lib/ckfw/session.c
author J.C. Jones <jjones@mozilla.com>
Fri, 21 Jun 2019 14:39:01 -0700
branchNSS_3_36_BRANCH
changeset 15182 de60f2b7f0c3fac0537346f1077f03d6d849edc5
parent 12136 45943368289f3c1e15a83f978b11e49127beb995
child 14273 942d28a4f3d561cb6ccdd4de2318396276a29258
permissions -rw-r--r--
Added tag NSS_3_36_8_RTM for changeset df8917878ea6

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * session.c
 *
 * This file implements the NSSCKFWSession type and methods.
 */

#ifndef CK_T
#include "ck.h"
#endif /* CK_T */

/*
 * NSSCKFWSession
 *
 *  -- create/destroy --
 *  nssCKFWSession_Create
 *  nssCKFWSession_Destroy
 *
 *  -- public accessors --
 *  NSSCKFWSession_GetMDSession
 *  NSSCKFWSession_GetArena
 *  NSSCKFWSession_CallNotification
 *  NSSCKFWSession_IsRWSession
 *  NSSCKFWSession_IsSO
 *  NSSCKFWSession_GetFWSlot
 *
 *  -- implement public accessors --
 *  nssCKFWSession_GetMDSession
 *  nssCKFWSession_GetArena
 *  nssCKFWSession_CallNotification
 *  nssCKFWSession_IsRWSession
 *  nssCKFWSession_IsSO
 *  nssCKFWSession_GetFWSlot
 *
 *  -- private accessors --
 *  nssCKFWSession_GetSessionState
 *  nssCKFWSession_SetFWFindObjects
 *  nssCKFWSession_GetFWFindObjects
 *  nssCKFWSession_SetMDSession
 *  nssCKFWSession_SetHandle
 *  nssCKFWSession_GetHandle
 *  nssCKFWSession_RegisterSessionObject
 *  nssCKFWSession_DeegisterSessionObject
 *
 *  -- module fronts --
 *  nssCKFWSession_GetDeviceError
 *  nssCKFWSession_Login
 *  nssCKFWSession_Logout
 *  nssCKFWSession_InitPIN
 *  nssCKFWSession_SetPIN
 *  nssCKFWSession_GetOperationStateLen
 *  nssCKFWSession_GetOperationState
 *  nssCKFWSession_SetOperationState
 *  nssCKFWSession_CreateObject
 *  nssCKFWSession_CopyObject
 *  nssCKFWSession_FindObjectsInit
 *  nssCKFWSession_SeedRandom
 *  nssCKFWSession_GetRandom
 */

struct NSSCKFWSessionStr {
    NSSArena *arena;
    NSSCKMDSession *mdSession;
    NSSCKFWToken *fwToken;
    NSSCKMDToken *mdToken;
    NSSCKFWInstance *fwInstance;
    NSSCKMDInstance *mdInstance;
    CK_VOID_PTR pApplication;
    CK_NOTIFY Notify;

    /*
     * Everything above is set at creation time, and then not modified.
     * The items below are atomic.  No locking required.  If we fear
     * about pointer-copies being nonatomic, we'll lock fwFindObjects.
     */

    CK_BBOOL rw;
    NSSCKFWFindObjects *fwFindObjects;
    NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
    nssCKFWHash *sessionObjectHash;
    CK_SESSION_HANDLE hSession;
};

#ifdef DEBUG
/*
 * But first, the pointer-tracking stuff.
 *
 * NOTE: the pointer-tracking support in NSS/base currently relies
 * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
 * locking, which is tied into the runtime.  We need a pointer-tracker
 * implementation that uses the locks supplied through C_Initialize.
 * That support, however, can be filled in later.  So for now, I'll
 * just do this routines as no-ops.
 */

static CK_RV
session_add_pointer(
    const NSSCKFWSession *fwSession)
{
    return CKR_OK;
}

static CK_RV
session_remove_pointer(
    const NSSCKFWSession *fwSession)
{
    return CKR_OK;
}

NSS_IMPLEMENT CK_RV
nssCKFWSession_verifyPointer(
    const NSSCKFWSession *fwSession)
{
    return CKR_OK;
}

#endif /* DEBUG */

/*
 * nssCKFWSession_Create
 *
 */
NSS_IMPLEMENT NSSCKFWSession *
nssCKFWSession_Create(
    NSSCKFWToken *fwToken,
    CK_BBOOL rw,
    CK_VOID_PTR pApplication,
    CK_NOTIFY Notify,
    CK_RV *pError)
{
    NSSArena *arena = (NSSArena *)NULL;
    NSSCKFWSession *fwSession;
    NSSCKFWSlot *fwSlot;

#ifdef NSSDEBUG
    if (!pError) {
        return (NSSCKFWSession *)NULL;
    }

    *pError = nssCKFWToken_verifyPointer(fwToken);
    if (CKR_OK != *pError) {
        return (NSSCKFWSession *)NULL;
    }
#endif /* NSSDEBUG */

    arena = NSSArena_Create();
    if (!arena) {
        *pError = CKR_HOST_MEMORY;
        return (NSSCKFWSession *)NULL;
    }

    fwSession = nss_ZNEW(arena, NSSCKFWSession);
    if (!fwSession) {
        *pError = CKR_HOST_MEMORY;
        goto loser;
    }

    fwSession->arena = arena;
    fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
    fwSession->fwToken = fwToken;
    fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);

    fwSlot = nssCKFWToken_GetFWSlot(fwToken);
    fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
    fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);

    fwSession->rw = rw;
    fwSession->pApplication = pApplication;
    fwSession->Notify = Notify;

    fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;

    fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
    if (!fwSession->sessionObjectHash) {
        if (CKR_OK == *pError) {
            *pError = CKR_GENERAL_ERROR;
        }
        goto loser;
    }

#ifdef DEBUG
    *pError = session_add_pointer(fwSession);
    if (CKR_OK != *pError) {
        goto loser;
    }
#endif /* DEBUG */

    return fwSession;

loser:
    if (arena) {
        if (fwSession && fwSession->sessionObjectHash) {
            (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
        }
        NSSArena_Destroy(arena);
    }

    return (NSSCKFWSession *)NULL;
}

static void
nss_ckfw_session_object_destroy_iterator(
    const void *key,
    void *value,
    void *closure)
{
    NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
    nssCKFWObject_Finalize(fwObject, PR_TRUE);
}

