Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
fipstokn.c File Reference
#include "seccomon.h"
#include "softoken.h"
#include "lowkeyi.h"
#include "pcert.h"
#include "pkcs11.h"
#include "pkcs11i.h"
#include "prenv.h"
#include "prprf.h"
#include <ctype.h>
#include "pkcs11f.h"

Go to the source code of this file.

Defines

#define SFTK_FIPSCHECK()
#define SFTK_FIPSFATALCHECK()   if (sftk_fatalError) return CKR_DEVICE_ERROR;
#define __PASTE(x, y)   x##y
#define CK_PKCS11_FUNCTION_INFO(name)   CK_RV __PASTE(NS,name)
#define CK_NEED_ARG_LIST   1
#define CK_PKCS11_FUNCTION_INFO(name)   CK_RV __PASTE(F,name)
#define CK_NEED_ARG_LIST   1
#define CK_PKCS11_FUNCTION_INFO(name)   __PASTE(F,name),
#define CKO_NOT_A_KEY   CKO_DATA
#define SFTK_IS_KEY_OBJECT(objClass)
#define SFTK_IS_NONPUBLIC_KEY_OBJECT(objClass)   (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY))

Functions

static CK_RV sftk_newPinCheck (CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
static CK_RV sftk_fipsCheck (void)
voidfc_getAttribute (CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
static CK_RV sftk_get_object_class_and_fipsCheck (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass)
void sftk_LogAuditMessage (NSSAuditSeverity severity, const char *msg)
CK_RV FC_GetFunctionList (CK_FUNCTION_LIST_PTR *pFunctionList)
CK_RV FC_Initialize (CK_VOID_PTR pReserved)
CK_RV FC_Finalize (CK_VOID_PTR pReserved)
CK_RV FC_GetInfo (CK_INFO_PTR pInfo)
CK_RV FC_GetSlotList (CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
CK_RV FC_GetSlotInfo (CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
CK_RV FC_GetTokenInfo (CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
CK_RV FC_GetMechanismList (CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount)
CK_RV FC_GetMechanismInfo (CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
CK_RV FC_InitToken (CK_SLOT_ID slotID, CK_CHAR_PTR pPin, CK_ULONG usPinLen, CK_CHAR_PTR pLabel)
CK_RV FC_InitPIN (CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
CK_RV FC_SetPIN (CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen)
CK_RV FC_OpenSession (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
CK_RV FC_CloseSession (CK_SESSION_HANDLE hSession)
CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID)
CK_RV FC_GetSessionInfo (CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
CK_RV FC_Login (CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG usPinLen)
CK_RV FC_Logout (CK_SESSION_HANDLE hSession)
CK_RV FC_CreateObject (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
CK_RV FC_CopyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
CK_RV FC_DestroyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
CK_RV FC_GetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
CK_RV FC_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
CK_RV FC_FindObjectsInit (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount)
CK_RV FC_FindObjects (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount)
CK_RV FC_EncryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pusEncryptedDataLen)
CK_RV FC_EncryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pusEncryptedPartLen)
CK_RV FC_EncryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen)
CK_RV FC_DecryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_Decrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG usEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pusDataLen)
CK_RV FC_DecryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen)
CK_RV FC_DecryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen)
CK_RV FC_DigestInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
CK_RV FC_Digest (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pusDigestLen)
CK_RV FC_DigestUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen)
CK_RV FC_DigestFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pusDigestLen)
CK_RV FC_SignInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_Sign (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen)
CK_RV FC_SignUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen)
CK_RV FC_SignFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen)
CK_RV FC_SignRecoverInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_SignRecover (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen)
CK_RV FC_VerifyInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_Verify (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
CK_RV FC_VerifyUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG usPartLen)
CK_RV FC_VerifyFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
CK_RV FC_VerifyRecoverInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
CK_RV FC_VerifyRecover (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pusDataLen)
CK_RV FC_GenerateKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
CK_RV FC_WrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
CK_RV FC_UnwrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
CK_RV FC_DeriveKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
CK_RV FC_SeedRandom (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG usSeedLen)
CK_RV FC_GenerateRandom (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
CK_RV FC_GetFunctionStatus (CK_SESSION_HANDLE hSession)
CK_RV FC_CancelFunction (CK_SESSION_HANDLE hSession)
CK_RV FC_GetOperationState (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
CK_RV FC_SetOperationState (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
CK_RV FC_FindObjectsFinal (CK_SESSION_HANDLE hSession)
CK_RV FC_DigestEncryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
CK_RV FC_DecryptDigestUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
CK_RV FC_SignEncryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
CK_RV FC_DecryptVerifyUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
CK_RV FC_DigestKey (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
CK_RV FC_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)

Variables

static PRBool isLoggedIn = PR_FALSE
PRBool sftk_fatalError = PR_FALSE
static CK_FUNCTION_LIST sftk_fipsTable
PRBool sftk_audit_enabled = PR_FALSE
PRBool nsf_init = PR_FALSE

Define Documentation

#define __PASTE (   x,
  y 
)    x##y

Definition at line 258 of file fipstokn.c.

