wrap.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 3,172 行 · 第 1/5 页

  CK_VOID_PTR pReserved
)
{
  CK_RV error = CKR_OK;
  CK_ULONG nSlots;
  CK_BBOOL block;
  NSSCKFWSlot **slots;
  NSSCKFWSlot *fwSlot;
  CK_ULONG i;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  if( flags & ~CKF_DONT_BLOCK ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;

  nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  if( (CK_ULONG)0 == nSlots ) {
    goto loser;
  }

  if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  if( (NSSCKFWSlot **)NULL == slots ) {
    goto loser;
  }

  fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
  if( (NSSCKFWSlot *)NULL == fwSlot ) {
    goto loser;
  }

  for( i = 0; i < nSlots; i++ ) {
    if( fwSlot == slots[i] ) {
      *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
    }

    return CKR_OK;
  }

  error = CKR_GENERAL_ERROR; /* returned something not in the slot list */

 loser:
  switch( error ) {
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_NO_EVENT:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_GetMechanismList
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_GetMechanismList
(
  NSSCKFWInstance *fwInstance,
  CK_SLOT_ID slotID,
  CK_MECHANISM_TYPE_PTR pMechanismList,
  CK_ULONG_PTR pulCount
)
{
  CK_RV error = CKR_OK;
  CK_ULONG nSlots;
  NSSCKFWSlot **slots;
  NSSCKFWSlot *fwSlot;
  NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  CK_ULONG count;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  if( (CK_ULONG)0 == nSlots ) {
    goto loser;
  }

  if( (slotID < 1) || (slotID > nSlots) ) {
    error = CKR_SLOT_ID_INVALID;
    goto loser;
  }

  if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  if( (NSSCKFWSlot **)NULL == slots ) {
    goto loser;
  }

  fwSlot = slots[ slotID-1 ];

  if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
    error = CKR_TOKEN_NOT_PRESENT;
    goto loser;
  }

  fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  if( (NSSCKFWToken *)NULL == fwToken ) {
    goto loser;
  }

  count = nssCKFWToken_GetMechanismCount(fwToken);

  if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
    *pulCount = count;
    return CKR_OK;
  }

  if( *pulCount < count ) {
    *pulCount = count;
    error = CKR_BUFFER_TOO_SMALL;
    goto loser;
  }

  /*
   * A purify error here indicates caller error.
   */
  (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));

  *pulCount = count;

  if( 0 != count ) {
    error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
  } else {
    error = CKR_OK;
  }

  if( CKR_OK == error ) {
    return CKR_OK;
  }

 loser:
  switch( error ) {
  case CKR_DEVICE_REMOVED:
  case CKR_TOKEN_NOT_PRESENT:
    (void)nssCKFWToken_Destroy(fwToken);
    break;
  case CKR_BUFFER_TOO_SMALL:
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_DEVICE_ERROR:
  case CKR_DEVICE_MEMORY:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_SLOT_ID_INVALID:
  case CKR_TOKEN_NOT_RECOGNIZED:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_GetMechanismInfo
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_GetMechanismInfo
(
  NSSCKFWInstance *fwInstance,
  CK_SLOT_ID slotID,
  CK_MECHANISM_TYPE type,
  CK_MECHANISM_INFO_PTR pInfo
)
{
  CK_RV error = CKR_OK;
  CK_ULONG nSlots;
  NSSCKFWSlot **slots;
  NSSCKFWSlot *fwSlot;
  NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  NSSCKFWMechanism *fwMechanism;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  if( (CK_ULONG)0 == nSlots ) {
    goto loser;
  }

  if( (slotID < 1) || (slotID > nSlots) ) {
    error = CKR_SLOT_ID_INVALID;
    goto loser;
  }

  slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  if( (NSSCKFWSlot **)NULL == slots ) {
    goto loser;
  }

  fwSlot = slots[ slotID-1 ];

  if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
    error = CKR_TOKEN_NOT_PRESENT;
    goto loser;
  }

  if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  /*
   * A purify error here indicates caller error.
   */
  (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));

  fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  if( (NSSCKFWToken *)NULL == fwToken ) {
    goto loser;
  }

  fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
  if( (NSSCKFWMechanism *)NULL == fwMechanism ) {
    goto loser;
  }

  pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism);
  pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism);

  if( nssCKFWMechanism_GetInHardware(fwMechanism) ) {
    pInfo->flags |= CKF_HW;
  }

