[aaf/sshsm.git] / SoftHSMv2 / src / lib / SoftHSM.cpp

/*
 * Copyright (c) 2010 SURFnet bv
 * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*****************************************************************************
 SoftHSM.cpp

 The implementation of the SoftHSM's main class
 *****************************************************************************/

#include "config.h"
#include "log.h"
#include "access.h"
#include "Configuration.h"
#include "SimpleConfigLoader.h"
#include "MutexFactory.h"
#include "SecureMemoryRegistry.h"
#include "CryptoFactory.h"
#include "AsymmetricAlgorithm.h"
#include "SymmetricAlgorithm.h"
#include "AESKey.h"
#include "DESKey.h"
#include "RNG.h"
#include "RSAParameters.h"
#include "RSAPublicKey.h"
#include "RSAPrivateKey.h"
#include "DSAParameters.h"
#include "DSAPublicKey.h"
#include "DSAPrivateKey.h"
#include "ECPublicKey.h"
#include "ECPrivateKey.h"
#include "ECParameters.h"
#include "DHParameters.h"
#include "DHPublicKey.h"
#include "DHPrivateKey.h"
#include "GOSTPublicKey.h"
#include "GOSTPrivateKey.h"
#include "cryptoki.h"
#include "SoftHSM.h"
#include "osmutex.h"
#include "SessionManager.h"
#include "SessionObjectStore.h"
#include "HandleManager.h"
#include "P11Objects.h"
#include "odd.h"

#if defined(WITH_OPENSSL)
#include "OSSLCryptoFactory.h"
#else
#include "BotanCryptoFactory.h"
#endif

#include <stdlib.h>

// Initialise the one-and-only instance

#ifdef HAVE_CXX11

std::unique_ptr<MutexFactory> MutexFactory::instance(nullptr);
std::unique_ptr<SecureMemoryRegistry> SecureMemoryRegistry::instance(nullptr);
#if defined(WITH_OPENSSL)
std::unique_ptr<OSSLCryptoFactory> OSSLCryptoFactory::instance(nullptr);
#else
std::unique_ptr<BotanCryptoFactory> BotanCryptoFactory::instance(nullptr);
#endif
std::unique_ptr<SoftHSM> SoftHSM::instance(nullptr);

#else

std::auto_ptr<MutexFactory> MutexFactory::instance(NULL);
std::auto_ptr<SecureMemoryRegistry> SecureMemoryRegistry::instance(NULL);
#if defined(WITH_OPENSSL)
std::auto_ptr<OSSLCryptoFactory> OSSLCryptoFactory::instance(NULL);
#else
std::auto_ptr<BotanCryptoFactory> BotanCryptoFactory::instance(NULL);
#endif
std::auto_ptr<SoftHSM> SoftHSM::instance(NULL);

#endif

static CK_RV newP11Object(CK_OBJECT_CLASS objClass, CK_KEY_TYPE keyType, CK_CERTIFICATE_TYPE certType, P11Object **p11object)
{
        switch(objClass) {
                case CKO_DATA:
                        *p11object = new P11DataObj();
                        break;
                case CKO_CERTIFICATE:
                        if (certType == CKC_X_509)
                                *p11object = new P11X509CertificateObj();
                        else if (certType == CKC_OPENPGP)
                                *p11object = new P11OpenPGPPublicKeyObj();
                        else
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        break;
                case CKO_PUBLIC_KEY:
                        if (keyType == CKK_RSA)
                                *p11object = new P11RSAPublicKeyObj();
                        else if (keyType == CKK_DSA)
                                *p11object = new P11DSAPublicKeyObj();
                        else if (keyType == CKK_EC)
                                *p11object = new P11ECPublicKeyObj();
                        else if (keyType == CKK_DH)
                                *p11object = new P11DHPublicKeyObj();
                        else if (keyType == CKK_GOSTR3410)
                                *p11object = new P11GOSTPublicKeyObj();
                        else
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        break;
                case CKO_PRIVATE_KEY:
                        // we need to know the type too
                        if (keyType == CKK_RSA)
                                *p11object = new P11RSAPrivateKeyObj();
                        else if (keyType == CKK_DSA)
                                *p11object = new P11DSAPrivateKeyObj();
                        else if (keyType == CKK_EC)
                                *p11object = new P11ECPrivateKeyObj();
                        else if (keyType == CKK_DH)
                                *p11object = new P11DHPrivateKeyObj();
                        else if (keyType == CKK_GOSTR3410)
                                *p11object = new P11GOSTPrivateKeyObj();
                        else
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        break;
                case CKO_SECRET_KEY:
                        if ((keyType == CKK_GENERIC_SECRET) ||
                            (keyType == CKK_MD5_HMAC) ||
                            (keyType == CKK_SHA_1_HMAC) ||
                            (keyType == CKK_SHA224_HMAC) ||
                            (keyType == CKK_SHA256_HMAC) ||
                            (keyType == CKK_SHA384_HMAC) ||
                            (keyType == CKK_SHA512_HMAC))
                        {
                                P11GenericSecretKeyObj* key = new P11GenericSecretKeyObj();
                                *p11object = key;
                                key->setKeyType(keyType);
                        }
                        else if (keyType == CKK_AES)
                        {
                                *p11object = new P11AESSecretKeyObj();
                        }
                        else if ((keyType == CKK_DES) ||
                                 (keyType == CKK_DES2) ||
                                 (keyType == CKK_DES3))
                        {
                                P11DESSecretKeyObj* key = new P11DESSecretKeyObj();
                                *p11object = key;
                                key->setKeyType(keyType);
                        }
                        else if (keyType == CKK_GOST28147)
                        {
                                *p11object = new P11GOSTSecretKeyObj();
                        }
                        else
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        break;
                case CKO_DOMAIN_PARAMETERS:
                        if (keyType == CKK_DSA)
                                *p11object = new P11DSADomainObj();
                        else if (keyType == CKK_DH)
                                *p11object = new P11DHDomainObj();
                        else
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        break;
                default:
                        return CKR_ATTRIBUTE_VALUE_INVALID; // invalid value for a valid argument
        }
        return CKR_OK;
}

static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
                                      CK_ULONG ulCount,
                                      CK_OBJECT_CLASS &objClass,
                                      CK_KEY_TYPE &keyType,
                                      CK_CERTIFICATE_TYPE &certType,
                                      CK_BBOOL &isOnToken,
                                      CK_BBOOL &isPrivate,
                                      bool bImplicit)
{
        bool bHasClass = false;
        bool bHasKeyType = false;
        bool bHasCertType = false;
        bool bHasPrivate = false;

        // Extract object information
        for (CK_ULONG i = 0; i < ulCount; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                                if (pTemplate[i].ulValueLen == sizeof(CK_OBJECT_CLASS))
                                {
                                        objClass = *(CK_OBJECT_CLASS_PTR)pTemplate[i].pValue;
                                        bHasClass = true;
                                }
                                break;
                        case CKA_KEY_TYPE:
                                if (pTemplate[i].ulValueLen == sizeof(CK_KEY_TYPE))
                                {
                                        keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
                                        bHasKeyType = true;
                                }
                                break;
                        case CKA_CERTIFICATE_TYPE:
                                if (pTemplate[i].ulValueLen == sizeof(CK_CERTIFICATE_TYPE))
                                {
                                        certType = *(CK_CERTIFICATE_TYPE*)pTemplate[i].pValue;
                                        bHasCertType = true;
                                }
                                break;
                        case CKA_TOKEN:
                                if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
                                {
                                        isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
                                }
                                break;
                        case CKA_PRIVATE:
                                if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
                                {
                                        isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
                                        bHasPrivate = true;
                                }
                                break;
                        default:
                                break;
                }
        }

        if (bImplicit)
        {
                return CKR_OK;
        }

        if (!bHasClass)
        {
                return CKR_TEMPLATE_INCOMPLETE;
        }

        bool bKeyTypeRequired = (objClass == CKO_PUBLIC_KEY || objClass == CKO_PRIVATE_KEY || objClass == CKO_SECRET_KEY);
        if (bKeyTypeRequired && !bHasKeyType)
        {
                 return CKR_TEMPLATE_INCOMPLETE;
        }

        if (objClass == CKO_CERTIFICATE)
        {
                if (!bHasCertType)
                {
                        return CKR_TEMPLATE_INCOMPLETE;
                }
                if (!bHasPrivate)
                {
                        // Change default value for certificates
                        isPrivate = CK_FALSE;
                }
        }

        if (objClass == CKO_PUBLIC_KEY && !bHasPrivate)
        {
                // Change default value for public keys
                isPrivate = CK_FALSE;
        }

        return CKR_OK;
}

static CK_RV newP11Object(OSObject *object, P11Object **p11object)
{
        CK_OBJECT_CLASS objClass = object->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
        CK_KEY_TYPE keyType = CKK_RSA;
        CK_CERTIFICATE_TYPE certType = CKC_X_509;
        if (object->attributeExists(CKA_KEY_TYPE))
                keyType = object->getUnsignedLongValue(CKA_KEY_TYPE, CKK_RSA);
        if (object->attributeExists(CKA_CERTIFICATE_TYPE))
                certType = object->getUnsignedLongValue(CKA_CERTIFICATE_TYPE, CKC_X_509);
        CK_RV rv = newP11Object(objClass,keyType,certType,p11object);
        if (rv != CKR_OK)
                return rv;
        if (!(*p11object)->init(object))
                return CKR_GENERAL_ERROR; // something went wrong that shouldn't have.
        return CKR_OK;
}

#ifdef notyet
static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value)
{
        CK_ATTRIBUTE attr = {type, (CK_VOID_PTR)value.const_byte_str(), value.size() };
        return attr;
}
#endif

/*****************************************************************************
 Implementation of SoftHSM class specific functions
 *****************************************************************************/

// Return the one-and-only instance
SoftHSM* SoftHSM::i()
{
        if (!instance.get())
        {
                instance.reset(new SoftHSM());
        }

        return instance.get();
}

void SoftHSM::reset()
{
        if (instance.get())
                instance.reset();
}

// Constructor
SoftHSM::SoftHSM()
{
        isInitialised = false;
        isRemovable = false;
        sessionObjectStore = NULL;
        objectStore = NULL;
        slotManager = NULL;
        sessionManager = NULL;
        handleManager = NULL;
}

// Destructor
SoftHSM::~SoftHSM()
{
        if (handleManager != NULL) delete handleManager;
        if (sessionManager != NULL) delete sessionManager;
        if (slotManager != NULL) delete slotManager;
        if (objectStore != NULL) delete objectStore;
        if (sessionObjectStore != NULL) delete sessionObjectStore;
}

/*****************************************************************************
 Implementation of PKCS #11 functions
 *****************************************************************************/

// PKCS #11 initialisation function
CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)
{
        CK_C_INITIALIZE_ARGS_PTR args;

        // Check if PKCS#11 is already initialized
        if (isInitialised)
        {
                ERROR_MSG("SoftHSM is already initialized");
                return CKR_CRYPTOKI_ALREADY_INITIALIZED;
        }

        // Do we have any arguments?
        if (pInitArgs != NULL_PTR)
        {
                args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs;

                // Must be set to NULL_PTR in this version of PKCS#11
                if (args->pReserved != NULL_PTR)
                {
                        ERROR_MSG("pReserved must be set to NULL_PTR");
                        return CKR_ARGUMENTS_BAD;
                }

                // Can we spawn our own threads?
                // if (args->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS)
                // {
                //      DEBUG_MSG("Cannot create threads if CKF_LIBRARY_CANT_CREATE_OS_THREADS is set");
                //      return CKR_NEED_TO_CREATE_THREADS;
                // }

                // Are we not supplied with mutex functions?
                if
                (
                        args->CreateMutex == NULL_PTR &&
                        args->DestroyMutex == NULL_PTR &&
                        args->LockMutex == NULL_PTR &&
                        args->UnlockMutex == NULL_PTR
                )
                {
                        // Can we use our own mutex functions?
                        if (args->flags & CKF_OS_LOCKING_OK)
                        {
                                // Use our own mutex functions.
                                MutexFactory::i()->setCreateMutex(OSCreateMutex);
                                MutexFactory::i()->setDestroyMutex(OSDestroyMutex);
                                MutexFactory::i()->setLockMutex(OSLockMutex);
                                MutexFactory::i()->setUnlockMutex(OSUnlockMutex);
                                MutexFactory::i()->enable();
                        }
                        else
                        {
                                // The external application is not using threading
                                MutexFactory::i()->disable();
                        }
                }
                else
                {
                        // We must have all mutex functions
                        if
                        (
                                args->CreateMutex == NULL_PTR ||
                                args->DestroyMutex == NULL_PTR ||
                                args->LockMutex == NULL_PTR ||
                                args->UnlockMutex == NULL_PTR
                        )
                        {
                                ERROR_MSG("Not all mutex functions are supplied");
                                return CKR_ARGUMENTS_BAD;
                        }

                        // We could use our own mutex functions if the flag is set,
                        // but we use the external functions in both cases.

                        // Load the external mutex functions
                        MutexFactory::i()->setCreateMutex(args->CreateMutex);
                        MutexFactory::i()->setDestroyMutex(args->DestroyMutex);
                        MutexFactory::i()->setLockMutex(args->LockMutex);
                        MutexFactory::i()->setUnlockMutex(args->UnlockMutex);
                        MutexFactory::i()->enable();
                }
        }
        else
        {
                // No concurrent access by multiple threads
                MutexFactory::i()->disable();
        }

        // Initiate SecureMemoryRegistry
        if (SecureMemoryRegistry::i() == NULL)
        {
                ERROR_MSG("Could not load the SecureMemoryRegistry");
                return CKR_GENERAL_ERROR;
        }

        // Build the CryptoFactory
        if (CryptoFactory::i() == NULL)
        {
                ERROR_MSG("Could not load the CryptoFactory");
                return CKR_GENERAL_ERROR;
        }

#ifdef WITH_FIPS
        // Check the FIPS status
        if (!CryptoFactory::i()->getFipsSelfTestStatus())
        {
                ERROR_MSG("The FIPS self test failed");
                return CKR_FIPS_SELF_TEST_FAILED;
        }
#endif

        // (Re)load the configuration
        if (!Configuration::i()->reload(SimpleConfigLoader::i()))
        {
                ERROR_MSG("Could not load the configuration");
                return CKR_GENERAL_ERROR;
        }

        // Configure the log level
        if (!setLogLevel(Configuration::i()->getString("log.level", DEFAULT_LOG_LEVEL)))
        {
                ERROR_MSG("Could not set the log level");
                return CKR_GENERAL_ERROR;
        }

        // Configure object store storage backend used by all tokens.
        if (!ObjectStoreToken::selectBackend(Configuration::i()->getString("objectstore.backend", DEFAULT_OBJECTSTORE_BACKEND)))
        {
                ERROR_MSG("Could not set the storage backend");
                return CKR_GENERAL_ERROR;
        }

        sessionObjectStore = new SessionObjectStore();

        // Load the object store
        objectStore = new ObjectStore(Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR));
        if (!objectStore->isValid())
        {
                WARNING_MSG("Could not load the object store");
                delete objectStore;
                objectStore = NULL;
                delete sessionObjectStore;
                sessionObjectStore = NULL;
                return CKR_GENERAL_ERROR;
        }

        isRemovable = Configuration::i()->getBool("slots.removable", false);

        // Load the slot manager
        slotManager = new SlotManager(objectStore);

        // Load the session manager
        sessionManager = new SessionManager();

        // Load the handle manager
        handleManager = new HandleManager();

        // Set the state to initialised
        isInitialised = true;

        return CKR_OK;
}

// PKCS #11 finalisation function
CK_RV SoftHSM::C_Finalize(CK_VOID_PTR pReserved)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Must be set to NULL_PTR in this version of PKCS#11
        if (pReserved != NULL_PTR) return CKR_ARGUMENTS_BAD;

        if (handleManager != NULL) delete handleManager;
        handleManager = NULL;
        if (sessionManager != NULL) delete sessionManager;
        sessionManager = NULL;
        if (slotManager != NULL) delete slotManager;
        slotManager = NULL;
        if (objectStore != NULL) delete objectStore;
        objectStore = NULL;
        if (sessionObjectStore != NULL) delete sessionObjectStore;
        sessionObjectStore = NULL;
        CryptoFactory::reset();
        SecureMemoryRegistry::reset();

        isInitialised = false;

        SoftHSM::reset();
        return CKR_OK;
}

// Return information about the PKCS #11 module
CK_RV SoftHSM::C_GetInfo(CK_INFO_PTR pInfo)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
        if (pInfo == NULL_PTR) return CKR_ARGUMENTS_BAD;

        pInfo->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
        pInfo->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
        memset(pInfo->manufacturerID, ' ', 32);
        memcpy(pInfo->manufacturerID, "SoftHSM", 7);
        pInfo->flags = 0;
        memset(pInfo->libraryDescription, ' ', 32);
#ifdef WITH_FIPS
        memcpy(pInfo->libraryDescription, "Implementation of PKCS11+FIPS", 29);
#else
        memcpy(pInfo->libraryDescription, "Implementation of PKCS11", 24);
#endif
        pInfo->libraryVersion.major = VERSION_MAJOR;
        pInfo->libraryVersion.minor = VERSION_MINOR;

        return CKR_OK;
}

// Return a list of available slots
CK_RV SoftHSM::C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        return slotManager->getSlotList(objectStore, tokenPresent, pSlotList, pulCount);
}

// Return information about a slot
CK_RV SoftHSM::C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
{
        CK_RV rv;
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL)
        {
                return CKR_SLOT_ID_INVALID;
        }

        rv = slot->getSlotInfo(pInfo);
        if (rv != CKR_OK) {
                return rv;
        }

        if (isRemovable) {
                pInfo->flags |= CKF_REMOVABLE_DEVICE;
        }

        return CKR_OK;
}

// Return information about a token in a slot
CK_RV SoftHSM::C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL)
        {
                return CKR_SLOT_ID_INVALID;
        }

        Token* token = slot->getToken();
        if (token == NULL)
        {
                return CKR_TOKEN_NOT_PRESENT;
        }

        return token->getTokenInfo(pInfo);
}

// Return the list of supported mechanisms for a given slot
CK_RV SoftHSM::C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
{
        // A list with the supported mechanisms
        CK_ULONG nrSupportedMechanisms = 61;
#ifdef WITH_ECC
        nrSupportedMechanisms += 3;
#endif
#ifdef WITH_FIPS
        nrSupportedMechanisms -= 9;
#endif
#ifdef WITH_GOST
        nrSupportedMechanisms += 5;
#endif
#ifdef HAVE_AES_KEY_WRAP_PAD
        nrSupportedMechanisms += 1;
#endif
#ifdef WITH_RAW_PSS
        nrSupportedMechanisms += 1; // CKM_RSA_PKCS_PSS
#endif
#ifdef WITH_AES_GCM
        nrSupportedMechanisms += 1;
#endif

