summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ckfw/token.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ckfw/token.c')
-rw-r--r--security/nss/lib/ckfw/token.c1791
1 files changed, 1791 insertions, 0 deletions
diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c
new file mode 100644
index 000000000..4483bb5c9
--- /dev/null
+++ b/security/nss/lib/ckfw/token.c
@@ -0,0 +1,1791 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * token.c
+ *
+ * This file implements the NSSCKFWToken type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWToken
+ *
+ * -- create/destroy --
+ * nssCKFWToken_Create
+ * nssCKFWToken_Destroy
+ *
+ * -- public accessors --
+ * NSSCKFWToken_GetMDToken
+ * NSSCKFWToken_GetFWSlot
+ * NSSCKFWToken_GetMDSlot
+ * NSSCKFWToken_GetSessionState
+ *
+ * -- implement public accessors --
+ * nssCKFWToken_GetMDToken
+ * nssCKFWToken_GetFWSlot
+ * nssCKFWToken_GetMDSlot
+ * nssCKFWToken_GetSessionState
+ * nssCKFWToken_SetSessionState
+ *
+ * -- private accessors --
+ * nssCKFWToken_SetSessionState
+ * nssCKFWToken_RemoveSession
+ * nssCKFWToken_CloseAllSessions
+ * nssCKFWToken_GetSessionCount
+ * nssCKFWToken_GetRwSessionCount
+ * nssCKFWToken_GetRoSessionCount
+ * nssCKFWToken_GetSessionObjectHash
+ * nssCKFWToken_GetMDObjectHash
+ * nssCKFWToken_GetObjectHandleHash
+ *
+ * -- module fronts --
+ * nssCKFWToken_InitToken
+ * nssCKFWToken_GetLabel
+ * nssCKFWToken_GetManufacturerID
+ * nssCKFWToken_GetModel
+ * nssCKFWToken_GetSerialNumber
+ * nssCKFWToken_GetHasRNG
+ * nssCKFWToken_GetIsWriteProtected
+ * nssCKFWToken_GetLoginRequired
+ * nssCKFWToken_GetUserPinInitialized
+ * nssCKFWToken_GetRestoreKeyNotNeeded
+ * nssCKFWToken_GetHasClockOnToken
+ * nssCKFWToken_GetHasProtectedAuthenticationPath
+ * nssCKFWToken_GetSupportsDualCryptoOperations
+ * nssCKFWToken_GetMaxSessionCount
+ * nssCKFWToken_GetMaxRwSessionCount
+ * nssCKFWToken_GetMaxPinLen
+ * nssCKFWToken_GetMinPinLen
+ * nssCKFWToken_GetTotalPublicMemory
+ * nssCKFWToken_GetFreePublicMemory
+ * nssCKFWToken_GetTotalPrivateMemory
+ * nssCKFWToken_GetFreePrivateMemory
+ * nssCKFWToken_GetHardwareVersion
+ * nssCKFWToken_GetFirmwareVersion
+ * nssCKFWToken_GetUTCTime
+ * nssCKFWToken_OpenSession
+ * nssCKFWToken_GetMechanismCount
+ * nssCKFWToken_GetMechanismTypes
+ * nssCKFWToken_GetMechanism
+ */
+
+struct NSSCKFWTokenStr {
+ NSSCKFWMutex *mutex;
+ NSSArena *arena;
+ NSSCKMDToken *mdToken;
+ NSSCKFWSlot *fwSlot;
+ NSSCKMDSlot *mdSlot;
+ NSSCKFWInstance *fwInstance;
+ NSSCKMDInstance *mdInstance;
+
+ /*
+ * Everything above is set at creation time, and then not modified.
+ * The invariants the mutex protects are:
+ *
+ * 1) Each of the cached descriptions (versions, etc.) are in an
+ * internally consistant state.
+ *
+ * 2) The session counts and hashes are consistant.
+ *
+ * 3) The object hashes are consistant.
+ *
+ * Note that the calls accessing the cached descriptions will call
+ * the NSSCKMDToken methods with the mutex locked. Those methods
+ * may then call the public NSSCKFWToken routines. Those public
+ * routines only access the constant data above and the atomic
+ * CK_STATE session state variable below, so there's no problem.