Definition at line 274 of file fipstokn.c.

Definition at line 274 of file fipstokn.c.

Definition at line 273 of file fipstokn.c.

Definition at line 273 of file fipstokn.c.

Definition at line 273 of file fipstokn.c.

Definition at line 299 of file fipstokn.c.

Value:
CK_RV rv; \
    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;

Definition at line 234 of file fipstokn.c.

Definition at line 238 of file fipstokn.c.

#define SFTK_IS_KEY_OBJECT (   objClass)
Value:
(((objClass) == CKO_PUBLIC_KEY) || \
    ((objClass) == CKO_PRIVATE_KEY) || \
    ((objClass) == CKO_SECRET_KEY))

Definition at line 301 of file fipstokn.c.

#define SFTK_IS_NONPUBLIC_KEY_OBJECT (   objClass)    (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY))

Definition at line 306 of file fipstokn.c.


Function Documentation

Definition at line 1314 of file fipstokn.c.

                                                     {
    SFTK_FIPSCHECK();
    return NSC_CancelFunction(hSession);
}

Here is the call graph for this function:

Definition at line 625 of file fipstokn.c.

                                               {
    return NSC_CloseAllSessions (slotID);
}

Here is the call graph for this function:

Definition at line 619 of file fipstokn.c.

                                                   {
    return NSC_CloseSession(hSession);
}

Here is the call graph for this function:

CK_RV FC_CopyObject ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phNewObject 
)

Definition at line 716 of file fipstokn.c.

                                                                     {
    CK_RV rv;
    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
    if (rv == CKR_OK) {
       rv = NSC_CopyObject(hSession,hObject,pTemplate,ulCount,phNewObject);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
       sftk_AuditCopyObject(hSession,
           hObject,pTemplate,ulCount,phNewObject,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_CreateObject ( CK_SESSION_HANDLE  hSession,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phObject 
)

Definition at line 691 of file fipstokn.c.

                                                                  {
    CK_OBJECT_CLASS * classptr;
    SFTK_FIPSCHECK();
    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
    if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;

    /* FIPS can't create keys from raw key material */
    if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
       rv = CKR_ATTRIBUTE_VALUE_INVALID;
    } else {
       rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) {
       sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_Decrypt ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pEncryptedData,
CK_ULONG  usEncryptedDataLen,
CK_BYTE_PTR  pData,
CK_ULONG_PTR  pusDataLen 
)

Definition at line 911 of file fipstokn.c.

                                                                   {
    SFTK_FIPSCHECK();
    return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
                                                        pusDataLen);
}

Here is the call graph for this function:

CK_RV FC_DecryptDigestUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pEncryptedPart,
CK_ULONG  ulEncryptedPartLen,
CK_BYTE_PTR  pPart,
CK_ULONG_PTR  pulPartLen 
)

Definition at line 1365 of file fipstokn.c.

                                                                         {

    SFTK_FIPSCHECK();
    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
                            pPart,pulPartLen);
}

Here is the call graph for this function:

CK_RV FC_DecryptFinal ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pLastPart,
CK_ULONG_PTR  pusLastPartLen 
)

Definition at line 931 of file fipstokn.c.

                                                        {
    SFTK_FIPSCHECK();
    return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
}

Here is the call graph for this function:

Definition at line 900 of file fipstokn.c.

                                                                          {
    SFTK_FIPSCHECK();
    rv = NSC_DecryptInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("Decrypt",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_DecryptUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pEncryptedPart,
CK_ULONG  usEncryptedPartLen,
CK_BYTE_PTR  pPart,
CK_ULONG_PTR  pusPartLen 
)

Definition at line 921 of file fipstokn.c.

                                                                        {
    SFTK_FIPSCHECK();
    return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
                                                 pPart,pusPartLen);
}

Here is the call graph for this function:

CK_RV FC_DecryptVerifyUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pEncryptedData,
CK_ULONG  ulEncryptedDataLen,
CK_BYTE_PTR  pData,
CK_ULONG_PTR  pulDataLen 
)

Definition at line 1387 of file fipstokn.c.

                                                                         {

    SFTK_FIPSCHECK();
    return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, 
                            pData,pulDataLen);
}

Here is the call graph for this function:

CK_RV FC_DeriveKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hBaseKey,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulAttributeCount,
CK_OBJECT_HANDLE_PTR  phKey 
)

Definition at line 1236 of file fipstokn.c.

                                                                      {
    CK_BBOOL *boolptr;

    SFTK_FIPSCHECK();

    /* all secret keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
                                   ulAttributeCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
       if (!(*boolptr)) {
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }
    }
    rv = NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
                     ulAttributeCount, phKey);
    if (sftk_audit_enabled) {
       sftk_AuditDeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
                     ulAttributeCount,phKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

Definition at line 735 of file fipstokn.c.

