CA认证

开发平台：

WINDOWS

fortpk11.c：源码内容

PORT_Memcpy (pInfo, &mechanisms[i].domestic, sizeof (CK_MECHANISM_INFO));
FORT11_RETURN (CKR_OK);
}
}
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
/* C_InitToken initializes a token. */
PR_PUBLIC_API(CK_RV) C_InitToken(CK_SLOT_ID slotID,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen,
CK_CHAR_PTR pLabel) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_InitPIN initializes the normal user's PIN. */
PR_PUBLIC_API(CK_RV) C_InitPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_SetPIN modifies the PIN of user that is currently logged in. */
/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
PR_PUBLIC_API(CK_RV) C_SetPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pOldPin,
CK_ULONG ulOldLen,
CK_CHAR_PTR pNewPin,
CK_ULONG ulNewLen) {
FORT11_ENTER()
#ifndef SWFORT
CI_PIN ciOldPin, ciNewPin;
#endif
PK11Session *session;
PK11Slot *slot;
int rv;
session = fort11_SessionFromHandle (hSession, PR_FALSE);
slot = fort11_SlotFromSession (session);
SLOT_OK(slot->slotID)
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
rv = MACI_Select (fortezzaSockets[slot->slotID-1].maciSession, slot->slotID);
CARD_OK (rv)
if (slot->needLogin && session->info.state != CKS_RW_USER_FUNCTIONS) {
fort11_FreeSession (session);
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
}
fort11_FreeSession (session);
if (ulNewLen > CI_PIN_SIZE || ulOldLen > CI_PIN_SIZE)
FORT11_RETURN (CKR_PIN_LEN_RANGE);
#ifndef SWFORT
fort11_convertToCIPin (ciOldPin,pOldPin, ulOldLen);
fort11_convertToCIPin (ciNewPin,pNewPin, ulNewLen);
rv = MACI_ChangePIN (fortezzaSockets[slot->slotID-1].maciSession,
CI_USER_PIN, ciOldPin, ciNewPin);
#else
rv = MACI_ChangePIN (fortezzaSockets[slot->slotID-1].maciSession,
CI_USER_PIN, pOldPin, pNewPin);
#endif
if (rv != CI_OK) {
switch (rv) {
case CI_FAIL:
FORT11_RETURN (CKR_PIN_INCORRECT);
default:
FORT11_RETURN (CKR_DEVICE_ERROR);
}
}
FORT11_RETURN (CKR_OK);
}
/* C_OpenSession opens a session between an application and a token. */
PR_PUBLIC_API(CK_RV) C_OpenSession(CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession) {
FORT11_ENTER()
PK11Slot *slot;
CK_SESSION_HANDLE sessionID;
PK11Session *session;
FortezzaSocket *socket;
SLOT_OK (slotID)
slot = &fort11_slot[slotID-1];
socket = &fortezzaSockets[slotID-1];
if (!socket->isOpen) {
if (InitSocket(socket, slotID) != SOCKET_SUCCESS) {
FORT11_RETURN (CKR_TOKEN_NOT_PRESENT);
}
}
session = fort11_NewSession (slotID, Notify, pApplication,
flags | CKF_SERIAL_SESSION);
if (session == NULL) FORT11_RETURN (CKR_HOST_MEMORY);
FMUTEX_Lock(slot->sessionLock);
slot->sessionIDCount += ADD_NEXT_SESS_ID;
sessionID = slot->sessionIDCount;
fort11_update_state (slot, session);
pk11queue_add (session, sessionID, slot->head, SESSION_HASH_SIZE);
slot->sessionCount++;
if (session->info.flags & CKF_RW_SESSION) {
slot->rwSessionCount++;
}
session->handle = sessionID;
session->info.ulDeviceError = 0;
FMUTEX_Unlock(slot->sessionLock);
*phSession = sessionID;
FORT11_RETURN (CKR_OK);
}
/* C_CloseSession closes a session between an application and a token. */
PR_PUBLIC_API(CK_RV) C_CloseSession(CK_SESSION_HANDLE hSession) {
FORT11_ENTER()
PK11Slot *slot;
PK11Session *session;
session = fort11_SessionFromHandle (hSession, PR_TRUE);
slot = fort11_SlotFromSessionHandle (hSession);
if (session == NULL) {
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
FMUTEX_Lock(slot->sessionLock);
if (session->next || session->prev) {
session->refCount--;
if (session->info.flags & CKF_RW_SESSION) {
slot->rwSessionCount--;
}
if (slot->sessionCount == 0) {
slot->isLoggedIn = PR_FALSE;
slot->password = NULL;
}
}
FMUTEX_Unlock(slot->sessionLock);
fort11_FreeSession (session);
FORT11_RETURN (CKR_OK);
}
/* C_CloseAllSessions closes all sessions with a token. */
PR_PUBLIC_API(CK_RV) C_CloseAllSessions (CK_SLOT_ID slotID) {
FORT11_ENTER()
PK11Slot *slot;
PK11Session *session;
int i;
slot = fort11_SlotFromID(slotID);
if (slot == NULL) FORT11_RETURN (CKR_SLOT_ID_INVALID);
/* first log out the card */
FMUTEX_Lock(slot->sessionLock);
slot->isLoggedIn = PR_FALSE;
slot->password = NULL;
FMUTEX_Unlock(slot->sessionLock);
/* now close all the current sessions */
/* NOTE: If you try to open new sessions before C_CloseAllSessions
* completes, some of those new sessions may or may not be closed by
* C_CloseAllSessions... but any session running when this code starts
* will guarrenteed be close, and no session will be partially closed */
for (i=0; i < SESSION_HASH_SIZE; i++) {
do {
FMUTEX_Lock(slot->sessionLock);
session = slot->head[i];
/* hand deque */
/* this duplicates much of C_close session functionality, but because
* we know that we are freeing all the sessions, we and do some
* more efficient processing */
if (session) {
slot->head[i] = session->next;
if (session->next) session->next->prev = NULL;
session->next = session->prev = NULL;
slot->sessionCount--;
if (session->info.flags & CKF_RW_SESSION) {
slot->rwSessionCount--;
}
}