+ * But be careful if you add to this object; mutexes are in
+ * general not reentrant, so don't create deadlock situations.
+ */
+
+ NSSUTF8 *label;
+ NSSUTF8 *manufacturerID;
+ NSSUTF8 *model;
+ NSSUTF8 *serialNumber;
+ CK_VERSION hardwareVersion;
+ CK_VERSION firmwareVersion;
+
+ CK_ULONG sessionCount;
+ CK_ULONG rwSessionCount;
+ nssCKFWHash *sessions;
+ nssCKFWHash *sessionObjectHash;
+ nssCKFWHash *mdObjectHash;
+ nssCKFWHash *mdMechanismHash;
+
+ CK_STATE state;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support. That, however, relies upon NSPR's
+ * locking, which is tied into the runtime. We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later. So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+token_add_pointer(
+ const NSSCKFWToken *fwToken)
+{
+ return CKR_OK;
+}
+
+static CK_RV
+token_remove_pointer(
+ const NSSCKFWToken *fwToken)
+{
+ return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_verifyPointer(
+ const NSSCKFWToken *fwToken)
+{
+ return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWToken_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWToken *
+nssCKFWToken_Create(
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDToken *mdToken,
+ CK_RV *pError)
+{
+ NSSArena *arena = (NSSArena *)NULL;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ CK_BBOOL called_setup = CK_FALSE;
+
+ /*
+ * We have already verified the arguments in nssCKFWSlot_GetToken.
+ */
+
+ arena = NSSArena_Create();
+ if (!arena) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
+ fwToken = nss_ZNEW(arena, NSSCKFWToken);
+ if (!fwToken) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
+ fwToken->arena = arena;
+ fwToken->mdToken = mdToken;
+ fwToken->fwSlot = fwSlot;
+ fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
+ fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ fwToken->sessionCount = 0;
+ fwToken->rwSessionCount = 0;
+
+ fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
+ if (!fwToken->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
+ if (!fwToken->sessions) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
+ fwToken->fwInstance)) {
+ fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->sessionObjectHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+ }
+
+ fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->mdObjectHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->mdMechanismHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ /* More here */
+
+ if (mdToken->Setup) {
+ *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
+ }
+
+ called_setup = CK_TRUE;
+
+#ifdef DEBUG
+ *pError = token_add_pointer(fwToken);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
+#endif /* DEBUG */
+
+ *pError = CKR_OK;
+ return fwToken;
+
+loser:
+
+ if (CK_TRUE == called_setup) {
+ if (mdToken->Invalidate) {
+ mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ }
+ }
+
+ if (arena) {
+ (void)NSSArena_Destroy(arena);
+ }
+
+ return (NSSCKFWToken *)NULL;
+}
+
+static void
+nss_ckfwtoken_session_iterator(
+ const void *key,
+ void *value,
+ void *closure)
+{
+ /*
+ * Remember that the fwToken->mutex is locked
+ */
+ NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ return;
+}
+
+static void
+nss_ckfwtoken_object_iterator(
+ const void *key,
+ void *value,
+ void *closure)
+{
+ /*
+ * Remember that the fwToken->mutex is locked
+ */
+ NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
+ (void)nssCKFWObject_Finalize(fwObject, CK_FALSE);
+ return;
+}
+
+/*
+ * nssCKFWToken_Destroy
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_Destroy(
+ NSSCKFWToken *fwToken)
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ (void)nssCKFWMutex_Destroy(fwToken->mutex);
+
+ if (fwToken->mdToken->Invalidate) {
+ fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+ }
+ /* we can destroy the list without locking now because no one else is
+ * referencing us (or _Destroy was invalidly called!)