                                                                    {
    CK_RV rv;
    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
    if (rv == CKR_OK) {
       rv = NSC_DestroyObject(hSession,hObject);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
       sftk_AuditDestroyObject(hSession,hObject,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_Digest ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pData,
CK_ULONG  usDataLen,
CK_BYTE_PTR  pDigest,
CK_ULONG_PTR  pusDigestLen 
)

Definition at line 951 of file fipstokn.c.

                                                                     {
    SFTK_FIPSFATALCHECK();
    return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
}

Here is the call graph for this function:

CK_RV FC_DigestEncryptUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  ulPartLen,
CK_BYTE_PTR  pEncryptedPart,
CK_ULONG_PTR  pulEncryptedPartLen 
)

Definition at line 1354 of file fipstokn.c.

                                                                      {
    SFTK_FIPSCHECK();
    return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
                                    pulEncryptedPartLen);
}

Here is the call graph for this function:

CK_RV FC_DigestFinal ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pDigest,
CK_ULONG_PTR  pusDigestLen 
)

Definition at line 968 of file fipstokn.c.

                                                                     {
    SFTK_FIPSFATALCHECK();
    return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
}

Here is the call graph for this function:

CK_RV FC_DigestInit ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism 
)

Definition at line 943 of file fipstokn.c.

                                                                {
    SFTK_FIPSFATALCHECK();
    return NSC_DigestInit(hSession, pMechanism);
}

Here is the call graph for this function:

Definition at line 1400 of file fipstokn.c.

                                                                      {
    SFTK_FIPSCHECK();
    rv = NSC_DigestKey(hSession,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditDigestKey(hSession,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_DigestUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  usPartLen 
)

Definition at line 960 of file fipstokn.c.

                                                           {
    SFTK_FIPSFATALCHECK();
    return NSC_DigestUpdate(hSession,pPart,usPartLen);
}

Here is the call graph for this function:

CK_RV FC_Encrypt ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pData,
CK_ULONG  usDataLen,
CK_BYTE_PTR  pEncryptedData,
CK_ULONG_PTR  pusEncryptedDataLen 
)

Definition at line 866 of file fipstokn.c.

                                                                      {
    SFTK_FIPSCHECK();
    return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
                                                 pusEncryptedDataLen);
}

Here is the call graph for this function:

CK_RV FC_EncryptFinal ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pLastEncryptedPart,
CK_ULONG_PTR  pusLastEncryptedPartLen 
)

Definition at line 886 of file fipstokn.c.

                                                                          {

    SFTK_FIPSCHECK();
    return NSC_EncryptFinal(hSession,pLastEncryptedPart,
                                          pusLastEncryptedPartLen);
}

Here is the call graph for this function:

Definition at line 855 of file fipstokn.c.

                                                                   {
    SFTK_FIPSCHECK();
    rv = NSC_EncryptInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("Encrypt",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_EncryptUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  usPartLen,
CK_BYTE_PTR  pEncryptedPart,
CK_ULONG_PTR  pusEncryptedPartLen 
)

Definition at line 876 of file fipstokn.c.

                                                                     {
    SFTK_FIPSCHECK();
    return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
                                          pusEncryptedPartLen);
}

Here is the call graph for this function:

CK_RV FC_Finalize ( CK_VOID_PTR  pReserved)

Definition at line 485 of file fipstokn.c.

                                          {
   CK_RV crv;
   if (!nsf_init) {
      return CKR_OK;
   }
   crv = nsc_CommonFinalize (pReserved, PR_TRUE);
   nsf_init = (PRBool) !(crv == CKR_OK);
   return crv;
}

Here is the call graph for this function:

CK_RV FC_FindObjects ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE_PTR  phObject,
CK_ULONG  usMaxObjectCount,
CK_ULONG_PTR  pusObjectCount 
)

Definition at line 840 of file fipstokn.c.

                                                                {
    /* let publically readable object be found */
    SFTK_FIPSFATALCHECK();
    return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
                                                 pusObjectCount);
}

Here is the call graph for this function:

Definition at line 1343 of file fipstokn.c.

                                                      {
    /* let publically readable object be found */
    SFTK_FIPSFATALCHECK();
    return NSC_FindObjectsFinal(hSession);
}

Here is the call graph for this function:

CK_RV FC_FindObjectsInit ( CK_SESSION_HANDLE  hSession,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  usCount 
)

Definition at line 805 of file fipstokn.c.