        CK_MECHANISM_TYPE supportedMechanisms[] =
        {
#ifndef WITH_FIPS
                CKM_MD5,
#endif
                CKM_SHA_1,
                CKM_SHA224,
                CKM_SHA256,
                CKM_SHA384,
                CKM_SHA512,
#ifndef WITH_FIPS
                CKM_MD5_HMAC,
#endif
                CKM_SHA_1_HMAC,
                CKM_SHA224_HMAC,
                CKM_SHA256_HMAC,
                CKM_SHA384_HMAC,
                CKM_SHA512_HMAC,
                CKM_RSA_PKCS_KEY_PAIR_GEN,
                CKM_RSA_PKCS,
                CKM_RSA_X_509,
#ifndef WITH_FIPS
                CKM_MD5_RSA_PKCS,
#endif
                CKM_SHA1_RSA_PKCS,
                CKM_RSA_PKCS_OAEP,
                CKM_SHA224_RSA_PKCS,
                CKM_SHA256_RSA_PKCS,
                CKM_SHA384_RSA_PKCS,
                CKM_SHA512_RSA_PKCS,
#ifdef WITH_RAW_PSS
                CKM_RSA_PKCS_PSS,
#endif
                CKM_SHA1_RSA_PKCS_PSS,
                CKM_SHA224_RSA_PKCS_PSS,
                CKM_SHA256_RSA_PKCS_PSS,
                CKM_SHA384_RSA_PKCS_PSS,
                CKM_SHA512_RSA_PKCS_PSS,
#ifndef WITH_FIPS
                CKM_DES_KEY_GEN,
#endif
                CKM_DES2_KEY_GEN,
                CKM_DES3_KEY_GEN,
#ifndef WITH_FIPS
                CKM_DES_ECB,
                CKM_DES_CBC,
                CKM_DES_CBC_PAD,
                CKM_DES_ECB_ENCRYPT_DATA,
                CKM_DES_CBC_ENCRYPT_DATA,
#endif
                CKM_DES3_ECB,
                CKM_DES3_CBC,
                CKM_DES3_CBC_PAD,
                CKM_DES3_ECB_ENCRYPT_DATA,
                CKM_DES3_CBC_ENCRYPT_DATA,
                CKM_DES3_CMAC,
                CKM_AES_KEY_GEN,
                CKM_AES_ECB,
                CKM_AES_CBC,
                CKM_AES_CBC_PAD,
                CKM_AES_CTR,
#ifdef WITH_AES_GCM
                CKM_AES_GCM,
#endif
                CKM_AES_KEY_WRAP,
#ifdef HAVE_AES_KEY_WRAP_PAD
                CKM_AES_KEY_WRAP_PAD,
#endif
                CKM_AES_ECB_ENCRYPT_DATA,
                CKM_AES_CBC_ENCRYPT_DATA,
                CKM_AES_CMAC,
                CKM_DSA_PARAMETER_GEN,
                CKM_DSA_KEY_PAIR_GEN,
                CKM_DSA,
                CKM_DSA_SHA1,
                CKM_DSA_SHA224,
                CKM_DSA_SHA256,
                CKM_DSA_SHA384,
                CKM_DSA_SHA512,
                CKM_DH_PKCS_KEY_PAIR_GEN,
                CKM_DH_PKCS_PARAMETER_GEN,
                CKM_DH_PKCS_DERIVE,
#ifdef WITH_ECC
                CKM_EC_KEY_PAIR_GEN,
                CKM_ECDSA,
                CKM_ECDH1_DERIVE,
#endif
#ifdef WITH_GOST
                CKM_GOSTR3411,
                CKM_GOSTR3411_HMAC,
                CKM_GOSTR3410_KEY_PAIR_GEN,
                CKM_GOSTR3410,
                CKM_GOSTR3410_WITH_GOSTR3411
#endif
        };

        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
        if (pulCount == NULL_PTR) return CKR_ARGUMENTS_BAD;

        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL)
        {
                return CKR_SLOT_ID_INVALID;
        }

        if (pMechanismList == NULL_PTR)
        {
                *pulCount = nrSupportedMechanisms;

                return CKR_OK;
        }

        if (*pulCount < nrSupportedMechanisms)
        {
                *pulCount = nrSupportedMechanisms;

                return CKR_BUFFER_TOO_SMALL;
        }

        *pulCount = nrSupportedMechanisms;

        for (CK_ULONG i = 0; i < nrSupportedMechanisms; i ++)
        {
                pMechanismList[i] = supportedMechanisms[i];
        }

        return CKR_OK;
}

// Return more information about a mechanism for a given slot
CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
{
        unsigned long rsaMinSize, rsaMaxSize;
        unsigned long dsaMinSize, dsaMaxSize;
        unsigned long dhMinSize, dhMaxSize;
#ifdef WITH_ECC
        unsigned long ecdsaMinSize, ecdsaMaxSize;
        unsigned long ecdhMinSize, ecdhMaxSize;
#endif

        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
        if (pInfo == NULL_PTR) return CKR_ARGUMENTS_BAD;

        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL)
        {
                return CKR_SLOT_ID_INVALID;
        }

        AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
        if (rsa != NULL)
        {
                rsaMinSize = rsa->getMinKeySize();
                rsaMaxSize = rsa->getMaxKeySize();
        }
        else
        {
                return CKR_GENERAL_ERROR;
        }
        CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);

        AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
        if (dsa != NULL)
        {
                dsaMinSize = dsa->getMinKeySize();
                // Limitation in PKCS#11
                if (dsaMinSize < 512)
                {
                        dsaMinSize = 512;
                }

                dsaMaxSize = dsa->getMaxKeySize();
                // Limitation in PKCS#11
                if (dsaMaxSize > 1024)
                {
                        dsaMaxSize = 1024;
                }
        }
        else
        {
                return CKR_GENERAL_ERROR;
        }
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);

        AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
        if (dh != NULL)
        {
                dhMinSize = dh->getMinKeySize();
                dhMaxSize = dh->getMaxKeySize();
        }
        else
        {
                return CKR_GENERAL_ERROR;
        }
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);

#ifdef WITH_ECC
        AsymmetricAlgorithm* ecdsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
        if (ecdsa != NULL)
        {
                ecdsaMinSize = ecdsa->getMinKeySize();
                ecdsaMaxSize = ecdsa->getMaxKeySize();
        }
        else
        {
                return CKR_GENERAL_ERROR;
        }
        CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdsa);

        AsymmetricAlgorithm* ecdh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDH);
        if (ecdh != NULL)
        {
                ecdhMinSize = ecdh->getMinKeySize();
                ecdhMaxSize = ecdh->getMaxKeySize();
        }
        else
        {
                return CKR_GENERAL_ERROR;
        }
        CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
#endif

        switch (type)
        {
#ifndef WITH_FIPS
                case CKM_MD5:
#endif
                case CKM_SHA_1:
                case CKM_SHA224:
                case CKM_SHA256:
                case CKM_SHA384:
                case CKM_SHA512:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_DIGEST;
                        break;
#ifndef WITH_FIPS
                case CKM_MD5_HMAC:
                        pInfo->ulMinKeySize = 16;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
#endif
                case CKM_SHA_1_HMAC:
                        pInfo->ulMinKeySize = 20;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_SHA224_HMAC:
                        pInfo->ulMinKeySize = 28;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_SHA256_HMAC:
                        pInfo->ulMinKeySize = 32;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_SHA384_HMAC:
                        pInfo->ulMinKeySize = 48;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_SHA512_HMAC:
                        pInfo->ulMinKeySize = 64;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_RSA_PKCS_KEY_PAIR_GEN:
                        pInfo->ulMinKeySize = rsaMinSize;
                        pInfo->ulMaxKeySize = rsaMaxSize;
                        pInfo->flags = CKF_GENERATE_KEY_PAIR;
                        break;
                case CKM_RSA_PKCS:
                        pInfo->ulMinKeySize = rsaMinSize;
                        pInfo->ulMaxKeySize = rsaMaxSize;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
                        break;
                case CKM_RSA_X_509:
                        pInfo->ulMinKeySize = rsaMinSize;
                        pInfo->ulMaxKeySize = rsaMaxSize;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_ENCRYPT | CKF_DECRYPT;
                        break;
#ifndef WITH_FIPS
                case CKM_MD5_RSA_PKCS:
#endif
                case CKM_SHA1_RSA_PKCS:
                case CKM_SHA224_RSA_PKCS:
                case CKM_SHA256_RSA_PKCS:
                case CKM_SHA384_RSA_PKCS:
                case CKM_SHA512_RSA_PKCS:
#ifdef WITH_RAW_PSS
                case CKM_RSA_PKCS_PSS:
#endif
                case CKM_SHA1_RSA_PKCS_PSS:
                case CKM_SHA224_RSA_PKCS_PSS:
                case CKM_SHA256_RSA_PKCS_PSS:
                case CKM_SHA384_RSA_PKCS_PSS:
                case CKM_SHA512_RSA_PKCS_PSS:
                        pInfo->ulMinKeySize = rsaMinSize;
                        pInfo->ulMaxKeySize = rsaMaxSize;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_RSA_PKCS_OAEP:
                        pInfo->ulMinKeySize = rsaMinSize;
                        pInfo->ulMaxKeySize = rsaMaxSize;
                        pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
                        break;
#ifndef WITH_FIPS
                case CKM_DES_KEY_GEN:
#endif
                case CKM_DES2_KEY_GEN:
                case CKM_DES3_KEY_GEN:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_GENERATE;
                        break;
#ifndef WITH_FIPS
                case CKM_DES_ECB:
                case CKM_DES_CBC:
                case CKM_DES_CBC_PAD:
#endif
                case CKM_DES3_ECB:
                case CKM_DES3_CBC:
                case CKM_DES3_CBC_PAD:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
                        break;
                case CKM_DES3_CMAC:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_AES_KEY_GEN:
                        pInfo->ulMinKeySize = 16;
                        pInfo->ulMaxKeySize = 32;
                        pInfo->flags = CKF_GENERATE;
                        break;
                case CKM_AES_ECB:
                case CKM_AES_CBC:
                case CKM_AES_CBC_PAD:
                case CKM_AES_CTR:
#ifdef WITH_AES_GCM
                case CKM_AES_GCM:
#endif
                        pInfo->ulMinKeySize = 16;
                        pInfo->ulMaxKeySize = 32;
                        pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
                        break;
                case CKM_AES_KEY_WRAP:
                        pInfo->ulMinKeySize = 16;
                        pInfo->ulMaxKeySize = 0x80000000;
                        pInfo->flags = CKF_WRAP | CKF_UNWRAP;
                        break;
#ifdef HAVE_AES_KEY_WRAP_PAD
                case CKM_AES_KEY_WRAP_PAD:
                        pInfo->ulMinKeySize = 1;
                        pInfo->ulMaxKeySize = 0x80000000;
                        pInfo->flags = CKF_WRAP | CKF_UNWRAP;
                        break;
#endif
#ifndef WITH_FIPS
                case CKM_DES_ECB_ENCRYPT_DATA:
                case CKM_DES_CBC_ENCRYPT_DATA:
#endif
                case CKM_DES3_ECB_ENCRYPT_DATA:
                case CKM_DES3_CBC_ENCRYPT_DATA:
                case CKM_AES_ECB_ENCRYPT_DATA:
                case CKM_AES_CBC_ENCRYPT_DATA:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_DERIVE;
                        break;
                case CKM_AES_CMAC:
                        pInfo->ulMinKeySize = 16;
                        pInfo->ulMaxKeySize = 32;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_DSA_PARAMETER_GEN:
                        pInfo->ulMinKeySize = dsaMinSize;
                        pInfo->ulMaxKeySize = dsaMaxSize;
                        pInfo->flags = CKF_GENERATE;
                        break;
                case CKM_DSA_KEY_PAIR_GEN:
                        pInfo->ulMinKeySize = dsaMinSize;
                        pInfo->ulMaxKeySize = dsaMaxSize;
                        pInfo->flags = CKF_GENERATE_KEY_PAIR;
                        break;
                case CKM_DSA:
                case CKM_DSA_SHA1:
                case CKM_DSA_SHA224:
                case CKM_DSA_SHA256:
                case CKM_DSA_SHA384:
                case CKM_DSA_SHA512:
                        pInfo->ulMinKeySize = dsaMinSize;
                        pInfo->ulMaxKeySize = dsaMaxSize;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_DH_PKCS_KEY_PAIR_GEN:
                        pInfo->ulMinKeySize = dhMinSize;
                        pInfo->ulMaxKeySize = dhMaxSize;
                        pInfo->flags = CKF_GENERATE_KEY_PAIR;
                        break;
                case CKM_DH_PKCS_PARAMETER_GEN:
                        pInfo->ulMinKeySize = dhMinSize;
                        pInfo->ulMaxKeySize = dhMaxSize;
                        pInfo->flags = CKF_GENERATE;
                        break;
                case CKM_DH_PKCS_DERIVE:
                        pInfo->ulMinKeySize = dhMinSize;
                        pInfo->ulMaxKeySize = dhMaxSize;
                        pInfo->flags = CKF_DERIVE;
                        break;
#ifdef WITH_ECC
                case CKM_EC_KEY_PAIR_GEN:
                        pInfo->ulMinKeySize = ecdsaMinSize;
                        pInfo->ulMaxKeySize = ecdsaMaxSize;
#define CKF_EC_COMMOM   (CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS)
                        pInfo->flags = CKF_GENERATE_KEY_PAIR | CKF_EC_COMMOM;
                        break;
                case CKM_ECDSA:
                        pInfo->ulMinKeySize = ecdsaMinSize;
                        pInfo->ulMaxKeySize = ecdsaMaxSize;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY | CKF_EC_COMMOM;
                        break;
                case CKM_ECDH1_DERIVE:
                        pInfo->ulMinKeySize = ecdhMinSize;
                        pInfo->ulMaxKeySize = ecdhMaxSize;
                        pInfo->flags = CKF_DERIVE;
                        break;
#endif
#ifdef WITH_GOST
                case CKM_GOSTR3411:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_DIGEST;
                        break;
                case CKM_GOSTR3411_HMAC:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 32;
                        pInfo->ulMaxKeySize = 512;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_GOSTR3410_KEY_PAIR_GEN:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_GENERATE_KEY_PAIR;
                        break;
                case CKM_GOSTR3410:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
                case CKM_GOSTR3410_WITH_GOSTR3411:
                        // Key size is not in use
                        pInfo->ulMinKeySize = 0;
                        pInfo->ulMaxKeySize = 0;
                        pInfo->flags = CKF_SIGN | CKF_VERIFY;
                        break;
#endif
                default:
                        DEBUG_MSG("The selected mechanism is not supported");
                        return CKR_MECHANISM_INVALID;
                        break;
        }

        return CKR_OK;
}

// Initialise the token in the specified slot
CK_RV SoftHSM::C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL)
        {
                return CKR_SLOT_ID_INVALID;
        }

        // Check if any session is open with this token.
        if (sessionManager->haveSession(slotID))
        {
                return CKR_SESSION_EXISTS;
        }

        // Check the PIN
        if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (ulPinLen < MIN_PIN_LEN || ulPinLen > MAX_PIN_LEN) return CKR_PIN_INCORRECT;

        ByteString soPIN(pPin, ulPinLen);

        return slot->initToken(soPIN, pLabel);
}

// Initialise the user PIN
CK_RV SoftHSM::C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // The SO must be logged in
        if (session->getState() != CKS_RW_SO_FUNCTIONS) return CKR_USER_NOT_LOGGED_IN;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the PIN
        if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (ulPinLen < MIN_PIN_LEN || ulPinLen > MAX_PIN_LEN) return CKR_PIN_LEN_RANGE;

        ByteString userPIN(pPin, ulPinLen);

        return token->initUserPIN(userPIN);
}

// Change the PIN
CK_RV SoftHSM::C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen)
{
        CK_RV rv = CKR_OK;

        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check the new PINs
        if (pOldPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pNewPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (ulNewLen < MIN_PIN_LEN || ulNewLen > MAX_PIN_LEN) return CKR_PIN_LEN_RANGE;

        ByteString oldPIN(pOldPin, ulOldLen);
        ByteString newPIN(pNewPin, ulNewLen);

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        switch (session->getState())
        {
                case CKS_RW_PUBLIC_SESSION:
                case CKS_RW_USER_FUNCTIONS:
                        rv = token->setUserPIN(oldPIN, newPIN);
                        break;
                case CKS_RW_SO_FUNCTIONS:
                        rv = token->setSOPIN(oldPIN, newPIN);
                        break;
                default:
                        return CKR_SESSION_READ_ONLY;
        }

        return rv;
}

// Open a new session to the specified slot
CK_RV SoftHSM::C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        Slot* slot = slotManager->getSlot(slotID);

        CK_RV rv = sessionManager->openSession(slot, flags, pApplication, notify, phSession);
        if (rv != CKR_OK)
                return rv;

        // Get a pointer to the session object and store it in the handle manager.
        Session* session = sessionManager->getSession(*phSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
        *phSession = handleManager->addSession(slotID,session);

        return CKR_OK;
}

// Close the given session
CK_RV SoftHSM::C_CloseSession(CK_SESSION_HANDLE hSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Tell the handle manager the session has been closed.
        handleManager->sessionClosed(hSession);


        // Tell the session object store that the session has closed.
        sessionObjectStore->sessionClosed(hSession);

        // Tell the session manager the session has been closed.
        return sessionManager->closeSession(session->getHandle());
}

// Close all open sessions
CK_RV SoftHSM::C_CloseAllSessions(CK_SLOT_ID slotID)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the slot
        Slot* slot = slotManager->getSlot(slotID);
        if (slot == NULL) return CKR_SLOT_ID_INVALID;

        // Get the token
        Token* token = slot->getToken();
        if (token == NULL) return CKR_TOKEN_NOT_PRESENT;

        // Tell the handle manager all sessions were closed for the given slotID.
        // The handle manager should then remove all session and object handles for this slot.
        handleManager->allSessionsClosed(slotID);

        // Tell the session object store that all sessions were closed for the given slotID.
        // The session object store should then remove all session objects for this slot.
        sessionObjectStore->allSessionsClosed(slotID);

        // Finally tell the session manager tho close all sessions for the given slot.
        // This will also trigger a logout on the associated token to occur.
        return sessionManager->closeAllSessions(slot);
}

// Retrieve information about the specified session
CK_RV SoftHSM::C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return session->getInfo(pInfo);
}

// Determine the state of a running operation in a session
CK_RV SoftHSM::C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pOperationState*/, CK_ULONG_PTR /*pulOperationStateLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Set the operation sate in a session
CK_RV SoftHSM::C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pOperationState*/, CK_ULONG /*ulOperationStateLen*/, CK_OBJECT_HANDLE /*hEncryptionKey*/, CK_OBJECT_HANDLE /*hAuthenticationKey*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Login on the token in the specified session
CK_RV SoftHSM::C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
{
        CK_RV rv = CKR_OK;

        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the PIN
        if (pPin == NULL_PTR) return CKR_ARGUMENTS_BAD;
        ByteString pin(pPin, ulPinLen);

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        switch (userType)
        {
                case CKU_SO:
                        // There cannot exist a R/O session on this slot
                        if (sessionManager->haveROSession(session->getSlot()->getSlotID())) return CKR_SESSION_READ_ONLY_EXISTS;

                        // Login
                        rv = token->loginSO(pin);
                        break;
                case CKU_USER:
                        // Login
                        rv = token->loginUser(pin);
                        break;
                case CKU_CONTEXT_SPECIFIC:
                        // Check if re-authentication is required
                        if (!session->getReAuthentication()) return CKR_OPERATION_NOT_INITIALIZED;

                        // Re-authenticate
                        rv = token->reAuthenticate(pin);
                        if (rv == CKR_OK) session->setReAuthentication(false);
                        break;
                default:
                        return CKR_USER_TYPE_INVALID;
        }

        return rv;
}

// Log out of the token in the specified session
CK_RV SoftHSM::C_Logout(CK_SESSION_HANDLE hSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Logout
        token->logout();

        // [PKCS#11 v2.40, C_Logout] When logout is successful...
        // a. Any of the application's handles to private objects become invalid.
        // b. Even if a user is later logged back into the token those handles remain invalid.
        // c. All private session objects from sessions belonging to the application are destroyed.