FMUTEX_Unlock(slot->sessionLock);
if (session) fort11_FreeSession(session);
} while (session != NULL);
}
FORT11_RETURN (CKR_OK);
}
/* C_GetSessionInfo obtains information about the session. */
PR_PUBLIC_API(CK_RV) C_GetSessionInfo(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo) {
FORT11_ENTER()
PK11Session *session;
PK11Slot *slot;
CI_STATE cardState;
FortezzaSocket *socket;
int ciRV;
session = fort11_SessionFromHandle (hSession, PR_FALSE);
slot = fort11_SlotFromSessionHandle(hSession);
socket = &fortezzaSockets[slot->slotID-1];
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
PORT_Memcpy (pInfo, &session->info, sizeof (CK_SESSION_INFO));
fort11_FreeSession(session);
ciRV = MACI_Select(socket->maciSession, slot->slotID);
CARD_OK(ciRV)
ciRV = MACI_GetState(socket->maciSession, &cardState);
CARD_OK(ciRV)
if (socket->isLoggedIn) {
switch (cardState) {
case CI_POWER_UP:
case CI_UNINITIALIZED:
case CI_INITIALIZED:
case CI_SSO_INITIALIZED:
case CI_LAW_INITIALIZED:
case CI_USER_INITIALIZED:
pInfo->state = CKS_RO_PUBLIC_SESSION;
break;
case CI_STANDBY:
case CI_READY:
pInfo->state = CKS_RO_USER_FUNCTIONS;
break;
default:
pInfo->state = CKS_RO_PUBLIC_SESSION;
break;
}
} else {
pInfo->state = CKS_RO_PUBLIC_SESSION;
}
FORT11_RETURN (CKR_OK);
}
/* C_Login logs a user into a token. */
PR_PUBLIC_API(CK_RV) C_Login(CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen) {
FORT11_ENTER()
PK11Slot *slot;
PK11Session *session;
#ifndef SWFORT
CI_PIN ciPin;
#endif
int rv, ciUserType;
slot = fort11_SlotFromSessionHandle (hSession);
session = fort11_SessionFromHandle(hSession, PR_FALSE);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
fort11_FreeSession(session);
if (slot->isLoggedIn) FORT11_RETURN (CKR_USER_ALREADY_LOGGED_IN);
slot->ssoLoggedIn = PR_FALSE;
#ifndef SWFORT
if (ulPinLen > CI_PIN_SIZE) FORT11_RETURN (CKR_PIN_LEN_RANGE);
fort11_convertToCIPin (ciPin, pPin, ulPinLen);
#endif
switch (userType) {
case CKU_SO:
ciUserType = CI_SSO_PIN;
break;
case CKU_USER:
ciUserType = CI_USER_PIN;
break;
default:
FORT11_RETURN (CKR_USER_TYPE_INVALID);
}
#ifndef SWFORT
rv = LoginToSocket(&fortezzaSockets[slot->slotID-1], ciUserType, ciPin);
#else
rv = LoginToSocket(&fortezzaSockets[slot->slotID-1], ciUserType, pPin);
#endif
switch (rv) {
case SOCKET_SUCCESS:
break;
case CI_FAIL:
FORT11_RETURN (CKR_PIN_INCORRECT);
default:
FORT11_RETURN (CKR_DEVICE_ERROR);
}
FMUTEX_Lock(slot->sessionLock);
slot->isLoggedIn = PR_TRUE;
if (userType == CKU_SO) {
slot->ssoLoggedIn = PR_TRUE;
}
FMUTEX_Unlock(slot->sessionLock);
fort11_update_all_states(slot);
FORT11_RETURN (CKR_OK);
}
/* C_Logout logs a user out from a token. */
PR_PUBLIC_API(CK_RV) C_Logout(CK_SESSION_HANDLE hSession) {
FORT11_ENTER()
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (!slot->isLoggedIn)
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
FMUTEX_Lock(slot->sessionLock);
slot->isLoggedIn = PR_FALSE;
slot->ssoLoggedIn = PR_FALSE;
slot->password = NULL;
LogoutFromSocket (&fortezzaSockets[slot->slotID-1]);
FMUTEX_Unlock(slot->sessionLock);
fort11_update_all_states(slot);
FORT11_RETURN (CKR_OK);
}
/* C_CreateObject creates a new object. */
PR_PUBLIC_API(CK_RV) C_CreateObject(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_CopyObject copies an object, creating a new object for the copy. */
PR_PUBLIC_API(CK_RV) C_CopyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DestroyObject destroys an object. */
PR_PUBLIC_API(CK_RV) C_DestroyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject) {
FORT11_ENTER()
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Session *session;
PK11Object *object;
PK11FreeStatus status;
/*
* This whole block just makes sure we really can destroy the
* requested object.
*/
session = fort11_SessionFromHandle(hSession, PR_FALSE);
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
object = fort11_ObjectFromHandle(hObject,session);
if (object == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OBJECT_HANDLE_INVALID);
}
/* don't destroy a private object if we aren't logged in */
if ((!slot->isLoggedIn) && (slot->needLogin) &&
(fort11_isTrue(object,CKA_PRIVATE))) {
fort11_FreeSession(session);
fort11_FreeObject(object);
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
}
/* don't destroy a token object if we aren't in a rw session */
if (((session->info.flags & CKF_RW_SESSION) == 0) &&
(fort11_isTrue(object,CKA_TOKEN))) {
fort11_FreeSession(session);
fort11_FreeObject(object);
FORT11_RETURN (CKR_SESSION_READ_ONLY);
}
/* ACTUALLY WE NEED TO DEAL WITH TOKEN OBJECTS AS WELL */
FMUTEX_Lock(session->objectLock);
fort11_DeleteObject(session,object);
FMUTEX_Unlock(session->objectLock);
fort11_FreeSession(session);
/*
* get some indication if the object is destroyed. Note: this is not
* 100%. Someone may have an object reference outstanding (though that
* should not be the case by here. Also now that the object is "half"
* destroyed. Our internal representation is destroyed, but it is still
* in the data base.