/*
 * nssCKFWSession_Destroy
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_Destroy(
    NSSCKFWSession *fwSession,
    CK_BBOOL removeFromTokenHash)
{
    CK_RV error = CKR_OK;
    nssCKFWHash *sessionObjectHash;
    NSSCKFWCryptoOperationState i;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }
#endif /* NSSDEBUG */

    if (removeFromTokenHash) {
        error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
    }

    /*
     * Invalidate session objects
     */

    sessionObjectHash = fwSession->sessionObjectHash;
    fwSession->sessionObjectHash = (nssCKFWHash *)NULL;

    nssCKFWHash_Iterate(sessionObjectHash,
                        nss_ckfw_session_object_destroy_iterator,
                        (void *)NULL);

    for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) {
        if (fwSession->fwOperationArray[i]) {
            nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
        }
    }

#ifdef DEBUG
    (void)session_remove_pointer(fwSession);
#endif /* DEBUG */
    (void)nssCKFWHash_Destroy(sessionObjectHash);
    NSSArena_Destroy(fwSession->arena);

    return error;
}

/*
 * nssCKFWSession_GetMDSession
 *
 */
NSS_IMPLEMENT NSSCKMDSession *
nssCKFWSession_GetMDSession(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return (NSSCKMDSession *)NULL;
    }
#endif /* NSSDEBUG */

    return fwSession->mdSession;
}

/*
 * nssCKFWSession_GetArena
 *
 */
NSS_IMPLEMENT NSSArena *
nssCKFWSession_GetArena(
    NSSCKFWSession *fwSession,
    CK_RV *pError)
{
#ifdef NSSDEBUG
    if (!pError) {
        return (NSSArena *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (NSSArena *)NULL;
    }
#endif /* NSSDEBUG */

    return fwSession->arena;
}

/*
 * nssCKFWSession_CallNotification
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_CallNotification(
    NSSCKFWSession *fwSession,
    CK_NOTIFICATION event)
{
    CK_RV error = CKR_OK;
    CK_SESSION_HANDLE handle;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }
#endif /* NSSDEBUG */

    if ((CK_NOTIFY)NULL == fwSession->Notify) {
        return CKR_OK;
    }

    handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
    if ((CK_SESSION_HANDLE)0 == handle) {
        return CKR_GENERAL_ERROR;
    }

    error = fwSession->Notify(handle, event, fwSession->pApplication);

    return error;
}

/*
 * nssCKFWSession_IsRWSession
 *
 */
NSS_IMPLEMENT CK_BBOOL
nssCKFWSession_IsRWSession(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CK_FALSE;
    }
#endif /* NSSDEBUG */

    return fwSession->rw;
}

/*
 * nssCKFWSession_IsSO
 *
 */
NSS_IMPLEMENT CK_BBOOL
nssCKFWSession_IsSO(
    NSSCKFWSession *fwSession)
{
    CK_STATE state;

#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CK_FALSE;
    }
#endif /* NSSDEBUG */

    state = nssCKFWToken_GetSessionState(fwSession->fwToken);
    switch (state) {
        case CKS_RO_PUBLIC_SESSION:
        case CKS_RO_USER_FUNCTIONS:
        case CKS_RW_PUBLIC_SESSION:
        case CKS_RW_USER_FUNCTIONS:
            return CK_FALSE;
        case CKS_RW_SO_FUNCTIONS:
            return CK_TRUE;
        default:
            return CK_FALSE;
    }
}

/*
 * nssCKFWSession_GetFWSlot
 *
 */
NSS_IMPLEMENT NSSCKFWSlot *
nssCKFWSession_GetFWSlot(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return (NSSCKFWSlot *)NULL;
    }
#endif /* NSSDEBUG */

    return nssCKFWToken_GetFWSlot(fwSession->fwToken);
}

/*
 * nssCFKWSession_GetSessionState
 *
 */
NSS_IMPLEMENT CK_STATE
nssCKFWSession_GetSessionState(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CKS_RO_PUBLIC_SESSION; /* whatever */
    }
#endif /* NSSDEBUG */

    return nssCKFWToken_GetSessionState(fwSession->fwToken);
}

/*
 * nssCKFWSession_SetFWFindObjects
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SetFWFindObjects(
    NSSCKFWSession *fwSession,
    NSSCKFWFindObjects *fwFindObjects)
{
#ifdef NSSDEBUG
    CK_RV error = CKR_OK;
#endif /* NSSDEBUG */

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

/* fwFindObjects may be null */
#endif /* NSSDEBUG */

    if ((fwSession->fwFindObjects) &&
        (fwFindObjects)) {
        return CKR_OPERATION_ACTIVE;
    }

    fwSession->fwFindObjects = fwFindObjects;

    return CKR_OK;
}

/*
 * nssCKFWSession_GetFWFindObjects
 *
 */
NSS_IMPLEMENT NSSCKFWFindObjects *
nssCKFWSession_GetFWFindObjects(
    NSSCKFWSession *fwSession,
    CK_RV *pError)
{
#ifdef NSSDEBUG
    if (!pError) {
        return (NSSCKFWFindObjects *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (NSSCKFWFindObjects *)NULL;
    }
#endif /* NSSDEBUG */

    if (!fwSession->fwFindObjects) {
        *pError = CKR_OPERATION_NOT_INITIALIZED;
        return (NSSCKFWFindObjects *)NULL;
    }

    return fwSession->fwFindObjects;
}

/*
 * nssCKFWSession_SetMDSession
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SetMDSession(
    NSSCKFWSession *fwSession,
    NSSCKMDSession *mdSession)
{
#ifdef NSSDEBUG
    CK_RV error = CKR_OK;
#endif /* NSSDEBUG */

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!mdSession) {
        return CKR_ARGUMENTS_BAD;
    }
#endif /* NSSDEBUG */

    if (fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }

    fwSession->mdSession = mdSession;

    return CKR_OK;
}

/*
 * nssCKFWSession_SetHandle
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SetHandle(
    NSSCKFWSession *fwSession,
    CK_SESSION_HANDLE hSession)
{
#ifdef NSSDEBUG
    CK_RV error = CKR_OK;
#endif /* NSSDEBUG */