                                                                  {
    /* let publically readable object be found */
    unsigned int i;
    CK_RV rv;
    PRBool needLogin = PR_FALSE;

    SFTK_FIPSFATALCHECK();

    for (i=0; i < usCount; i++) {
       CK_OBJECT_CLASS class;
       if (pTemplate[i].type != CKA_CLASS) {
           continue;
       }
       if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
           continue;
       }
       if (pTemplate[i].pValue == NULL) {
           continue;
       }
       class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
       if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
           needLogin = PR_TRUE;
           break;
       }
    }
    if (needLogin) {
       if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
    }
    return NSC_FindObjectsInit(hSession,pTemplate,usCount);
}

Here is the call graph for this function:

CK_RV FC_GenerateKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phKey 
)

Definition at line 1129 of file fipstokn.c.

                                                                      {
    CK_BBOOL *boolptr;

    SFTK_FIPSCHECK();

    /* all secret keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
       if (!(*boolptr)) {
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }
    }

    rv = NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
    if (sftk_audit_enabled) {
       sftk_AuditGenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_GenerateKeyPair ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_ATTRIBUTE_PTR  pPublicKeyTemplate,
CK_ULONG  usPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR  pPrivateKeyTemplate,
CK_ULONG  usPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR  phPublicKey,
CK_OBJECT_HANDLE_PTR  phPrivateKey 
)

Definition at line 1155 of file fipstokn.c.

                                                                      {
    CK_BBOOL *boolptr;
    CK_RV crv;

    SFTK_FIPSCHECK();

    /* all private keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate, 
                            usPrivateKeyAttributeCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
       if (!(*boolptr)) {
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }
    }
    crv = NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate,
              usPublicKeyAttributeCount,pPrivateKeyTemplate,
              usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
    if (crv == CKR_GENERAL_ERROR) {
       /* pairwise consistency check failed. */
       sftk_fatalError = PR_TRUE;
    }
    if (sftk_audit_enabled) {
       sftk_AuditGenerateKeyPair(hSession,pMechanism,pPublicKeyTemplate,
              usPublicKeyAttributeCount,pPrivateKeyTemplate,
              usPrivateKeyAttributeCount,phPublicKey,phPrivateKey,crv);
    }
    return crv;
}

Here is the call graph for this function:

CK_RV FC_GenerateRandom ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pRandomData,
CK_ULONG  ulRandomLen 
)

Definition at line 1282 of file fipstokn.c.

                                                        {
    CK_RV crv;

    SFTK_FIPSFATALCHECK();
    crv = NSC_GenerateRandom(hSession,pRandomData,ulRandomLen);
    if (crv != CKR_OK) {
       sftk_fatalError = PR_TRUE;
       if (sftk_audit_enabled) {
           char msg[128];
           PR_snprintf(msg,sizeof msg,
                     "C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, "
                     "ulRandomLen=%lu)=0x%08lX "
                     "self-test: continuous RNG test failed",
                     (PRUint32)hSession,pRandomData,
                     (PRUint32)ulRandomLen,(PRUint32)crv);
           sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
       }
    }
    return crv;
}

Here is the call graph for this function:

void* fc_getAttribute ( CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 244 of file fipstokn.c.

{
    int i;

    for (i=0; i < (int) ulCount; i++) {
       if (pTemplate[i].type == type) {
           return pTemplate[i].pValue;
       }
    }
    return NULL;
}
CK_RV FC_GetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount 
)

Definition at line 769 of file fipstokn.c.

                                                                       {
    CK_RV rv;
    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
    if (rv == CKR_OK) {
       rv = NSC_GetAttributeValue(hSession,hObject,pTemplate,ulCount);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
       sftk_AuditGetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
    }
    return rv;
}

Here is the call graph for this function:

Definition at line 434 of file fipstokn.c.

                                                              {
    *pFunctionList = &sftk_fipsTable;
    return CKR_OK;
}

Definition at line 1307 of file fipstokn.c.

                                                        {
    SFTK_FIPSCHECK();
    return NSC_GetFunctionStatus(hSession);
}

Here is the call graph for this function:

Definition at line 497 of file fipstokn.c.

                                     {
    return NSC_GetInfo(pInfo);
}

Here is the call graph for this function:

Definition at line 539 of file fipstokn.c.

                                                                {
    SFTK_FIPSFATALCHECK();
    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
    /* FIPS Slot supports all functions */
    return NSC_GetMechanismInfo(slotID,type,pInfo);
}

Here is the call graph for this function:

CK_RV FC_GetMechanismList ( CK_SLOT_ID  slotID,
CK_MECHANISM_TYPE_PTR  pMechanismList,
CK_ULONG_PTR  pusCount 
)

Definition at line 528 of file fipstokn.c.

                                                                    {
    SFTK_FIPSFATALCHECK();
    if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
    /* FIPS Slot supports all functions */
    return NSC_GetMechanismList(slotID,pMechanismList,pusCount);
}

Here is the call graph for this function:

CK_RV FC_GetObjectSize ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ULONG_PTR  pulSize 
)

Definition at line 752 of file fipstokn.c.