*/
status = fort11_FreeObject(object);
FORT11_RETURN ((status != PK11_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR);
}
/* C_GetObjectSize gets the size of an object in bytes. */
PR_PUBLIC_API(CK_RV) C_GetObjectSize(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ULONG_PTR pulSize) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
*pulSize = 0;
return CKR_OK;
}
/* C_GetAttributeValue obtains the value of one or more object attributes. */
PR_PUBLIC_API(CK_RV) C_GetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount) {
FORT11_ENTER()
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Session *session;
PK11Object *object;
PK11Attribute *attribute;
PRBool sensitive;
int i;
/*
* make sure we're allowed
*/
session = fort11_SessionFromHandle(hSession, PR_FALSE);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
object = fort11_ObjectFromHandle(hObject,session);
fort11_FreeSession(session);
if (object == NULL) {
FORT11_RETURN (CKR_OBJECT_HANDLE_INVALID);
}
/* don't read a private object if we aren't logged in */
if ((!slot->isLoggedIn) && (slot->needLogin) &&
(fort11_isTrue(object,CKA_PRIVATE))) {
fort11_FreeObject(object);
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
}
sensitive = fort11_isTrue(object,CKA_SENSITIVE);
for (i=0; i < (int)ulCount; i++) {
/* Make sure that this attribute is retrievable */
if (sensitive && fort11_isSensitive(pTemplate[i].type,object->objclass)) {
fort11_FreeObject(object);
FORT11_RETURN (CKR_ATTRIBUTE_SENSITIVE);
}
attribute = fort11_FindAttribute(object,pTemplate[i].type);
if (attribute == NULL) {
fort11_FreeObject(object);
FORT11_RETURN (CKR_ATTRIBUTE_TYPE_INVALID);
}
if (pTemplate[i].pValue != NULL) {
PORT_Memcpy(pTemplate[i].pValue,attribute->attrib.pValue,
attribute->attrib.ulValueLen);
}
pTemplate[i].ulValueLen = attribute->attrib.ulValueLen;
fort11_FreeAttribute(attribute);
}
fort11_FreeObject(object);
FORT11_RETURN (CKR_OK);
}
/* C_SetAttributeValue modifies the value of one or more object attributes */
PR_PUBLIC_API(CK_RV) C_SetAttributeValue (CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_FindObjectsInit initializes a search for token and session objects
* that match a template. */
PR_PUBLIC_API(CK_RV) C_FindObjectsInit(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount) {
FORT11_ENTER()
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Session *session;
PK11ObjectListElement *objectList = NULL;
PK11ObjectListElement *olp;
PK11SearchResults *search, *freeSearch;
FortezzaSocket *currSocket;
int rv, count, i;
if (slot == NULL) {
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if ((!slot->isLoggedIn) && (slot->needLogin))
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
session = fort11_SessionFromHandle(hSession, PR_FALSE);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
currSocket = &fortezzaSockets[slot->slotID-1];
if (currSocket->personalityList == NULL) {
rv = FetchPersonalityList(currSocket);
if (rv != SOCKET_SUCCESS) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
rv = fort11_BuildCertObjects(currSocket, slot, session);
if (rv != CKR_OK) {
fort11_FreeSession(session);
FORT11_RETURN (rv);
}
}
rv = fort11_searchObjectList(&objectList, slot->tokObjects,
slot->objectLock, pTemplate, ulCount);
if (rv != CKR_OK) {
fort11_FreeObjectList(objectList);
fort11_FreeSession(session);
FORT11_RETURN (rv);
}
/*copy list to session*/
count = 0;
for(olp = objectList; olp != NULL; olp = olp->next) {
count++;
}
search = (PK11SearchResults *)PORT_Alloc(sizeof(PK11SearchResults));
if (search != NULL) {
search->handles = (CK_OBJECT_HANDLE *)
PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * count);
if (search->handles != NULL) {
for (i=0; i < count; i++) {
search->handles[i] = objectList->object->handle;
objectList = fort11_FreeObjectListElement(objectList);
}
} else {
PORT_Free(search);
search = NULL;
}
}
if (search == NULL) {
fort11_FreeObjectList(objectList);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* store the search info */
search->index = 0;
search->size = count;
if ((freeSearch = session->search) != NULL) {
session->search = NULL;
fort11_FreeSearch(freeSearch);
}
session->search = search;
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_FindObjects continues a search for token and session objects
* that match a template, obtaining additional object handles. */
PR_PUBLIC_API(CK_RV) C_FindObjects(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount) {
FORT11_ENTER()
PK11Session *session;
PK11SearchResults *search;
PK11Slot *slot;
int transfer;
unsigned long left;
*pulObjectCount = 0;
session = fort11_SessionFromHandle(hSession,PR_FALSE);
slot = fort11_SlotFromSessionHandle(hSession);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (session->search == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
search = session->search;
left = session->search->size - session->search->index;
transfer = (ulMaxObjectCount > left) ? left : ulMaxObjectCount;
PORT_Memcpy(phObject,&search->handles[search->index],
transfer*sizeof(CK_OBJECT_HANDLE_PTR));
search->index += transfer;
if (search->index == search->size) {
session->search = NULL;
fort11_FreeSearch(search);
}
fort11_FreeSession(session);
*pulObjectCount = transfer;
FORT11_RETURN (CKR_OK);
}
/* C_FindObjectsFinal finishes a search for token and session objects. */
PR_PUBLIC_API(CK_RV) C_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
FORT11_ENTER()
PK11Session *session;
PK11SearchResults *search;
PK11Slot *slot;
session = fort11_SessionFromHandle(hSession, PR_FALSE);
slot = fort11_SlotFromSessionHandle(hSession);
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
search = session->search;
session->search = NULL;
if (search == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
fort11_FreeSearch(search);
/* UnloadPersonalityList(&fortezzaSockets[session->slot->slotID-1]); */
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_EncryptInit initializes an encryption operation. */
PR_PUBLIC_API(CK_RV) C_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Object *keyObject;
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
HSESSION hs = socket->maciSession;
FortezzaKey *fortezzaKey;
CI_IV fortezzaIV;
int ciRV, registerIndex;
if (pMechanism->mechanism != CKM_SKIPJACK_CBC64) {
if (session) {
fort11_FreeSession(session);
}
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
keyObject = fort11_ObjectFromHandle (hKey, session);
if (keyObject == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
ciRV = MACI_Select (hs, slot->slotID);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
ciRV = MACI_SetMode(hs, CI_ENCRYPT_TYPE, CI_CBC64_MODE);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
/*Load the correct key into a key register*/