        // Have the handle manager remove all handles pointing to private objects for this slot.
        CK_SLOT_ID slotID = session->getSlot()->getSlotID();
        handleManager->tokenLoggedOut(slotID);
        sessionObjectStore->tokenLoggedOut(slotID);

        return CKR_OK;
}

// Create a new object on the token in the specified session using the given attribute template
CK_RV SoftHSM::C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
{
        return this->CreateObject(hSession,pTemplate,ulCount,phObject,OBJECT_OP_CREATE);
}

// Create a copy of the object with the specified handle
CK_RV SoftHSM::C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phNewObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
        *phNewObject = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the slot
        Slot* slot = session->getSlot();
        if (slot == NULL_PTR) return CKR_GENERAL_ERROR;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL_PTR) return CKR_GENERAL_ERROR;

        // Check the object handle.
        OSObject *object = (OSObject *)handleManager->getObject(hObject);
        if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL wasOnToken = object->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL wasPrivate = object->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), wasOnToken, wasPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if the object is copyable
        CK_BBOOL isCopyable = object->getBooleanValue(CKA_COPYABLE, true);
        if (!isCopyable) return CKR_ACTION_PROHIBITED;

        // Extract critical information from the template
        CK_BBOOL isOnToken = wasOnToken;
        CK_BBOOL isPrivate = wasPrivate;

        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                if ((pTemplate[i].type == CKA_TOKEN) && (pTemplate[i].ulValueLen == sizeof(CK_BBOOL)))
                {
                        isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
                        continue;
                }
                if ((pTemplate[i].type == CKA_PRIVATE) && (pTemplate[i].ulValueLen == sizeof(CK_BBOOL)))
                {
                        isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
                        continue;
                }
        }

        // Check privacy does not downgrade
        if (wasPrivate && !isPrivate) return CKR_TEMPLATE_INCONSISTENT;

        // Check write user credentials
        rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Create the object in session or on the token
        OSObject *newobject = NULL_PTR;
        if (isOnToken)
        {
                newobject = (OSObject*) token->createObject();
        }
        else
        {
                newobject = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
        }
        if (newobject == NULL) return CKR_GENERAL_ERROR;

        // Copy attributes from object class (CKA_CLASS=0 so the first)
        if (!newobject->startTransaction())
        {
                newobject->destroyObject();
                return CKR_FUNCTION_FAILED;
        }

        CK_ATTRIBUTE_TYPE attrType = CKA_CLASS;
        do
        {
                if (!object->attributeExists(attrType))
                {
                        rv = CKR_FUNCTION_FAILED;
                        break;
                }

                OSAttribute attr = object->getAttribute(attrType);

                // Upgrade privacy has to encrypt byte strings
                if (!wasPrivate && isPrivate &&
                    attr.isByteStringAttribute() &&
                    attr.getByteStringValue().size() != 0)
                {
                        ByteString value;
                        if (!token->encrypt(attr.getByteStringValue(), value) ||
                            !newobject->setAttribute(attrType, value))
                        {
                                rv = CKR_FUNCTION_FAILED;
                                break;
                        }
                }
                else
                {
                        if (!newobject->setAttribute(attrType, attr))
                        {
                                rv = CKR_FUNCTION_FAILED;
                                break;
                        }
                }
                attrType = object->nextAttributeType(attrType);
        }
        while (attrType != CKA_CLASS);

        if (rv != CKR_OK)
        {
                newobject->abortTransaction();
        }
        else if (!newobject->commitTransaction())
        {
                rv = CKR_FUNCTION_FAILED;
        }

        if (rv != CKR_OK)
        {
                newobject->destroyObject();
                return rv;
        }

        // Get the new P11 object
        P11Object* newp11object = NULL;
        rv = newP11Object(newobject,&newp11object);
        if (rv != CKR_OK)
        {
                newobject->destroyObject();
                return rv;
        }

        // Apply the template
        rv = newp11object->saveTemplate(token, isPrivate != CK_FALSE, pTemplate, ulCount, OBJECT_OP_COPY);
        delete newp11object;

        if (rv != CKR_OK)
        {
                newobject->destroyObject();
                return rv;
        }

        // Set handle
        if (isOnToken)
        {
                *phNewObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, newobject);
        }
        else
        {
                *phNewObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, newobject);
        }

        return CKR_OK;
}

// Destroy the specified object
CK_RV SoftHSM::C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL_PTR) return CKR_GENERAL_ERROR;

        // Check the object handle.
        OSObject *object = (OSObject *)handleManager->getObject(hObject);
        if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials
        CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Check if the object is destroyable
        CK_BBOOL isDestroyable = object->getBooleanValue(CKA_DESTROYABLE, true);
        if (!isDestroyable) return CKR_ACTION_PROHIBITED;

        // Tell the handleManager to forget about the object.
        handleManager->destroyObject(hObject);

        // Destroy the object
        if (!object->destroyObject())
                return CKR_FUNCTION_FAILED;

        return CKR_OK;
}

// Determine the size of the specified object
CK_RV SoftHSM::C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pulSize == NULL) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL_PTR) return CKR_GENERAL_ERROR;

        // Check the object handle.
        OSObject *object = (OSObject *)handleManager->getObject(hObject);
        if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        *pulSize = CK_UNAVAILABLE_INFORMATION;

        return CKR_OK;
}

// Retrieve the specified attributes for the given object
CK_RV SoftHSM::C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pTemplate == NULL) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the object handle.
        OSObject *object = (OSObject *)handleManager->getObject(hObject);
        if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                // CKR_USER_NOT_LOGGED_IN is not a valid return code for this function,
                // so we use CKR_GENERAL_ERROR.
                return CKR_GENERAL_ERROR;
        }

        // Wrap a P11Object around the OSObject so we can access the attributes in the
        // context of the object in which it is defined.
        P11Object* p11object = NULL;
        rv = newP11Object(object,&p11object);
        if (rv != CKR_OK)
                return rv;

        // Ask the P11Object to fill the template with attribute values.
        rv = p11object->loadTemplate(token, pTemplate,ulCount);
        delete p11object;
        return rv;
}

// Change or set the value of the specified attributes on the specified object
CK_RV SoftHSM::C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pTemplate == NULL) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the object handle.
        OSObject *object = (OSObject *)handleManager->getObject(hObject);
        if (object == NULL_PTR || !object->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = object->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = object->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials
        CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Check if the object is modifiable
        CK_BBOOL isModifiable = object->getBooleanValue(CKA_MODIFIABLE, true);
        if (!isModifiable) return CKR_ACTION_PROHIBITED;

        // Wrap a P11Object around the OSObject so we can access the attributes in the
        // context of the object in which it is defined.
        P11Object* p11object = NULL;
        rv = newP11Object(object,&p11object);
        if (rv != CKR_OK)
                return rv;

        // Ask the P11Object to save the template with attribute values.
        rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, pTemplate,ulCount,OBJECT_OP_SET);
        delete p11object;
        return rv;
}

// Initialise object search in the specified session using the specified attribute template as search parameters
CK_RV SoftHSM::C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the slot
        Slot* slot = session->getSlot();
        if (slot == NULL_PTR) return CKR_GENERAL_ERROR;

        // Determine whether we have a public session or not.
        bool isPublicSession;
        switch (session->getState()) {
                case CKS_RO_USER_FUNCTIONS:
                case CKS_RW_USER_FUNCTIONS:
                        isPublicSession = false;
                        break;
                default:
                        isPublicSession = true;
        }

        // Get the token
        Token* token = session->getToken();
        if (token == NULL_PTR) return CKR_GENERAL_ERROR;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        session->setOpType(SESSION_OP_FIND);
        FindOperation *findOp = FindOperation::create();

        // Check if we are out of memory
        if (findOp == NULL_PTR) return CKR_HOST_MEMORY;

        std::set<OSObject*> allObjects;
        token->getObjects(allObjects);
        sessionObjectStore->getObjects(slot->getSlotID(),allObjects);

        std::set<CK_OBJECT_HANDLE> handles;
        std::set<OSObject*>::iterator it;
        for (it=allObjects.begin(); it != allObjects.end(); ++it)
        {
                // Refresh object and check if it is valid
                if (!(*it)->isValid()) {
                        DEBUG_MSG("Object is not valid, skipping");
                        continue;
                }

                // Determine if the object has CKA_PRIVATE set to CK_TRUE
                bool isPrivateObject = (*it)->getBooleanValue(CKA_PRIVATE, true);

                // If the object is private, and we are in a public session then skip it !
                if (isPublicSession && isPrivateObject)
                        continue; // skip object

                // Perform the actual attribute matching.
                bool bAttrMatch = true; // We let an empty template match everything.
                for (CK_ULONG i=0; i<ulCount; ++i)
                {
                        bAttrMatch = false;

                        if (!(*it)->attributeExists(pTemplate[i].type))
                                break;

                        OSAttribute attr = (*it)->getAttribute(pTemplate[i].type);

                        if (attr.isBooleanAttribute())
                        {
                                if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen)
                                        break;
                                bool bTemplateValue = (*(CK_BBOOL*)pTemplate[i].pValue == CK_TRUE);
                                if (attr.getBooleanValue() != bTemplateValue)
                                        break;
                        }
                        else
                        {
                                if (attr.isUnsignedLongAttribute())
                                {
                                        if (sizeof(CK_ULONG) != pTemplate[i].ulValueLen)
                                                break;
                                        CK_ULONG ulTemplateValue = *(CK_ULONG_PTR)pTemplate[i].pValue;
                                        if (attr.getUnsignedLongValue() != ulTemplateValue)
                                                break;
                                }
                                else
                                {
                                        if (attr.isByteStringAttribute())
                                        {
                                                ByteString bsAttrValue;
                                                if (isPrivateObject && attr.getByteStringValue().size() != 0)
                                                {
                                                        if (!token->decrypt(attr.getByteStringValue(), bsAttrValue))
                                                        {
                                                                delete findOp;
                                                                return CKR_GENERAL_ERROR;
                                                        }
                                                }
                                                else
                                                        bsAttrValue = attr.getByteStringValue();

                                                if (bsAttrValue.size() != pTemplate[i].ulValueLen)
                                                        break;
                                                if (pTemplate[i].ulValueLen != 0)
                                                {
                                                        ByteString bsTemplateValue((const unsigned char*)pTemplate[i].pValue, pTemplate[i].ulValueLen);
                                                        if (bsAttrValue != bsTemplateValue)
                                                                break;
                                                }
                                        }
                                        else
                                                break;
                                }
                        }
                        // The attribute matched !
                        bAttrMatch = true;
                }

                if (bAttrMatch)
                {
                        CK_SLOT_ID slotID = slot->getSlotID();
                        bool isOnToken = (*it)->getBooleanValue(CKA_TOKEN, false);
                        bool isPrivate = (*it)->getBooleanValue(CKA_PRIVATE, true);
                        // Create an object handle for every returned object.
                        CK_OBJECT_HANDLE hObject;
                        if (isOnToken)
                                hObject = handleManager->addTokenObject(slotID,isPrivate,*it);
                        else
                                hObject = handleManager->addSessionObject(slotID,hSession,isPrivate,*it);
                        if (hObject == CK_INVALID_HANDLE)
                        {
                                delete findOp;
                                return CKR_GENERAL_ERROR;
                        }
                        handles.insert(hObject);
                }
        }

        // Storing the object handles for the find will protect the library
        // whenever a stale object handle is used to access the library.
        findOp->setHandles(handles);

        session->setFindOp(findOp);

        return CKR_OK;
}

// Continue the search for objects in the specified session
CK_RV SoftHSM::C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
        if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulObjectCount == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_FIND) return CKR_OPERATION_NOT_INITIALIZED;

        // return the object handles that have been added to the find operation.
        FindOperation *findOp = session->getFindOp();
        if (findOp == NULL) return CKR_GENERAL_ERROR;

        // Ask the find operation to retrieve the object handles
        *pulObjectCount = findOp->retrieveHandles(phObject,ulMaxObjectCount);

        // Erase the object handles from the find operation.
        findOp->eraseHandles(0,*pulObjectCount);

        return CKR_OK;
}

// Finish searching for objects
CK_RV SoftHSM::C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_FIND) return CKR_OPERATION_NOT_INITIALIZED;

        session->resetOp();
        return CKR_OK;
}

// Encrypt*/Decrypt*() is for Symmetrical ciphers too
static bool isSymMechanism(CK_MECHANISM_PTR pMechanism)
{
        if (pMechanism == NULL_PTR) return false;

        switch(pMechanism->mechanism) {
                case CKM_DES_ECB:
                case CKM_DES_CBC:
                case CKM_DES_CBC_PAD:
                case CKM_DES3_ECB:
                case CKM_DES3_CBC:
                case CKM_DES3_CBC_PAD:
                case CKM_AES_ECB:
                case CKM_AES_CBC:
                case CKM_AES_CBC_PAD:
                case CKM_AES_CTR:
                case CKM_AES_GCM:
                        return true;
                default:
                        return false;
        }
}

// SymAlgorithm version of C_EncryptInit
CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for encryption
        if (!key->getBooleanValue(CKA_ENCRYPT, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get the symmetric algorithm matching the mechanism
        SymAlgo::Type algo = SymAlgo::Unknown;
        SymMode::Type mode = SymMode::Unknown;
        bool padding = false;
        ByteString iv;
        size_t bb = 8;
        size_t counterBits = 0;
        ByteString aad;
        size_t tagBytes = 0;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_DES_ECB:
                        algo = SymAlgo::DES;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES_CBC:
                        algo = SymAlgo::DES;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_DES_CBC_PAD:
                        algo = SymAlgo::DES;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
#endif
                case CKM_DES3_ECB:
                        algo = SymAlgo::DES3;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES3_CBC:
                        algo = SymAlgo::DES3;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_DES3_CBC_PAD:
                        algo = SymAlgo::DES3;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_AES_ECB:
                        algo = SymAlgo::AES;
                        mode = SymMode::ECB;
                        break;
                case CKM_AES_CBC:
                        algo = SymAlgo::AES;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        break;
                case CKM_AES_CBC_PAD:
                        algo = SymAlgo::AES;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        break;
                case CKM_AES_CTR:
                        algo = SymAlgo::AES;
                        mode = SymMode::CTR;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_AES_CTR_PARAMS))
                        {
                                DEBUG_MSG("CTR mode requires a counter block");
                                return CKR_ARGUMENTS_BAD;
                        }
                        counterBits = CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->ulCounterBits;
                        if (counterBits == 0 || counterBits > 128)
                        {
                                DEBUG_MSG("Invalid ulCounterBits");
                                return CKR_MECHANISM_PARAM_INVALID;
                        }
                        iv.resize(16);
                        memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16);
                        break;
#ifdef WITH_AES_GCM
                case CKM_AES_GCM:
                        algo = SymAlgo::AES;
                        mode = SymMode::GCM;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
                        {
                                DEBUG_MSG("GCM mode requires parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
                        memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
                        aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
                        memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
                        tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
                        if (tagBytes > 128 || tagBytes % 8 != 0)
                        {
                                DEBUG_MSG("Invalid ulTagBits value");
                                return CKR_ARGUMENTS_BAD;
                        }
                        tagBytes = tagBytes / 8;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* secretkey = new SymmetricKey();

        if (getSymmetricKey(secretkey, token, key) != CKR_OK)
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // adjust key bit length
        secretkey->setBitLen(secretkey->getKeyBits().size() * bb);

        // Initialize encryption
        if (!cipher->encryptInit(secretkey, mode, iv, padding, counterBits, aad, tagBytes))
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_ENCRYPT);
        session->setSymmetricCryptoOp(cipher);
        session->setAllowMultiPartOp(true);
        session->setAllowSinglePartOp(true);
        session->setSymmetricKey(secretkey);

        return CKR_OK;
}

// AsymAlgorithm version of C_EncryptInit
CK_RV SoftHSM::AsymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for encryption
        if (!key->getBooleanValue(CKA_ENCRYPT, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Get the asymmetric algorithm matching the mechanism
        AsymMech::Type mechanism;
        bool isRSA = false;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        mechanism = AsymMech::RSA_PKCS;
                        isRSA = true;
                        break;
                case CKM_RSA_X_509:
                        mechanism = AsymMech::RSA;
                        isRSA = true;
                        break;
                case CKM_RSA_PKCS_OAEP:
                        rv = MechParamCheckRSAPKCSOAEP(pMechanism);
                        if (rv != CKR_OK)
                                return rv;

                        mechanism = AsymMech::RSA_PKCS_OAEP;
                        isRSA = true;
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }

        AsymmetricAlgorithm* asymCrypto = NULL;
        PublicKey* publicKey = NULL;
        if (isRSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                publicKey = asymCrypto->newPublicKey();
                if (publicKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getRSAPublicKey((RSAPublicKey*)publicKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePublicKey(publicKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
        else
        {
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_ENCRYPT);
        session->setAsymmetricCryptoOp(asymCrypto);
        session->setMechanism(mechanism);
        session->setAllowMultiPartOp(false);
        session->setAllowSinglePartOp(true);
        session->setPublicKey(publicKey);

        return CKR_OK;
}

// Initialise encryption using the specified object and mechanism
CK_RV SoftHSM::C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (isSymMechanism(pMechanism))
                return SymEncryptInit(hSession, pMechanism, hKey);
        else
                return AsymEncryptInit(hSession, pMechanism, hKey);
}