+ */
+ nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator,
+ (void *)NULL);
+ nssCKFWHash_Destroy(fwToken->sessions);
+
+ /* session objects go away when their sessions are removed */
+ if (fwToken->sessionObjectHash) {
+ nssCKFWHash_Destroy(fwToken->sessionObjectHash);
+ }
+
+ /* free up the token objects */
+ if (fwToken->mdObjectHash) {
+ nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator,
+ (void *)NULL);
+ nssCKFWHash_Destroy(fwToken->mdObjectHash);
+ }
+ if (fwToken->mdMechanismHash) {
+ nssCKFWHash_Destroy(fwToken->mdMechanismHash);
+ }
+
+ nssCKFWSlot_ClearToken(fwToken->fwSlot);
+
+#ifdef DEBUG
+ error = token_remove_pointer(fwToken);
+#endif /* DEBUG */
+
+ (void)NSSArena_Destroy(fwToken->arena);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetMDToken
+ *
+ */
+NSS_IMPLEMENT NSSCKMDToken *
+nssCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDToken *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->mdToken;
+}
+
+/*
+ * nssCKFWToken_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+nssCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError)
+{
+#ifdef NSSDEBUG
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
+
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->arena;
+}
+
+/*
+ * nssCKFWToken_GetFWSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot *
+nssCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKFWSlot *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->fwSlot;
+}
+
+/*
+ * nssCKFWToken_GetMDSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKMDSlot *
+nssCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDSlot *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->mdSlot;
+}
+
+/*
+ * nssCKFWToken_GetSessionState
+ *
+ */
+NSS_IMPLEMENT CK_STATE
+nssCKFWToken_GetSessionState(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKS_RO_PUBLIC_SESSION; /* whatever */
+ }
+#endif /* NSSDEBUG */
+
+ /*
+ * BTW, do not lock the token in this method.
+ */
+
+ /*
+ * Theoretically, there is no state if there aren't any
+ * sessions open. But then we'd need to worry about
+ * reporting an error, etc. What the heck-- let's just
+ * revert to CKR_RO_PUBLIC_SESSION as the "default."
+ */
+
+ return fwToken->state;
+}
+
+/*
+ * nssCKFWToken_InitToken
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_InitToken(
+ NSSCKFWToken *fwToken,
+ NSSItem *pin,
+ NSSUTF8 *label)
+{
+ CK_RV error;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return CKR_ARGUMENTS_BAD;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (fwToken->sessionCount > 0) {
+ error = CKR_SESSION_EXISTS;
+ goto done;
+ }
+
+ if (!fwToken->mdToken->InitToken) {
+ error = CKR_DEVICE_ERROR;
+ goto done;
+ }
+
+ if (!pin) {
+ if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
+ ; /* okay */
+ } else {
+ error = CKR_PIN_INCORRECT;
+ goto done;
+ }
+ }
+
+ if (!label) {
+ label = (NSSUTF8 *)"";
+ }
+
+ error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, pin, label);
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetLabel
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetLabel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR label[32])
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ if ((CK_CHAR_PTR)NULL == label) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (!fwToken->label) {
+ if (fwToken->mdToken->GetLabel) {
+ fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->label) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->label = (NSSUTF8 *)"";
+ }
+ }
+
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetManufacturerID
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetManufacturerID(
+ NSSCKFWToken *fwToken,
+ CK_CHAR manufacturerID[32])
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ if ((CK_CHAR_PTR)NULL == manufacturerID) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (!fwToken->manufacturerID) {
+ if (fwToken->mdToken->GetManufacturerID) {
+ fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->manufacturerID = (NSSUTF8 *)"";
+ }
+ }
+
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetModel
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetModel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR model[16])
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ if ((CK_CHAR_PTR)NULL == model) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (!fwToken->model) {
+ if (fwToken->mdToken->GetModel) {
+ fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->model) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->model = (NSSUTF8 *)"";
+ }
+ }
+
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetSerialNumber
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetSerialNumber(
+ NSSCKFWToken *fwToken,
+ CK_CHAR serialNumber[16])
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ if ((CK_CHAR_PTR)NULL == serialNumber) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (!fwToken->serialNumber) {
+ if (fwToken->mdToken->GetSerialNumber) {
+ fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->serialNumber) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->serialNumber = (NSSUTF8 *)"";
+ }
+ }
+
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetHasRNG
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasRNG(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetHasRNG) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetIsWriteProtected
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetIsWriteProtected(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetIsWriteProtected) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetLoginRequired
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetLoginRequired(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetLoginRequired) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetUserPinInitialized
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetUserPinInitialized(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetUserPinInitialized) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetRestoreKeyNotNeeded
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetRestoreKeyNotNeeded(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHasClockOnToken
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasClockOnToken(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetHasClockOnToken) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHasProtectedAuthenticationPath
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetSupportsDualCryptoOperations
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetSupportsDualCryptoOperations(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
+ return CK_FALSE;
+ }
+
+ return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxSessionCount(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMaxSessionCount) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxRwSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxRwSessionCount(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMaxRwSessionCount) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxPinLen
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxPinLen(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMaxPinLen) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMinPinLen
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMinPinLen(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMinPinLen) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetTotalPublicMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetTotalPublicMemory(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetTotalPublicMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetFreePublicMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetFreePublicMemory(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetFreePublicMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetTotalPrivateMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetTotalPrivateMemory(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetTotalPrivateMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetFreePrivateMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetFreePrivateMemory(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetFreePrivateMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+
+ return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHardwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWToken_GetHardwareVersion(
+ NSSCKFWToken *fwToken)
+{
+ CK_VERSION rv;
+
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
+#endif /* NSSDEBUG */
+
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
+
+ if ((0 != fwToken->hardwareVersion.major) ||
+ (0 != fwToken->hardwareVersion.minor)) {
+ rv = fwToken->hardwareVersion;
+ goto done;
+ }
+
+ if (fwToken->mdToken->GetHardwareVersion) {
+ fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
+ fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ } else {
+ fwToken->hardwareVersion.major = 0;
+ fwToken->hardwareVersion.minor = 1;
+ }
+
+ rv = fwToken->hardwareVersion;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
+}
+
+/*
+ * nssCKFWToken_GetFirmwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWToken_GetFirmwareVersion(
+ NSSCKFWToken *fwToken)
+{
+ CK_VERSION rv;
+
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
+#endif /* NSSDEBUG */
+
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
+
+ if ((0 != fwToken->firmwareVersion.major) ||
+ (0 != fwToken->firmwareVersion.minor)) {
+ rv = fwToken->firmwareVersion;
+ goto done;
+ }
+
+ if (fwToken->mdToken->GetFirmwareVersion) {
+ fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
+ fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ } else {
+ fwToken->firmwareVersion.major = 0;
+ fwToken->firmwareVersion.minor = 1;
+ }
+
+ rv = fwToken->firmwareVersion;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
+}
+
+/*
+ * nssCKFWToken_GetUTCTime
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetUTCTime(
+ NSSCKFWToken *fwToken,
+ CK_CHAR utcTime[16])
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if ((CK_CHAR_PTR)NULL == utcTime) {
+ return CKR_ARGUMENTS_BAD;
+ }
+#endif /* DEBUG */
+
+ if (CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken)) {
+ /* return CKR_DEVICE_ERROR; */
+ (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' ');
+ return CKR_OK;
+ }
+
+ if (!fwToken->mdToken->GetUTCTime) {
+ /* It said it had one! */
+ return CKR_GENERAL_ERROR;
+ }
+