fortezzaKey = (FortezzaKey*)keyObject->objectInfo;
fort11_FreeObject (keyObject);
if (fortezzaKey == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
if (fortezzaKey->keyRegister == KeyNotLoaded) {
registerIndex = LoadKeyIntoRegister (fortezzaKey);
} else {
registerIndex = fortezzaKey->keyRegister;
}
if (registerIndex == KeyNotLoaded) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
ciRV = MACI_SetKey (hs,registerIndex);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
ciRV = MACI_GenerateIV(hs, fortezzaIV);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
context = &session->fortezzaContext;
InitContext(context, socket, hKey);
ciRV = SaveState(context, fortezzaIV, session, fortezzaKey,
CI_ENCRYPT_EXT_TYPE, pMechanism->mechanism);
if (ciRV != SOCKET_SUCCESS) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
if (pMechanism->pParameter != NULL &&
pMechanism->ulParameterLen >= sizeof(CI_IV)) {
PORT_Memcpy (pMechanism->pParameter, fortezzaIV, sizeof(CI_IV));
}
InitCryptoOperation(context, Encrypt);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_Encrypt encrypts single-part data. */
PR_PUBLIC_API(CK_RV) C_Encrypt (CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
HSESSION hs;
CK_RV rv;
if (session == NULL) {
session = fort11_SessionFromHandle (hSession , PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
if (GetCryptoOperation(context) != Encrypt) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
}
*pulEncryptedDataLen = ulDataLen;
if (pEncryptedData == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
hs = socket->maciSession;
FMUTEX_Lock(socket->registersLock);
MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
rv = EncryptData (context, pData, ulDataLen,
pEncryptedData, *pulEncryptedDataLen);
MACI_Unlock(hs);
FMUTEX_Unlock(socket->registersLock);
if (rv != SOCKET_SUCCESS) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
EndCryptoOperation(context, Encrypt);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_EncryptUpdate continues a multiple-part encryption operation. */
PR_PUBLIC_API(CK_RV) C_EncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
int rv;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
if (GetCryptoOperation(context) != Encrypt) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
}
if (pEncryptedPart == NULL) {
*pulEncryptedPartLen = ulPartLen;
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
if (*pulEncryptedPartLen < ulPartLen) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
}
*pulEncryptedPartLen = ulPartLen;
FMUTEX_Lock(socket->registersLock);
MACI_Lock(socket->maciSession, CI_BLOCK_LOCK_FLAG);
rv = EncryptData(context,pPart, ulPartLen, pEncryptedPart,
*pulEncryptedPartLen);
MACI_Unlock(socket->maciSession);
FMUTEX_Unlock(socket->registersLock);
fort11_FreeSession(session);
if (rv != SOCKET_SUCCESS) {
FORT11_RETURN (CKR_GENERAL_ERROR);
}
FORT11_RETURN (CKR_OK);
}
/* C_EncryptFinal finishes a multiple-part encryption operation. */
PR_PUBLIC_API(CK_RV) C_EncryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen){
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaContext *context;
int rv;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
rv = EndCryptoOperation(context, Encrypt);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_DecryptInit initializes a decryption operation. */
PR_PUBLIC_API(CK_RV) C_DecryptInit( CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Object *keyObject;
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
HSESSION hs = socket->maciSession;
FortezzaKey *fortezzaKey;
CI_IV fortezzaIV;
int ciRV, registerIndex;
if (pMechanism->mechanism != CKM_SKIPJACK_CBC64) {
if (session) fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
keyObject = fort11_ObjectFromHandle (hKey, session);
if (keyObject == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
fortezzaKey = (FortezzaKey*)keyObject->objectInfo;
fort11_FreeObject(keyObject);
if (fortezzaKey == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
ciRV = MACI_Select (hs, slot->slotID);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
ciRV = MACI_SetMode(hs, CI_DECRYPT_TYPE, CI_CBC64_MODE);
if (ciRV != CI_OK) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
FMUTEX_Lock(socket->registersLock);
if (fortezzaKey->keyRegister == KeyNotLoaded) {
registerIndex = LoadKeyIntoRegister(fortezzaKey);
} else {
registerIndex = fortezzaKey->keyRegister;
}
if (registerIndex == KeyNotLoaded) {
FMUTEX_Unlock(socket->registersLock);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
if (pMechanism->pParameter == NULL ||
pMechanism->ulParameterLen < sizeof (CI_IV)) {
FORT11_RETURN (CKR_MECHANISM_PARAM_INVALID);
}
PORT_Memcpy (fortezzaIV, pMechanism->pParameter, sizeof(CI_IV));
ciRV = MACI_SetKey (hs, registerIndex);
if (ciRV != CI_OK) {
FMUTEX_Unlock(socket->registersLock);
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
ciRV = MACI_LoadIV (hs, fortezzaIV);
if (ciRV != CI_OK) {
FMUTEX_Unlock(socket->registersLock);
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
context = &session->fortezzaContext;
InitContext(context, socket, hKey);
ciRV = SaveState (context, fortezzaIV, session, fortezzaKey,
CI_DECRYPT_EXT_TYPE, pMechanism->mechanism);
FMUTEX_Unlock(socket->registersLock);
if (ciRV != SOCKET_SUCCESS) {
FORT11_RETURN (CKR_GENERAL_ERROR);
}
InitCryptoOperation (context, Decrypt);
fort11_FreeSession (session);
FORT11_RETURN (CKR_OK);
}
/* C_Decrypt decrypts encrypted data in a single part. */
PR_PUBLIC_API(CK_RV) C_Decrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
HSESSION hs;
CK_RV rv;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
if (GetCryptoOperation(context) != Decrypt) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
}
*pulDataLen = ulEncryptedDataLen;
if (pData == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
hs = socket->maciSession;
FMUTEX_Lock(socket->registersLock);
MACI_Lock(hs, CI_NULL_FLAG);
rv = DecryptData (context, pEncryptedData, ulEncryptedDataLen,
pData, *pulDataLen);
MACI_Unlock(hs);
FMUTEX_Unlock(socket->registersLock);
if (rv != SOCKET_SUCCESS) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
EndCryptoOperation (context, Decrypt);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_DecryptUpdate continues a multiple-part decryption operation. */
PR_PUBLIC_API(CK_RV) C_DecryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
HSESSION hs;
int rv;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession (session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
hs = socket->maciSession;
if (GetCryptoOperation(context) != Decrypt) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
}
if (pPart == NULL) {
*pulPartLen = ulEncryptedPartLen;
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