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }
#endif /* NSSDEBUG */

    if ((CK_SESSION_HANDLE)0 != fwSession->hSession) {
        return CKR_GENERAL_ERROR;
    }

    fwSession->hSession = hSession;

    return CKR_OK;
}

/*
 * nssCKFWSession_GetHandle
 *
 */
NSS_IMPLEMENT CK_SESSION_HANDLE
nssCKFWSession_GetHandle(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return NULL;
    }
#endif /* NSSDEBUG */

    return fwSession->hSession;
}

/*
 * nssCKFWSession_RegisterSessionObject
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_RegisterSessionObject(
    NSSCKFWSession *fwSession,
    NSSCKFWObject *fwObject)
{
    CK_RV rv = CKR_OK;

#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (fwSession->sessionObjectHash) {
        rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
    }

    return rv;
}

/*
 * nssCKFWSession_DeregisterSessionObject
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_DeregisterSessionObject(
    NSSCKFWSession *fwSession,
    NSSCKFWObject *fwObject)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (fwSession->sessionObjectHash) {
        nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
    }

    return CKR_OK;
}

/*
 * nssCKFWSession_GetDeviceError
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWSession_GetDeviceError(
    NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return (CK_ULONG)0;
    }

    if (!fwSession->mdSession) {
        return (CK_ULONG)0;
    }
#endif /* NSSDEBUG */

    if (!fwSession->mdSession->GetDeviceError) {
        return (CK_ULONG)0;
    }

    return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
                                                fwSession, fwSession->mdToken, fwSession->fwToken,
                                                fwSession->mdInstance, fwSession->fwInstance);
}

/*
 * nssCKFWSession_Login
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_Login(
    NSSCKFWSession *fwSession,
    CK_USER_TYPE userType,
    NSSItem *pin)
{
    CK_RV error = CKR_OK;
    CK_STATE oldState;
    CK_STATE newState;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    switch (userType) {
        case CKU_SO:
        case CKU_USER:
            break;
        default:
            return CKR_USER_TYPE_INVALID;
    }

    if (!pin) {
        if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) {
            return CKR_ARGUMENTS_BAD;
        }
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);

    /*
     * It's not clear what happens when you're already logged in.
     * I'll just fail; but if we decide to change, the logic is
     * all right here.
     */

    if (CKU_SO == userType) {
        switch (oldState) {
            case CKS_RO_PUBLIC_SESSION:
                /*
                 * There's no such thing as a read-only security officer
                 * session, so fail.  The error should be CKR_SESSION_READ_ONLY,
                 * except that C_Login isn't defined to return that.  So we'll
                 * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
                 */
                return CKR_SESSION_READ_ONLY_EXISTS;
            case CKS_RO_USER_FUNCTIONS:
                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
            case CKS_RW_PUBLIC_SESSION:
                newState =
                    CKS_RW_SO_FUNCTIONS;
                break;
            case CKS_RW_USER_FUNCTIONS:
                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
            case CKS_RW_SO_FUNCTIONS:
                return CKR_USER_ALREADY_LOGGED_IN;
            default:
                return CKR_GENERAL_ERROR;
        }
    } else /* CKU_USER == userType */ {
        switch (oldState) {
            case CKS_RO_PUBLIC_SESSION:
                newState =
                    CKS_RO_USER_FUNCTIONS;
                break;
            case CKS_RO_USER_FUNCTIONS:
                return CKR_USER_ALREADY_LOGGED_IN;
            case CKS_RW_PUBLIC_SESSION:
                newState =
                    CKS_RW_USER_FUNCTIONS;
                break;
            case CKS_RW_USER_FUNCTIONS:
                return CKR_USER_ALREADY_LOGGED_IN;
            case CKS_RW_SO_FUNCTIONS:
                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
            default:
                return CKR_GENERAL_ERROR;
        }
    }

    /*
     * So now we're in one of three cases:
     *
     * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
     * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
     * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
     */

    if (!fwSession->mdSession->Login) {
        /*
         * The Module doesn't want to be informed (or check the pin)
         * it'll just rely on the Framework as needed.
         */
        ;
    } else {
        error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
                                            fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                            fwSession->fwInstance, userType, pin, oldState, newState);
        if (CKR_OK != error) {
            return error;
        }
    }

    (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
    return CKR_OK;
}

/*
 * nssCKFWSession_Logout
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_Logout(
    NSSCKFWSession *fwSession)
{
    CK_RV error = CKR_OK;
    CK_STATE oldState;
    CK_STATE newState;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);

    switch (oldState) {
        case CKS_RO_PUBLIC_SESSION:
            return CKR_USER_NOT_LOGGED_IN;
        case CKS_RO_USER_FUNCTIONS:
            newState = CKS_RO_PUBLIC_SESSION;
            break;
        case CKS_RW_PUBLIC_SESSION:
            return CKR_USER_NOT_LOGGED_IN;
        case CKS_RW_USER_FUNCTIONS:
            newState = CKS_RW_PUBLIC_SESSION;
            break;
        case CKS_RW_SO_FUNCTIONS:
            newState = CKS_RW_PUBLIC_SESSION;
            break;
        default:
            return CKR_GENERAL_ERROR;
    }

    /*
     * So now we're in one of three cases:
     *
     * Old == CKS_RW_SO_FUNCTIONS,   New == CKS_RW_PUBLIC_SESSION;
     * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
     * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
     */

    if (!fwSession->mdSession->Logout) {
        /*
         * The Module doesn't want to be informed.  Okay.
         */
        ;
    } else {
        error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
                                             fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                             fwSession->fwInstance, oldState, newState);
        if (CKR_OK != error) {
            /*
             * Now what?!  A failure really should end up with the Framework
             * considering it logged out, right?
             */
            ;
        }
    }