                                                                     {
    CK_RV rv;
    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
    if (rv == CKR_OK) {
       rv = NSC_GetObjectSize(hSession, hObject, pulSize);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
       sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_GetOperationState ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pOperationState,
CK_ULONG_PTR  pulOperationStateLen 
)

Definition at line 1325 of file fipstokn.c.

                                                                        {
    SFTK_FIPSFATALCHECK();
    return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
}

Here is the call graph for this function:

Definition at line 631 of file fipstokn.c.

                                                                     {
    CK_RV rv;
    SFTK_FIPSFATALCHECK();

    rv = NSC_GetSessionInfo(hSession,pInfo);
    if (rv == CKR_OK) {
       if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
              pInfo->state = CKS_RO_USER_FUNCTIONS;
       }
       if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
              pInfo->state = CKS_RW_USER_FUNCTIONS;
       }
    }
    return rv;
}

Here is the call graph for this function:

Definition at line 509 of file fipstokn.c.

                                                                {
    return NSC_GetSlotInfo(slotID,pInfo);
}

Here is the call graph for this function:

CK_RV FC_GetSlotList ( CK_BBOOL  tokenPresent,
CK_SLOT_ID_PTR  pSlotList,
CK_ULONG_PTR  pulCount 
)

Definition at line 502 of file fipstokn.c.

                                                                      {
    return nsc_CommonGetSlotList(tokenPresent,pSlotList,pulCount,
                                                  NSC_FIPS_MODULE);
}

Here is the call graph for this function:

Definition at line 515 of file fipstokn.c.

                                                                  {
    CK_RV crv;

    crv = NSC_GetTokenInfo(slotID,pInfo);
    if (crv == CKR_OK) 
       pInfo->flags |= CKF_LOGIN_REQUIRED;
    return crv;

}

Here is the call graph for this function:

Definition at line 443 of file fipstokn.c.

                                           {
    const char *envp;
    CK_RV crv;

    if (nsf_init) {
       return CKR_CRYPTOKI_ALREADY_INITIALIZED;
    }

    if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
       sftk_audit_enabled = (atoi(envp) == 1);
    }

    crv = nsc_CommonInitialize(pReserved, PR_TRUE);

    /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
    if (crv != CKR_OK) {
       sftk_fatalError = PR_TRUE;
       return crv;
    }

    sftk_fatalError = PR_FALSE; /* any error has been reset */

    crv = sftk_fipsPowerUpSelfTest();
    if (crv != CKR_OK) {
        nsc_CommonFinalize(NULL, PR_TRUE);
       sftk_fatalError = PR_TRUE;
       if (sftk_audit_enabled) {
           char msg[128];
           PR_snprintf(msg,sizeof msg,
                     "C_Initialize()=0x%08lX "
                     "power-up self-tests failed",
                     (PRUint32)crv);
           sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
       }
       return crv;
    }
    nsf_init = PR_TRUE;

    return CKR_OK;
}

Here is the call graph for this function:

CK_RV FC_InitPIN ( CK_SESSION_HANDLE  hSession,
CK_CHAR_PTR  pPin,
CK_ULONG  ulPinLen 
)

Definition at line 569 of file fipstokn.c.

                                                                        {
    CK_RV rv;
    if (sftk_fatalError) return CKR_DEVICE_ERROR;
    if ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK) {
       rv = NSC_InitPIN(hSession,pPin,ulPinLen);
    }
    if (sftk_audit_enabled) {
       char msg[128];
       NSSAuditSeverity severity = (rv == CKR_OK) ?
              NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
       PR_snprintf(msg,sizeof msg,
              "C_InitPIN(hSession=0x%08lX)=0x%08lX",
              (PRUint32)hSession,(PRUint32)rv);
       sftk_LogAuditMessage(severity, msg);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_InitToken ( CK_SLOT_ID  slotID,
CK_CHAR_PTR  pPin,
CK_ULONG  usPinLen,
CK_CHAR_PTR  pLabel 
)

Definition at line 549 of file fipstokn.c.

                                                                  {
    CK_RV crv;

    crv = NSC_InitToken(slotID,pPin,usPinLen,pLabel);
    if (sftk_audit_enabled) {
       char msg[128];
       NSSAuditSeverity severity = (crv == CKR_OK) ?
              NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
       /* pLabel points to a 32-byte label, which is not null-terminated */
       PR_snprintf(msg,sizeof msg,
              "C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
              (PRUint32)slotID,pLabel,(PRUint32)crv);
       sftk_LogAuditMessage(severity, msg);
    }
    return crv;
}

Here is the call graph for this function:

CK_RV FC_Login ( CK_SESSION_HANDLE  hSession,
CK_USER_TYPE  userType,
CK_CHAR_PTR  pPin,
CK_ULONG  usPinLen 
)

Definition at line 649 of file fipstokn.c.