*pulPartLen = ulEncryptedPartLen;
FMUTEX_Lock(socket->registersLock);
MACI_Lock (hs, CI_NULL_FLAG);
rv = DecryptData (context, pEncryptedPart, ulEncryptedPartLen, pPart,
*pulPartLen);
MACI_Unlock(hs);
FMUTEX_Unlock(socket->registersLock);
fort11_FreeSession(session);
if (rv != SOCKET_SUCCESS) {
FORT11_RETURN (CKR_GENERAL_ERROR);
}
FORT11_RETURN (CKR_OK);
}
/* C_DecryptFinal finishes a multiple-part decryption operation. */
PR_PUBLIC_API(CK_RV) C_DecryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaContext *context;
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
EndCryptoOperation (context, Decrypt);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/*
************** Crypto Functions: Digest (HASH) ************************
*/
/* C_DigestInit initializes a message-digesting operation. */
PR_PUBLIC_API(CK_RV) C_DigestInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_Digest digests data in a single part. */
PR_PUBLIC_API(CK_RV) C_Digest(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DigestUpdate continues a multiple-part message-digesting operation. */
PR_PUBLIC_API(CK_RV) C_DigestUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DigestFinal finishes a multiple-part message-digesting operation. */
PR_PUBLIC_API(CK_RV) C_DigestFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/*
************** Crypto Functions: Sign ************************
*/
/* C_SignInit initializes a signature (private key encryption) operation,
* where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature */
PR_PUBLIC_API(CK_RV) C_SignInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Object *keyObject;
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
FortezzaContext *context;
PK11Attribute *idAttribute;
int personalityIndex;
HSESSION hs = socket->maciSession;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (pMechanism->mechanism != CKM_DSA) {
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
keyObject = fort11_ObjectFromHandle (hKey, session);
if (keyObject == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
context = &session->fortezzaContext;
InitContext(context, socket, hKey);
InitCryptoOperation (context, Sign);
fort11_FreeSession(session);
idAttribute = fort11_FindAttribute(keyObject, CKA_ID);
fort11_FreeObject(keyObject);
if (idAttribute == NULL) {
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
personalityIndex = *(int*)(idAttribute->attrib.pValue);
fort11_FreeAttribute(idAttribute);
MACI_Select (hs, slot->slotID);
if (MACI_SetPersonality (hs,personalityIndex) != CI_OK) {
FORT11_RETURN (CKR_GENERAL_ERROR);
}
FORT11_RETURN (CKR_OK);
}
/* C_Sign signs (encrypts with private key) data in a single part,
* where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature */
PR_PUBLIC_API(CK_RV) C_Sign(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaContext *context;
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
HSESSION hs = socket->maciSession;
PK11Object *keyObject;
PK11Attribute *idAttribute;
int ciRV, personalityIndex;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
context = &session->fortezzaContext;
if (GetCryptoOperation(context) != Sign) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_OPERATION_NOT_INITIALIZED);
}
if (pSignature == NULL) {
*pulSignatureLen = 40;
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
if (ulDataLen > 20) {
FORT11_RETURN (CKR_DATA_LEN_RANGE);
}
if (*pulSignatureLen < 40) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
}
*pulSignatureLen = 40;
keyObject = fort11_ObjectFromHandle(context->hKey, session);
if (keyObject == NULL) {
fort11_FreeSession(session);
FORT11_RETURN(CKR_GENERAL_ERROR);
}
idAttribute = fort11_FindAttribute(keyObject, CKA_ID);
fort11_FreeObject(keyObject);
personalityIndex = *(int*)(idAttribute->attrib.pValue);
fort11_FreeAttribute(idAttribute);
MACI_Select(hs, slot->slotID);
MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
ciRV = MACI_SetPersonality(hs, personalityIndex);
if (ciRV != CI_OK) {
MACI_Unlock(hs);
fort11_FreeSession(session);
FORT11_RETURN(CKR_DEVICE_ERROR);
}
ciRV = MACI_Sign (hs, pData, pSignature);
if (ciRV != CI_OK) {
MACI_Unlock(hs);
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
MACI_Unlock(hs);
EndCryptoOperation (context, Sign);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
/* C_SignUpdate continues a multiple-part signature operation,
* where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature */
PR_PUBLIC_API(CK_RV) C_SignUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_SignFinal finishes a multiple-part signature operation,
* FORT11_RETURNing the signature. */
PR_PUBLIC_API(CK_RV) C_SignFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/*
************** Crypto Functions: Sign Recover ************************
*/
/* C_SignRecoverInit initializes a signature operation,
* where the (digest) data can be recovered from the signature.
* E.g. encryption with the user's private key */
PR_PUBLIC_API(CK_RV) C_SignRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_SignRecover signs data in a single operation
* where the (digest) data can be recovered from the signature.
* E.g. encryption with the user's private key */
PR_PUBLIC_API(CK_RV) C_SignRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/*
************** Crypto Functions: verify ************************
*/
/* C_VerifyInit initializes a verification operation,
* where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature (e.g. DSA) */
PR_PUBLIC_API(CK_RV) C_VerifyInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_Verify verifies a signature in a single-part operation,
* where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature */
PR_PUBLIC_API(CK_RV) C_Verify(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_VerifyUpdate continues a multiple-part verification operation,
* where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature */
PR_PUBLIC_API(CK_RV) C_VerifyUpdate( CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_VerifyFinal finishes a multiple-part verification operation,
* checking the signature. */
PR_PUBLIC_API(CK_RV) C_VerifyFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/*
************** Crypto Functions: Verify Recover ************************
*/
/* C_VerifyRecoverInit initializes a signature verification operation,
* where the data is recovered from the signature.
* E.g. Decryption with the user's public key */
PR_PUBLIC_API(CK_RV) C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey) {
/* For functions that don't access globals, we don't have to worry about the
* stack.
*/
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_VerifyRecover verifies a signature in a single-part operation,
* where the data is recovered from the signature.
