diff options
author | Stef Walter <stef@memberwebs.com> | 2008-12-09 20:59:55 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2008-12-09 20:59:55 +0000 |
commit | ae56e5c788e3ed6c60d98d445574d3042aaae24f (patch) | |
tree | 9b3acb30fbdfd9e791c81dafb895fd92b396ebfd /p11-capi-session.c | |
parent | 398b05acabebf6d882c0aaa94a4dfd3f5d6431d4 (diff) |
Move into module folder
Diffstat (limited to 'p11-capi-session.c')
-rw-r--r-- | p11-capi-session.c | 983 |
1 files changed, 0 insertions, 983 deletions
diff --git a/p11-capi-session.c b/p11-capi-session.c deleted file mode 100644 index e921875..0000000 --- a/p11-capi-session.c +++ /dev/null @@ -1,983 +0,0 @@ -/* - * Copyright (C) 2007 Stef Walter - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - */ - -#include <stdlib.h> - -#include "p11-capi.h" -#include "p11-capi-builtin.h" -#include "p11-capi-cert.h" -#include "p11-capi-key.h" -#include "p11-capi-object.h" -#include "p11-capi-rsa.h" -#include "p11-capi-session.h" -#include "p11-capi-token.h" -#include "p11-capi-trust.h" - -/* For operation_type in P11cSession */ -enum -{ - OPERATION_NONE, - OPERATION_FIND, - OPERATION_SIGN, - OPERATION_DECRYPT -}; - -static P11cArray* all_sessions = NULL; - -static void -object_data_release(P11cObjectData* objdata) -{ - ASSERT(objdata->data_funcs); - ASSERT(objdata->data_funcs->release); - (objdata->data_funcs->release)(objdata); -} - -CK_RV -p11c_session_create(CK_SLOT_ID slot, P11cSession** ret) -{ - P11cSession* sess; - const char *store; - DWORD err; - - sess = calloc(1, sizeof(P11cSession)); - if(!sess) - return CKR_HOST_MEMORY; - - sess->object_data = p11c_hash_new(NULL, NULL); - if(!sess->object_data) { - free(sess); - return CKR_HOST_MEMORY; - } - - sess->mutex = CreateMutex(NULL, FALSE, NULL); - if(!sess->mutex) { - p11c_hash_free(sess->object_data, NULL); - free(sess); - return CKR_HOST_MEMORY; - } - - store = p11c_token_get_store_name(slot); - if(store) - { - sess->store = CertOpenSystemStore((HCRYPTPROV)NULL, store); - if(sess->store == NULL) - { - err = GetLastError(); - - /* Store not found, we don't care */ - if(err != ERROR_FILE_NOT_FOUND) - { - p11c_hash_free(sess->object_data, NULL); - CloseHandle(sess->mutex); - free(sess); - return p11c_winerr_to_ckr(err); - } - } - } - - sess->slot = slot; - - DBGS(sess, "created"); - - *ret = sess; - return CKR_OK; -} - -CK_RV -p11c_session_register(P11cSession* sess) -{ - P11cSession* blank = NULL; - CK_SESSION_HANDLE id = 0; - CK_RV ret = CKR_OK; - size_t i; - - ASSERT(sess); - ASSERT(sess->id == 0 && sess->refs == 0); - - DBGS(sess, "registering new session"); - - p11c_lock_global(); - - /* Find a nice session identifier */ - while(id == 0) { - - /* Allocate sessions properly */ - if(!all_sessions) - { - all_sessions = p11c_array_new(0, 1, sizeof(P11cSession*)); - if(!all_sessions) - { - ret = CKR_HOST_MEMORY; - break; - } - - /* A blank entry for '0' */ - p11c_array_append(all_sessions, blank); - - DBG(("allocated new session list")); - } - - /* - * PKCS#11 GRAY AREA: We're assuming we can reuse session - * handles. PKCS#11 spec says they're like file handles, - * and file handles get reused :) - */ - - /* Note we never put anything in array position '0' */ - for(i = 1; i < all_sessions->len; ++i) - { - /* Any empty position will do */ - if(!p11c_array_index(all_sessions, P11cSession*, i)) - { - id = i; - break; - } - } - - /* Couldn't find a handle, append a handle */ - if(id == 0) - { - id = all_sessions->len; - p11c_array_append(all_sessions, blank); - } - } - - if(ret == CKR_OK) - { - ASSERT(id > 0 && id < all_sessions->len); - ASSERT(!p11c_array_index(all_sessions, P11cSession*, id)); - - - /* And assign it to the session handle */ - p11c_array_index(all_sessions, P11cSession*, i) = sess; - sess->id = id; - - /* The session list reference */ - ASSERT(sess->refs == 0); - sess->refs++; - - DBGS(sess, "registered sesson id"); - } - - p11c_unlock_global(); - - return ret; -} - -void -p11c_session_destroy(P11cSession* sess) -{ - ASSERT(sess); - ASSERT(sess->refs == 0); - - /* Ask any pending operations to cleanup */ - if(sess->operation_type) - { - ASSERT(sess->operation_cancel); - (sess->operation_cancel)(sess); - } - - ASSERT(sess->operation_type == 0); - ASSERT(sess->operation_data == NULL); - ASSERT(sess->operation_cancel == NULL); - - if(sess->store) - CertCloseStore(sess->store, 0); - - /* Make all the object adat go away */ - ASSERT(sess->object_data != NULL); - p11c_hash_free(sess->object_data, object_data_release); - - /* And make the mutex go away */ - ASSERT(sess->mutex != NULL); - CloseHandle(sess->mutex); - - DBGS(sess, "destroyed"); - free(sess); -} - -void -p11c_session_get_info(P11cSession* sess, CK_SESSION_INFO_PTR info) -{ - ASSERT(sess); - ASSERT(info); - - info->slotID = sess->slot; - info->flags = CKF_SERIAL_SESSION; - if(sess->read_write) - info->flags |= CKF_RW_SESSION; - - if(p11c_token_is_logged_in(sess->slot)) - info->state = sess->read_write ? CKS_RW_USER_FUNCTIONS : CKS_RO_USER_FUNCTIONS; - else - info->state = sess->read_write ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION; - - /* TODO: We could implement some use of GetLastError() here */ - info->ulDeviceError = 0; -} - -static CK_RV -lock_ref_internal(P11cArray* sessions, CK_SESSION_HANDLE id, - BOOL remove, BOOL writable, P11cSession** sess_ret) -{ - P11cSession *sess; - DWORD r; - - ASSERT(sessions); - ASSERT(sess_ret); - - if(id >= sessions->len) - { - DBG(("invalid session id: %d", id)); - return CKR_SESSION_HANDLE_INVALID; - } - - /* A seemingly valid id */ - ASSERT(sessions); - sess = p11c_array_index(sessions, P11cSession*, id); - - if(!sess) - { - DBG(("session does not exist: %d", id)); - return CKR_SESSION_HANDLE_INVALID; - } - - /* Make sure it's the right kind of session */ - if(writable && !sess->read_write) - return CKR_SESSION_READ_ONLY; - - ASSERT(sess->id == id); - - /* Closing takes precedence over active operations */ - if(!remove) - { - /* - * An initial check is done to make sure this session is not active. - * This is done outside of the lock. The real check is done later - * inside a lock. This is so we can return quickly without blocking - * in most cases. - */ - - if(sess->in_call) - { - DBGS(sess, ("an operation is already active in this session")); - return CKR_OPERATION_ACTIVE; - } - } - - /* Lock the CallP11cSession */ - r = WaitForSingleObject(sess->mutex, INFINITE); - ASSERT(r == WAIT_OBJECT_0); - - /* Do the real check */ - if(!remove && sess->in_call) - { - ReleaseMutex(sess->mutex); - DBGS(sess, ("an operation is already active in this session")); - return CKR_OPERATION_ACTIVE; - } - - /* Make sure it doesn't go away */ - ASSERT(sess->refs > 0); - sess->refs++; - - DBGS(sess, "found and locked session"); - - /* And remove it if necessary */ - if(remove) - { - p11c_array_index(sessions, P11cSession*, id) = NULL; - - /* The session list reference */ - sess->refs--; - ASSERT(sess->refs > 0); - - DBGS(sess, "removed session from list"); - } - else - { - ASSERT(!sess->in_call); - sess->in_call = 1; - } - - *sess_ret = sess; - return CKR_OK; -} - -CK_RV -p11c_session_get_lock_ref(CK_ULONG id, BOOL writable, P11cSession **sess) -{ - /* This must be called without any locks held */ - - CK_RV ret = CKR_OK; - - ASSERT(sess); - - if(id <= 0) - { - DBG(("invalid session id passed: %d", id)); - return CKR_ARGUMENTS_BAD; - } - - p11c_lock_global(); - - ret = lock_ref_internal (all_sessions, id, FALSE, writable, sess); - - p11c_unlock_global(); - - return ret; -} - -CK_RV -p11c_session_remove_lock_ref(CK_ULONG id, P11cSession **sess) -{ - /* This must be called without any locks held */ - - CK_RV ret = CKR_OK; - - ASSERT(sess); - - if(id <= 0) - { - DBG(("invalid session id passed: %d", id)); - return CKR_ARGUMENTS_BAD; - } - - p11c_lock_global(); - - ret = lock_ref_internal (all_sessions, id, TRUE, FALSE, sess); - - p11c_unlock_global(); - - return ret; -} - -void -p11c_session_unref_unlock(P11cSession* sess) -{ - /* The CallP11cSession must be locked at this point */ - - int refs; - BOOL r; - - ASSERT(sess); - - ASSERT(sess->refs > 0); - sess->refs--; - refs = sess->refs; - - sess->in_call = 0; - - DBGS(sess, "unlocked session"); - - r = ReleaseMutex(sess->mutex); - ASSERT(r == TRUE); - - /* - * At this point if no references are held, then we can safely - * delete. No other thread should be involved. - */ - - if(refs == 0) - p11c_session_destroy(sess); -} - -CK_RV -p11c_session_close_all(CK_SLOT_ID slot) -{ - /* This must be called without any locks held */ - - P11cArray* sessions; - P11cSession *sess; - size_t i; - CK_RV ret = CKR_OK; - - /* - * PKCS#11 GRAY AREA: What happens when this gets called - * concurrently? We don't return an error on the second call, - * because by the time it returns, all sessions should be closed. - */ - - DBG(("closing all sessions for: %d", slot)); - - if(!all_sessions) - return CKR_OK; - - p11c_lock_global(); - - sessions = p11c_array_sized_new(0, 1, sizeof(P11cSession*), - all_sessions->len); - if(!sessions) - ret = CKR_HOST_MEMORY; - - /* Steal all the session data */ - if(ret == CKR_OK) - { - for(i = 0; i < all_sessions->len; ++i) - { - sess = p11c_array_index(all_sessions, P11cSession*, i); - if(sess && (slot == ((CK_SLOT_ID)-1) || sess->slot == slot)) - { - /* Steal this session */ - p11c_array_index(all_sessions, P11cSession*, i) = NULL; - } - else - { - /* Not a session we're interested in */ - sess = NULL; - } - - /* Both null and normal sessions are set to preserve indexes */ - p11c_array_append(sessions, sess); - } - - ASSERT(sessions->len == all_sessions->len); - } - - p11c_unlock_global(); - - if(ret != CKR_OK) - return ret; - - /* Close each session in turn */ - for(i = 0; i < sessions->len; ++i) - { - if(!p11c_array_index(sessions, P11cSession*, i)) - continue; - - /* We need any calls in other threads to finish, so wait here */ - if(lock_ref_internal(sessions, i, TRUE, FALSE, &sess) == CKR_OK) - p11c_session_unref_unlock(sess); - } - - /* We stole the memory above, free it now */ - p11c_array_free(sessions, 1); - return CKR_OK; -} - -void -p11c_session_cleanup_all() -{ - p11c_session_close_all((CK_SLOT_ID)-1); - - p11c_lock_global(); - - p11c_array_free(all_sessions, 1); - all_sessions = NULL; - - p11c_unlock_global(); -} - -/* ---------------------------------------------------------------------------- - * OBJECT