  /* More here... */

  return CKR_OK;

 loser:
  switch( error ) {
  case CKR_DEVICE_REMOVED:
  case CKR_TOKEN_NOT_PRESENT:
    (void)nssCKFWToken_Destroy(fwToken);
    break;
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_DEVICE_ERROR:
  case CKR_DEVICE_MEMORY:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_MECHANISM_INVALID:
  case CKR_SLOT_ID_INVALID:
  case CKR_TOKEN_NOT_RECOGNIZED:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_InitToken
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_InitToken
(
  NSSCKFWInstance *fwInstance,
  CK_SLOT_ID slotID,
  CK_CHAR_PTR pPin,
  CK_ULONG ulPinLen,
  CK_CHAR_PTR pLabel
)
{
  CK_RV error = CKR_OK;
  CK_ULONG nSlots;
  NSSCKFWSlot **slots;
  NSSCKFWSlot *fwSlot;
  NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  NSSItem pin;
  NSSUTF8 *label;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  if( (CK_ULONG)0 == nSlots ) {
    goto loser;
  }

  if( (slotID < 1) || (slotID > nSlots) ) {
    error = CKR_SLOT_ID_INVALID;
    goto loser;
  }

  slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  if( (NSSCKFWSlot **)NULL == slots ) {
    goto loser;
  }

  fwSlot = slots[ slotID-1 ];

  if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
    error = CKR_TOKEN_NOT_PRESENT;
    goto loser;
  }

  fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  if( (NSSCKFWToken *)NULL == fwToken ) {
    goto loser;
  }

  pin.size = (PRUint32)ulPinLen;
  pin.data = (void *)pPin;
  label = (NSSUTF8 *)pLabel; /* identity conversion */

  error = nssCKFWToken_InitToken(fwToken, &pin, label);
  if( CKR_OK != error ) {
    goto loser;
  }

  return CKR_OK;

 loser:
  switch( error ) {
  case CKR_DEVICE_REMOVED:
  case CKR_TOKEN_NOT_PRESENT:
    (void)nssCKFWToken_Destroy(fwToken);
    break;
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_DEVICE_ERROR:
  case CKR_DEVICE_MEMORY:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_PIN_INCORRECT:
  case CKR_PIN_LOCKED:
  case CKR_SESSION_EXISTS:
  case CKR_SLOT_ID_INVALID:
  case CKR_TOKEN_NOT_RECOGNIZED:
  case CKR_TOKEN_WRITE_PROTECTED:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_InitPIN
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_InitPIN
(
  NSSCKFWInstance *fwInstance,
  CK_SESSION_HANDLE hSession,
  CK_CHAR_PTR pPin,
  CK_ULONG ulPinLen
)
{
  CK_RV error = CKR_OK;
  NSSCKFWSession *fwSession;
  NSSItem pin, *arg;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  if( (NSSCKFWSession *)NULL == fwSession ) {
    error = CKR_SESSION_HANDLE_INVALID;
    goto loser;
  }

  if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
    arg = (NSSItem *)NULL;
  } else {
    arg = &pin;
    pin.size = (PRUint32)ulPinLen;
    pin.data = (void *)pPin;
  }

  error = nssCKFWSession_InitPIN(fwSession, arg);
  if( CKR_OK != error ) {
    goto loser;
  }

  return CKR_OK;

 loser:
  switch( error ) {
  case CKR_SESSION_CLOSED:
    /* destroy session? */
    break;
  case CKR_DEVICE_REMOVED:
    /* (void)nssCKFWToken_Destroy(fwToken); */
    break;
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_DEVICE_ERROR:
  case CKR_DEVICE_MEMORY:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_PIN_INVALID:
  case CKR_PIN_LEN_RANGE:
  case CKR_SESSION_READ_ONLY:
  case CKR_SESSION_HANDLE_INVALID:
  case CKR_TOKEN_WRITE_PROTECTED:
  case CKR_USER_NOT_LOGGED_IN:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_SetPIN
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_SetPIN
(
  NSSCKFWInstance *fwInstance,
  CK_SESSION_HANDLE hSession,
  CK_CHAR_PTR pOldPin,
  CK_ULONG ulOldLen,
  CK_CHAR_PTR pNewPin,
  CK_ULONG ulNewLen
)
{
  CK_RV error = CKR_OK;
  NSSCKFWSession *fwSession;
  NSSItem oldPin, newPin, *oldArg, *newArg;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
  if( (NSSCKFWSession *)NULL == fwSession ) {
    error = CKR_SESSION_HANDLE_INVALID;
    goto loser;
  }