                                                                     {
    CK_RV rv;
    PRBool successful;
    if (sftk_fatalError) return CKR_DEVICE_ERROR;
    rv = NSC_Login(hSession,userType,pPin,usPinLen);
    successful = (rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN);
    if (successful)
       isLoggedIn = PR_TRUE;
    if (sftk_audit_enabled) {
       char msg[128];
       NSSAuditSeverity severity;
       severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
       PR_snprintf(msg,sizeof msg,
                  "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
                  (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
       sftk_LogAuditMessage(severity, msg);
    }
    return rv;
}

Here is the call graph for this function:

Definition at line 671 of file fipstokn.c.

                                             {
    CK_RV rv;
    if ((rv = sftk_fipsCheck()) == CKR_OK) {
       rv = NSC_Logout(hSession);
       isLoggedIn = PR_FALSE;
    }
    if (sftk_audit_enabled) {
       char msg[128];
       NSSAuditSeverity severity = (rv == CKR_OK) ?
              NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
       PR_snprintf(msg,sizeof msg,
                  "C_Logout(hSession=0x%08lX)=0x%08lX",
                  (PRUint32)hSession,(PRUint32)rv);
       sftk_LogAuditMessage(severity, msg);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_OpenSession ( CK_SLOT_ID  slotID,
CK_FLAGS  flags,
CK_VOID_PTR  pApplication,
CK_NOTIFY  Notify,
CK_SESSION_HANDLE_PTR  phSession 
)

Definition at line 611 of file fipstokn.c.

                                                                              {
    SFTK_FIPSFATALCHECK();
    return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
}

Here is the call graph for this function:

CK_RV FC_SeedRandom ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pSeed,
CK_ULONG  usSeedLen 
)

Definition at line 1268 of file fipstokn.c.

                        {
    CK_RV crv;

    SFTK_FIPSFATALCHECK();
    crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
    if (crv != CKR_OK) {
       sftk_fatalError = PR_TRUE;
    }
    return crv;
}

Here is the call graph for this function:

CK_RV FC_SetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount 
)

Definition at line 786 of file fipstokn.c.

                                                                       {
    CK_RV rv;
    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
    SFTK_FIPSFATALCHECK();
    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
    if (rv == CKR_OK) {
       rv = NSC_SetAttributeValue(hSession,hObject,pTemplate,ulCount);
    }
    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
       sftk_AuditSetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_SetOperationState ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pOperationState,
CK_ULONG  ulOperationStateLen,
CK_OBJECT_HANDLE  hEncryptionKey,
CK_OBJECT_HANDLE  hAuthenticationKey 
)

Definition at line 1334 of file fipstokn.c.

                                                                              {
    SFTK_FIPSFATALCHECK();
    return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
                                   hEncryptionKey,hAuthenticationKey);
}

Here is the call graph for this function:

CK_RV FC_SetPIN ( CK_SESSION_HANDLE  hSession,
CK_CHAR_PTR  pOldPin,
CK_ULONG  usOldLen,
CK_CHAR_PTR  pNewPin,
CK_ULONG  usNewLen 
)

Definition at line 591 of file fipstokn.c.

                                                               {
    CK_RV rv;
    if ((rv = sftk_fipsCheck()) == CKR_OK &&
       (rv = sftk_newPinCheck(pNewPin,usNewLen)) == CKR_OK) {
       rv = NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
    }
    if (sftk_audit_enabled) {
       char msg[128];
       NSSAuditSeverity severity = (rv == CKR_OK) ?
              NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
       PR_snprintf(msg,sizeof msg,
              "C_SetPIN(hSession=0x%08lX)=0x%08lX",
              (PRUint32)hSession,(PRUint32)rv);
       sftk_LogAuditMessage(severity, msg);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_Sign ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pData,
CK_ULONG  usDataLen,
CK_BYTE_PTR  pSignature,
CK_ULONG_PTR  pusSignatureLen 
)

Definition at line 996 of file fipstokn.c.

                                                                 {
    SFTK_FIPSCHECK();
    return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
}

Here is the call graph for this function:

CK_RV FC_SignEncryptUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  ulPartLen,
CK_BYTE_PTR  pEncryptedPart,
CK_ULONG_PTR  pulEncryptedPartLen 
)

Definition at line 1376 of file fipstokn.c.

                                                                      {

    SFTK_FIPSCHECK();
    return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
                                    pulEncryptedPartLen);
}

Here is the call graph for this function:

CK_RV FC_SignFinal ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pSignature,
CK_ULONG_PTR  pusSignatureLen 
)

Definition at line 1016 of file fipstokn.c.

                                                                     {
    SFTK_FIPSCHECK();
    return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
}

Here is the call graph for this function:

CK_RV FC_SignInit ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hKey 
)

Definition at line 982 of file fipstokn.c.