* E.g. Decryption with the user's public key */
PR_PUBLIC_API(CK_RV) C_VerifyRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/*
**************************** Key Functions: ************************
*/
#define MAX_KEY_LEN 256
/* C_GenerateKey generates a secret key, creating a new key object. */
PR_PUBLIC_API(CK_RV) C_GenerateKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
PK11Object *key;
FortezzaKey *newKey;
int i, keyRegister;
CK_ULONG key_length = 0;
CK_RV crv = CKR_OK;
CK_OBJECT_CLASS secretKey = CKO_SECRET_KEY;
CK_BBOOL False = FALSE;
CK_BBOOL cktrue = TRUE;
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (pMechanism->mechanism != CKM_SKIPJACK_KEY_GEN) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
key = fort11_NewObject(slot);
if (key == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_HOST_MEMORY);
}
for (i=0; i < (int) ulCount; i++) {
if (pTemplate[i].type == CKA_VALUE_LEN) {
key_length = *(CK_ULONG *)pTemplate[i].pValue;
continue;
}
crv = fort11_AddAttributeType (key, pk11_attr_expand (&pTemplate[i]));
if (crv != CKR_OK)
break;
}
if (crv != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (crv);
}
/* make sure we don't have any class, key_type, or value fields */
fort11_DeleteAttributeType(key,CKA_CLASS);
fort11_DeleteAttributeType(key,CKA_KEY_TYPE);
fort11_DeleteAttributeType(key,CKA_VALUE);
if (MAX_KEY_LEN < key_length) {
crv = CKR_TEMPLATE_INCONSISTENT;
}
if (crv != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (crv);
}
if (fort11_AddAttributeType(key, CKA_CLASS,&secretKey,
sizeof(CK_OBJECT_CLASS)) != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
if (fort11_AddAttributeType(key, CKA_TOKEN, &False,
sizeof(CK_BBOOL)) != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
if (fort11_isTrue(key,CKA_SENSITIVE)) {
fort11_forceAttribute(key,CKA_ALWAYS_SENSITIVE,&cktrue,
sizeof(CK_BBOOL));
}
if (!fort11_isTrue(key,CKA_EXTRACTABLE)) {
fort11_forceAttribute(key,CKA_NEVER_EXTRACTABLE,&cktrue,
sizeof(CK_BBOOL));
}
FMUTEX_Lock(socket->registersLock);
keyRegister = GetBestKeyRegister(socket);
newKey = NewFortezzaKey(socket, MEK, NULL, keyRegister);
FMUTEX_Unlock(socket->registersLock);
if (newKey == NULL) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_HOST_MEMORY);
}
key->objectInfo = (void*)newKey;
key->infoFree = fort11_FreeFortezzaKey;
FMUTEX_Lock(slot->objectLock);
key->handle = slot->tokenIDCount++;
key->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
FMUTEX_Unlock(slot->objectLock);
key->objclass = secretKey;
key->slot = slot;
key->inDB = PR_TRUE;
fort11_AddObject(session, key);
fort11_FreeSession(session);
SetFortezzaKeyHandle(newKey, key->handle);
*phKey = key->handle;
FORT11_RETURN (CKR_OK);
}
/* C_GenerateKeyPair generates a public-key/private-key pair,
* creating new key objects. */
PR_PUBLIC_API(CK_RV) C_GenerateKeyPair
(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPrivateKey,
CK_OBJECT_HANDLE_PTR phPublicKey) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_WrapKey wraps (i.e., encrypts) a key. */
PR_PUBLIC_API(CK_RV) C_WrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle (hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
PK11Object *wrapKey;
PK11Object *srcKey;
FortezzaKey *wrapFortKey;
FortezzaKey *srcFortKey;
int rv;
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (!socket->isLoggedIn) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
}
if (pMechanism->mechanism != CKM_SKIPJACK_WRAP) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
wrapKey = fort11_ObjectFromHandle (hWrappingKey, session);
if ((wrapKey == NULL) || (wrapKey->objectInfo == NULL)) {
if (wrapKey)
fort11_FreeObject(wrapKey);
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
srcKey = fort11_ObjectFromHandle (hKey, session);
fort11_FreeSession(session);
if ((srcKey == NULL) || (srcKey->objectInfo == NULL)) {
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
wrapFortKey = (FortezzaKey*)wrapKey->objectInfo;
fort11_FreeObject(wrapKey);
srcFortKey = (FortezzaKey*)srcKey->objectInfo;
fort11_FreeObject(srcKey);
FMUTEX_Lock(socket->registersLock);
if (wrapFortKey->keyRegister == KeyNotLoaded) {
if (LoadKeyIntoRegister(wrapFortKey) == KeyNotLoaded) {
FORT11_RETURN (CKR_DEVICE_ERROR);
}
}
if (srcFortKey->keyRegister == KeyNotLoaded) {
if (LoadKeyIntoRegister(srcFortKey) == KeyNotLoaded) {
FMUTEX_Unlock(socket->registersLock);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
}
MACI_Lock(socket->maciSession, CI_BLOCK_LOCK_FLAG);
rv = WrapKey (wrapFortKey, srcFortKey, pWrappedKey, *pulWrappedKeyLen);
MACI_Unlock(socket->maciSession);
FMUTEX_Unlock(socket->registersLock);
if (rv != SOCKET_SUCCESS) {
FORT11_RETURN (CKR_GENERAL_ERROR);
}
FORT11_RETURN (CKR_OK);
}
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
PR_PUBLIC_API(CK_RV) C_UnwrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
PK11Object *wrapKey;
PK11Object *newKey;
FortezzaKey *fortKey;
FortezzaKey *unwrapFort;
CK_ULONG key_length;