// SymAlgorithm version of C_Encrypt
static CK_RV SymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowSinglePartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check data size
        CK_ULONG maxSize = ulDataLen + cipher->getTagBytes();
        if (cipher->isBlockCipher())
        {
                CK_ULONG remainder = ulDataLen % cipher->getBlockSize();
                if (cipher->getPaddingMode() == false && remainder != 0)
                {
                        session->resetOp();
                        return CKR_DATA_LEN_RANGE;
                }

                // Round up to block size
                if (remainder != 0)
                {
                        maxSize = ulDataLen + cipher->getBlockSize() - remainder;
                }
                else if (cipher->getPaddingMode() == true)
                {
                        maxSize = ulDataLen + cipher->getBlockSize();
                }
        }
        if (!cipher->checkMaximumBytes(ulDataLen))
        {
                session->resetOp();
                return CKR_DATA_LEN_RANGE;
        }

        if (pEncryptedData == NULL_PTR)
        {
                *pulEncryptedDataLen = maxSize;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulEncryptedDataLen < maxSize)
        {
                *pulEncryptedDataLen = maxSize;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data(pData, ulDataLen);
        ByteString encryptedData;

        // Encrypt the data
        if (!cipher->encryptUpdate(data, encryptedData))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Finalize encryption
        ByteString encryptedFinal;
        if (!cipher->encryptFinal(encryptedFinal))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        encryptedData += encryptedFinal;
        encryptedData.resize(maxSize);

        memcpy(pEncryptedData, encryptedData.byte_str(), encryptedData.size());
        *pulEncryptedDataLen = encryptedData.size();

        session->resetOp();
        return CKR_OK;
}

// AsymAlgorithm version of C_Encrypt
static CK_RV AsymEncrypt(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        AsymMech::Type mechanism = session->getMechanism();
        PublicKey* publicKey = session->getPublicKey();
        if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the encrypted data
        CK_ULONG size = publicKey->getOutputLength();

        if (pEncryptedData == NULL_PTR)
        {
                *pulEncryptedDataLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulEncryptedDataLen < size)
        {
                *pulEncryptedDataLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data;
        ByteString encryptedData;

        // We must allow input length <= k and therfore need to prepend the data with zeroes.
        if (mechanism == AsymMech::RSA) {
                data.wipe(size-ulDataLen);
        }

        data += ByteString(pData, ulDataLen);

        // Encrypt the data
        if (!asymCrypto->encrypt(publicKey,data,encryptedData,mechanism))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (encryptedData.size() != size)
        {
                ERROR_MSG("The size of the encrypted data differs from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pEncryptedData, encryptedData.byte_str(), size);
        *pulEncryptedDataLen = size;

        session->resetOp();
        return CKR_OK;
}

// Perform a single operation encryption operation in the specified session
CK_RV SoftHSM::C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulEncryptedDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_ENCRYPT)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymEncrypt(session, pData, ulDataLen,
                                  pEncryptedData, pulEncryptedDataLen);
        else
                return AsymEncrypt(session, pData, ulDataLen,
                                   pEncryptedData, pulEncryptedDataLen);
}

// SymAlgorithm version of C_EncryptUpdate
static CK_RV SymEncryptUpdate(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check data size
        size_t blockSize = cipher->getBlockSize();
        size_t remainingSize = cipher->getBufferSize();
        CK_ULONG maxSize = ulDataLen + remainingSize;
        if (cipher->isBlockCipher())
        {
                int nrOfBlocks = (ulDataLen + remainingSize) / blockSize;
                maxSize = nrOfBlocks * blockSize;
        }
        if (!cipher->checkMaximumBytes(ulDataLen))
        {
                session->resetOp();
                return CKR_DATA_LEN_RANGE;
        }

        // Check data size
        if (pEncryptedData == NULL_PTR)
        {
                *pulEncryptedDataLen = maxSize;
                return CKR_OK;
        }

        // Check output buffer size
        if (*pulEncryptedDataLen < maxSize)
        {
                DEBUG_MSG("ulDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x",
                          ulDataLen, *pulEncryptedDataLen, blockSize, remainingSize, maxSize);
                *pulEncryptedDataLen = maxSize;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data(pData, ulDataLen);
        ByteString encryptedData;

        // Encrypt the data
        if (!cipher->encryptUpdate(data, encryptedData))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        DEBUG_MSG("ulDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x  encryptedData.size(): %#5x",
                  ulDataLen, *pulEncryptedDataLen, blockSize, remainingSize, maxSize, encryptedData.size());

        // Check output size from crypto. Unrecoverable error if to large.
        if (*pulEncryptedDataLen < encryptedData.size())
        {
                session->resetOp();
                ERROR_MSG("EncryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
                          *pulEncryptedDataLen, encryptedData.size());
                return CKR_GENERAL_ERROR;
        }

        if (encryptedData.size() > 0)
        {
                memcpy(pEncryptedData, encryptedData.byte_str(), encryptedData.size());
        }
        *pulEncryptedDataLen = encryptedData.size();

        return CKR_OK;
}

// Feed data to the running encryption operation in a session
CK_RV SoftHSM::C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulEncryptedDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_ENCRYPT)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymEncryptUpdate(session, pData, ulDataLen,
                                  pEncryptedData, pulEncryptedDataLen);
        else
                return CKR_FUNCTION_NOT_SUPPORTED;
}

// SymAlgorithm version of C_EncryptFinal
static CK_RV SymEncryptFinal(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check data size
        size_t remainingSize = cipher->getBufferSize() + cipher->getTagBytes();
        CK_ULONG size = remainingSize;
        if (cipher->isBlockCipher())
        {
                size_t blockSize = cipher->getBlockSize();
                bool isPadding = cipher->getPaddingMode();
                if ((remainingSize % blockSize) != 0 && !isPadding)
                {
                        session->resetOp();
                        DEBUG_MSG("Remaining buffer size is not an integral of the block size. Block size: %#2x  Remaining size: %#2x",
                                  blockSize, remainingSize);
                        return CKR_DATA_LEN_RANGE;
                }
                // when padding: an integral of the block size that is longer than the remaining data.
                size = isPadding ? ((remainingSize + blockSize) / blockSize) * blockSize : remainingSize;
        }

        // Give required output buffer size.
        if (pEncryptedData == NULL_PTR)
        {
                *pulEncryptedDataLen = size;
                return CKR_OK;
        }

        // Check output buffer size
        if (*pulEncryptedDataLen < size)
        {
                DEBUG_MSG("output buffer size: %#5x  size: %#5x",
                          *pulEncryptedDataLen, size);
                *pulEncryptedDataLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Finalize encryption
        ByteString encryptedFinal;
        if (!cipher->encryptFinal(encryptedFinal))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        DEBUG_MSG("output buffer size: %#2x  size: %#2x  encryptedFinal.size(): %#2x",
                  *pulEncryptedDataLen, size, encryptedFinal.size());

        // Check output size from crypto. Unrecoverable error if to large.
        if (*pulEncryptedDataLen < encryptedFinal.size())
        {
                session->resetOp();
                ERROR_MSG("EncryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
                          *pulEncryptedDataLen, encryptedFinal.size());
                return CKR_GENERAL_ERROR;
        }

        if (encryptedFinal.size() > 0)
        {
                memcpy(pEncryptedData, encryptedFinal.byte_str(), encryptedFinal.size());
        }
        *pulEncryptedDataLen = encryptedFinal.size();

        session->resetOp();
        return CKR_OK;
}

// Finalise the encryption operation
CK_RV SoftHSM::C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_ENCRYPT) return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymEncryptFinal(session, pEncryptedData, pulEncryptedDataLen);
        else
                return CKR_FUNCTION_NOT_SUPPORTED;
}

// SymAlgorithm version of C_DecryptInit
CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for decryption
        if (!key->getBooleanValue(CKA_DECRYPT, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;


        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get the symmetric algorithm matching the mechanism
        SymAlgo::Type algo = SymAlgo::Unknown;
        SymMode::Type mode = SymMode::Unknown;
        bool padding = false;
        ByteString iv;
        size_t bb = 8;
        size_t counterBits = 0;
        ByteString aad;
        size_t tagBytes = 0;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_DES_ECB:
                        algo = SymAlgo::DES;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES_CBC:
                        algo = SymAlgo::DES;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_DES_CBC_PAD:
                        algo = SymAlgo::DES;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
#endif
                case CKM_DES3_ECB:
                        algo = SymAlgo::DES3;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES3_CBC:
                        algo = SymAlgo::DES3;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_DES3_CBC_PAD:
                        algo = SymAlgo::DES3;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        bb = 7;
                        break;
                case CKM_AES_ECB:
                        algo = SymAlgo::AES;
                        mode = SymMode::ECB;
                        break;
                case CKM_AES_CBC:
                        algo = SymAlgo::AES;
                        mode = SymMode::CBC;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        break;
                case CKM_AES_CBC_PAD:
                        algo = SymAlgo::AES;
                        mode = SymMode::CBC;
                        padding = true;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen == 0)
                        {
                                DEBUG_MSG("CBC mode requires an init vector");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(pMechanism->ulParameterLen);
                        memcpy(&iv[0], pMechanism->pParameter, pMechanism->ulParameterLen);
                        break;
                case CKM_AES_CTR:
                        algo = SymAlgo::AES;
                        mode = SymMode::CTR;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_AES_CTR_PARAMS))
                        {
                                DEBUG_MSG("CTR mode requires a counter block");
                                return CKR_ARGUMENTS_BAD;
                        }
                        counterBits = CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->ulCounterBits;
                        if (counterBits == 0 || counterBits > 128)
                        {
                                DEBUG_MSG("Invalid ulCounterBits");
                                return CKR_MECHANISM_PARAM_INVALID;
                        }
                        iv.resize(16);
                        memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16);
                        break;
#ifdef WITH_AES_GCM
                case CKM_AES_GCM:
                        algo = SymAlgo::AES;
                        mode = SymMode::GCM;
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
                        {
                                DEBUG_MSG("GCM mode requires parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
                        memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
                        aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
                        memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
                        tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
                        if (tagBytes > 128 || tagBytes % 8 != 0)
                        {
                                DEBUG_MSG("Invalid ulTagBits value");
                                return CKR_ARGUMENTS_BAD;
                        }
                        tagBytes = tagBytes / 8;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* secretkey = new SymmetricKey();

        if (getSymmetricKey(secretkey, token, key) != CKR_OK)
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // adjust key bit length
        secretkey->setBitLen(secretkey->getKeyBits().size() * bb);

        // Initialize decryption
        if (!cipher->decryptInit(secretkey, mode, iv, padding, counterBits, aad, tagBytes))
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_DECRYPT);
        session->setSymmetricCryptoOp(cipher);
        session->setAllowMultiPartOp(true);
        session->setAllowSinglePartOp(true);
        session->setSymmetricKey(secretkey);

        return CKR_OK;
}

// AsymAlgorithm version of C_DecryptInit
CK_RV SoftHSM::AsymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for decryption
        if (!key->getBooleanValue(CKA_DECRYPT, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get the asymmetric algorithm matching the mechanism
        AsymMech::Type mechanism = AsymMech::Unknown;
        bool isRSA = false;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        mechanism = AsymMech::RSA_PKCS;
                        isRSA = true;
                        break;
                case CKM_RSA_X_509:
                        mechanism = AsymMech::RSA;
                        isRSA = true;
                        break;
                case CKM_RSA_PKCS_OAEP:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS))
                        {
                                DEBUG_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
                                return CKR_ARGUMENTS_BAD;
                        }
                        if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1)
                        {
                                DEBUG_MSG("hashAlg must be CKM_SHA_1");
                                return CKR_ARGUMENTS_BAD;
                        }
                        if (CK_RSA_PKCS_OAEP_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
                        {
                                DEBUG_MSG("mgf must be CKG_MGF1_SHA1");
                                return CKR_ARGUMENTS_BAD;
                        }

                        mechanism = AsymMech::RSA_PKCS_OAEP;
                        isRSA = true;
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }

        AsymmetricAlgorithm* asymCrypto = NULL;
        PrivateKey* privateKey = NULL;
        if (isRSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
        else
        {
                return CKR_MECHANISM_INVALID;
        }

        // Check if re-authentication is required
        if (key->getBooleanValue(CKA_ALWAYS_AUTHENTICATE, false))
        {
                session->setReAuthentication(true);
        }

        session->setOpType(SESSION_OP_DECRYPT);
        session->setAsymmetricCryptoOp(asymCrypto);
        session->setMechanism(mechanism);
        session->setAllowMultiPartOp(false);
        session->setAllowSinglePartOp(true);
        session->setPrivateKey(privateKey);

        return CKR_OK;
}

// Initialise decryption using the specified object
CK_RV SoftHSM::C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (isSymMechanism(pMechanism))
                return SymDecryptInit(hSession, pMechanism, hKey);
        else
                return AsymDecryptInit(hSession, pMechanism, hKey);
}

// SymAlgorithm version of C_Decrypt
static CK_RV SymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowSinglePartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check encrypted data size
        if (cipher->isBlockCipher() && ulEncryptedDataLen % cipher->getBlockSize() != 0)
        {
                session->resetOp();
                return CKR_ENCRYPTED_DATA_LEN_RANGE;
        }
        if (!cipher->checkMaximumBytes(ulEncryptedDataLen))
        {
                session->resetOp();
                return CKR_ENCRYPTED_DATA_LEN_RANGE;
        }

        if (pData == NULL_PTR)
        {
                *pulDataLen = ulEncryptedDataLen;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulDataLen < ulEncryptedDataLen)
        {
                *pulDataLen = ulEncryptedDataLen;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString encryptedData(pEncryptedData, ulEncryptedDataLen);
        ByteString data;

        // Decrypt the data
        if (!cipher->decryptUpdate(encryptedData,data))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Finalize decryption
        ByteString dataFinal;
        if (!cipher->decryptFinal(dataFinal))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        data += dataFinal;
        if (data.size() > ulEncryptedDataLen)
        {
                data.resize(ulEncryptedDataLen);
        }

        if (data.size() != 0)
        {
                memcpy(pData, data.byte_str(), data.size());
        }
        *pulDataLen = data.size();

        session->resetOp();
        return CKR_OK;

}

// AsymAlgorithm version of C_Decrypt
static CK_RV AsymDecrypt(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        AsymMech::Type mechanism = session->getMechanism();
        PrivateKey* privateKey = session->getPrivateKey();
        if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check if re-authentication is required
        if (session->getReAuthentication())
        {
                session->resetOp();
                return CKR_USER_NOT_LOGGED_IN;
        }

        // Size of the data
        CK_ULONG size = privateKey->getOutputLength();
        if (pData == NULL_PTR)
        {
                *pulDataLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulDataLen < size)
        {
                *pulDataLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString encryptedData(pEncryptedData, ulEncryptedDataLen);
        ByteString data;

        // Decrypt the data
        if (!asymCrypto->decrypt(privateKey,encryptedData,data,mechanism))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (data.size() > size)
        {
                ERROR_MSG("The size of the decrypted data exceeds the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        if (data.size() != 0)
        {
                memcpy(pData, data.byte_str(), data.size());
        }
        *pulDataLen = data.size();

        session->resetOp();
        return CKR_OK;

}

// Perform a single operation decryption in the given session
CK_RV SoftHSM::C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pEncryptedData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DECRYPT)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymDecrypt(session, pEncryptedData, ulEncryptedDataLen,
                                  pData, pulDataLen);
        else
                return AsymDecrypt(session, pEncryptedData, ulEncryptedDataLen,
                                   pData, pulDataLen);
}

// SymAlgorithm version of C_DecryptUpdate
static CK_RV SymDecryptUpdate(Session* session, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check encrypted data size
        size_t blockSize = cipher->getBlockSize();
        size_t remainingSize = cipher->getBufferSize();
        CK_ULONG maxSize = ulEncryptedDataLen + remainingSize;
        if (cipher->isBlockCipher())
        {
                // There must always be one block left in padding mode if next operation is DecryptFinal.
                // To guarantee that one byte is removed in padding mode when the number of blocks is calculated.
                size_t paddingAdjustByte = cipher->getPaddingMode() ? 1 : 0;
                int nrOfBlocks = (ulEncryptedDataLen + remainingSize - paddingAdjustByte) / blockSize;
                maxSize = nrOfBlocks * blockSize;
        }
        if (!cipher->checkMaximumBytes(ulEncryptedDataLen))
        {
                session->resetOp();
                return CKR_ENCRYPTED_DATA_LEN_RANGE;
        }

        // Give required output buffer size.
        if (pData == NULL_PTR)
        {
                *pDataLen = maxSize;
                return CKR_OK;
        }

        // Check output buffer size
        if (*pDataLen < maxSize)
        {
                DEBUG_MSG("Output buffer too short   ulEncryptedDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x",
                          ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize);
                *pDataLen = maxSize;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data(pEncryptedData, ulEncryptedDataLen);
        ByteString decryptedData;

        // Encrypt the data
        if (!cipher->decryptUpdate(data, decryptedData))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        DEBUG_MSG("ulEncryptedDataLen: %#5x  output buffer size: %#5x  blockSize: %#3x  remainingSize: %#4x  maxSize: %#5x  decryptedData.size(): %#5x",
                  ulEncryptedDataLen, *pDataLen, blockSize, remainingSize, maxSize, decryptedData.size());

        // Check output size from crypto. Unrecoverable error if to large.
        if (*pDataLen < decryptedData.size())
        {
                session->resetOp();
                ERROR_MSG("DecryptUpdate returning too much data. Length of output data buffer is %i but %i bytes was returned by the decrypt.",
                                *pDataLen, decryptedData.size());
                return CKR_GENERAL_ERROR;
        }

        if (decryptedData.size() > 0)
        {
                memcpy(pData, decryptedData.byte_str(), decryptedData.size());
        }
        *pDataLen = decryptedData.size();

        return CKR_OK;
}


// Feed data to the running decryption operation in a session
CK_RV SoftHSM::C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pEncryptedData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pDataLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DECRYPT)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymDecryptUpdate(session, pEncryptedData, ulEncryptedDataLen,
                                  pData, pDataLen);
        else
                return CKR_FUNCTION_NOT_SUPPORTED;
}

static CK_RV SymDecryptFinal(Session* session, CK_BYTE_PTR pDecryptedData, CK_ULONG_PTR pulDecryptedDataLen)
{
        SymmetricAlgorithm* cipher = session->getSymmetricCryptoOp();
        if (cipher == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check encrypted data size
        size_t remainingSize = cipher->getBufferSize();
        CK_ULONG size = remainingSize;
        if (cipher->isBlockCipher())
        {
                size_t blockSize = cipher->getBlockSize();
                if (remainingSize % blockSize != 0)
                {
                        session->resetOp();
                        DEBUG_MSG("Remaining data length is not an integral of the block size. Block size: %#2x  Remaining size: %#2x",
                                   blockSize, remainingSize);
                        return CKR_ENCRYPTED_DATA_LEN_RANGE;
                }
                // It is at least one padding byte. If no padding the all remains will be returned.
                size_t paddingAdjustByte = cipher->getPaddingMode() ? 1 : 0;
                size = remainingSize - paddingAdjustByte;
        }