                                                                   {
    SFTK_FIPSCHECK();
    rv = NSC_SignInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("Sign",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_SignRecover ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pData,
CK_ULONG  usDataLen,
CK_BYTE_PTR  pSignature,
CK_ULONG_PTR  pusSignatureLen 
)

Definition at line 1042 of file fipstokn.c.

                                                                            {
    SFTK_FIPSCHECK();
    return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
}

Here is the call graph for this function:

Definition at line 1028 of file fipstokn.c.

                                                                         {
    SFTK_FIPSCHECK();
    rv = NSC_SignRecoverInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("SignRecover",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_SignUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  usPartLen 
)

Definition at line 1007 of file fipstokn.c.

                                                                     {
    SFTK_FIPSCHECK();
    return NSC_SignUpdate(hSession,pPart,usPartLen);
}

Here is the call graph for this function:

CK_RV FC_UnwrapKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hUnwrappingKey,
CK_BYTE_PTR  pWrappedKey,
CK_ULONG  ulWrappedKeyLen,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulAttributeCount,
CK_OBJECT_HANDLE_PTR  phKey 
)

Definition at line 1207 of file fipstokn.c.

                                                                       {
    CK_BBOOL *boolptr;

    SFTK_FIPSCHECK();

    /* all secret keys must be sensitive, if the upper level code tries to say
     * otherwise, reject it. */
    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
                                   ulAttributeCount, CKA_SENSITIVE);
    if (boolptr != NULL) {
       if (!(*boolptr)) {
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }
    }
    rv = NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
                     ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey);
    if (sftk_audit_enabled) {
       sftk_AuditUnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
                     ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_Verify ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pData,
CK_ULONG  usDataLen,
CK_BYTE_PTR  pSignature,
CK_ULONG  usSignatureLen 
)

Definition at line 1069 of file fipstokn.c.

                                                                         {
    /* make sure we're legal */
    SFTK_FIPSCHECK();
    return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
}

Here is the call graph for this function:

CK_RV FC_VerifyFinal ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pSignature,
CK_ULONG  usSignatureLen 
)

Definition at line 1089 of file fipstokn.c.

                                                                     {
    SFTK_FIPSCHECK();
    return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
}

Here is the call graph for this function:

CK_RV FC_VerifyInit ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hKey 
)

Definition at line 1055 of file fipstokn.c.

                                                                           {
    SFTK_FIPSCHECK();
    rv = NSC_VerifyInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("Verify",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_VerifyRecover ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pSignature,
CK_ULONG  usSignatureLen,
CK_BYTE_PTR  pData,
CK_ULONG_PTR  pusDataLen 
)

Definition at line 1116 of file fipstokn.c.

                                                                       {
    SFTK_FIPSCHECK();
    return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
                                                        pusDataLen);
}

Here is the call graph for this function:

Definition at line 1102 of file fipstokn.c.

                                                                        {
    SFTK_FIPSCHECK();
    rv = NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
    if (sftk_audit_enabled) {
       sftk_AuditCryptInit("VerifyRecover",hSession,pMechanism,hKey,rv);
    }
    return rv;
}

Here is the call graph for this function:

CK_RV FC_VerifyUpdate ( CK_SESSION_HANDLE  hSession,
CK_BYTE_PTR  pPart,
CK_ULONG  usPartLen 
)

Definition at line 1080 of file fipstokn.c.

                                                              {
    SFTK_FIPSCHECK();
    return NSC_VerifyUpdate(hSession,pPart,usPartLen);
}

Here is the call graph for this function:

CK_RV FC_WaitForSlotEvent ( CK_FLAGS  flags,
CK_SLOT_ID_PTR  pSlot,
CK_VOID_PTR  pReserved 
)

Definition at line 1410 of file fipstokn.c.

{
    return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
}

Here is the call graph for this function:

CK_RV FC_WrapKey ( CK_SESSION_HANDLE  hSession,
CK_MECHANISM_PTR  pMechanism,
CK_OBJECT_HANDLE  hWrappingKey,
CK_OBJECT_HANDLE  hKey,
CK_BYTE_PTR  pWrappedKey,
CK_ULONG_PTR  pulWrappedKeyLen 
)

Definition at line 1191 of file fipstokn.c.

                                                                   {
    SFTK_FIPSCHECK();
    rv = NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
                                                 pulWrappedKeyLen);
    if (sftk_audit_enabled) {
       sftk_AuditWrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
                                                 pulWrappedKeyLen,rv);
    }
    return rv;
}

Here is the call graph for this function:

static CK_RV sftk_fipsCheck ( void  ) [static]

Definition at line 225 of file fipstokn.c.

Here is the caller graph for this function:

static CK_RV sftk_get_object_class_and_fipsCheck ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_OBJECT_CLASS pObjClass 
) [static]

Definition at line 310 of file fipstokn.c.