  if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
    oldArg = (NSSItem *)NULL;
  } else {
    oldArg = &oldPin;
    oldPin.size = (PRUint32)ulOldLen;
    oldPin.data = (void *)pOldPin;
  }

  if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
    newArg = (NSSItem *)NULL;
  } else {
    newArg = &newPin;
    newPin.size = (PRUint32)ulNewLen;
    newPin.data = (void *)pNewPin;
  }

  error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
  if( CKR_OK != error ) {
    goto loser;
  }

  return CKR_OK;

 loser:
  switch( error ) {
  case CKR_SESSION_CLOSED:
    /* destroy session? */
    break;
  case CKR_DEVICE_REMOVED:
    /* (void)nssCKFWToken_Destroy(fwToken); */
    break;
  case CKR_CRYPTOKI_NOT_INITIALIZED:
  case CKR_DEVICE_ERROR:
  case CKR_DEVICE_MEMORY:
  case CKR_FUNCTION_FAILED:
  case CKR_GENERAL_ERROR:
  case CKR_HOST_MEMORY:
  case CKR_PIN_INCORRECT:
  case CKR_PIN_INVALID:
  case CKR_PIN_LEN_RANGE:
  case CKR_PIN_LOCKED:
  case CKR_SESSION_HANDLE_INVALID:
  case CKR_SESSION_READ_ONLY:
  case CKR_TOKEN_WRITE_PROTECTED:
    break;
  default:
  case CKR_OK:
    error = CKR_GENERAL_ERROR;
    break;
  }

  return error;
}

/*
 * NSSCKFWC_OpenSession
 *
 */
NSS_IMPLEMENT CK_RV
NSSCKFWC_OpenSession
(
  NSSCKFWInstance *fwInstance,
  CK_SLOT_ID slotID,
  CK_FLAGS flags,
  CK_VOID_PTR pApplication,
  CK_NOTIFY Notify,
  CK_SESSION_HANDLE_PTR phSession
)
{
  CK_RV error = CKR_OK;
  CK_ULONG nSlots;
  NSSCKFWSlot **slots;
  NSSCKFWSlot *fwSlot;
  NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
  NSSCKFWSession *fwSession;
  CK_BBOOL rw;

  if( (NSSCKFWInstance *)NULL == fwInstance ) {
    error = CKR_CRYPTOKI_NOT_INITIALIZED;
    goto loser;
  }

  nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
  if( (CK_ULONG)0 == nSlots ) {
    goto loser;
  }

  if( (slotID < 1) || (slotID > nSlots) ) {
    error = CKR_SLOT_ID_INVALID;
    goto loser;
  }

  if( flags & CKF_RW_SESSION ) {
    rw = CK_TRUE;
  } else {
    rw = CK_FALSE;
  }

  if( flags & CKF_SERIAL_SESSION ) {
    ;
  } else {
    error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
    goto loser;
  }

  if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
    error = CKR_ARGUMENTS_BAD;
    goto loser;
  }

  /*
   * A purify error here indicates caller error.
   */
  *phSession = (CK_SESSION_HANDLE)0;

  slots = nssCKFWInstance_GetSlots(fwInstance, &error);
  if( (NSSCKFWSlot **)NULL == slots ) {
    goto loser;
  }

  fwSlot = slots[ slotID-1 ];

  if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
    error = CKR_TOKEN_NOT_PRESENT;
    goto loser;
  }

  fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
  if( (NSSCKFWToken *)NULL == fwToken ) {
    goto loser;
  }

  fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
               Notify, &error);
  if( (NSSCKFWSession *)NULL == fwSession ) {
    goto loser;
  }

  *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
                 fwSession, &error);
  if( (CK_SESSION_HANDLE)0 == *phSession ) {
    goto loser;
  }

  return CKR_OK;