -) +NSSCKFWC_Decrypt( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3183,71 +3139,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Update(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3255,69 +3209,67 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen -) +NSSCKFWC_DecryptFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationState_EncryptDecrypt, - pLastPart, pulLastPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastPart, pulLastPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_FAILED: - case CKR_FUNCTION_CANCELED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_FAILED: + case CKR_FUNCTION_CANCELED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3325,85 +3277,83 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism -) +NSSCKFWC_DigestInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3411,62 +3361,60 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Digest -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -) +NSSCKFWC_Digest( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pData, ulDataLen, pDigest, pulDigestLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen, pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3474,59 +3422,57 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen -) +NSSCKFWC_DigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pData, ulDataLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3534,64 +3480,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_DigestKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestKey(fwSession, fwObject); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestKey(fwSession, fwObject); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_INDIGESTIBLE: - case CKR_KEY_SIZE_RANGE: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_INDIGESTIBLE: + case CKR_KEY_SIZE_RANGE: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3599,60 +3543,58 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen -) +NSSCKFWC_DigestFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pDigest, pulDigestLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3660,98 +3602,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_SignInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, - fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3759,66 +3699,64 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Sign -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_Sign( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - case CKR_FUNCTION_REJECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3826,61 +3764,59 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -) +NSSCKFWC_SignUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3888,63 +3824,61 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_SignFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - case CKR_FUNCTION_REJECTED: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -3952,98 +3886,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_SignRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, - fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4051,65 +3983,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen -) +NSSCKFWC_SignRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_SignRecover, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, pulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_SignRecover, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4117,98 +4047,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_VerifyInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, - fwObject); + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } - nssCKFWMechanism_Destroy(fwMechanism); + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } - if (CKR_OK == error) { - return CKR_OK; - } + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4216,65 +4144,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_Verify -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -) +NSSCKFWC_Verify( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pData, ulDataLen, pSignature, &ulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4282,60 +4208,58 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen -) +NSSCKFWC_VerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_DigestUpdate(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4343,62 +4267,60 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyFinal -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen -) +NSSCKFWC_VerifyFinal( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_Final(fwSession, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, &ulSignatureLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4406,98 +4328,96 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyRecoverInit -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey -) +NSSCKFWC_VerifyRecoverInit( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, - fwSession, fwObject); - - nssCKFWMechanism_Destroy(fwMechanism); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_FUNCTION_NOT_PERMITTED: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_CLOSED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4505,64 +4425,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_VerifyRecover -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen -) +NSSCKFWC_VerifyRecover( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateFinal(fwSession, - NSSCKFWCryptoOperationType_VerifyRecover, - NSSCKFWCryptoOperationState_SignVerify, - pSignature, ulSignatureLen, pData, pulDataLen); - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_VerifyRecover, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, ulSignatureLen, pData, pulDataLen); + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_INVALID: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SIGNATURE_INVALID: - case CKR_SIGNATURE_LEN_RANGE: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4570,64 +4488,62 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DigestEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_DigestEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4635,71 +4551,69 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptDigestUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptDigestUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationType_Digest, - NSSCKFWCryptoOperationState_Digest, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - case CKR_DATA_LEN_RANGE: - error = CKR_ENCRYPTED_DATA_LEN_RANGE; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4707,65 +4621,63 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SignEncryptUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen -) +NSSCKFWC_SignEncryptUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Encrypt, - NSSCKFWCryptoOperationType_Sign, - NSSCKFWCryptoOperationState_SignVerify, - pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4773,69 +4685,67 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DecryptVerifyUpdate -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen -) +NSSCKFWC_DecryptVerifyUpdate( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - error = nssCKFWSession_UpdateCombo(fwSession, - NSSCKFWCryptoOperationType_Decrypt, - NSSCKFWCryptoOperationType_Verify, - NSSCKFWCryptoOperationState_SignVerify, - pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DATA_LEN_RANGE: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_ENCRYPTED_DATA_INVALID: - case CKR_ENCRYPTED_DATA_LEN_RANGE: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_NOT_INITIALIZED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - break; - case CKR_DATA_INVALID: - error = CKR_ENCRYPTED_DATA_INVALID; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4843,106 +4753,104 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_GenerateKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - fwObject = nssCKFWMechanism_GenerateKey( - fwMechanism, - pMechanism, - fwSession, - pTemplate, - ulCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_GenerateKey( + fwMechanism, + pMechanism, + fwSession, + pTemplate, + ulCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -4950,121 +4858,119 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateKeyPair -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey -) +NSSCKFWC_GenerateKeyPair( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwPrivateKeyObject; - NSSCKFWObject *fwPublicKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - error= nssCKFWMechanism_GenerateKeyPair( - fwMechanism, - pMechanism, - fwSession, - pPublicKeyTemplate, - ulPublicKeyAttributeCount, - pPublicKeyTemplate, - ulPublicKeyAttributeCount, - &fwPublicKeyObject, - &fwPrivateKeyObject); - - nssCKFWMechanism_Destroy(fwMechanism); - if (CKR_OK != error) { - goto loser; - } - *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwPublicKeyObject, - &error); - if (CKR_OK != error) { - goto loser; - } - *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, - fwPrivateKeyObject, - &error); - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwPrivateKeyObject; + NSSCKFWObject *fwPublicKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_GenerateKeyPair( + fwMechanism, + pMechanism, + fwSession, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + &fwPublicKeyObject, + &fwPrivateKeyObject); + + nssCKFWMechanism_Destroy(fwMechanism); + if (CKR_OK != error) { + goto loser; + } + *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPublicKeyObject, + &error); + if (CKR_OK != error) { + goto loser; + } + *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPrivateKeyObject, + &error); + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5072,153 +4978,150 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_WrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen -) +NSSCKFWC_WrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwKeyObject; - NSSCKFWObject *fwWrappingKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - NSSItem wrappedKey; - CK_ULONG wrappedKeyLength = 0; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, - hWrappingKey); - if (!fwWrappingKeyObject) { - error = CKR_WRAPPING_KEY_HANDLE_INVALID; - goto loser; - } - - fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); - if (!fwKeyObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - /* + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwKeyObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + CK_ULONG wrappedKeyLength = 0; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hWrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + /* * first get the length... */ - wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - fwKeyObject, - &error); - if ((CK_ULONG) 0 == wrappedKeyLength) { - nssCKFWMechanism_Destroy(fwMechanism); - goto loser; - } - if ((CK_BYTE_PTR)NULL == pWrappedKey) { - *pulWrappedKeyLen = wrappedKeyLength; - nssCKFWMechanism_Destroy(fwMechanism); - return CKR_OK; - } - if (wrappedKeyLength > *pulWrappedKeyLen) { - *pulWrappedKeyLen = wrappedKeyLength; + wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &error); + if ((CK_ULONG)0 == wrappedKeyLength) { + nssCKFWMechanism_Destroy(fwMechanism); + goto loser; + } + if ((CK_BYTE_PTR)NULL == pWrappedKey) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + return CKR_OK; + } + if (wrappedKeyLength > *pulWrappedKeyLen) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + wrappedKey.data = pWrappedKey; + wrappedKey.size = wrappedKeyLength; + + error = nssCKFWMechanism_WrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &wrappedKey); + nssCKFWMechanism_Destroy(fwMechanism); - error = CKR_BUFFER_TOO_SMALL; - goto loser; - } - - - wrappedKey.data = pWrappedKey; - wrappedKey.size = wrappedKeyLength; - - error = nssCKFWMechanism_WrapKey( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - fwKeyObject, - &wrappedKey); - - nssCKFWMechanism_Destroy(fwMechanism); - *pulWrappedKeyLen = wrappedKey.size; - - if (CKR_OK == error) { - return CKR_OK; - } + *pulWrappedKeyLen = wrappedKey.size; + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_NOT_WRAPPABLE: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_UNEXTRACTABLE: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_WRAPPING_KEY_HANDLE_INVALID: - case CKR_WRAPPING_KEY_SIZE_RANGE: - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: - break; - case CKR_KEY_TYPE_INCONSISTENT: - error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_NOT_WRAPPABLE: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_UNEXTRACTABLE: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_WRAPPING_KEY_HANDLE_INVALID: + case CKR_WRAPPING_KEY_SIZE_RANGE: + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5226,145 +5129,143 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_UnwrapKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_UnwrapKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwWrappingKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - NSSItem wrappedKey; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, - hUnwrappingKey); - if (!fwWrappingKeyObject) { - error = CKR_WRAPPING_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - wrappedKey.data = pWrappedKey; - wrappedKey.size = ulWrappedKeyLen; - - fwObject = nssCKFWMechanism_UnwrapKey( - fwMechanism, - pMechanism, - fwSession, - fwWrappingKeyObject, - &wrappedKey, - pTemplate, - ulAttributeCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hUnwrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + wrappedKey.data = pWrappedKey; + wrappedKey.size = ulWrappedKeyLen; + + fwObject = nssCKFWMechanism_UnwrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + &wrappedKey, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: - case CKR_UNWRAPPING_KEY_SIZE_RANGE: - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: - case CKR_USER_NOT_LOGGED_IN: - case CKR_WRAPPED_KEY_INVALID: - case CKR_WRAPPED_KEY_LEN_RANGE: - break; - case CKR_KEY_HANDLE_INVALID: - error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; - break; - case CKR_KEY_SIZE_RANGE: - error = CKR_UNWRAPPING_KEY_SIZE_RANGE; - break; - case CKR_KEY_TYPE_INCONSISTENT: - error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; - break; - case CKR_ENCRYPTED_DATA_INVALID: - error = CKR_WRAPPED_KEY_INVALID; - break; - case CKR_ENCRYPTED_DATA_LEN_RANGE: - error = CKR_WRAPPED_KEY_LEN_RANGE; - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + case CKR_USER_NOT_LOGGED_IN: + case CKR_WRAPPED_KEY_INVALID: + case CKR_WRAPPED_KEY_LEN_RANGE: + break; + case CKR_KEY_HANDLE_INVALID: + error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; + break; + case CKR_KEY_SIZE_RANGE: + error = CKR_UNWRAPPING_KEY_SIZE_RANGE; + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; + break; + case CKR_ENCRYPTED_DATA_INVALID: + error = CKR_WRAPPED_KEY_INVALID; + break; + case CKR_ENCRYPTED_DATA_LEN_RANGE: + error = CKR_WRAPPED_KEY_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5372,119 +5273,117 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_DeriveKey -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey -) +NSSCKFWC_DeriveKey( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSCKFWObject *fwObject; - NSSCKFWObject *fwBaseKeyObject; - NSSCKFWSlot *fwSlot; - NSSCKFWToken *fwToken; - NSSCKFWMechanism *fwMechanism; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); - if (!fwBaseKeyObject) { - error = CKR_KEY_HANDLE_INVALID; - goto loser; - } - - fwSlot = nssCKFWSession_GetFWSlot(fwSession); - if (!fwSlot) { - error = CKR_GENERAL_ERROR; /* should never happen! */ - goto loser; - } - - if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { - error = CKR_TOKEN_NOT_PRESENT; - goto loser; - } - - fwToken = nssCKFWSlot_GetToken(fwSlot, &error); - if (!fwToken) { - goto loser; - } - - fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); - if (!fwMechanism) { - goto loser; - } - - fwObject = nssCKFWMechanism_DeriveKey( - fwMechanism, - pMechanism, - fwSession, - fwBaseKeyObject, - pTemplate, - ulAttributeCount, - &error); - - nssCKFWMechanism_Destroy(fwMechanism); - if (!fwObject) { - goto loser; - } - *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); - - if (CKR_OK == error) { - return CKR_OK; - } + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwBaseKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); + if (!fwBaseKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_DeriveKey( + fwMechanism, + pMechanism, + fwSession, + fwBaseKeyObject, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } loser: - /* verify error */ - switch( error ) { - case CKR_ARGUMENTS_BAD: - case CKR_ATTRIBUTE_READ_ONLY: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_VALUE_INVALID: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_DEVICE_REMOVED: - case CKR_DOMAIN_PARAMS_INVALID: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_KEY_HANDLE_INVALID: - case CKR_KEY_SIZE_RANGE: - case CKR_KEY_TYPE_INCONSISTENT: - case CKR_MECHANISM_INVALID: - case CKR_MECHANISM_PARAM_INVALID: - case CKR_OPERATION_ACTIVE: - case CKR_PIN_EXPIRED: - case CKR_SESSION_CLOSED: - case CKR_SESSION_HANDLE_INVALID: - case CKR_SESSION_READ_ONLY: - case CKR_TEMPLATE_INCOMPLETE: - case CKR_TEMPLATE_INCONSISTENT: - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - return error; + /* verify error */ + switch (error) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; } /* @@ -5492,76 +5391,74 @@ loser: * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_SeedRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen -) +NSSCKFWC_SeedRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem seed; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* We could read through the buffer in a Purify trap */ - - seed.size = (PRUint32)ulSeedLen; - seed.data = (void *)pSeed; - - error = nssCKFWSession_SeedRandom(fwSession, &seed); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_RANDOM_SEED_NOT_SUPPORTED: - case CKR_RANDOM_NO_RNG: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem seed; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pSeed) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* We could read through the buffer in a Purify trap */ + + seed.size = (PRUint32)ulSeedLen; + seed.data = (void *)pSeed; + + error = nssCKFWSession_SeedRandom(fwSession, &seed); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_SEED_NOT_SUPPORTED: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -5569,78 +5466,76 @@ NSSCKFWC_SeedRandom * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GenerateRandom -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen -) +NSSCKFWC_GenerateRandom( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen) { - CK_RV error = CKR_OK; - NSSCKFWSession *fwSession; - NSSItem buffer; - - if (!fwInstance) { - error = CKR_CRYPTOKI_NOT_INITIALIZED; - goto loser; - } - - fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); - if (!fwSession) { - error = CKR_SESSION_HANDLE_INVALID; - goto loser; - } - - if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { - error = CKR_ARGUMENTS_BAD; - goto loser; - } - - /* + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem buffer; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if ((CK_BYTE_PTR)CK_NULL_PTR == pRandomData) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* * A purify error here indicates caller error. */ - (void)nsslibc_memset(pRandomData, 0, ulRandomLen); - - buffer.size = (PRUint32)ulRandomLen; - buffer.data = (void *)pRandomData; - - error = nssCKFWSession_GetRandom(fwSession, &buffer); - - if( CKR_OK != error ) { - goto loser; - } - - return CKR_OK; - - loser: - switch( error ) { - case CKR_SESSION_CLOSED: - /* destroy session? */ - break; - case CKR_DEVICE_REMOVED: - /* (void)nssCKFWToken_Destroy(fwToken); */ - break; - case CKR_ARGUMENTS_BAD: - case CKR_CRYPTOKI_NOT_INITIALIZED: - case CKR_DEVICE_ERROR: - case CKR_DEVICE_MEMORY: - case CKR_FUNCTION_CANCELED: - case CKR_FUNCTION_FAILED: - case CKR_GENERAL_ERROR: - case CKR_HOST_MEMORY: - case CKR_OPERATION_ACTIVE: - case CKR_RANDOM_NO_RNG: - case CKR_SESSION_HANDLE_INVALID: - case CKR_USER_NOT_LOGGED_IN: - break; - default: - case CKR_OK: - error = CKR_GENERAL_ERROR; - break; - } - - return error; + (void)nsslibc_memset(pRandomData, 0, ulRandomLen); + + buffer.size = (PRUint32)ulRandomLen; + buffer.data = (void *)pRandomData; + + error = nssCKFWSession_GetRandom(fwSession, &buffer); + + if (CKR_OK != error) { + goto loser; + } + + return CKR_OK; + +loser: + switch (error) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; } /* @@ -5648,13 +5543,11 @@ NSSCKFWC_GenerateRandom * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_GetFunctionStatus -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_GetFunctionStatus( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - return CKR_FUNCTION_NOT_PARALLEL; + return CKR_FUNCTION_NOT_PARALLEL; } /* @@ -5662,11 +5555,9 @@ NSSCKFWC_GetFunctionStatus * */ NSS_IMPLEMENT CK_RV -NSSCKFWC_CancelFunction -( - NSSCKFWInstance *fwInstance, - CK_SESSION_HANDLE hSession -) +NSSCKFWC_CancelFunction( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession) { - return CKR_FUNCTION_NOT_PARALLEL; + return CKR_FUNCTION_NOT_PARALLEL; } |