{
    CK_RV rv;
    CK_ATTRIBUTE class; 
    class.type = CKA_CLASS;
    class.pValue = pObjClass;
    class.ulValueLen = sizeof(*pObjClass);
    rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
    if ((rv == CKR_OK) && SFTK_IS_NONPUBLIC_KEY_OBJECT(*pObjClass)) {
       rv = sftk_fipsCheck();
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void sftk_LogAuditMessage ( NSSAuditSeverity  severity,
const char *  msg 
)

Definition at line 348 of file fipstokn.c.

{
#ifdef NSS_AUDIT_WITH_SYSLOG
    int level;

    switch (severity) {
    case NSS_AUDIT_ERROR:
       level = LOG_ERR;
       break;
    case NSS_AUDIT_WARNING:
       level = LOG_WARNING;
       break;
    default:
       level = LOG_INFO;
       break;
    }
    /* timestamp is provided by syslog in the message header */
    syslog(level | LOG_USER /* facility */,
          "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s",
          (int)getpid(), (int)getuid(), msg);
#ifdef LINUX
    if (pthread_once(&libaudit_once_control, libaudit_init) != 0) {
       return;
    }
    if (libaudit_handle) {
       int audit_fd;
       int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
       char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
       if (!message) {
           return;
       }
       audit_fd = audit_open_func();
       if (audit_fd < 0) {
           PR_smprintf_free(message);
           return;
       }
       if (audit_log_user_message_func) {
           audit_log_user_message_func(audit_fd, AUDIT_USER, message,
                                   NULL, NULL, NULL, result);
       } else {
           audit_send_user_message_func(audit_fd, AUDIT_USER, message);
       }
       audit_close_func(audit_fd);
       PR_smprintf_free(message);
    }
#endif /* LINUX */
#ifdef SOLARIS
    {
        int rd;
        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);

        if (!message) {
            return;
        }

        /* open the record descriptor */
        if ((rd = au_open()) == -1) {
            PR_smprintf_free(message);
            return;
        }

        /* write the audit tokens to the audit record */
        if (au_write(rd, au_to_text(message))) {
            (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT);
            PR_smprintf_free(message);
            return;
        }

        /* close the record and send it to the audit trail */
        (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT);

        PR_smprintf_free(message);
    }
#endif /* SOLARIS */
#else
    /* do nothing */
#endif
}

Here is the call graph for this function:

static CK_RV sftk_newPinCheck ( CK_CHAR_PTR  pPin,
CK_ULONG  ulPinLen 
) [static]

Definition at line 151 of file fipstokn.c.

                                                                   {
    unsigned int i;
    int nchar = 0;      /* number of characters */
    int ntrail = 0;     /* number of trailing bytes to follow */
    int ndigit = 0;     /* number of decimal digits */
    int nlower = 0;     /* number of ASCII lowercase letters */
    int nupper = 0;     /* number of ASCII uppercase letters */
    int nnonalnum = 0;  /* number of ASCII non-alphanumeric characters */
    int nnonascii = 0;  /* number of non-ASCII characters */
    int nclass;         /* number of character classes */

    for (i = 0; i < ulPinLen; i++) {
       unsigned int byte = pPin[i];

       if (ntrail) {
           if ((byte & 0xc0) != 0x80) {
              /* illegal */
              nchar = -1;
              break;
           }
           if (--ntrail == 0) {
              nchar++;
              nnonascii++;
           }
           continue;
       }
       if ((byte & 0x80) == 0x00) {
           /* single-byte (ASCII) character */
           nchar++;
           if (isdigit(byte)) {
              if (i < ulPinLen - 1) {
                  ndigit++;
              }
           } else if (islower(byte)) {
              nlower++;
           } else if (isupper(byte)) {
              if (i > 0) {
                  nupper++;
              }
           } else {
              nnonalnum++;
           }
       } else if ((byte & 0xe0) == 0xc0) {
           /* leading byte of two-byte character */
           ntrail = 1;
       } else if ((byte & 0xf0) == 0xe0) {
           /* leading byte of three-byte character */
           ntrail = 2;
       } else if ((byte & 0xf8) == 0xf0) {
           /* leading byte of four-byte character */
           ntrail = 3;
       } else {
           /* illegal */
           nchar = -1;
           break;
       }
    }
    if (nchar == -1) {
       /* illegal UTF8 string */
       return CKR_PIN_INVALID;
    }
    if (nchar < FIPS_MIN_PIN) {
       return CKR_PIN_LEN_RANGE;
    }
    nclass = (ndigit != 0) + (nlower != 0) + (nupper != 0) +
            (nnonalnum != 0) + (nnonascii != 0);
    if (nclass < 3) {
       return CKR_PIN_LEN_RANGE;
    }
    return CKR_OK;
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 127 of file fipstokn.c.

Definition at line 440 of file fipstokn.c.

Definition at line 331 of file fipstokn.c.

Definition at line 128 of file fipstokn.c.

Definition at line 279 of file fipstokn.c.