        // Give required output buffer size.
        if (pDecryptedData == NULL_PTR)
        {
                *pulDecryptedDataLen = size;
                return CKR_OK;
        }

        // Check output buffer size
        if (*pulDecryptedDataLen < size)
        {
                DEBUG_MSG("output buffer size: %#5x  size: %#5x",
                          *pulDecryptedDataLen, size);
                *pulDecryptedDataLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Finalize decryption
        ByteString decryptedFinal;
        if (!cipher->decryptFinal(decryptedFinal))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        DEBUG_MSG("output buffer size: %#2x  size: %#2x  decryptedFinal.size(): %#2x",
                  *pulDecryptedDataLen, size, decryptedFinal.size());

        // Check output size from crypto. Unrecoverable error if to large.
        if (*pulDecryptedDataLen < decryptedFinal.size())
        {
                session->resetOp();
                ERROR_MSG("DecryptFinal returning too much data. Length of output data buffer is %i but %i bytes was returned by the encrypt.",
                          *pulDecryptedDataLen, decryptedFinal.size());
                return CKR_GENERAL_ERROR;
        }

        if (decryptedFinal.size() > 0)
        {
                memcpy(pDecryptedData, decryptedFinal.byte_str(), decryptedFinal.size());
        }
        *pulDecryptedDataLen = decryptedFinal.size();

        session->resetOp();
        return CKR_OK;
}

// Finalise the decryption operation
CK_RV SoftHSM::C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG_PTR pDataLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DECRYPT) return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getSymmetricCryptoOp() != NULL)
                return SymDecryptFinal(session, pData, pDataLen);
        else
                return CKR_FUNCTION_NOT_SUPPORTED;
}

// Initialise digesting using the specified mechanism in the specified session
CK_RV SoftHSM::C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the mechanism
        HashAlgo::Type algo = HashAlgo::Unknown;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_MD5:
                        algo = HashAlgo::MD5;
                        break;
#endif
                case CKM_SHA_1:
                        algo = HashAlgo::SHA1;
                        break;
                case CKM_SHA224:
                        algo = HashAlgo::SHA224;
                        break;
                case CKM_SHA256:
                        algo = HashAlgo::SHA256;
                        break;
                case CKM_SHA384:
                        algo = HashAlgo::SHA384;
                        break;
                case CKM_SHA512:
                        algo = HashAlgo::SHA512;
                        break;
#ifdef WITH_GOST
                case CKM_GOSTR3411:
                        algo = HashAlgo::GOST;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        HashAlgorithm* hash = CryptoFactory::i()->getHashAlgorithm(algo);
        if (hash == NULL) return CKR_MECHANISM_INVALID;

        // Initialize hashing
        if (hash->hashInit() == false)
        {
                CryptoFactory::i()->recycleHashAlgorithm(hash);
                return CKR_GENERAL_ERROR;
        }

        session->setOpType(SESSION_OP_DIGEST);
        session->setDigestOp(hash);
        session->setHashAlgo(algo);

        return CKR_OK;
}

// Digest the specified data in a one-pass operation and return the resulting digest
CK_RV SoftHSM::C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pulDigestLen == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;

        // Return size
        CK_ULONG size = session->getDigestOp()->getHashSize();
        if (pDigest == NULL_PTR)
        {
                *pulDigestLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulDigestLen < size)
        {
                *pulDigestLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data(pData, ulDataLen);

        // Digest the data
        if (session->getDigestOp()->hashUpdate(data) == false)
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Get the digest
        ByteString digest;
        if (session->getDigestOp()->hashFinal(digest) == false)
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (digest.size() != size)
        {
                ERROR_MSG("The size of the digest differ from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pDigest, digest.byte_str(), size);
        *pulDigestLen = size;

        session->resetOp();

        return CKR_OK;
}

// Update a running digest operation
CK_RV SoftHSM::C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;

        // Get the data
        ByteString data(pPart, ulPartLen);

        // Digest the data
        if (session->getDigestOp()->hashUpdate(data) == false)
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        return CKR_OK;
}

// Update a running digest operation by digesting a secret key with the specified handle
CK_RV SoftHSM::C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hObject);
        if (key == NULL_PTR || !key->isValid()) return CKR_KEY_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                // CKR_USER_NOT_LOGGED_IN is not a valid return code for this function,
                // so we use CKR_GENERAL_ERROR.
                return CKR_GENERAL_ERROR;
        }

        // Whitelist
        HashAlgo::Type algo = session->getHashAlgo();
        if (algo != HashAlgo::SHA1 &&
            algo != HashAlgo::SHA224 &&
            algo != HashAlgo::SHA256 &&
            algo != HashAlgo::SHA384 &&
            algo != HashAlgo::SHA512)
        {
                // Parano...
                if (!key->getBooleanValue(CKA_EXTRACTABLE, false))
                        return CKR_KEY_INDIGESTIBLE;
                if (key->getBooleanValue(CKA_SENSITIVE, false))
                        return CKR_KEY_INDIGESTIBLE;
        }

        // Get value
        if (!key->attributeExists(CKA_VALUE))
                return CKR_KEY_INDIGESTIBLE;
        ByteString keybits;
        if (isPrivate)
        {
                if (!token->decrypt(key->getByteStringValue(CKA_VALUE), keybits))
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                keybits = key->getByteStringValue(CKA_VALUE);
        }

        // Digest the value
        if (session->getDigestOp()->hashUpdate(keybits) == false)
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        return CKR_OK;
}

// Finalise the digest operation in the specified session and return the digest
CK_RV SoftHSM::C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pulDigestLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_DIGEST) return CKR_OPERATION_NOT_INITIALIZED;

        // Return size
        CK_ULONG size = session->getDigestOp()->getHashSize();
        if (pDigest == NULL_PTR)
        {
                *pulDigestLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulDigestLen < size)
        {
                *pulDigestLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the digest
        ByteString digest;
        if (session->getDigestOp()->hashFinal(digest) == false)
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (digest.size() != size)
        {
                ERROR_MSG("The size of the digest differ from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pDigest, digest.byte_str(), size);
        *pulDigestLen = size;

        session->resetOp();

        return CKR_OK;
}

// Sign*/Verify*() is for MACs too
static bool isMacMechanism(CK_MECHANISM_PTR pMechanism)
{
        if (pMechanism == NULL_PTR) return false;

        switch(pMechanism->mechanism) {
                case CKM_MD5_HMAC:
                case CKM_SHA_1_HMAC:
                case CKM_SHA224_HMAC:
                case CKM_SHA256_HMAC:
                case CKM_SHA384_HMAC:
                case CKM_SHA512_HMAC:
#ifdef WITH_GOST
                case CKM_GOSTR3411_HMAC:
#endif
                case CKM_DES3_CMAC:
                case CKM_AES_CMAC:
                        return true;
                default:
                        return false;
        }
}

// MacAlgorithm version of C_SignInit
CK_RV SoftHSM::MacSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for signing
        if (!key->getBooleanValue(CKA_SIGN, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get key info
        CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);

        // Get the MAC algorithm matching the mechanism
        // Also check mechanism constraints
        MacAlgo::Type algo = MacAlgo::Unknown;
        size_t bb = 8;
        size_t minSize = 0;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_MD5_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_MD5_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 16;
                        algo = MacAlgo::HMAC_MD5;
                        break;
#endif
                case CKM_SHA_1_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA_1_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 20;
                        algo = MacAlgo::HMAC_SHA1;
                        break;
                case CKM_SHA224_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA224_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 28;
                        algo = MacAlgo::HMAC_SHA224;
                        break;
                case CKM_SHA256_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA256_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 32;
                        algo = MacAlgo::HMAC_SHA256;
                        break;
                case CKM_SHA384_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA384_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 48;
                        algo = MacAlgo::HMAC_SHA384;
                        break;
                case CKM_SHA512_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA512_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 64;
                        algo = MacAlgo::HMAC_SHA512;
                        break;
#ifdef WITH_GOST
                case CKM_GOSTR3411_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_GOST28147)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 32;
                        algo = MacAlgo::HMAC_GOST;
                        break;
#endif
                case CKM_DES3_CMAC:
                        if (keyType != CKK_DES2 && keyType != CKK_DES3)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        algo = MacAlgo::CMAC_DES;
                        bb = 7;
                        break;
                case CKM_AES_CMAC:
                        if (keyType != CKK_AES)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        algo = MacAlgo::CMAC_AES;
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }
        MacAlgorithm* mac = CryptoFactory::i()->getMacAlgorithm(algo);
        if (mac == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* privkey = new SymmetricKey();

        if (getSymmetricKey(privkey, token, key) != CKR_OK)
        {
                mac->recycleKey(privkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_GENERAL_ERROR;
        }

        // Adjust key bit length
        privkey->setBitLen(privkey->getKeyBits().size() * bb);

        // Check key size
        if (privkey->getBitLen() < (minSize*8))
        {
                mac->recycleKey(privkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_KEY_SIZE_RANGE;
        }

        // Initialize signing
        if (!mac->signInit(privkey))
        {
                mac->recycleKey(privkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_SIGN);
        session->setMacOp(mac);
        session->setAllowMultiPartOp(true);
        session->setAllowSinglePartOp(true);
        session->setSymmetricKey(privkey);

        return CKR_OK;
}

// AsymmetricAlgorithm version of C_SignInit
CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for signing
        if (!key->getBooleanValue(CKA_SIGN, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get the asymmetric algorithm matching the mechanism
        AsymMech::Type mechanism = AsymMech::Unknown;
        void* param = NULL;
        size_t paramLen = 0;
        RSA_PKCS_PSS_PARAMS pssParam;
        bool bAllowMultiPartOp;
        bool isRSA = false;
        bool isDSA = false;
        bool isECDSA = false;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        mechanism = AsymMech::RSA_PKCS;
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
                case CKM_RSA_X_509:
                        mechanism = AsymMech::RSA;
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
#ifndef WITH_FIPS
                case CKM_MD5_RSA_PKCS:
                        mechanism = AsymMech::RSA_MD5_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
#endif
                case CKM_SHA1_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA1_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA224_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA224_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA256_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA256_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA384_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA384_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA512_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA512_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
#ifdef WITH_RAW_PSS
                case CKM_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))
                        {
                                ERROR_MSG("Invalid RSA-PSS parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_PKCS_PSS;
                        unsigned long allowedMgf;

                        switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
                                case CKM_SHA_1:
                                        pssParam.hashAlg = HashAlgo::SHA1;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
                                        allowedMgf = CKG_MGF1_SHA1;
                                        break;
                                case CKM_SHA224:
                                        pssParam.hashAlg = HashAlgo::SHA224;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
                                        allowedMgf = CKG_MGF1_SHA224;
                                        break;
                                case CKM_SHA256:
                                        pssParam.hashAlg = HashAlgo::SHA256;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
                                        allowedMgf = CKG_MGF1_SHA256;
                                        break;
                                case CKM_SHA384:
                                        pssParam.hashAlg = HashAlgo::SHA384;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
                                        allowedMgf = CKG_MGF1_SHA384;
                                        break;
                                case CKM_SHA512:
                                        pssParam.hashAlg = HashAlgo::SHA512;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
                                        allowedMgf = CKG_MGF1_SHA512;
                                        break;
                                default:
                                        ERROR_MSG("Invalid RSA-PSS hash");
                                        return CKR_ARGUMENTS_BAD;
                        }

                        if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != allowedMgf) {
                                ERROR_MSG("Hash and MGF don't match");
                                return CKR_ARGUMENTS_BAD;
                        }

                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
#endif
                case CKM_SHA1_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA1_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA1;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA224_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA224 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA224)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA224_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA224;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA256_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA256 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA256)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA256_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA256;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA384_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA384 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA384)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA384_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA384;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA512_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA512 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA512)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA512_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA512;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_DSA:
                        mechanism = AsymMech::DSA;
                        bAllowMultiPartOp = false;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA1:
                        mechanism = AsymMech::DSA_SHA1;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA224:
                        mechanism = AsymMech::DSA_SHA224;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA256:
                        mechanism = AsymMech::DSA_SHA256;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA384:
                        mechanism = AsymMech::DSA_SHA384;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA512:
                        mechanism = AsymMech::DSA_SHA512;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
#ifdef WITH_ECC
                case CKM_ECDSA:
                        mechanism = AsymMech::ECDSA;
                        bAllowMultiPartOp = false;
                        isECDSA = true;
                        break;
#endif
#ifdef WITH_GOST
                case CKM_GOSTR3410:
                        mechanism = AsymMech::GOST;
                        bAllowMultiPartOp = false;
                        break;
                case CKM_GOSTR3410_WITH_GOSTR3411:
                        mechanism = AsymMech::GOST_GOST;
                        bAllowMultiPartOp = true;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }

        AsymmetricAlgorithm* asymCrypto = NULL;
        PrivateKey* privateKey = NULL;
        if (isRSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
        else if (isDSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getDSAPrivateKey((DSAPrivateKey*)privateKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
#ifdef WITH_ECC
        else if (isECDSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getECPrivateKey((ECPrivateKey*)privateKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
#endif
        else
        {
#ifdef WITH_GOST
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getGOSTPrivateKey((GOSTPrivateKey*)privateKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
#else
                return CKR_MECHANISM_INVALID;
#endif
        }

        // Initialize signing
        if (bAllowMultiPartOp && !asymCrypto->signInit(privateKey,mechanism,param,paramLen))
        {
                asymCrypto->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                return CKR_MECHANISM_INVALID;
        }

        // Check if re-authentication is required
        if (key->getBooleanValue(CKA_ALWAYS_AUTHENTICATE, false))
        {
                session->setReAuthentication(true);
        }

        session->setOpType(SESSION_OP_SIGN);
        session->setAsymmetricCryptoOp(asymCrypto);
        session->setMechanism(mechanism);
        session->setParameters(param, paramLen);
        session->setAllowMultiPartOp(bAllowMultiPartOp);
        session->setAllowSinglePartOp(true);
        session->setPrivateKey(privateKey);

        return CKR_OK;
}

// Initialise a signing operation using the specified key and mechanism
CK_RV SoftHSM::C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (isMacMechanism(pMechanism))
                return MacSignInit(hSession, pMechanism, hKey);
        else
                return AsymSignInit(hSession, pMechanism, hKey);
}

// MacAlgorithm version of C_Sign
static CK_RV MacSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL || !session->getAllowSinglePartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = mac->getMacSize();
        if (pSignature == NULL_PTR)
        {
                *pulSignatureLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulSignatureLen < size)
        {
                *pulSignatureLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data(pData, ulDataLen);

        // Sign the data
        if (!mac->signUpdate(data))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Get the signature
        ByteString signature;
        if (!mac->signFinal(signature))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (signature.size() != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pSignature, signature.byte_str(), size);
        *pulSignatureLen = size;

        session->resetOp();
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_Sign
static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        AsymMech::Type mechanism = session->getMechanism();
        PrivateKey* privateKey = session->getPrivateKey();
        size_t paramLen;
        void* param = session->getParameters(paramLen);
        if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check if re-authentication is required
        if (session->getReAuthentication())
        {
                session->resetOp();
                return CKR_USER_NOT_LOGGED_IN;
        }

        // Size of the signature
        CK_ULONG size = privateKey->getOutputLength();
        if (pSignature == NULL_PTR)
        {
                *pulSignatureLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulSignatureLen < size)
        {
                *pulSignatureLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the data
        ByteString data;

        // We must allow input length <= k and therfore need to prepend the data with zeroes.
        if (mechanism == AsymMech::RSA) {
                data.wipe(size-ulDataLen);
        }

        data += ByteString(pData, ulDataLen);
        ByteString signature;

        // Sign the data
        if (session->getAllowMultiPartOp())
        {
                if (!asymCrypto->signUpdate(data) ||
                    !asymCrypto->signFinal(signature))
                {
                        session->resetOp();
                        return CKR_GENERAL_ERROR;
                }
        }
        else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (signature.size() != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pSignature, signature.byte_str(), size);
        *pulSignatureLen = size;

        session->resetOp();
        return CKR_OK;
}

// Sign the data in a single pass operation
CK_RV SoftHSM::C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulSignatureLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_SIGN)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacSign(session, pData, ulDataLen,
                               pSignature, pulSignatureLen);
        else
                return AsymSign(session, pData, ulDataLen,
                                pSignature, pulSignatureLen);
}

// MacAlgorithm version of C_SignUpdate
static CK_RV MacSignUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Get the part
        ByteString part(pPart, ulPartLen);

        // Sign the data
        if (!mac->signUpdate(part))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        session->setAllowSinglePartOp(false);
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_SignUpdate
static CK_RV AsymSignUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        if (asymCrypto == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check if re-authentication is required
        if (session->getReAuthentication())
        {
                session->resetOp();
                return CKR_USER_NOT_LOGGED_IN;
        }

        // Get the part
        ByteString part(pPart, ulPartLen);

        // Sign the data
        if (!asymCrypto->signUpdate(part))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        session->setAllowSinglePartOp(false);
        return CKR_OK;
}

// Update a running signing operation with additional data
CK_RV SoftHSM::C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_SIGN)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacSignUpdate(session, pPart, ulPartLen);
        else
                return AsymSignUpdate(session, pPart, ulPartLen);
}

// MacAlgorithm version of C_SignFinal
static CK_RV MacSignFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = mac->getMacSize();
        if (pSignature == NULL_PTR)
        {
                *pulSignatureLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulSignatureLen < size)
        {
                *pulSignatureLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the signature
        ByteString signature;
        if (!mac->signFinal(signature))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (signature.size() != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pSignature, signature.byte_str(), size);
        *pulSignatureLen = size;

        session->resetOp();
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_SignFinal
static CK_RV AsymSignFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        PrivateKey* privateKey = session->getPrivateKey();
        if (asymCrypto == NULL || privateKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Check if re-authentication is required
        if (session->getReAuthentication())
        {
                session->resetOp();
                return CKR_USER_NOT_LOGGED_IN;
        }

        // Size of the signature
        CK_ULONG size = privateKey->getOutputLength();
        if (pSignature == NULL_PTR)
        {
                *pulSignatureLen = size;
                return CKR_OK;
        }