DATA - */ - -CK_RV -p11c_session_get_object_data(P11cSession* sess, P11cObject* obj, - P11cObjectData** objdata) -{ - CK_OBJECT_HANDLE id; - P11cObjectData* newdata; - CK_RV ret; - - ASSERT(sess); - ASSERT(sess->object_data); - ASSERT(obj); - ASSERT(obj->obj_funcs); - ASSERT(obj->obj_funcs->load_data); - ASSERT(objdata); - - id = obj->id; - - *objdata = p11c_hash_get(sess->object_data, p11c_hash_key(id)); - if(*objdata) - return CKR_OK; - - ret = (obj->obj_funcs->load_data)(sess, obj, &newdata); - if(ret != CKR_OK) - return ret; - - newdata->object = id; - ASSERT(newdata->data_funcs); - - if(!p11c_hash_set(sess->object_data, p11c_hash_key(id), newdata)) - { - object_data_release(newdata); - return CKR_HOST_MEMORY; - } - - *objdata = newdata; - return CKR_OK; -} - -void -p11c_session_clear_object_data(P11cSession* sess, P11cObject* obj) -{ - P11cObjectData* objdata; - - ASSERT(sess); - ASSERT(sess->object_data); - ASSERT(obj); - - objdata = (P11cObjectData*)p11c_hash_rem(sess->object_data, p11c_hash_key(obj->id)); - if(objdata) - object_data_release(objdata); -} - -void -p11c_session_enum_object_data(P11cSession* sess, - P11cEnumObjectData enum_func, void* arg) -{ - CK_OBJECT_HANDLE i, max; - P11cObject* obj; - P11cObjectData* objdata; - - ASSERT(sess); - ASSERT(sess->object_data); - ASSERT(enum_func); - - max = p11c_token_get_max_handle(); - for(i = 0; i < max; ++i) - { - objdata = (P11cObjectData*)p11c_hash_get(sess->object_data, p11c_hash_key(i)); - if(!objdata) - continue; - - obj = p11c_token_lookup_object(sess->slot, i); - if(!obj) - continue; - - (enum_func)(sess, obj, objdata, arg); - } -} - -CK_RV -p11c_session_get_object_data_for(P11cSession* sess, CK_OBJECT_HANDLE hand, - P11cObjectData** objdata) -{ - P11cObject* obj; - - obj = p11c_token_lookup_object(sess->slot, hand); - if(!obj) - return CKR_OBJECT_HANDLE_INVALID; - - return p11c_session_get_object_data(sess, obj, objdata); -} - -void -p11c_session_take_object_data(P11cSession* sess, P11cObject* obj, - P11cObjectData* objdata) -{ - P11cObjectData* prev; - - ASSERT(obj); - ASSERT(sess); - ASSERT(sess->object_data); - - ASSERT(objdata); - objdata->object = obj->id; - - prev = p11c_hash_rem(sess->object_data, p11c_hash_key(obj->id)); - if(prev) - object_data_release(prev); - - if(!p11c_hash_set(sess->object_data, p11c_hash_key(obj->id), objdata)) - object_data_release(objdata); -} - - -/* ---------------------------------------------------------------------------- - * FIND OPERATION - */ - -static BOOL -get_ulong_attribute(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE_PTR templ, - CK_ULONG count, CK_ULONG* val) -{ - CK_ULONG i; - - ASSERT(val); - ASSERT(!count || templ); - - for(i = 0; i < count; ++i) - { - if(templ[i].type == type) - { - *val = *((CK_ULONG*)templ[i].pValue); - return TRUE; - } - } - - return FALSE; -} - -static CK_RV -gather_objects(P11cSession* sess, CK_ATTRIBUTE_PTR match, - CK_ULONG count, P11cArray* arr) -{ - CK_OBJECT_CLASS ocls = CKO_ANY; - CK_RV ret = CKR_OK; - - get_ulong_attribute(CKA_CLASS, match, count, &ocls); - - /* Search for builtins */ - ret = p11c_builtin_find(sess, ocls, match, count, arr); - if(ret != CKR_OK) - return ret; - - /* - * Search through certificates. - * - * We always do this search first. In Windows a lots hangs off - * the certificates. For example private keys are not contained - * in the same stores that certificates are in. There are a different - * set of key containers many of which can be used together - * with a certificate stored in any store. - * - * The trust objects we expose also depend on the certificates - * loaded. - */ - ret = p11c_cert_find(sess, ocls, match, count, arr); - if(ret != CKR_OK) - return ret; - - /* Search through trust objects */ - ret = p11c_trust_find(sess, ocls, match, count, arr); - if(ret != CKR_OK) - return ret; - - /* Search through key objects */ - ret = p11c_key_find(sess, ocls, match, count, arr); - if(ret != CKR_OK) - return ret; - - return ret; -} - -void -cleanup_find_operation(P11cSession* sess) -{ - ASSERT(sess->operation_type == OPERATION_FIND); - if(sess->operation_data) - p11c_array_free((P11cArray*)sess->operation_data, TRUE); - sess->operation_type = OPERATION_NONE; - sess->operation_data = NULL; - sess->operation_cancel = NULL; -} - -void -purge_duplicate_objects(P11cArray* arr) -{ - P11cHash* checks; - CK_OBJECT_HANDLE v; - size_t i; - - checks = p11c_hash_new(NULL, NULL); - if(!checks) - return; - - for(i = 0; i < arr->len; ) - { - v = p11c_array_index(arr, CK_OBJECT_HANDLE, i); - if(p11c_hash_get(checks, p11c_hash_key(v))) - { - p11c_array_remove_index(arr, i); - /* Look at same i again */ - } - else - { - if(!p11c_hash_set(checks, p11c_hash_key(v), arr)) - break; - ++i; - } - } - - p11c_hash_free(checks, NULL); -} - -CK_RV -p11c_session_find_init(P11cSession* sess, CK_ATTRIBUTE_PTR match, - CK_ULONG count) -{ - P11cArray* arr; - CK_RV ret; - - ASSERT(sess); - ASSERT(!count || match); - - if(sess->operation_type != OPERATION_NONE) - return CKR_OPERATION_ACTIVE; - - arr = p11c_array_new(0, 1, sizeof(CK_OBJECT_HANDLE)); - if(!arr) - return CKR_HOST_MEMORY; - - ret = gather_objects(sess, match, count, arr); - if(ret != CKR_OK) - { - p11c_array_free(arr, TRUE); - return ret; - } - - /* Cleanup all duplicates in the array */ - purge_duplicate_objects(arr); - - sess->operation_type = OPERATION_FIND; - sess->operation_data = arr; - sess->operation_cancel = cleanup_find_operation; - - return CKR_OK; -} - -CK_RV -p11c_session_find(P11cSession* sess, CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_object_count, CK_ULONG_PTR object_count) -{ - P11cArray* arr; - size_t i; - - ASSERT(sess); - ASSERT(object_count); - ASSERT(!max_object_count || objects); - - if(sess->operation_type != OPERATION_FIND) - return CKR_OPERATION_NOT_INITIALIZED; - - if(!max_object_count) - { - *object_count = 0; - return CKR_OK; - } - - arr = (P11cArray*)sess->operation_data; - *object_count = (max_object_count > arr->len ? arr->len : max_object_count); - for(i = 0; i < *object_count; ++i) - objects[i] = p11c_array_index(arr, CK_OBJECT_HANDLE, i); - - p11c_array_remove_range(arr, 0, *object_count); - - return CKR_OK; -} - -CK_RV -p11c_session_find_final(P11cSession* sess) -{ - ASSERT(sess); - - if(sess->operation_type != OPERATION_FIND) - return CKR_OPERATION_NOT_INITIALIZED; - - cleanup_find_operation(sess); - return CKR_OK; -} - - -/* ---------------------------------------------------------------------------- - * CRYPTO OPERATIONS - */ - -typedef struct _CryptoContext -{ - CK_MECHANISM_TYPE mech_type; - P11cDestroyFunc mech_cleanup; - void* mech_data; -} -CryptoContext; - -void -cleanup_crypto_operation(P11cSession* sess) -{ - CryptoContext* ctx; - - if(sess->operation_data) - { - ctx = (CryptoContext*)sess->operation_data; - if(ctx->mech_cleanup) - (ctx->mech_cleanup)(ctx->mech_data); - free(ctx); - } - - sess->operation_type = OPERATION_NONE; - sess->operation_data = NULL; - sess->operation_cancel = NULL; -} - -CK_RV -p11c_session_sign_init(P11cSession* sess, CK_MECHANISM_PTR mech, - P11cObjectData *objdata) -{ - CryptoContext* ctx; - CK_RV ret; - - ASSERT(sess); - ASSERT(mech); - ASSERT(objdata); - - if(sess->operation_type != OPERATION_NONE) - return CKR_OPERATION_ACTIVE; - - ctx = calloc(1, sizeof(CryptoContext)); - if(!ctx) - return CKR_HOST_MEMORY; - - ctx->mech_type = mech->mechanism; - - switch(mech->mechanism) - { - case CKM_RSA_PKCS: - ret = p11c_rsa_pkcs_sign_init(objdata, &ctx->mech_data); - ctx->mech_cleanup = p11c_rsa_pkcs_sign_cleanup; - break; - default: - ret = CKR_MECHANISM_INVALID; - break; - }; - - if(ret != CKR_OK) - { - free(ctx); - ASSERT(!sess->operation_data); - return ret; - } - - sess->operation_type = OPERATION_SIGN; - sess->operation_data = ctx; - sess->operation_cancel = cleanup_crypto_operation; - return CKR_OK; -} - -CK_RV -p11c_session_sign(P11cSession* sess, CK_BYTE_PTR data, CK_ULONG n_data, - CK_BYTE_PTR signature, CK_ULONG_PTR n_signature) -{ - CryptoContext *ctx; - BOOL incomplete; - CK_RV ret; - - ASSERT(sess); - ASSERT(data); - ASSERT(n_data); - - if(sess->operation_type != OPERATION_SIGN) - return CKR_OPERATION_NOT_INITIALIZED; - - ctx = (CryptoContext*)sess->operation_data; - switch(ctx->mech_type) - { - case CKM_RSA_PKCS: - ret = p11c_rsa_pkcs_sign_perform(data, n_data, signature, n_signature, - &ctx->mech_data); - break; - - default: - ASSERT(FALSE); - ret = CKR_GENERAL_ERROR; - break; - } - - /* Buffer calculation, we don't end operation */ - incomplete = (ret == CKR_BUFFER_TOO_SMALL || (ret == CKR_OK && !signature)); - - if(!incomplete) - cleanup_crypto_operation(sess); - - return ret; -} - -CK_RV -p11c_session_decrypt_init(P11cSession* sess, CK_MECHANISM_PTR mech, - P11cObjectData *objdata) -{ - CryptoContext* ctx; - CK_RV ret; - - ASSERT(sess); - ASSERT(mech); - ASSERT(objdata); - - if(sess->operation_type != OPERATION_NONE) - return CKR_OPERATION_ACTIVE; - - ctx = calloc(1, sizeof(CryptoContext)); - if(!ctx) - return CKR_HOST_MEMORY; - - ctx->mech_type = mech->mechanism; - - switch(mech->mechanism) - { - case CKM_RSA_PKCS: - ret = p11c_rsa_pkcs_decrypt_init(objdata, &ctx->mech_data); - ctx->mech_cleanup = p11c_rsa_pkcs_decrypt_cleanup; - break; - default: - ret = CKR_MECHANISM_INVALID; - break; - }; - - if(ret != CKR_OK) - { - free(ctx); - ASSERT(!sess->operation_data); - return ret; - } - - sess->operation_type = OPERATION_DECRYPT; - sess->operation_data = ctx; - sess->operation_cancel = cleanup_crypto_operation; - return CKR_OK; -} - -CK_RV -p11c_session_decrypt(P11cSession* sess, CK_BYTE_PTR encdata, CK_ULONG n_encdata, - CK_BYTE_PTR result, CK_ULONG_PTR n_result) -{ - CryptoContext *ctx; - BOOL incomplete; - CK_RV ret; - - ASSERT(sess); - ASSERT(encdata); - ASSERT(n_encdata); - - if(sess->operation_type != OPERATION_DECRYPT) - return CKR_OPERATION_NOT_INITIALIZED; - - ctx = (CryptoContext*)sess->operation_data; - switch(ctx->mech_type) - { - case CKM_RSA_PKCS: - ret = p11c_rsa_pkcs_decrypt_perform(encdata, n_encdata, result, n_result, - &ctx->mech_data); - break; - - default: - ASSERT(FALSE); - ret = CKR_GENERAL_ERROR; - break; - } - - /* Buffer calculation, we don't end operation */ - incomplete = (ret == CKR_BUFFER_TOO_SMALL || (ret == CKR_OK && !result)); - - if(!incomplete) - cleanup_crypto_operation(sess); - - return ret; -} |