    (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
    return error;
}

/*
 * nssCKFWSession_InitPIN
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_InitPIN(
    NSSCKFWSession *fwSession,
    NSSItem *pin)
{
    CK_RV error = CKR_OK;
    CK_STATE state;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    state = nssCKFWToken_GetSessionState(fwSession->fwToken);
    if (CKS_RW_SO_FUNCTIONS != state) {
        return CKR_USER_NOT_LOGGED_IN;
    }

    if (!pin) {
        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
        if (CK_TRUE != has) {
            return CKR_ARGUMENTS_BAD;
        }
    }

    if (!fwSession->mdSession->InitPIN) {
        return CKR_TOKEN_WRITE_PROTECTED;
    }

    error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
                                          fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                          fwSession->fwInstance, pin);

    return error;
}

/*
 * nssCKFWSession_SetPIN
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SetPIN(
    NSSCKFWSession *fwSession,
    NSSItem *oldPin,
    NSSItem *newPin)
{
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (!newPin) {
        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
        if (CK_TRUE != has) {
            return CKR_ARGUMENTS_BAD;
        }
    }

    if (!oldPin) {
        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
        if (CK_TRUE != has) {
            return CKR_ARGUMENTS_BAD;
        }
    }

    if (!fwSession->mdSession->SetPIN) {
        return CKR_TOKEN_WRITE_PROTECTED;
    }

    error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
                                         fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                         fwSession->fwInstance, oldPin, newPin);

    return error;
}

/*
 * nssCKFWSession_GetOperationStateLen
 *
 */
NSS_IMPLEMENT CK_ULONG
nssCKFWSession_GetOperationStateLen(
    NSSCKFWSession *fwSession,
    CK_RV *pError)
{
    CK_ULONG mdAmt;
    CK_ULONG fwAmt;

#ifdef NSSDEBUG
    if (!pError) {
        return (CK_ULONG)0;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (CK_ULONG)0;
    }

    if (!fwSession->mdSession) {
        *pError = CKR_GENERAL_ERROR;
        return (CK_ULONG)0;
    }
#endif /* NSSDEBUG */

    if (!fwSession->mdSession->GetOperationStateLen) {
        *pError = CKR_STATE_UNSAVEABLE;
        return (CK_ULONG)0;
    }

    /*
     * We could check that the session is actually in some state..
     */

    mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
                                                       fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                                       fwSession->fwInstance, pError);

    if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) {
        return (CK_ULONG)0;
    }

    /*
     * Add a bit of sanity-checking
     */
    fwAmt = mdAmt + 2 * sizeof(CK_ULONG);

    return fwAmt;
}

/*
 * nssCKFWSession_GetOperationState
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_GetOperationState(
    NSSCKFWSession *fwSession,
    NSSItem *buffer)
{
    CK_RV error = CKR_OK;
    CK_ULONG fwAmt;
    CK_ULONG *ulBuffer;
    NSSItem i2;
    CK_ULONG n, i;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!buffer) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!buffer->data) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (!fwSession->mdSession->GetOperationState) {
        return CKR_STATE_UNSAVEABLE;
    }

    /*
     * Sanity-check the caller's buffer.
     */

    error = CKR_OK;
    fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
    if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) {
        return error;
    }

    if (buffer->size < fwAmt) {
        return CKR_BUFFER_TOO_SMALL;
    }

    ulBuffer = (CK_ULONG *)buffer->data;

    i2.size = buffer->size - 2 * sizeof(CK_ULONG);
    i2.data = (void *)&ulBuffer[2];

    error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
                                                    fwSession, fwSession->mdToken, fwSession->fwToken,
                                                    fwSession->mdInstance, fwSession->fwInstance, &i2);

    if (CKR_OK != error) {
        return error;
    }

    /*
     * Add a little integrety/identity check.
     * NOTE: right now, it's pretty stupid.
     * A CRC or something would be better.
     */

    ulBuffer[0] = 0x434b4657; /* CKFW */
    ulBuffer[1] = 0;
    n = i2.size / sizeof(CK_ULONG);
    for (i = 0; i < n; i++) {
        ulBuffer[1] ^= ulBuffer[2 + i];
    }

    return CKR_OK;
}

/*
 * nssCKFWSession_SetOperationState
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SetOperationState(
    NSSCKFWSession *fwSession,
    NSSItem *state,
    NSSCKFWObject *encryptionKey,
    NSSCKFWObject *authenticationKey)
{
    CK_RV error = CKR_OK;
    CK_ULONG *ulBuffer;
    CK_ULONG n, i;
    CK_ULONG x;
    NSSItem s;
    NSSCKMDObject *mdek;
    NSSCKMDObject *mdak;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!state) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!state->data) {
        return CKR_ARGUMENTS_BAD;
    }

    if (encryptionKey) {
        error = nssCKFWObject_verifyPointer(encryptionKey);
        if (CKR_OK != error) {
            return error;
        }
    }

    if (authenticationKey) {
        error = nssCKFWObject_verifyPointer(authenticationKey);
        if (CKR_OK != error) {
            return error;
        }
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    ulBuffer = (CK_ULONG *)state->data;
    if (0x43b4657 != ulBuffer[0]) {
        return CKR_SAVED_STATE_INVALID;
    }
    n = (state->size / sizeof(CK_ULONG)) - 2;
    x = (CK_ULONG)0;
    for (i = 0; i < n; i++) {
        x ^= ulBuffer[2 + i];
    }

    if (x != ulBuffer[1]) {
        return CKR_SAVED_STATE_INVALID;
    }

    if (!fwSession->mdSession->SetOperationState) {
        return CKR_GENERAL_ERROR;
    }

    s.size = state->size - 2 * sizeof(CK_ULONG);
    s.data = (void *)&ulBuffer[2];

    if (encryptionKey) {
        mdek = nssCKFWObject_GetMDObject(encryptionKey);
    } else {
        mdek = (NSSCKMDObject *)NULL;
    }

    if (authenticationKey) {
        mdak = nssCKFWObject_GetMDObject(authenticationKey);
    } else {
        mdak = (NSSCKMDObject *)NULL;
    }

    error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
                                                    fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                                    fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);

    if (CKR_OK != error) {
        return error;
    }

    /*
     * Here'd we restore any session data
     */

    return CKR_OK;
}

static CK_BBOOL
nss_attributes_form_token_object(
    CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount)
{
    CK_ULONG i;
    CK_BBOOL rv;

    for (i = 0; i < ulAttributeCount; i++) {
        if (CKA_TOKEN == pTemplate[i].type) {
            /* If we sanity-check, we can remove this sizeof check */
            if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
                (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
                return rv;
            } else {
                return CK_FALSE;
            }
        }
    }

    return CK_FALSE;
}

/*
 * nssCKFWSession_CreateObject
 *
 */
NSS_IMPLEMENT NSSCKFWObject *
nssCKFWSession_CreateObject(
    NSSCKFWSession *fwSession,
    CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount,
    CK_RV *pError)
{
    NSSArena *arena;
    NSSCKMDObject *mdObject;
    NSSCKFWObject *fwObject;
    CK_BBOOL isTokenObject;