int i, newKeyRegister;
CK_RV crv = CKR_OK;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (pMechanism->mechanism != CKM_SKIPJACK_WRAP){
fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
if (!socket->isLoggedIn) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_USER_NOT_LOGGED_IN);
}
wrapKey = fort11_ObjectFromHandle(hUnwrappingKey, session);
if (wrapKey == NULL || wrapKey->objectInfo == NULL) {
if (wrapKey)
fort11_FreeObject(wrapKey);
fort11_FreeSession(session);
FORT11_RETURN (CKR_UNWRAPPING_KEY_HANDLE_INVALID);
}
fortKey = (FortezzaKey*)wrapKey->objectInfo;
fort11_FreeObject(wrapKey);
newKey = fort11_NewObject(slot);
if (newKey == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_HOST_MEMORY);
}
for (i=0; i< (int)ulAttributeCount; i++) {
if (pTemplate[i].type == CKA_VALUE_LEN) {
key_length = *(CK_ULONG*)pTemplate[i].pValue;
continue;
}
crv=fort11_AddAttributeType(newKey,fort11_attr_expand(&pTemplate[i]));
if (crv != CKR_OK) {
break;
}
}
if (crv != CKR_OK) {
fort11_FreeSession(session);
fort11_FreeObject(newKey);
FORT11_RETURN (crv);
}
/* make sure we don't have any class, key_type, or value fields */
if (!fort11_hasAttribute(newKey,CKA_CLASS)) {
fort11_FreeObject(newKey);
fort11_FreeSession(session);
FORT11_RETURN (CKR_TEMPLATE_INCOMPLETE);
}
if (!fort11_hasAttribute(newKey,CKA_KEY_TYPE)) {
fort11_FreeObject(newKey);
fort11_FreeSession(session);
FORT11_RETURN (CKR_TEMPLATE_INCOMPLETE);
}
FMUTEX_Lock(socket->registersLock);
newKeyRegister = UnwrapKey (pWrappedKey, fortKey);
if (newKeyRegister == KeyNotLoaded) {
/*Couldn't Unwrap the key*/
fort11_FreeObject(newKey);
fort11_FreeSession(session);
FMUTEX_Unlock(socket->registersLock);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
unwrapFort = NewUnwrappedKey(newKeyRegister, fortKey->id, socket);
FMUTEX_Unlock(socket->registersLock);
if (unwrapFort == NULL) {
fort11_FreeObject(newKey);
fort11_FreeSession(session);
FORT11_RETURN (CKR_HOST_MEMORY);
}
newKey->objectInfo = unwrapFort;
newKey->infoFree = fort11_FreeFortezzaKey;
FMUTEX_Lock(slot->objectLock);
newKey->handle = slot->tokenIDCount++;
newKey->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
FMUTEX_Unlock(slot->objectLock);
newKey->objclass = CKO_SECRET_KEY;
newKey->slot = slot;
newKey->inDB = PR_TRUE;
fort11_AddObject (session, newKey);
fort11_FreeSession(session);
SetFortezzaKeyHandle(unwrapFort, newKey->handle);
*phKey = newKey->handle;
FORT11_RETURN (CKR_OK);
}
/* C_DeriveKey derives a key from a base key, creating a new key object. */
PR_PUBLIC_API(CK_RV) C_DeriveKey( CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaSocket *socket = &fortezzaSockets[slot->slotID-1];
PK11Object *key, *sourceKey;
CK_ULONG i;
CK_ULONG key_length = 0;
CK_RV crv = 0;
CK_KEY_TYPE keyType = CKK_SKIPJACK;
CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
CK_BBOOL ckTrue = TRUE;
CK_BBOOL ckFalse = FALSE;
int ciRV;
int personality;
PK11Attribute *att;
CK_KEA_DERIVE_PARAMS_PTR params;
FortezzaKey *derivedKey;
CreateTEKInfo tekInfo;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (pMechanism->mechanism != CKM_KEA_KEY_DERIVE) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_INVALID);
}
key = fort11_NewObject (slot);
if (key == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_HOST_MEMORY);
}
for (i = 0; i < ulAttributeCount; i++) {
crv = fort11_AddAttributeType (key, fort11_attr_expand(&pTemplate[i]));
if (crv != CKR_OK) {
break;
}
if (pTemplate[i].type == CKA_KEY_TYPE) {
keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
} else if (pTemplate[i].type == CKA_VALUE_LEN) {
key_length = *(CK_ULONG*)pTemplate[i].pValue;
}
}
if (crv != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (crv);
}
if (key_length == 0) {
key_length = 12;
}
classType = CKO_SECRET_KEY;
crv = fort11_forceAttribute (key, CKA_CLASS, &classType,
sizeof(classType));
if (crv != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (crv);
}
crv = fort11_forceAttribute (key, CKA_SENSITIVE, &ckTrue,
sizeof(CK_BBOOL));
if (crv != CKR_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (crv);
}
crv = fort11_forceAttribute (key, CKA_EXTRACTABLE, &ckFalse,
sizeof(CK_BBOOL));
if (crv != CKR_OK) {
fort11_FreeSession(session);
fort11_FreeObject(key);
FORT11_RETURN (crv);
}
sourceKey = fort11_ObjectFromHandle (hBaseKey, session);
if (sourceKey == NULL) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
att = fort11_FindAttribute(sourceKey,CKA_ID);
fort11_FreeObject(sourceKey);
if (att == NULL) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_TYPE_INCONSISTENT);
}
personality = *(int *) att->attrib.pValue;
fort11_FreeAttribute(att);
params = (CK_KEA_DERIVE_PARAMS_PTR)pMechanism->pParameter;
if (params == NULL) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_MECHANISM_PARAM_INVALID);
}
ciRV = MACI_SetPersonality(socket->maciSession,personality);
if (ciRV != CI_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
/*
* If we're sending, generate our own RA.