+ error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, utcTime);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ /* Sanity-check the data */
+ {
+ /* Format is YYYYMMDDhhmmss00 */
+ int i;
+ int Y, M, D, h, m, s;
+ static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+
+ for (i = 0; i < 16; i++) {
+ if ((utcTime[i] < '0') || (utcTime[i] > '9')) {
+ goto badtime;
+ }
+ }
+
+ Y = ((utcTime[0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
+ ((utcTime[2] - '0') * 10) + (utcTime[3] - '0');
+ M = ((utcTime[4] - '0') * 10) + (utcTime[5] - '0');
+ D = ((utcTime[6] - '0') * 10) + (utcTime[7] - '0');
+ h = ((utcTime[8] - '0') * 10) + (utcTime[9] - '0');
+ m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
+ s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
+
+ if ((Y < 1990) || (Y > 3000))
+ goto badtime; /* Y3K problem. heh heh heh */
+ if ((M < 1) || (M > 12))
+ goto badtime;
+ if ((D < 1) || (D > 31))
+ goto badtime;
+
+ if (D > dims[M - 1])
+ goto badtime; /* per-month check */
+ if ((2 == M) && (((Y % 4) || !(Y % 100)) &&
+ (Y % 400)) &&
+ (D > 28))
+ goto badtime; /* leap years */
+
+ if ((h < 0) || (h > 23))
+ goto badtime;
+ if ((m < 0) || (m > 60))
+ goto badtime;
+ if ((s < 0) || (s > 61))
+ goto badtime;
+
+ /* 60m and 60 or 61s is only allowed for leap seconds. */
+ if ((60 == m) || (s >= 60)) {
+ if ((23 != h) || (60 != m) || (s < 60))
+ goto badtime;
+ /* leap seconds can only happen on June 30 or Dec 31.. I think */
+ /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
+ }
+ }
+
+ return CKR_OK;
+
+badtime:
+ return CKR_GENERAL_ERROR;
+}
+
+/*
+ * nssCKFWToken_OpenSession
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSession *
+nssCKFWToken_OpenSession(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError)
+{
+ NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
+ NSSCKMDSession *mdSession;
+
+#ifdef NSSDEBUG
+ if (!pError) {
+ return (NSSCKFWSession *)NULL;
+ }
+
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSession *)NULL;
+ }
+
+ switch (rw) {
+ case CK_TRUE:
+ case CK_FALSE:
+ break;
+ default:
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWSession *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ *pError = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSession *)NULL;
+ }
+
+ if (CK_TRUE == rw) {
+ /* Read-write session desired */
+ if (CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken)) {
+ *pError = CKR_TOKEN_WRITE_PROTECTED;
+ goto done;
+ }
+ } else {
+ /* Read-only session desired */
+ if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) {
+ *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
+ goto done;
+ }
+ }
+
+ /* We could compare sesion counts to any limits we know of, I guess.. */
+
+ if (!fwToken->mdToken->OpenSession) {
+ /*
+ * I'm not sure that the Module actually needs to implement
+ * mdSessions -- the Framework can keep track of everything
+ * needed, really. But I'll sort out that detail later..
+ */
+ *pError = CKR_GENERAL_ERROR;
+ goto done;
+ }
+
+ fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
+ if (!fwSession) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto done;
+ }
+
+ mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, fwSession,
+ rw, pError);
+ if (!mdSession) {
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto done;
+ }
+
+ *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
+ if (CKR_OK != *pError) {
+ if (mdSession->Close) {
+ mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+ }
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ goto done;
+ }
+
+ *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
+ if (CKR_OK != *pError) {
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ fwSession = (NSSCKFWSession *)NULL;
+ goto done;
+ }
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return fwSession;
+}
+
+/*
+ * nssCKFWToken_GetMechanismCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMechanismCount(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return 0;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMechanismCount) {
+ return 0;
+ }
+
+ return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMechanismTypes
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetMechanismTypes(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE types[])
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ if (!types) {
+ return CKR_ARGUMENTS_BAD;
+ }
+#endif /* NSSDEBUG */
+
+ if (!fwToken->mdToken->GetMechanismTypes) {
+ /*
+ * This should only be called with a sufficiently-large
+ * "types" array, which can only be done if GetMechanismCount
+ * is implemented. If that's implemented (and returns nonzero),
+ * then this should be too. So return an error.
+ */
+ return CKR_GENERAL_ERROR;
+ }
+
+ return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, types);
+}
+
+/*
+ * nssCKFWToken_GetMechanism
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMechanism *
+nssCKFWToken_GetMechanism(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError)
+{
+ NSSCKMDMechanism *mdMechanism;
+ if (!fwToken->mdMechanismHash) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWMechanism *)NULL;
+ }
+
+ if (!fwToken->mdToken->GetMechanism) {
+ /*
+ * If we don't implement any GetMechanism function, then we must
+ * not support any.