#ifdef NSSDEBUG
    if (!pError) {
        return (NSSCKFWObject *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != pError) {
        return (NSSCKFWObject *)NULL;
    }

    if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
        *pError = CKR_ARGUMENTS_BAD;
        return (NSSCKFWObject *)NULL;
    }

    if (!fwSession->mdSession) {
        *pError = CKR_GENERAL_ERROR;
        return (NSSCKFWObject *)NULL;
    }
#endif /* NSSDEBUG */

    /*
     * Here would be an excellent place to sanity-check the object.
     */

    isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
    if (CK_TRUE == isTokenObject) {
        /* === TOKEN OBJECT === */

        if (!fwSession->mdSession->CreateObject) {
            *pError = CKR_TOKEN_WRITE_PROTECTED;
            return (NSSCKFWObject *)NULL;
        }

        arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
        if (!arena) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            return (NSSCKFWObject *)NULL;
        }

        goto callmdcreateobject;
    } else {
        /* === SESSION OBJECT === */

        arena = nssCKFWSession_GetArena(fwSession, pError);
        if (!arena) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            return (NSSCKFWObject *)NULL;
        }

        if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
                           fwSession->fwInstance)) {
            /* --- module handles the session object -- */

            if (!fwSession->mdSession->CreateObject) {
                *pError = CKR_GENERAL_ERROR;
                return (NSSCKFWObject *)NULL;
            }

            goto callmdcreateobject;
        } else {
            /* --- framework handles the session object -- */
            mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
                                                   arena, pTemplate, ulAttributeCount, pError);
            goto gotmdobject;
        }
    }

callmdcreateobject:
    mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
                                                  fwSession, fwSession->mdToken, fwSession->fwToken,
                                                  fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
                                                  ulAttributeCount, pError);

gotmdobject:
    if (!mdObject) {
        if (CKR_OK == *pError) {
            *pError = CKR_GENERAL_ERROR;
        }
        return (NSSCKFWObject *)NULL;
    }

    fwObject = nssCKFWObject_Create(arena, mdObject,
                                    isTokenObject ? NULL
                                                  : fwSession,
                                    fwSession->fwToken, fwSession->fwInstance, pError);
    if (!fwObject) {
        if (CKR_OK == *pError) {
            *pError = CKR_GENERAL_ERROR;
        }

        if (mdObject->Destroy) {
            (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
                                    fwSession->mdSession, fwSession, fwSession->mdToken,
                                    fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
        }

        return (NSSCKFWObject *)NULL;
    }

    if (CK_FALSE == isTokenObject) {
        if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) {
            *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
            if (CKR_OK != *pError) {
                nssCKFWObject_Finalize(fwObject, PR_TRUE);
                return (NSSCKFWObject *)NULL;
            }
        }
    }

    return fwObject;
}

/*
 * nssCKFWSession_CopyObject
 *
 */
NSS_IMPLEMENT NSSCKFWObject *
nssCKFWSession_CopyObject(
    NSSCKFWSession *fwSession,
    NSSCKFWObject *fwObject,
    CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount,
    CK_RV *pError)
{
    CK_BBOOL oldIsToken;
    CK_BBOOL newIsToken;
    CK_ULONG i;
    NSSCKFWObject *rv;

#ifdef NSSDEBUG
    if (!pError) {
        return (NSSCKFWObject *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (NSSCKFWObject *)NULL;
    }

    *pError = nssCKFWObject_verifyPointer(fwObject);
    if (CKR_OK != *pError) {
        return (NSSCKFWObject *)NULL;
    }

    if (!fwSession->mdSession) {
        *pError = CKR_GENERAL_ERROR;
        return (NSSCKFWObject *)NULL;
    }
#endif /* NSSDEBUG */

    /*
     * Sanity-check object
     */

    if (!fwObject) {
        *pError = CKR_ARGUMENTS_BAD;
        return (NSSCKFWObject *)NULL;
    }

    oldIsToken = nssCKFWObject_IsTokenObject(fwObject);

    newIsToken = oldIsToken;
    for (i = 0; i < ulAttributeCount; i++) {
        if (CKA_TOKEN == pTemplate[i].type) {
            /* Since we sanity-checked the object, we know this is the right size. */
            (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
            break;
        }
    }

    /*
     * If the Module handles its session objects, or if both the new
     * and old object are token objects, use CopyObject if it exists.
     */

    if ((fwSession->mdSession->CopyObject) &&
        (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
         (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
                         fwSession->fwInstance)))) {
        /* use copy object */
        NSSArena *arena;
        NSSCKMDObject *mdOldObject;
        NSSCKMDObject *mdObject;

        mdOldObject = nssCKFWObject_GetMDObject(fwObject);

        if (CK_TRUE == newIsToken) {
            arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
        } else {
            arena = nssCKFWSession_GetArena(fwSession, pError);
        }
        if (!arena) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            return (NSSCKFWObject *)NULL;
        }

        mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
                                                    fwSession, fwSession->mdToken, fwSession->fwToken,
                                                    fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
                                                    fwObject, arena, pTemplate, ulAttributeCount, pError);
        if (!mdObject) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            return (NSSCKFWObject *)NULL;
        }

        rv = nssCKFWObject_Create(arena, mdObject,
                                  newIsToken ? NULL
                                             : fwSession,
                                  fwSession->fwToken, fwSession->fwInstance, pError);

        if (CK_FALSE == newIsToken) {
            if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) {
                *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
                if (CKR_OK != *pError) {
                    nssCKFWObject_Finalize(rv, PR_TRUE);
                    return (NSSCKFWObject *)NULL;
                }
            }
        }

        return rv;
    } else {
        /* use create object */
        NSSArena *tmpArena;
        CK_ATTRIBUTE_PTR newTemplate;
        CK_ULONG i, j, n, newLength, k;
        CK_ATTRIBUTE_TYPE_PTR oldTypes;
        NSSCKFWObject *rv;

        n = nssCKFWObject_GetAttributeCount(fwObject, pError);
        if ((0 == n) && (CKR_OK != *pError)) {
            return (NSSCKFWObject *)NULL;
        }

        tmpArena = NSSArena_Create();
        if (!tmpArena) {
            *pError = CKR_HOST_MEMORY;
            return (NSSCKFWObject *)NULL;
        }

        oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
        if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) {
            NSSArena_Destroy(tmpArena);
            *pError = CKR_HOST_MEMORY;
            return (NSSCKFWObject *)NULL;
        }