*/
if (params->isSender) {
ciRV = MACI_GenerateRa(socket->maciSession,params->pRandomA);
if (ciRV != CI_OK) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
}
PORT_Memcpy (tekInfo.Ra, params->pRandomA, params->ulRandomLen);
PORT_Memcpy (tekInfo.Rb, params->pRandomB, params->ulRandomLen);
tekInfo.randomLen = params->ulRandomLen;
tekInfo.personality = personality;
tekInfo.flag = (params->isSender) ? CI_INITIATOR_FLAG : CI_RECIPIENT_FLAG;
PORT_Memcpy (tekInfo.pY, params->pPublicData, params->ulPublicDataLen);
tekInfo.YSize = params->ulPublicDataLen;
FMUTEX_Lock(socket->registersLock);
derivedKey = NewFortezzaKey(socket, TEK, &tekInfo,
GetBestKeyRegister(socket));
FMUTEX_Unlock(socket->registersLock);
if (derivedKey == NULL) {
fort11_FreeObject(key);
fort11_FreeSession(session);
FORT11_RETURN (CKR_GENERAL_ERROR);
}
key->objectInfo = derivedKey;
key->infoFree = fort11_FreeFortezzaKey;
FMUTEX_Lock(slot->objectLock);
key->handle = slot->tokenIDCount++;
key->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_PRIV);
FMUTEX_Unlock(slot->objectLock);
key->objclass = classType;
key->slot = slot;
key->inDB = PR_TRUE;
fort11_AddObject (session, key);
fort11_FreeSession(session);
SetFortezzaKeyHandle(derivedKey, key->handle);
*phKey = key->handle;
FORT11_RETURN (CKR_OK);
}
/*
**************************** Random Functions: ************************
*/
/* C_SeedRandom mixes additional seed material into the token's random number
* generator. */
PR_PUBLIC_API(CK_RV) C_SeedRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_GenerateRandom generates random data. */
PR_PUBLIC_API(CK_RV) C_GenerateRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pRandomData,
CK_ULONG ulRandomLen) {
FORT11_ENTER()
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
PK11Session *session = fort11_SessionFromHandle(hSession,PR_FALSE);
CI_RANDOM randomNum;
CK_ULONG randomSize = sizeof (CI_RANDOM);
int ciRV;
CK_ULONG bytesCopied = 0, bytesToCopy;
CK_ULONG bufferSize = 0, bytesRemaining;
if (session == NULL) {
session = fort11_SessionFromHandle (hSession, PR_TRUE);
fort11_TokenRemoved(slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
fort11_FreeSession(session);
ciRV = MACI_Select(fortezzaSockets[slot->slotID-1].maciSession,
slot->slotID);
if (ciRV != CI_OK) {
FORT11_RETURN (CKR_DEVICE_ERROR);
}
while (bytesCopied < ulRandomLen) {
bytesRemaining = ulRandomLen - bytesCopied;
if (bufferSize < bytesRemaining) {
ciRV =
MACI_GenerateRandom(fortezzaSockets[slot->slotID-1].maciSession,
randomNum);
if (ciRV != CI_OK)
FORT11_RETURN (CKR_DEVICE_ERROR);
bufferSize = randomSize;
}
bytesToCopy = (bytesRemaining > randomSize) ? randomSize :
bytesRemaining;
PORT_Memcpy (&pRandomData[bytesCopied],
&randomNum[randomSize-bufferSize], bytesToCopy);
bytesCopied += bytesToCopy;
bufferSize -= bytesToCopy;
}
FORT11_RETURN (CKR_OK);
}
/* C_GetFunctionStatus obtains an updated status of a function running
* in parallel with an application. */
PR_PUBLIC_API(CK_RV) C_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_CancelFunction cancels a function running in parallel */
PR_PUBLIC_API(CK_RV) C_CancelFunction(CK_SESSION_HANDLE hSession) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_GetOperationState saves the state of the cryptographic
*operation in a session. */
PR_PUBLIC_API(CK_RV) C_GetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen) {
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaContext *context;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (pOperationState == NULL) {
*pulOperationStateLen = sizeof (FortezzaContext);
fort11_FreeSession(session);
FORT11_RETURN (CKR_OK);
}
if (*pulOperationStateLen < sizeof (FortezzaContext)) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_BUFFER_TOO_SMALL);
}
context = &session->fortezzaContext;
fort11_FreeSession(session);
PORT_Memcpy (pOperationState, context, sizeof(FortezzaContext));
((FortezzaContext *)pOperationState)->session = NULL;
((FortezzaContext *)pOperationState)->fortezzaKey = NULL;
*pulOperationStateLen = sizeof(FortezzaContext);
FORT11_RETURN (CKR_OK);
}
/* C_SetOperationState restores the state of the cryptographic operation in a session. */
PR_PUBLIC_API(CK_RV) C_SetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey){
FORT11_ENTER()
PK11Session *session = fort11_SessionFromHandle(hSession, PR_FALSE);
PK11Slot *slot = fort11_SlotFromSessionHandle(hSession);
FortezzaContext *context;
FortezzaContext passedInCxt;
PK11Object *keyObject;
FortezzaKey *fortKey;
if (session == NULL) {
session = fort11_SessionFromHandle(hSession, PR_TRUE);
fort11_TokenRemoved (slot, session);
fort11_FreeSession(session);
FORT11_RETURN (CKR_SESSION_HANDLE_INVALID);
}
if (ulOperationStateLen != sizeof(FortezzaContext)) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_SAVED_STATE_INVALID);
}
PORT_Memcpy(&passedInCxt, pOperationState, sizeof(FortezzaContext));
if (passedInCxt.fortezzaSocket->slotID != slot->slotID) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_SAVED_STATE_INVALID);
}
passedInCxt.session = NULL;
passedInCxt.fortezzaKey = NULL;
if (hEncryptionKey != 0) {
keyObject = fort11_ObjectFromHandle(hEncryptionKey, session);
if (keyObject == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_KEY_HANDLE_INVALID);
}
fortKey = (FortezzaKey*)keyObject->objectInfo;
fort11_FreeObject(keyObject);
if (fortKey == NULL) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_SAVED_STATE_INVALID);
}
if (fortKey->keyRegister == KeyNotLoaded) {
if (LoadKeyIntoRegister (fortKey) == KeyNotLoaded) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
}
passedInCxt.fortezzaKey = fortKey;
}
if (hAuthenticationKey != 0) {
fort11_FreeSession(session);
FORT11_RETURN (CKR_DEVICE_ERROR);
}
passedInCxt.session = session;
context = &session->fortezzaContext;
fort11_FreeSession (session);
PORT_Memcpy (context, &passedInCxt, sizeof(passedInCxt));
FORT11_RETURN (CKR_OK);
}
/* Dual-function cryptographic operations */
/* C_DigestEncryptUpdate continues a multiple-part digesting and
encryption operation. */
PR_PUBLIC_API(CK_RV) C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen){
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DecryptDigestUpdate continues a multiple-part decryption and digesting
operation. */
PR_PUBLIC_API(CK_RV) C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen){
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_SignEncryptUpdate continues a multiple-part signing and encryption
operation. */
PR_PUBLIC_API(CK_RV) C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen){
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DecryptVerifyUpdate continues a multiple-part decryption and verify
operation. */
PR_PUBLIC_API(CK_RV) C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen){
return CKR_FUNCTION_NOT_SUPPORTED;
}
/* C_DigestKey continues a multi-part message-digesting operation,
* by digesting the value of a secret key as part of the data already digested.
*/
PR_PUBLIC_API(CK_RV) C_DigestKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey) {
return CKR_FUNCTION_NOT_SUPPORTED;
}
PR_PUBLIC_API(CK_RV) C_WaitForSlotEvent(CK_FLAGS flags,
CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pRserved) {
return CKR_FUNCTION_FAILED;
}