+ */
+ *pError = CKR_MECHANISM_INVALID;
+ return (NSSCKFWMechanism *)NULL;
+ }
+
+ /* lookup in hash table */
+ mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, which, pError);
+ if (!mdMechanism) {
+ return (NSSCKFWMechanism *)NULL;
+ }
+ /* store in hash table */
+ return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_SetSessionState(
+ NSSCKFWToken *fwToken,
+ CK_STATE newState)
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ switch (newState) {
+ case CKS_RO_PUBLIC_SESSION:
+ case CKS_RO_USER_FUNCTIONS:
+ case CKS_RW_PUBLIC_SESSION:
+ case CKS_RW_USER_FUNCTIONS:
+ case CKS_RW_SO_FUNCTIONS:
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ fwToken->state = newState;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return CKR_OK;
+}
+
+/*
+ * nssCKFWToken_RemoveSession
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_RemoveSession(
+ NSSCKFWToken *fwToken,
+ NSSCKFWSession *fwSession)
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession)) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto done;
+ }
+
+ nssCKFWHash_Remove(fwToken->sessions, fwSession);
+ fwToken->sessionCount--;
+
+ if (nssCKFWSession_IsRWSession(fwSession)) {
+ fwToken->rwSessionCount--;
+ }
+
+ if (0 == fwToken->sessionCount) {
+ fwToken->rwSessionCount = 0; /* sanity */
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ }
+
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_CloseAllSessions
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_CloseAllSessions(
+ NSSCKFWToken *fwToken)
+{
+ CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
+#endif /* NSSDEBUG */
+
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);
+
+ nssCKFWHash_Destroy(fwToken->sessions);
+
+ fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
+ if (!fwToken->sessions) {
+ if (CKR_OK == error) {
+ error = CKR_GENERAL_ERROR;
+ }
+ goto done;
+ }
+
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ fwToken->sessionCount = 0;
+ fwToken->rwSessionCount = 0;
+
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
+}
+
+/*
+ * nssCKFWToken_GetSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetSessionCount(
+ NSSCKFWToken *fwToken)
+{
+ CK_ULONG rv;
+
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
+#endif /* NSSDEBUG */
+
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
+
+ rv = fwToken->sessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
+}
+
+/*
+ * nssCKFWToken_GetRwSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetRwSessionCount(
+ NSSCKFWToken *fwToken)
+{
+ CK_ULONG rv;
+
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
+#endif /* NSSDEBUG */
+
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
+
+ rv = fwToken->rwSessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
+}
+
+/*
+ * nssCKFWToken_GetRoSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetRoSessionCount(
+ NSSCKFWToken *fwToken)
+{
+ CK_ULONG rv;
+
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
+#endif /* NSSDEBUG */
+
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
+
+ rv = fwToken->sessionCount - fwToken->rwSessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
+}
+
+/*
+ * nssCKFWToken_GetSessionObjectHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetSessionObjectHash(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->sessionObjectHash;
+}
+
+/*
+ * nssCKFWToken_GetMDObjectHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetMDObjectHash(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->mdObjectHash;
+}
+
+/*
+ * nssCKFWToken_GetObjectHandleHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetObjectHandleHash(
+ NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
+#endif /* NSSDEBUG */
+
+ return fwToken->mdObjectHash;
+}
+
+/*
+ * NSSCKFWToken_GetMDToken
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDToken *
+NSSCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDToken *)NULL;
+ }
+#endif /* DEBUG */
+
+ return nssCKFWToken_GetMDToken(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetArena
+ *
+ */
+
+NSS_IMPLEMENT NSSArena *
+NSSCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError)
+{
+#ifdef DEBUG
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
+
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSArena *)NULL;
+ }
+#endif /* DEBUG */
+
+ return nssCKFWToken_GetArena(fwToken, pError);
+}
+
+/*
+ * NSSCKFWToken_GetFWSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKFWSlot *
+NSSCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKFWSlot *)NULL;
+ }
+#endif /* DEBUG */
+
+ return nssCKFWToken_GetFWSlot(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetMDSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDSlot *
+NSSCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDSlot *)NULL;
+ }
+#endif /* DEBUG */
+
+ return nssCKFWToken_GetMDSlot(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetSessionState
+ *
+ */
+
+NSS_IMPLEMENT CK_STATE
+NSSCKFWSession_GetSessionState(
+ NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKS_RO_PUBLIC_SESSION;
+ }
+#endif /* DEBUG */
+
+ return nssCKFWToken_GetSessionState(fwToken);
+}