        *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
        if (CKR_OK != *pError) {
            NSSArena_Destroy(tmpArena);
            return (NSSCKFWObject *)NULL;
        }

        newLength = n;
        for (i = 0; i < ulAttributeCount; i++) {
            for (j = 0; j < n; j++) {
                if (oldTypes[j] == pTemplate[i].type) {
                    if ((CK_VOID_PTR)NULL ==
                        pTemplate[i].pValue) {
                        /* Removing the attribute */
                        newLength--;
                    }
                    break;
                }
            }
            if (j == n) {
                /* Not found */
                newLength++;
            }
        }

        newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
        if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) {
            NSSArena_Destroy(tmpArena);
            *pError = CKR_HOST_MEMORY;
            return (NSSCKFWObject *)NULL;
        }

        k = 0;
        for (j = 0; j < n; j++) {
            for (i = 0; i < ulAttributeCount; i++) {
                if (oldTypes[j] == pTemplate[i].type) {
                    if ((CK_VOID_PTR)NULL ==
                        pTemplate[i].pValue) {
                        /* This attribute is being deleted */
                        ;
                    } else {
                        /* This attribute is being replaced */
                        newTemplate[k].type =
                            pTemplate[i].type;
                        newTemplate[k].pValue =
                            pTemplate[i].pValue;
                        newTemplate[k].ulValueLen =
                            pTemplate[i].ulValueLen;
                        k++;
                    }
                    break;
                }
            }
            if (i == ulAttributeCount) {
                /* This attribute is being copied over from the old object */
                NSSItem item, *it;
                item.size = 0;
                item.data = (void *)NULL;
                it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
                                                &item, tmpArena, pError);
                if (!it) {
                    if (CKR_OK ==
                        *pError) {
                        *pError =
                            CKR_GENERAL_ERROR;
                    }
                    NSSArena_Destroy(tmpArena);
                    return (NSSCKFWObject *)NULL;
                }
                newTemplate[k].type = oldTypes[j];
                newTemplate[k].pValue = it->data;
                newTemplate[k].ulValueLen = it->size;
                k++;
            }
        }
        /* assert that k == newLength */

        rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
        if (!rv) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            NSSArena_Destroy(tmpArena);
            return (NSSCKFWObject *)NULL;
        }

        NSSArena_Destroy(tmpArena);
        return rv;
    }
}

/*
 * nssCKFWSession_FindObjectsInit
 *
 */
NSS_IMPLEMENT NSSCKFWFindObjects *
nssCKFWSession_FindObjectsInit(
    NSSCKFWSession *fwSession,
    CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount,
    CK_RV *pError)
{
    NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
    NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;

#ifdef NSSDEBUG
    if (!pError) {
        return (NSSCKFWFindObjects *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (NSSCKFWFindObjects *)NULL;
    }

    if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) {
        *pError = CKR_ARGUMENTS_BAD;
        return (NSSCKFWFindObjects *)NULL;
    }

    if (!fwSession->mdSession) {
        *pError = CKR_GENERAL_ERROR;
        return (NSSCKFWFindObjects *)NULL;
    }
#endif /* NSSDEBUG */

    if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
                       fwSession->fwInstance)) {
        CK_ULONG i;

        /*
         * Does the search criteria restrict us to token or session
         * objects?
         */

        for (i = 0; i < ulAttributeCount; i++) {
            if (CKA_TOKEN == pTemplate[i].type) {
                /* Yes, it does. */
                CK_BBOOL isToken;
                if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) {
                    *pError =
                        CKR_ATTRIBUTE_VALUE_INVALID;
                    return (NSSCKFWFindObjects *)NULL;
                }
                (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));

                if (CK_TRUE == isToken) {
                    /* Pass it on to the module's search routine */
                    if (!fwSession->mdSession->FindObjectsInit) {
                        goto wrap;
                    }

                    mdfo1 =
                        fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
                                                              fwSession, fwSession->mdToken, fwSession->fwToken,
                                                              fwSession->mdInstance, fwSession->fwInstance,
                                                              pTemplate, ulAttributeCount, pError);
                } else {
                    /* Do the search ourselves */
                    mdfo1 =
                        nssCKMDFindSessionObjects_Create(fwSession->fwToken,
                                                         pTemplate, ulAttributeCount, pError);
                }

                if (!mdfo1) {
                    if (CKR_OK ==
                        *pError) {
                        *pError =
                            CKR_GENERAL_ERROR;
                    }
                    return (NSSCKFWFindObjects *)NULL;
                }

                goto wrap;
            }
        }

        if (i == ulAttributeCount) {
            /* No, it doesn't.  Do a hybrid search. */
            mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
                                                          fwSession, fwSession->mdToken, fwSession->fwToken,
                                                          fwSession->mdInstance, fwSession->fwInstance,
                                                          pTemplate, ulAttributeCount, pError);

            if (!mdfo1) {
                if (CKR_OK == *pError) {
                    *pError =
                        CKR_GENERAL_ERROR;
                }
                return (NSSCKFWFindObjects *)NULL;
            }

            mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
                                                     pTemplate, ulAttributeCount, pError);
            if (!mdfo2) {
                if (CKR_OK == *pError) {
                    *pError =
                        CKR_GENERAL_ERROR;
                }
                if (mdfo1->Final) {
                    mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
                                 fwSession, fwSession->mdToken, fwSession->fwToken,
                                 fwSession->mdInstance, fwSession->fwInstance);
                }
                return (NSSCKFWFindObjects *)NULL;
            }

            goto wrap;
        }
        /*NOTREACHED*/
    } else {
        /* Module handles all its own objects.  Pass on to module's search */
        mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
                                                      fwSession, fwSession->mdToken, fwSession->fwToken,
                                                      fwSession->mdInstance, fwSession->fwInstance,
                                                      pTemplate, ulAttributeCount, pError);

        if (!mdfo1) {
            if (CKR_OK == *pError) {
                *pError = CKR_GENERAL_ERROR;
            }
            return (NSSCKFWFindObjects *)NULL;
        }

        goto wrap;
    }

wrap:
    return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
                                     fwSession->fwInstance, mdfo1, mdfo2, pError);
}