        // Check buffer size
        if (*pulSignatureLen < size)
        {
                *pulSignatureLen = size;
                return CKR_BUFFER_TOO_SMALL;
        }

        // Get the signature
        ByteString signature;
        if (!asymCrypto->signFinal(signature))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Check size
        if (signature.size() != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }
        memcpy(pSignature, signature.byte_str(), size);
        *pulSignatureLen = size;

        session->resetOp();
        return CKR_OK;
}

// Finalise a running signing operation and return the signature
CK_RV SoftHSM::C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pulSignatureLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_SIGN || !session->getAllowMultiPartOp())
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacSignFinal(session, pSignature, pulSignatureLen);
        else
                return AsymSignFinal(session, pSignature, pulSignatureLen);
}

// Initialise a signing operation that allows recovery of the signed data
CK_RV SoftHSM::C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR /*pMechanism*/, CK_OBJECT_HANDLE /*hKey*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Perform a single part signing operation that allows recovery of the signed data
CK_RV SoftHSM::C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pData*/, CK_ULONG /*ulDataLen*/, CK_BYTE_PTR /*pSignature*/, CK_ULONG_PTR /*pulSignatureLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// MacAlgorithm version of C_VerifyInit
CK_RV SoftHSM::MacVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for verifying
        if (!key->getBooleanValue(CKA_VERIFY, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get key info
        CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);

        // Get the MAC algorithm matching the mechanism
        // Also check mechanism constraints
        MacAlgo::Type algo = MacAlgo::Unknown;
        size_t bb = 8;
        size_t minSize = 0;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_MD5_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_MD5_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 16;
                        algo = MacAlgo::HMAC_MD5;
                        break;
#endif
                case CKM_SHA_1_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA_1_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 20;
                        algo = MacAlgo::HMAC_SHA1;
                        break;
                case CKM_SHA224_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA224_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 28;
                        algo = MacAlgo::HMAC_SHA224;
                        break;
                case CKM_SHA256_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA256_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 32;
                        algo = MacAlgo::HMAC_SHA256;
                        break;
                case CKM_SHA384_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA384_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 48;
                        algo = MacAlgo::HMAC_SHA384;
                        break;
                case CKM_SHA512_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_SHA512_HMAC)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 64;
                        algo = MacAlgo::HMAC_SHA512;
                        break;
#ifdef WITH_GOST
                case CKM_GOSTR3411_HMAC:
                        if (keyType != CKK_GENERIC_SECRET && keyType != CKK_GOST28147)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        minSize = 32;
                        algo = MacAlgo::HMAC_GOST;
                        break;
#endif
                case CKM_DES3_CMAC:
                        if (keyType != CKK_DES2 && keyType != CKK_DES3)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        algo = MacAlgo::CMAC_DES;
                        bb = 7;
                        break;
                case CKM_AES_CMAC:
                        if (keyType != CKK_AES)
                                return CKR_KEY_TYPE_INCONSISTENT;
                        algo = MacAlgo::CMAC_AES;
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }
        MacAlgorithm* mac = CryptoFactory::i()->getMacAlgorithm(algo);
        if (mac == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* pubkey = new SymmetricKey();

        if (getSymmetricKey(pubkey, token, key) != CKR_OK)
        {
                mac->recycleKey(pubkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_GENERAL_ERROR;
        }

        // Adjust key bit length
        pubkey->setBitLen(pubkey->getKeyBits().size() * bb);

        // Check key size
        if (pubkey->getBitLen() < (minSize*8))
        {
                mac->recycleKey(pubkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_KEY_SIZE_RANGE;
        }

        // Initialize verifying
        if (!mac->verifyInit(pubkey))
        {
                mac->recycleKey(pubkey);
                CryptoFactory::i()->recycleMacAlgorithm(mac);
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_VERIFY);
        session->setMacOp(mac);
        session->setAllowMultiPartOp(true);
        session->setAllowSinglePartOp(true);
        session->setSymmetricKey(pubkey);

        return CKR_OK;
}

// AsymmetricAlgorithm version of C_VerifyInit
CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check read user credentials
        CK_RV rv = haveRead(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for verifying
        if (!key->getBooleanValue(CKA_VERIFY, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Get the asymmetric algorithm matching the mechanism
        AsymMech::Type mechanism = AsymMech::Unknown;
        void* param = NULL;
        size_t paramLen = 0;
        RSA_PKCS_PSS_PARAMS pssParam;
        bool bAllowMultiPartOp;
        bool isRSA = false;
        bool isDSA = false;
        bool isECDSA = false;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        mechanism = AsymMech::RSA_PKCS;
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
                case CKM_RSA_X_509:
                        mechanism = AsymMech::RSA;
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
#ifndef WITH_FIPS
                case CKM_MD5_RSA_PKCS:
                        mechanism = AsymMech::RSA_MD5_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
#endif
                case CKM_SHA1_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA1_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA224_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA224_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA256_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA256_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA384_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA384_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA512_RSA_PKCS:
                        mechanism = AsymMech::RSA_SHA512_PKCS;
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
#ifdef WITH_RAW_PSS
                case CKM_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS))
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_PKCS_PSS;

                        unsigned long expectedMgf;
                        switch(CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg) {
                                case CKM_SHA_1:
                                        pssParam.hashAlg = HashAlgo::SHA1;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
                                        expectedMgf = CKG_MGF1_SHA1;
                                        break;
                                case CKM_SHA224:
                                        pssParam.hashAlg = HashAlgo::SHA224;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
                                        expectedMgf = CKG_MGF1_SHA224;
                                        break;
                                case CKM_SHA256:
                                        pssParam.hashAlg = HashAlgo::SHA256;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
                                        expectedMgf = CKG_MGF1_SHA256;
                                        break;
                                case CKM_SHA384:
                                        pssParam.hashAlg = HashAlgo::SHA384;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
                                        expectedMgf = CKG_MGF1_SHA384;
                                        break;
                                case CKM_SHA512:
                                        pssParam.hashAlg = HashAlgo::SHA512;
                                        pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
                                        expectedMgf = CKG_MGF1_SHA512;
                                        break;
                                default:
                                        return CKR_ARGUMENTS_BAD;
                        }

                        if (CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != expectedMgf) {
                                return CKR_ARGUMENTS_BAD;
                        }

                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = false;
                        isRSA = true;
                        break;
#endif
                case CKM_SHA1_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA_1 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA1)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA1_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA1;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA1;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA224_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA224 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA224)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA224_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA224;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA224;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA256_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA256 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA256)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA256_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA256;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA256;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA384_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA384 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA384)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA384_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA384;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA384;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_SHA512_RSA_PKCS_PSS:
                        if (pMechanism->pParameter == NULL_PTR ||
                            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->hashAlg != CKM_SHA512 ||
                            CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->mgf != CKG_MGF1_SHA512)
                        {
                                ERROR_MSG("Invalid parameters");
                                return CKR_ARGUMENTS_BAD;
                        }
                        mechanism = AsymMech::RSA_SHA512_PKCS_PSS;
                        pssParam.hashAlg = HashAlgo::SHA512;
                        pssParam.mgf = AsymRSAMGF::MGF1_SHA512;
                        pssParam.sLen = CK_RSA_PKCS_PSS_PARAMS_PTR(pMechanism->pParameter)->sLen;
                        param = &pssParam;
                        paramLen = sizeof(pssParam);
                        bAllowMultiPartOp = true;
                        isRSA = true;
                        break;
                case CKM_DSA:
                        mechanism = AsymMech::DSA;
                        bAllowMultiPartOp = false;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA1:
                        mechanism = AsymMech::DSA_SHA1;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA224:
                        mechanism = AsymMech::DSA_SHA224;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA256:
                        mechanism = AsymMech::DSA_SHA256;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA384:
                        mechanism = AsymMech::DSA_SHA384;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
                case CKM_DSA_SHA512:
                        mechanism = AsymMech::DSA_SHA512;
                        bAllowMultiPartOp = true;
                        isDSA = true;
                        break;
#ifdef WITH_ECC
                case CKM_ECDSA:
                        mechanism = AsymMech::ECDSA;
                        bAllowMultiPartOp = false;
                        isECDSA = true;
                        break;
#endif
#ifdef WITH_GOST
                case CKM_GOSTR3410:
                        mechanism = AsymMech::GOST;
                        bAllowMultiPartOp = false;
                        break;
                case CKM_GOSTR3410_WITH_GOSTR3411:
                        mechanism = AsymMech::GOST_GOST;
                        bAllowMultiPartOp = true;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }

        AsymmetricAlgorithm* asymCrypto = NULL;
        PublicKey* publicKey = NULL;
        if (isRSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                publicKey = asymCrypto->newPublicKey();
                if (publicKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getRSAPublicKey((RSAPublicKey*)publicKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePublicKey(publicKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
        else if (isDSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                publicKey = asymCrypto->newPublicKey();
                if (publicKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getDSAPublicKey((DSAPublicKey*)publicKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePublicKey(publicKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
#ifdef WITH_ECC
        else if (isECDSA)
        {
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                publicKey = asymCrypto->newPublicKey();
                if (publicKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getECPublicKey((ECPublicKey*)publicKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePublicKey(publicKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
        }
#endif
        else
        {
#ifdef WITH_GOST
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
                if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;

                publicKey = asymCrypto->newPublicKey();
                if (publicKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }

                if (getGOSTPublicKey((GOSTPublicKey*)publicKey, token, key) != CKR_OK)
                {
                        asymCrypto->recyclePublicKey(publicKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
#else
                return CKR_MECHANISM_INVALID;
#endif
        }

        // Initialize verifying
        if (bAllowMultiPartOp && !asymCrypto->verifyInit(publicKey,mechanism,param,paramLen))
        {
                asymCrypto->recyclePublicKey(publicKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                return CKR_MECHANISM_INVALID;
        }

        session->setOpType(SESSION_OP_VERIFY);
        session->setAsymmetricCryptoOp(asymCrypto);
        session->setMechanism(mechanism);
        session->setParameters(param, paramLen);
        session->setAllowMultiPartOp(bAllowMultiPartOp);
        session->setAllowSinglePartOp(true);
        session->setPublicKey(publicKey);

        return CKR_OK;
}

// Initialise a verification operation using the specified key and mechanism
CK_RV SoftHSM::C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
{
        if (isMacMechanism(pMechanism))
                return MacVerifyInit(hSession, pMechanism, hKey);
        else
                return AsymVerifyInit(hSession, pMechanism, hKey);
}

// MacAlgorithm version of C_Verify
static CK_RV MacVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL || !session->getAllowSinglePartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = mac->getMacSize();

        // Check buffer size
        if (ulSignatureLen != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_SIGNATURE_LEN_RANGE;
        }

        // Get the data
        ByteString data(pData, ulDataLen);

        // Verify the data
        if (!mac->verifyUpdate(data))
        {
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        // Get the signature
        ByteString signature(pSignature, ulSignatureLen);

        // Verify the signature
        if (!mac->verifyFinal(signature))
        {
                session->resetOp();
                return CKR_SIGNATURE_INVALID;
        }

        session->resetOp();
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_Verify
static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        AsymMech::Type mechanism = session->getMechanism();
        PublicKey* publicKey = session->getPublicKey();
        size_t paramLen;
        void* param = session->getParameters(paramLen);
        if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = publicKey->getOutputLength();

        // Check buffer size
        if (ulSignatureLen != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_SIGNATURE_LEN_RANGE;
        }

        // Get the data
        ByteString data;

        // We must allow input length <= k and therfore need to prepend the data with zeroes.
        if (mechanism == AsymMech::RSA) {
                data.wipe(size-ulDataLen);
        }

        data += ByteString(pData, ulDataLen);
        ByteString signature(pSignature, ulSignatureLen);

        // Verify the data
        if (session->getAllowMultiPartOp())
        {
                if (!asymCrypto->verifyUpdate(data) ||
                    !asymCrypto->verifyFinal(signature))
                {
                        session->resetOp();
                        return CKR_SIGNATURE_INVALID;
                }
        }
        else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen))
        {
                session->resetOp();
                return CKR_SIGNATURE_INVALID;
        }

        session->resetOp();
        return CKR_OK;
}

// Perform a single pass verification operation
CK_RV SoftHSM::C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pData == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pSignature == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_VERIFY)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacVerify(session, pData, ulDataLen,
                                 pSignature, ulSignatureLen);
        else
                return AsymVerify(session, pData, ulDataLen,
                                  pSignature, ulSignatureLen);
}

// MacAlgorithm version of C_VerifyUpdate
static CK_RV MacVerifyUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Get the part
        ByteString part(pPart, ulPartLen);

        // Verify the data
        if (!mac->verifyUpdate(part))
        {
                // verifyUpdate can't fail for a logical reason, so we assume total breakdown.
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        session->setAllowSinglePartOp(false);
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_VerifyUpdate
static CK_RV AsymVerifyUpdate(Session* session, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        if (asymCrypto == NULL || !session->getAllowMultiPartOp())
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Get the part
        ByteString part(pPart, ulPartLen);

        // Verify the data
        if (!asymCrypto->verifyUpdate(part))
        {
                // verifyUpdate can't fail for a logical reason, so we assume total breakdown.
                session->resetOp();
                return CKR_GENERAL_ERROR;
        }

        session->setAllowSinglePartOp(false);
        return CKR_OK;
}

// Update a running verification operation with additional data
CK_RV SoftHSM::C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pPart == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_VERIFY)
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacVerifyUpdate(session, pPart, ulPartLen);
        else
                return AsymVerifyUpdate(session, pPart, ulPartLen);
}

// MacAlgorithm version of C_SignFinal
static CK_RV MacVerifyFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        MacAlgorithm* mac = session->getMacOp();
        if (mac == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = mac->getMacSize();

        // Check buffer size
        if (ulSignatureLen != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_SIGNATURE_LEN_RANGE;
        }

        // Get the signature
        ByteString signature(pSignature, ulSignatureLen);

        // Verify the data
        if (!mac->verifyFinal(signature))
        {
                session->resetOp();
                return CKR_SIGNATURE_INVALID;
        }

        session->resetOp();
        return CKR_OK;
}

// AsymmetricAlgorithm version of C_VerifyFinal
static CK_RV AsymVerifyFinal(Session* session, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
        PublicKey* publicKey = session->getPublicKey();
        if (asymCrypto == NULL || publicKey == NULL)
        {
                session->resetOp();
                return CKR_OPERATION_NOT_INITIALIZED;
        }

        // Size of the signature
        CK_ULONG size = publicKey->getOutputLength();

        // Check buffer size
        if (ulSignatureLen != size)
        {
                ERROR_MSG("The size of the signature differs from the size of the mechanism");
                session->resetOp();
                return CKR_SIGNATURE_LEN_RANGE;
        }

        // Get the data
        ByteString signature(pSignature, ulSignatureLen);

        // Verify the data
        if (!asymCrypto->verifyFinal(signature))
        {
                session->resetOp();
                return CKR_SIGNATURE_INVALID;
        }

        session->resetOp();
        return CKR_OK;
}

// Finalise the verification operation and check the signature
CK_RV SoftHSM::C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pSignature == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we are doing the correct operation
        if (session->getOpType() != SESSION_OP_VERIFY || !session->getAllowMultiPartOp())
                return CKR_OPERATION_NOT_INITIALIZED;

        if (session->getMacOp() != NULL)
                return MacVerifyFinal(session, pSignature, ulSignatureLen);
        else
                return AsymVerifyFinal(session, pSignature, ulSignatureLen);
}

// Initialise a verification operation the allows recovery of the signed data from the signature
CK_RV SoftHSM::C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR /*pMechanism*/, CK_OBJECT_HANDLE /*hKey*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check if we have another operation
        if (session->getOpType() != SESSION_OP_NONE) return CKR_OPERATION_ACTIVE;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Perform a single part verification operation and recover the signed data
CK_RV SoftHSM::C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pSignature*/, CK_ULONG /*ulSignatureLen*/, CK_BYTE_PTR /*pData*/, CK_ULONG_PTR /*pulDataLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Update a running multi-part encryption and digesting operation
CK_RV SoftHSM::C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG_PTR /*pulEncryptedPartLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Update a running multi-part decryption and digesting operation
CK_RV SoftHSM::C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pDecryptedPart*/, CK_ULONG_PTR /*pulDecryptedPartLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Update a running multi-part signing and encryption operation
CK_RV SoftHSM::C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pPart*/, CK_ULONG /*ulPartLen*/, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG_PTR /*pulEncryptedPartLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Update a running multi-part decryption and verification operation
CK_RV SoftHSM::C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR /*pEncryptedPart*/, CK_ULONG /*ulEncryptedPartLen*/, CK_BYTE_PTR /*pPart*/, CK_ULONG_PTR /*pulPartLen*/)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Generate a secret key or a domain parameter set using the specified mechanism
CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phKey == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check the mechanism, only accept DSA and DH parameters
        // and symmetric ciphers
        CK_OBJECT_CLASS objClass;
        CK_KEY_TYPE keyType;
        switch (pMechanism->mechanism)
        {
                case CKM_DSA_PARAMETER_GEN:
                        objClass = CKO_DOMAIN_PARAMETERS;
                        keyType = CKK_DSA;
                        break;
                case CKM_DH_PKCS_PARAMETER_GEN:
                        objClass = CKO_DOMAIN_PARAMETERS;
                        keyType = CKK_DH;
                        break;
#ifndef WITH_FIPS
                case CKM_DES_KEY_GEN:
                        objClass = CKO_SECRET_KEY;
                        keyType = CKK_DES;
                        break;
#endif
                case CKM_DES2_KEY_GEN:
                        objClass = CKO_SECRET_KEY;
                        keyType = CKK_DES2;
                        break;
                case CKM_DES3_KEY_GEN:
                        objClass = CKO_SECRET_KEY;
                        keyType = CKK_DES3;
                        break;
                case CKM_AES_KEY_GEN:
                        objClass = CKO_SECRET_KEY;
                        keyType = CKK_AES;
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }

        // Extract information from the template that is needed to create the object.
        CK_BBOOL isOnToken = CK_FALSE;
        CK_BBOOL isPrivate = CK_TRUE;
        CK_CERTIFICATE_TYPE dummy;
        bool isImplicit = true;
        extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);

        // Report errors and/or unexpected usage.
        if (objClass != CKO_SECRET_KEY && objClass != CKO_DOMAIN_PARAMETERS)
                return CKR_ATTRIBUTE_VALUE_INVALID;
        if (pMechanism->mechanism == CKM_DSA_PARAMETER_GEN &&
            (objClass != CKO_DOMAIN_PARAMETERS || keyType != CKK_DSA))
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DH_PKCS_PARAMETER_GEN &&
            (objClass != CKO_DOMAIN_PARAMETERS || keyType != CKK_DH))
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DES_KEY_GEN &&
            (objClass != CKO_SECRET_KEY || keyType != CKK_DES))
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DES2_KEY_GEN &&
            (objClass != CKO_SECRET_KEY || keyType != CKK_DES2))
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DES3_KEY_GEN &&
            (objClass != CKO_SECRET_KEY || keyType != CKK_DES3))
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_AES_KEY_GEN &&
            (objClass != CKO_SECRET_KEY || keyType != CKK_AES))
                return CKR_TEMPLATE_INCONSISTENT;