/*
 * nssCKFWSession_SeedRandom
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_SeedRandom(
    NSSCKFWSession *fwSession,
    NSSItem *seed)
{
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!seed) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!seed->data) {
        return CKR_ARGUMENTS_BAD;
    }

    if (0 == seed->size) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (!fwSession->mdSession->SeedRandom) {
        return CKR_RANDOM_SEED_NOT_SUPPORTED;
    }

    error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
                                             fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                             fwSession->fwInstance, seed);

    return error;
}

/*
 * nssCKFWSession_GetRandom
 *
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_GetRandom(
    NSSCKFWSession *fwSession,
    NSSItem *buffer)
{
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!buffer) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!buffer->data) {
        return CKR_ARGUMENTS_BAD;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    if (!fwSession->mdSession->GetRandom) {
        if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
            return CKR_GENERAL_ERROR;
        } else {
            return CKR_RANDOM_NO_RNG;
        }
    }

    if (0 == buffer->size) {
        return CKR_OK;
    }

    error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
                                            fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
                                            fwSession->fwInstance, buffer);

    return error;
}

/*
 * nssCKFWSession_SetCurrentCryptoOperation
 */
NSS_IMPLEMENT void
nssCKFWSession_SetCurrentCryptoOperation(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperation *fwOperation,
    NSSCKFWCryptoOperationState state)
{
#ifdef NSSDEBUG
    CK_RV error = CKR_OK;
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return;
    }

    if (state >= NSSCKFWCryptoOperationState_Max) {
        return;
    }

    if (!fwSession->mdSession) {
        return;
    }
#endif /* NSSDEBUG */
    fwSession->fwOperationArray[state] = fwOperation;
    return;
}

/*
 * nssCKFWSession_GetCurrentCryptoOperation
 */
NSS_IMPLEMENT NSSCKFWCryptoOperation *
nssCKFWSession_GetCurrentCryptoOperation(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationState state)
{
#ifdef NSSDEBUG
    CK_RV error = CKR_OK;
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return (NSSCKFWCryptoOperation *)NULL;
    }

    if (state >= NSSCKFWCryptoOperationState_Max) {
        return (NSSCKFWCryptoOperation *)NULL;
    }

    if (!fwSession->mdSession) {
        return (NSSCKFWCryptoOperation *)NULL;
    }
#endif /* NSSDEBUG */
    return fwSession->fwOperationArray[state];
}

/*
 * nssCKFWSession_Final
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_Final(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationType type,
    NSSCKFWCryptoOperationState state,
    CK_BYTE_PTR outBuf,
    CK_ULONG_PTR outBufLen)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSItem outputBuffer;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* handle buffer issues, note for Verify, the type is an input buffer. */
    if (NSSCKFWCryptoOperationType_Verify == type) {
        if ((CK_BYTE_PTR)NULL == outBuf) {
            error = CKR_ARGUMENTS_BAD;
            goto done;
        }
    } else {
        CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
        CK_ULONG maxBufLen = *outBufLen;

        if (CKR_OK != error) {
            goto done;
        }
        *outBufLen = len;
        if ((CK_BYTE_PTR)NULL == outBuf) {
            return CKR_OK;
        }

        if (len > maxBufLen) {
            return CKR_BUFFER_TOO_SMALL;
        }
    }
    outputBuffer.data = outBuf;
    outputBuffer.size = *outBufLen;

    error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
done:
    if (CKR_BUFFER_TOO_SMALL == error) {
        return error;
    }
    /* clean up our state */
    nssCKFWCryptoOperation_Destroy(fwOperation);
    nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
    return error;
}

/*
 * nssCKFWSession_Update
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_Update(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationType type,
    NSSCKFWCryptoOperationState state,
    CK_BYTE_PTR inBuf,
    CK_ULONG inBufLen,
    CK_BYTE_PTR outBuf,
    CK_ULONG_PTR outBufLen)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSItem inputBuffer;
    NSSItem outputBuffer;
    CK_ULONG len;
    CK_ULONG maxBufLen;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    inputBuffer.data = inBuf;
    inputBuffer.size = inBufLen;

    /* handle buffer issues, note for Verify, the type is an input buffer. */
    len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
                                                    &error);
    if (CKR_OK != error) {
        return error;
    }
    maxBufLen = *outBufLen;

    *outBufLen = len;
    if ((CK_BYTE_PTR)NULL == outBuf) {
        return CKR_OK;
    }

    if (len > maxBufLen) {
        return CKR_BUFFER_TOO_SMALL;
    }
    outputBuffer.data = outBuf;
    outputBuffer.size = *outBufLen;

    return nssCKFWCryptoOperation_Update(fwOperation,
                                         &inputBuffer, &outputBuffer);
}

/*
 * nssCKFWSession_DigestUpdate
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_DigestUpdate(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationType type,
    NSSCKFWCryptoOperationState state,
    CK_BYTE_PTR inBuf,
    CK_ULONG inBufLen)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSItem inputBuffer;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    inputBuffer.data = inBuf;
    inputBuffer.size = inBufLen;

    error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
    return error;
}

/*
 * nssCKFWSession_DigestUpdate
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_DigestKey(
    NSSCKFWSession *fwSession,
    NSSCKFWObject *fwKey)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSItem *inputBuffer;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
                                                           NSSCKFWCryptoOperationState_Digest);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (NSSCKFWCryptoOperationType_Digest !=
        nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
    if (CKR_FUNCTION_FAILED != error) {
        return error;
    }

    /* no machine depended way for this to happen, do it by hand */
    inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
    if (!inputBuffer) {
        /* couldn't get the value, just fail then */
        return error;
    }
    error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
    nssItem_Destroy(inputBuffer);
    return error;
}

/*
 * nssCKFWSession_UpdateFinal
 */
NSS_IMPLEMENT CK_RV
nssCKFWSession_UpdateFinal(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationType type,
    NSSCKFWCryptoOperationState state,
    CK_BYTE_PTR inBuf,
    CK_ULONG inBufLen,
    CK_BYTE_PTR outBuf,
    CK_ULONG_PTR outBufLen)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSItem inputBuffer;
    NSSItem outputBuffer;
    PRBool isEncryptDecrypt;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    inputBuffer.data = inBuf;
    inputBuffer.size = inBufLen;
    isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) ||
                                (NSSCKFWCryptoOperationType_Decrypt == type));

    /* handle buffer issues, note for Verify, the type is an input buffer. */
    if (NSSCKFWCryptoOperationType_Verify == type) {
        if ((CK_BYTE_PTR)NULL == outBuf) {
            error = CKR_ARGUMENTS_BAD;
            goto done;
        }
    } else {
        CK_ULONG maxBufLen = *outBufLen;
        CK_ULONG len;

        len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
                                                                             &inputBuffer, &error)
                                 : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);

        if (CKR_OK != error) {
            goto done;
        }

        *outBufLen = len;
        if ((CK_BYTE_PTR)NULL == outBuf) {
            return CKR_OK;
        }

        if (len > maxBufLen) {
            return CKR_BUFFER_TOO_SMALL;
        }
    }
    outputBuffer.data = outBuf;
    outputBuffer.size = *outBufLen;

    error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
                                               &inputBuffer, &outputBuffer);

    /* UpdateFinal isn't support, manually use Update and Final */
    if (CKR_FUNCTION_FAILED == error) {
        error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
                                 : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);

        if (CKR_OK == error) {
            error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
        }
    }

done:
    if (CKR_BUFFER_TOO_SMALL == error) {
        /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
         * the crypto state to be freed */
        return error;
    }

    /* clean up our state */
    nssCKFWCryptoOperation_Destroy(fwOperation);
    nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
    return error;
}

NSS_IMPLEMENT CK_RV
nssCKFWSession_UpdateCombo(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationType encryptType,
    NSSCKFWCryptoOperationType digestType,
    NSSCKFWCryptoOperationState digestState,
    CK_BYTE_PTR inBuf,
    CK_ULONG inBufLen,
    CK_BYTE_PTR outBuf,
    CK_ULONG_PTR outBufLen)
{
    NSSCKFWCryptoOperation *fwOperation;
    NSSCKFWCryptoOperation *fwPeerOperation;
    NSSItem inputBuffer;
    NSSItem outputBuffer;
    CK_ULONG maxBufLen = *outBufLen;
    CK_ULONG len;
    CK_RV error = CKR_OK;

#ifdef NSSDEBUG
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }

    if (!fwSession->mdSession) {
        return CKR_GENERAL_ERROR;
    }
#endif /* NSSDEBUG */

    /* make sure we have a valid operation initialized */
    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
                                                           NSSCKFWCryptoOperationState_EncryptDecrypt);
    if (!fwOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }
    /* make sure we have a valid operation initialized */
    fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
                                                               digestState);
    if (!fwPeerOperation) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    /* make sure it's the correct type */
    if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
        return CKR_OPERATION_NOT_INITIALIZED;
    }

    inputBuffer.data = inBuf;
    inputBuffer.size = inBufLen;
    len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
                                                    &inputBuffer, &error);
    if (CKR_OK != error) {
        return error;
    }

    *outBufLen = len;
    if ((CK_BYTE_PTR)NULL == outBuf) {
        return CKR_OK;
    }

    if (len > maxBufLen) {
        return CKR_BUFFER_TOO_SMALL;
    }

    outputBuffer.data = outBuf;
    outputBuffer.size = *outBufLen;

    error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
                                               &inputBuffer, &outputBuffer);
    if (CKR_FUNCTION_FAILED == error) {
        PRBool isEncrypt =
            (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType);

        if (isEncrypt) {
            error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
                                                        &inputBuffer);
            if (CKR_OK != error) {
                return error;
            }
        }
        error = nssCKFWCryptoOperation_Update(fwOperation,
                                              &inputBuffer, &outputBuffer);
        if (CKR_OK != error) {
            return error;
        }
        if (!isEncrypt) {
            error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
                                                        &outputBuffer);
        }
    }
    return error;
}

/*
 * NSSCKFWSession_GetMDSession
 *
 */

NSS_IMPLEMENT NSSCKMDSession *
NSSCKFWSession_GetMDSession(
    NSSCKFWSession *fwSession)
{
#ifdef DEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return (NSSCKMDSession *)NULL;
    }
#endif /* DEBUG */

    return nssCKFWSession_GetMDSession(fwSession);
}

/*
 * NSSCKFWSession_GetArena
 *
 */

NSS_IMPLEMENT NSSArena *
NSSCKFWSession_GetArena(
    NSSCKFWSession *fwSession,
    CK_RV *pError)
{
#ifdef DEBUG
    if (!pError) {
        return (NSSArena *)NULL;
    }

    *pError = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != *pError) {
        return (NSSArena *)NULL;
    }
#endif /* DEBUG */

    return nssCKFWSession_GetArena(fwSession, pError);
}

/*
 * NSSCKFWSession_CallNotification
 *
 */

NSS_IMPLEMENT CK_RV
NSSCKFWSession_CallNotification(
    NSSCKFWSession *fwSession,
    CK_NOTIFICATION event)
{
#ifdef DEBUG
    CK_RV error = CKR_OK;

    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return error;
    }
#endif /* DEBUG */

    return nssCKFWSession_CallNotification(fwSession, event);
}

/*
 * NSSCKFWSession_IsRWSession
 *
 */

NSS_IMPLEMENT CK_BBOOL
NSSCKFWSession_IsRWSession(
    NSSCKFWSession *fwSession)
{
#ifdef DEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CK_FALSE;
    }
#endif /* DEBUG */

    return nssCKFWSession_IsRWSession(fwSession);
}

/*
 * NSSCKFWSession_IsSO
 *
 */

NSS_IMPLEMENT CK_BBOOL
NSSCKFWSession_IsSO(
    NSSCKFWSession *fwSession)
{
#ifdef DEBUG
    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
        return CK_FALSE;
    }
#endif /* DEBUG */

    return nssCKFWSession_IsSO(fwSession);
}

NSS_IMPLEMENT NSSCKFWCryptoOperation *
NSSCKFWSession_GetCurrentCryptoOperation(
    NSSCKFWSession *fwSession,
    NSSCKFWCryptoOperationState state)
{
#ifdef DEBUG
    CK_RV error = CKR_OK;
    error = nssCKFWSession_verifyPointer(fwSession);
    if (CKR_OK != error) {
        return (NSSCKFWCryptoOperation *)NULL;
    }

    if (state >= NSSCKFWCryptoOperationState_Max) {
        return (NSSCKFWCryptoOperation *)NULL;
    }
#endif /* DEBUG */
    return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
}

/*
 * NSSCKFWSession_GetFWSlot
 *
 */

NSS_IMPLEMENT NSSCKFWSlot *
NSSCKFWSession_GetFWSlot(
    NSSCKFWSession *fwSession)
{
    return nssCKFWSession_GetFWSlot(fwSession);
}