        // Check authorization
        CK_RV rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Generate DSA domain parameters
        if (pMechanism->mechanism == CKM_DSA_PARAMETER_GEN)
        {
                return this->generateDSAParameters(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        // Generate DH domain parameters
        if (pMechanism->mechanism == CKM_DH_PKCS_PARAMETER_GEN)
        {
                return this->generateDHParameters(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        // Generate DES secret key
        if (pMechanism->mechanism == CKM_DES_KEY_GEN)
        {
                return this->generateDES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        // Generate DES2 secret key
        if (pMechanism->mechanism == CKM_DES2_KEY_GEN)
        {
                return this->generateDES2(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        // Generate DES3 secret key
        if (pMechanism->mechanism == CKM_DES3_KEY_GEN)
        {
                return this->generateDES3(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        // Generate AES secret key
        if (pMechanism->mechanism == CKM_AES_KEY_GEN)
        {
                return this->generateAES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
        }

        return CKR_GENERAL_ERROR;
}

// Generate a key-pair using the specified mechanism
CK_RV SoftHSM::C_GenerateKeyPair
(
        CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey
)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phPublicKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phPrivateKey == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check the mechanism, only accept RSA, DSA, EC and DH key pair generation.
        CK_KEY_TYPE keyType;
        switch (pMechanism->mechanism)
        {
                case CKM_RSA_PKCS_KEY_PAIR_GEN:
                        keyType = CKK_RSA;
                        break;
                case CKM_DSA_KEY_PAIR_GEN:
                        keyType = CKK_DSA;
                        break;
                case CKM_DH_PKCS_KEY_PAIR_GEN:
                        keyType = CKK_DH;
                        break;
#ifdef WITH_ECC
                case CKM_EC_KEY_PAIR_GEN:
                        keyType = CKK_EC;
                        break;
#endif
#ifdef WITH_GOST
                case CKM_GOSTR3410_KEY_PAIR_GEN:
                        keyType = CKK_GOSTR3410;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        CK_CERTIFICATE_TYPE dummy;

        // Extract information from the public key template that is needed to create the object.
        CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
        CK_BBOOL ispublicKeyToken = CK_FALSE;
        CK_BBOOL ispublicKeyPrivate = CK_FALSE;
        bool isPublicKeyImplicit = true;
        extractObjectInformation(pPublicKeyTemplate, ulPublicKeyAttributeCount, publicKeyClass, keyType, dummy, ispublicKeyToken, ispublicKeyPrivate, isPublicKeyImplicit);

        // Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
        if (publicKeyClass != CKO_PUBLIC_KEY)
                return CKR_ATTRIBUTE_VALUE_INVALID;
        if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN && keyType != CKK_RSA)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN && keyType != CKK_DSA)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN && keyType != CKK_EC)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN && keyType != CKK_DH)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410)
                return CKR_TEMPLATE_INCONSISTENT;

        // Extract information from the private key template that is needed to create the object.
        CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
        CK_BBOOL isprivateKeyToken = CK_FALSE;
        CK_BBOOL isprivateKeyPrivate = CK_TRUE;
        bool isPrivateKeyImplicit = true;
        extractObjectInformation(pPrivateKeyTemplate, ulPrivateKeyAttributeCount, privateKeyClass, keyType, dummy, isprivateKeyToken, isprivateKeyPrivate, isPrivateKeyImplicit);

        // Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
        if (privateKeyClass != CKO_PRIVATE_KEY)
                return CKR_ATTRIBUTE_VALUE_INVALID;
        if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN && keyType != CKK_RSA)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN && keyType != CKK_DSA)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN && keyType != CKK_EC)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN && keyType != CKK_DH)
                return CKR_TEMPLATE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410)
                return CKR_TEMPLATE_INCONSISTENT;

        // Check user credentials
        CK_RV rv = haveWrite(session->getState(), ispublicKeyToken || isprivateKeyToken, ispublicKeyPrivate || isprivateKeyPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Generate RSA keys
        if (pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN)
        {
                        return this->generateRSA(hSession,
                                                                         pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                                                         pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                                                         phPublicKey, phPrivateKey,
                                                                         ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
        }

        // Generate DSA keys
        if (pMechanism->mechanism == CKM_DSA_KEY_PAIR_GEN)
        {
                        return this->generateDSA(hSession,
                                                                         pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                                                         pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                                                         phPublicKey, phPrivateKey,
                                                                         ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
        }

        // Generate EC keys
        if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN)
        {
                        return this->generateEC(hSession,
                                                                         pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                                                         pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                                                         phPublicKey, phPrivateKey,
                                                                         ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
        }

        // Generate DH keys
        if (pMechanism->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN)
        {
                        return this->generateDH(hSession,
                                                                         pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                                                         pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                                                         phPublicKey, phPrivateKey,
                                                                         ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
        }

        // Generate GOST keys
        if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN)
        {
                        return this->generateGOST(hSession,
                                                                         pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                                                         pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                                                         phPublicKey, phPrivateKey,
                                                                         ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
        }

        return CKR_GENERAL_ERROR;
}

// Internal: Wrap blob using symmetric key
CK_RV SoftHSM::WrapKeySym
(
        CK_MECHANISM_PTR pMechanism,
        Token* token,
        OSObject* wrapKey,
        ByteString& keydata,
        ByteString& wrapped
)
{
        // Get the symmetric algorithm matching the mechanism
        SymAlgo::Type algo = SymAlgo::Unknown;
        SymWrap::Type mode = SymWrap::Unknown;
        size_t bb = 8;
#ifdef HAVE_AES_KEY_WRAP
        CK_ULONG wrappedlen = keydata.size();

        // [PKCS#11 v2.40, 2.14.3 AES Key Wrap]
        // A key whose length is not a multiple of the AES Key Wrap block
        // size (8 bytes) will be zero padded to fit.
        CK_ULONG alignment = wrappedlen % 8;
        if (alignment != 0)
        {
                keydata.resize(wrappedlen + 8 - alignment);
                memset(&keydata[wrappedlen], 0, 8 - alignment);
                wrappedlen = keydata.size();
        }
#endif
        switch(pMechanism->mechanism) {
#ifdef HAVE_AES_KEY_WRAP
                case CKM_AES_KEY_WRAP:
                        if ((wrappedlen < 16) || ((wrappedlen % 8) != 0))
                                return CKR_KEY_SIZE_RANGE;
                        algo = SymAlgo::AES;
                        mode = SymWrap::AES_KEYWRAP;
                        break;
#endif
#ifdef HAVE_AES_KEY_WRAP_PAD
                case CKM_AES_KEY_WRAP_PAD:
                        algo = SymAlgo::AES;
                        mode = SymWrap::AES_KEYWRAP_PAD;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* wrappingkey = new SymmetricKey();

        if (getSymmetricKey(wrappingkey, token, wrapKey) != CKR_OK)
        {
                cipher->recycleKey(wrappingkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // adjust key bit length
        wrappingkey->setBitLen(wrappingkey->getKeyBits().size() * bb);

        // Wrap the key
        if (!cipher->wrapKey(wrappingkey, mode, keydata, wrapped))
        {
                cipher->recycleKey(wrappingkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        cipher->recycleKey(wrappingkey);
        CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
        return CKR_OK;
}

// Internal: Wrap blob using asymmetric key
CK_RV SoftHSM::WrapKeyAsym
(
        CK_MECHANISM_PTR pMechanism,
        Token* token,
        OSObject* wrapKey,
        ByteString& keydata,
        ByteString& wrapped
)
{
        const size_t bb = 8;
        AsymAlgo::Type algo = AsymAlgo::Unknown;
        AsymMech::Type mech = AsymMech::Unknown;

        CK_ULONG modulus_length;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                case CKM_RSA_PKCS_OAEP:
                        algo = AsymAlgo::RSA;
                        if (!wrapKey->attributeExists(CKA_MODULUS_BITS))
                                return CKR_GENERAL_ERROR;
                        modulus_length = wrapKey->getUnsignedLongValue(CKA_MODULUS_BITS, 0);
                        // adjust key bit length
                        modulus_length /= bb;
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }

        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        mech = AsymMech::RSA_PKCS;
                        // RFC 3447 section 7.2.1
                        if (keydata.size() > modulus_length - 11)
                                return CKR_KEY_SIZE_RANGE;
                        break;

                case CKM_RSA_PKCS_OAEP:
                        mech = AsymMech::RSA_PKCS_OAEP;
                        // SHA-1 is the only supported option
                        // PKCS#11 2.40 draft 2 section 2.1.8: input length <= k-2-2hashLen
                        if (keydata.size() > modulus_length - 2 - 2 * 160 / 8)
                                return CKR_KEY_SIZE_RANGE;
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }

        AsymmetricAlgorithm* cipher = CryptoFactory::i()->getAsymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        PublicKey* publicKey = cipher->newPublicKey();
        if (publicKey == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
                return CKR_HOST_MEMORY;
        }

        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                case CKM_RSA_PKCS_OAEP:
                        if (getRSAPublicKey((RSAPublicKey*)publicKey, token, wrapKey) != CKR_OK)
                        {
                                cipher->recyclePublicKey(publicKey);
                                CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
                                return CKR_GENERAL_ERROR;
                        }
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }
        // Wrap the key
        if (!cipher->wrapKey(publicKey, keydata, wrapped, mech))
        {
                cipher->recyclePublicKey(publicKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        cipher->recyclePublicKey(publicKey);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);

        return CKR_OK;
}


// Wrap the specified key using the specified wrapping key and mechanism
CK_RV SoftHSM::C_WrapKey
(
        CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hWrappingKey,
        CK_OBJECT_HANDLE hKey,
        CK_BYTE_PTR pWrappedKey,
        CK_ULONG_PTR pulWrappedKeyLen
)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pulWrappedKeyLen == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        CK_RV rv;
        // Check the mechanism, only accept advanced AES key wrapping and RSA
        switch(pMechanism->mechanism)
        {
#ifdef HAVE_AES_KEY_WRAP
                case CKM_AES_KEY_WRAP:
#endif
#ifdef HAVE_AES_KEY_WRAP_PAD
                case CKM_AES_KEY_WRAP_PAD:
#endif
                case CKM_RSA_PKCS:
                        // Does not handle optional init vector
                        if (pMechanism->pParameter != NULL_PTR ||
                            pMechanism->ulParameterLen != 0)
                                return CKR_ARGUMENTS_BAD;
                        break;
                case CKM_RSA_PKCS_OAEP:
                        rv = MechParamCheckRSAPKCSOAEP(pMechanism);
                        if (rv != CKR_OK)
                                return rv;
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the wrapping key handle.
        OSObject *wrapKey = (OSObject *)handleManager->getObject(hWrappingKey);
        if (wrapKey == NULL_PTR || !wrapKey->isValid()) return CKR_WRAPPING_KEY_HANDLE_INVALID;

        CK_BBOOL isWrapKeyOnToken = wrapKey->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isWrapKeyPrivate = wrapKey->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials for the wrapping key
        rv = haveRead(session->getState(), isWrapKeyOnToken, isWrapKeyPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check wrapping key class and type
        if ((pMechanism->mechanism == CKM_AES_KEY_WRAP || pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD) && wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
                return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
        if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PUBLIC_KEY)
                return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_AES_KEY_WRAP && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
                return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
                return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
        if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && wrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_RSA)
                return CKR_WRAPPING_KEY_TYPE_INCONSISTENT;

        // Check if the wrapping key can be used for wrapping
        if (wrapKey->getBooleanValue(CKA_WRAP, false) == false)
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

    // Check if the specified mechanism is allowed for the wrapping key
    if (!isMechanismPermitted(wrapKey, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Check the to be wrapped key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_KEY_HANDLE_INVALID;

        CK_BBOOL isKeyOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials for the to be wrapped key
        rv = haveRead(session->getState(), isKeyOnToken, isKeyPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if the to be wrapped key can be wrapped
        if (key->getBooleanValue(CKA_EXTRACTABLE, false) == false)
                return CKR_KEY_UNEXTRACTABLE;
        if (key->getBooleanValue(CKA_WRAP_WITH_TRUSTED, false) && wrapKey->getBooleanValue(CKA_TRUSTED, false) == false)
                return CKR_KEY_NOT_WRAPPABLE;

        // Check the class
        CK_OBJECT_CLASS keyClass = key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
        if (keyClass != CKO_SECRET_KEY && keyClass != CKO_PRIVATE_KEY)
                return CKR_KEY_NOT_WRAPPABLE;
        // CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP can be used only on SECRET keys: PKCS#11 2.40 draft 2 section 2.1.6 PKCS #1 v1.5 RSA & section 2.1.8 PKCS #1 RSA OAEP
        if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && keyClass != CKO_SECRET_KEY)
                return CKR_KEY_NOT_WRAPPABLE;

        // Verify the wrap template attribute
        if (wrapKey->attributeExists(CKA_WRAP_TEMPLATE))
        {
                OSAttribute attr = wrapKey->getAttribute(CKA_WRAP_TEMPLATE);

                if (attr.isAttributeMapAttribute())
                {
                        typedef std::map<CK_ATTRIBUTE_TYPE,OSAttribute> attrmap_type;

                        const attrmap_type& map = attr.getAttributeMapValue();

                        for (attrmap_type::const_iterator it = map.begin(); it != map.end(); ++it)
                        {
                                if (!key->attributeExists(it->first))
                                {
                                        return CKR_KEY_NOT_WRAPPABLE;
                                }

                                OSAttribute keyAttr = key->getAttribute(it->first);
                                ByteString v1, v2;
                                if (!keyAttr.peekValue(v1) || !it->second.peekValue(v2) || (v1 != v2))
                                {
                                        return CKR_KEY_NOT_WRAPPABLE;
                                }
                        }
                }
        }

        // Get the key data to encrypt
        ByteString keydata;
        if (keyClass == CKO_SECRET_KEY)
        {
                if (isKeyPrivate)
                {
                        bool bOK = token->decrypt(key->getByteStringValue(CKA_VALUE), keydata);
                        if (!bOK) return CKR_GENERAL_ERROR;
                }
                else
                {
                        keydata = key->getByteStringValue(CKA_VALUE);
                }
        }
        else
        {
                CK_KEY_TYPE keyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
                AsymAlgo::Type alg = AsymAlgo::Unknown;
                switch (keyType) {
                        case CKK_RSA:
                                alg = AsymAlgo::RSA;
                                break;
                        case CKK_DSA:
                                alg = AsymAlgo::DSA;
                                break;
                        case CKK_DH:
                                alg = AsymAlgo::DH;
                                break;
#ifdef WITH_ECC
                        case CKK_EC:
                                // can be ecdh too but it doesn't matter
                                alg = AsymAlgo::ECDSA;
                                break;
#endif
                        default:
                                return CKR_KEY_NOT_WRAPPABLE;
                }
                AsymmetricAlgorithm* asymCrypto = NULL;
                PrivateKey* privateKey = NULL;
                asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(alg);
                if (asymCrypto == NULL)
                        return CKR_GENERAL_ERROR;
                privateKey = asymCrypto->newPrivateKey();
                if (privateKey == NULL)
                {
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_HOST_MEMORY;
                }
                switch (keyType) {
                        case CKK_RSA:
                                rv = getRSAPrivateKey((RSAPrivateKey*)privateKey, token, key);
                                break;
                        case CKK_DSA:
                                rv = getDSAPrivateKey((DSAPrivateKey*)privateKey, token, key);
                                break;
                        case CKK_DH:
                                rv = getDHPrivateKey((DHPrivateKey*)privateKey, token, key);
                                break;
#ifdef WITH_ECC
                        case CKK_EC:
                                rv = getECPrivateKey((ECPrivateKey*)privateKey, token, key);
                                break;
#endif
                }
                if (rv != CKR_OK)
                {
                        asymCrypto->recyclePrivateKey(privateKey);
                        CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
                        return CKR_GENERAL_ERROR;
                }
                keydata = privateKey->PKCS8Encode();
                asymCrypto->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
        }
        if (keydata.size() == 0)
                return CKR_KEY_NOT_WRAPPABLE;

        keyClass = wrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED);
        ByteString wrapped;
        if (keyClass == CKO_SECRET_KEY)
                rv = SoftHSM::WrapKeySym(pMechanism, token, wrapKey, keydata, wrapped);
        else
                rv = SoftHSM::WrapKeyAsym(pMechanism, token, wrapKey, keydata, wrapped);
        if (rv != CKR_OK)
                return rv;

        if (pWrappedKey != NULL) {
                if (*pulWrappedKeyLen >= wrapped.size())
                        memcpy(pWrappedKey, wrapped.byte_str(), wrapped.size());
                else
                        rv = CKR_BUFFER_TOO_SMALL;
        }

        *pulWrappedKeyLen = wrapped.size();
        return rv;
}

// Internal: Unwrap blob using symmetric key
CK_RV SoftHSM::UnwrapKeySym
(
        CK_MECHANISM_PTR pMechanism,
        ByteString& wrapped,
        Token* token,
        OSObject* unwrapKey,
        ByteString& keydata
)
{
        // Get the symmetric algorithm matching the mechanism
        SymAlgo::Type algo = SymAlgo::Unknown;
        SymWrap::Type mode = SymWrap::Unknown;
        size_t bb = 8;
        switch(pMechanism->mechanism) {
#ifdef HAVE_AES_KEY_WRAP
                case CKM_AES_KEY_WRAP:
                        algo = SymAlgo::AES;
                        mode = SymWrap::AES_KEYWRAP;
                        break;
#endif
#ifdef HAVE_AES_KEY_WRAP_PAD
                case CKM_AES_KEY_WRAP_PAD:
                        algo = SymAlgo::AES;
                        mode = SymWrap::AES_KEYWRAP_PAD;
                        break;
#endif
                default:
                        return CKR_MECHANISM_INVALID;
        }
        SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* unwrappingkey = new SymmetricKey();

        if (getSymmetricKey(unwrappingkey, token, unwrapKey) != CKR_OK)
        {
                cipher->recycleKey(unwrappingkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // adjust key bit length
        unwrappingkey->setBitLen(unwrappingkey->getKeyBits().size() * bb);

        // Unwrap the key
        CK_RV rv = CKR_OK;
        if (!cipher->unwrapKey(unwrappingkey, mode, wrapped, keydata))
                rv = CKR_GENERAL_ERROR;
        cipher->recycleKey(unwrappingkey);
        CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
        return rv;
}

// Internal: Unwrap blob using asymmetric key
CK_RV SoftHSM::UnwrapKeyAsym
(
        CK_MECHANISM_PTR pMechanism,
        ByteString& wrapped,
        Token* token,
        OSObject* unwrapKey,
        ByteString& keydata
)
{
        // Get the symmetric algorithm matching the mechanism
        AsymAlgo::Type algo = AsymAlgo::Unknown;
        AsymMech::Type mode = AsymMech::Unknown;
        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                        algo = AsymAlgo::RSA;
                        mode = AsymMech::RSA_PKCS;
                        break;

                case CKM_RSA_PKCS_OAEP:
                        algo = AsymAlgo::RSA;
                        mode = AsymMech::RSA_PKCS_OAEP;
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }
        AsymmetricAlgorithm* cipher = CryptoFactory::i()->getAsymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        PrivateKey* unwrappingkey = cipher->newPrivateKey();
        if (unwrappingkey == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
                return CKR_HOST_MEMORY;
        }

        switch(pMechanism->mechanism) {
                case CKM_RSA_PKCS:
                case CKM_RSA_PKCS_OAEP:
                        if (getRSAPrivateKey((RSAPrivateKey*)unwrappingkey, token, unwrapKey) != CKR_OK)
                        {
                                cipher->recyclePrivateKey(unwrappingkey);
                                CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
                                return CKR_GENERAL_ERROR;
                        }
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }

        // Unwrap the key
        CK_RV rv = CKR_OK;
        if (!cipher->unwrapKey(unwrappingkey, wrapped, keydata, mode))
                rv = CKR_GENERAL_ERROR;
        cipher->recyclePrivateKey(unwrappingkey);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(cipher);
        return rv;
}

// Unwrap the specified key using the specified unwrapping key
CK_RV SoftHSM::C_UnwrapKey
(
        CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hUnwrappingKey,
        CK_BYTE_PTR pWrappedKey,
        CK_ULONG ulWrappedKeyLen,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR hKey
)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pWrappedKey == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (hKey == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        CK_RV rv;
        // Check the mechanism
        switch(pMechanism->mechanism)
        {
#ifdef HAVE_AES_KEY_WRAP
                case CKM_AES_KEY_WRAP:
                        if ((ulWrappedKeyLen < 24) || ((ulWrappedKeyLen % 8) != 0))
                                return CKR_WRAPPED_KEY_LEN_RANGE;
                        // Does not handle optional init vector
                        if (pMechanism->pParameter != NULL_PTR ||
                            pMechanism->ulParameterLen != 0)
                                return CKR_ARGUMENTS_BAD;
                        break;
#endif
#ifdef HAVE_AES_KEY_WRAP_PAD
                case CKM_AES_KEY_WRAP_PAD:
                        if ((ulWrappedKeyLen < 16) || ((ulWrappedKeyLen % 8) != 0))
                                return CKR_WRAPPED_KEY_LEN_RANGE;
                        // Does not handle optional init vector
                        if (pMechanism->pParameter != NULL_PTR ||
                            pMechanism->ulParameterLen != 0)
                                return CKR_ARGUMENTS_BAD;
                        break;
#endif
                case CKM_RSA_PKCS:
                        // Input length checks needs to be done later when unwrapping key is known
                        break;
                case CKM_RSA_PKCS_OAEP:
                        rv = MechParamCheckRSAPKCSOAEP(pMechanism);
                        if (rv != CKR_OK)
                                return rv;
                        break;

                default:
                        return CKR_MECHANISM_INVALID;
        }

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the unwrapping key handle.
        OSObject *unwrapKey = (OSObject *)handleManager->getObject(hUnwrappingKey);
        if (unwrapKey == NULL_PTR || !unwrapKey->isValid()) return CKR_UNWRAPPING_KEY_HANDLE_INVALID;

        CK_BBOOL isUnwrapKeyOnToken = unwrapKey->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isUnwrapKeyPrivate = unwrapKey->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials
        rv = haveRead(session->getState(), isUnwrapKeyOnToken, isUnwrapKeyPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check unwrapping key class and type
        if ((pMechanism->mechanism == CKM_AES_KEY_WRAP || pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD) && unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
                return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_AES_KEY_WRAP && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
                return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
        if (pMechanism->mechanism == CKM_AES_KEY_WRAP_PAD && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_AES)
                return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
        if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
                return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
        if ((pMechanism->mechanism == CKM_RSA_PKCS || pMechanism->mechanism == CKM_RSA_PKCS_OAEP) && unwrapKey->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_RSA)
                return CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;

        // Check if the unwrapping key can be used for unwrapping
        if (unwrapKey->getBooleanValue(CKA_UNWRAP, false) == false)
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the unwrap key
        if (!isMechanismPermitted(unwrapKey, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Extract information from the template that is needed to create the object.
        CK_OBJECT_CLASS objClass;
        CK_KEY_TYPE keyType;
        CK_BBOOL isOnToken = CK_FALSE;
        CK_BBOOL isPrivate = CK_TRUE;
        CK_CERTIFICATE_TYPE dummy;
        bool isImplicit = false;
        rv = extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);
        if (rv != CKR_OK)
        {
                ERROR_MSG("Mandatory attribute not present in template");
                return rv;
        }

        // Report errors and/or unexpected usage.
        if (objClass != CKO_SECRET_KEY && objClass != CKO_PRIVATE_KEY)
                return CKR_ATTRIBUTE_VALUE_INVALID;
        // Key type will be handled at object creation

        // Check authorization
        rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Build unwrapped key template
        const CK_ULONG maxAttribs = 32;
        CK_ATTRIBUTE secretAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) }
        };
        CK_ULONG secretAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - secretAttribsCount))
                return CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i = 0; i < ulCount; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                                continue;
                        default:
                                secretAttribs[secretAttribsCount++] = pTemplate[i];
                }
        }

        // Apply the unwrap template
        if (unwrapKey->attributeExists(CKA_UNWRAP_TEMPLATE))
        {
                OSAttribute unwrapAttr = unwrapKey->getAttribute(CKA_UNWRAP_TEMPLATE);

                if (unwrapAttr.isAttributeMapAttribute())
                {
                        typedef std::map<CK_ATTRIBUTE_TYPE,OSAttribute> attrmap_type;

                        const attrmap_type& map = unwrapAttr.getAttributeMapValue();

                        for (attrmap_type::const_iterator it = map.begin(); it != map.end(); ++it)
                        {
                                CK_ATTRIBUTE* attr = NULL;
                                for (CK_ULONG i = 0; i < secretAttribsCount; ++i)
                                {
                                        if (it->first == secretAttribs[i].type)
                                        {
                                                if (attr != NULL)
                                                {
                                                        return CKR_TEMPLATE_INCONSISTENT;
                                                }
                                                attr = &secretAttribs[i];
                                                ByteString value;
                                                it->second.peekValue(value);
                                                if (attr->ulValueLen != value.size())
                                                {
                                                        return CKR_TEMPLATE_INCONSISTENT;
                                                }
                                                if (memcmp(attr->pValue, value.const_byte_str(), value.size()) != 0)
                                                {
                                                        return CKR_TEMPLATE_INCONSISTENT;
                                                }
                                        }
                                }
                                if (attr == NULL)
                                {
                                        return CKR_TEMPLATE_INCONSISTENT;
                                }
                        }
                }
        }

        *hKey = CK_INVALID_HANDLE;

        // Unwrap the key
        ByteString wrapped(pWrappedKey, ulWrappedKeyLen);
        ByteString keydata;
        if (unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_SECRET_KEY)
                rv = UnwrapKeySym(pMechanism, wrapped, token, unwrapKey, keydata);
        else if (unwrapKey->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) == CKO_PRIVATE_KEY)
                rv = UnwrapKeyAsym(pMechanism, wrapped, token, unwrapKey, keydata);
        else
                rv = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
        if (rv != CKR_OK)
                return rv;

        // Create the secret object using C_CreateObject
        rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, hKey, OBJECT_OP_UNWRAP);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*hKey);
                if (osobject == NULL_PTR || !osobject->isValid())
                        rv = CKR_FUNCTION_FAILED;
                if (osobject->startTransaction())
                {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL, false);

                        // Common Secret Key Attributes
                        bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE, false);
                        bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, false);

                        // Secret Attributes
                        if (objClass == CKO_SECRET_KEY)
                        {
                                ByteString value;
                                if (isPrivate)
                                        token->encrypt(keydata, value);
                                else
                                        value = keydata;
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        }
                        else if (keyType == CKK_RSA)
                        {
                                bOK = bOK && setRSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
                        }
                        else if (keyType == CKK_DSA)
                        {
                                bOK = bOK && setDSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
                        }
                        else if (keyType == CKK_DH)
                        {
                                bOK = bOK && setDHPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
                        }
                        else if (keyType == CKK_EC)
                        {
                                bOK = bOK && setECPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
                        }
                        else
                                bOK = false;

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                }
                else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Remove secret that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*hKey != CK_INVALID_HANDLE)
                {
                        OSObject* obj = (OSObject*)handleManager->getObject(*hKey);
                        handleManager->destroyObject(*hKey);
                        if (obj) obj->destroyObject();
                        *hKey = CK_INVALID_HANDLE;
                }

        }

        return rv;
}

// Derive a key from the specified base key
CK_RV SoftHSM::C_DeriveKey
(
        CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hBaseKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey
)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phKey == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Check the mechanism, only accept DH and ECDH derive
        switch (pMechanism->mechanism)
        {
                case CKM_DH_PKCS_DERIVE:
#ifdef WITH_ECC
                case CKM_ECDH1_DERIVE:
#endif
#ifndef WITH_FIPS
                case CKM_DES_ECB_ENCRYPT_DATA:
                case CKM_DES_CBC_ENCRYPT_DATA:
#endif
                case CKM_DES3_ECB_ENCRYPT_DATA:
                case CKM_DES3_CBC_ENCRYPT_DATA:
                case CKM_AES_ECB_ENCRYPT_DATA:
                case CKM_AES_CBC_ENCRYPT_DATA:
                        break;
                default:
                        ERROR_MSG("Invalid mechanism");
                        return CKR_MECHANISM_INVALID;
        }

        // Get the token
        Token* token = session->getToken();
        if (token == NULL) return CKR_GENERAL_ERROR;

        // Check the key handle.
        OSObject *key = (OSObject *)handleManager->getObject(hBaseKey);
        if (key == NULL_PTR || !key->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        CK_BBOOL isKeyOnToken = key->getBooleanValue(CKA_TOKEN, false);
        CK_BBOOL isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, true);

        // Check user credentials
        CK_RV rv = haveRead(session->getState(), isKeyOnToken, isKeyPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");

                return rv;
        }

        // Check if key can be used for derive
        if (!key->getBooleanValue(CKA_DERIVE, false))
                return CKR_KEY_FUNCTION_NOT_PERMITTED;

        // Check if the specified mechanism is allowed for the key
        if (!isMechanismPermitted(key, pMechanism))
                return CKR_MECHANISM_INVALID;

        // Extract information from the template that is needed to create the object.
        CK_OBJECT_CLASS objClass;
        CK_KEY_TYPE keyType;
        CK_BBOOL isOnToken = CK_FALSE;
        CK_BBOOL isPrivate = CK_TRUE;
        CK_CERTIFICATE_TYPE dummy;
        bool isImplicit = false;
        rv = extractObjectInformation(pTemplate, ulCount, objClass, keyType, dummy, isOnToken, isPrivate, isImplicit);
        if (rv != CKR_OK)
        {
                ERROR_MSG("Mandatory attribute not present in template");
                return rv;
        }

        // Report errors and/or unexpected usage.
        if (objClass != CKO_SECRET_KEY)
                return CKR_ATTRIBUTE_VALUE_INVALID;
        if (keyType != CKK_GENERIC_SECRET &&
            keyType != CKK_DES &&
            keyType != CKK_DES2 &&
            keyType != CKK_DES3 &&
            keyType != CKK_AES)
                return CKR_TEMPLATE_INCONSISTENT;

        // Check authorization
        rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Derive DH secret
        if (pMechanism->mechanism == CKM_DH_PKCS_DERIVE)
        {
                // Check key class and type
                if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_DH)
                        return CKR_KEY_TYPE_INCONSISTENT;

                return this->deriveDH(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
        }

#ifdef WITH_ECC
        // Derive ECDH secret
        if (pMechanism->mechanism == CKM_ECDH1_DERIVE)
        {
                // Check key class and type
                if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_PRIVATE_KEY)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_EC)
                        return CKR_KEY_TYPE_INCONSISTENT;

                return this->deriveECDH(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
        }
#endif

        // Derive symmetric secret
        if (pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA)
        {
                // Check key class and type
                CK_KEY_TYPE baseKeyType = key->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED);
                if (key->getUnsignedLongValue(CKA_CLASS, CKO_VENDOR_DEFINED) != CKO_SECRET_KEY)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA &&
                    baseKeyType != CKK_DES)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA &&
                    baseKeyType != CKK_DES)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA &&
                    baseKeyType != CKK_DES2 && baseKeyType != CKK_DES3)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA &&
                    baseKeyType != CKK_DES2 && baseKeyType != CKK_DES3)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA &&
                    baseKeyType != CKK_AES)
                        return CKR_KEY_TYPE_INCONSISTENT;
                if (pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA &&
                    baseKeyType != CKK_AES)
                        return CKR_KEY_TYPE_INCONSISTENT;

                return this->deriveSymmetric(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey, keyType, isOnToken, isPrivate);
        }

        return CKR_MECHANISM_INVALID;
}

// Seed the random number generator with new data
CK_RV SoftHSM::C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pSeed == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the RNG
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL) return CKR_GENERAL_ERROR;

        // Seed the RNG
        ByteString seed(pSeed, ulSeedLen);
        rng->seed(seed);

        return CKR_OK;
}

// Generate the specified amount of random data
CK_RV SoftHSM::C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pRandomData == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the RNG
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL) return CKR_GENERAL_ERROR;

        // Generate random data
        ByteString randomData;
        if (!rng->generateRandom(randomData, ulRandomLen)) return CKR_GENERAL_ERROR;

        // Return random data
        if (ulRandomLen != 0)
        {
                memcpy(pRandomData, randomData.byte_str(), ulRandomLen);
        }

        return CKR_OK;
}

// Legacy function
CK_RV SoftHSM::C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_PARALLEL;
}

// Legacy function
CK_RV SoftHSM::C_CancelFunction(CK_SESSION_HANDLE hSession)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        return CKR_FUNCTION_NOT_PARALLEL;
}

// Wait or poll for a slot event on the specified slot
CK_RV SoftHSM::C_WaitForSlotEvent(CK_FLAGS /*flags*/, CK_SLOT_ID_PTR /*pSlot*/, CK_VOID_PTR /*pReserved*/)
{
        return CKR_FUNCTION_NOT_SUPPORTED;
}

// Generate an AES secret key
CK_RV SoftHSM::generateAES
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t keyLen = 0;
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_VALUE_LEN:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                keyLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // CKA_VALUE_LEN must be specified
        if (keyLen == 0)
        {
                INFO_MSG("Missing CKA_VALUE_LEN in pTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // keyLen must be 16, 24, or 32
        if (keyLen != 16 && keyLen != 24 && keyLen != 32)
        {
                INFO_MSG("bad AES key length");
                return CKR_ATTRIBUTE_VALUE_INVALID;
        }

        // Generate the secret key
        AESKey* key = new AESKey(keyLen * 8);
        SymmetricAlgorithm* aes = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::AES);
        if (aes == NULL)
        {
                ERROR_MSG("Could not get SymmetricAlgorithm");
                delete key;
                return CKR_GENERAL_ERROR;
        }
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL)
        {
                ERROR_MSG("Could not get RNG");
                aes->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(aes);
                return CKR_GENERAL_ERROR;
        }
        if (!aes->generateKey(*key, rng))
        {
                ERROR_MSG("Could not generate AES secret key");
                aes->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(aes);
                return CKR_GENERAL_ERROR;
        }

        CK_RV rv = CKR_OK;

        // Create the secret key object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_KEY_TYPE keyType = CKK_AES;
        CK_ATTRIBUTE keyAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG keyAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - keyAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        keyAttribs[keyAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_AES_KEY_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // Common Secret Key Attributes
                        bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                        bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                        bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                        // AES Secret Key Attributes
                        ByteString value;
                        ByteString kcv;
                        if (isPrivate)
                        {
                                token->encrypt(key->getKeyBits(), value);
                                token->encrypt(key->getKeyCheckValue(), kcv);
                        }
                        else
                        {
                                value = key->getKeyBits();
                                kcv = key->getKeyCheckValue();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        aes->recycleKey(key);
        CryptoFactory::i()->recycleSymmetricAlgorithm(aes);

        // Remove the key that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (oskey) oskey->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DES secret key
CK_RV SoftHSM::generateDES
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Generate the secret key
        DESKey* key = new DESKey(56);
        SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES);
        if (des == NULL)
        {
                ERROR_MSG("Could not get SymmetricAlgorithm");
                delete key;
                return CKR_GENERAL_ERROR;
        }
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL)
        {
                ERROR_MSG("Could not get RNG");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }
        if (!des->generateKey(*key, rng))
        {
                ERROR_MSG("Could not generate DES secret key");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }

        CK_RV rv = CKR_OK;

        // Create the secret key object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_KEY_TYPE keyType = CKK_DES;
        CK_ATTRIBUTE keyAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG keyAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - keyAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        keyAttribs[keyAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES_KEY_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // Common Secret Key Attributes
                        bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                        bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                        bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                        // DES Secret Key Attributes
                        ByteString value;
                        ByteString kcv;
                        if (isPrivate)
                        {
                                token->encrypt(key->getKeyBits(), value);
                                token->encrypt(key->getKeyCheckValue(), kcv);
                        }
                        else
                        {
                                value = key->getKeyBits();
                                kcv = key->getKeyCheckValue();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        des->recycleKey(key);
        CryptoFactory::i()->recycleSymmetricAlgorithm(des);

        // Remove the key that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (oskey) oskey->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DES2 secret key
CK_RV SoftHSM::generateDES2
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Generate the secret key
        DESKey* key = new DESKey(112);
        SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES3);
        if (des == NULL)
        {
                ERROR_MSG("Could not get SymmetricAlgorith");
                delete key;
                return CKR_GENERAL_ERROR;
        }
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL)
        {
                ERROR_MSG("Could not get RNG");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }
        if (!des->generateKey(*key, rng))
        {
                ERROR_MSG("Could not generate DES secret key");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }

        CK_RV rv = CKR_OK;

        // Create the secret key object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_KEY_TYPE keyType = CKK_DES2;
        CK_ATTRIBUTE keyAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG keyAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - keyAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        keyAttribs[keyAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES2_KEY_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // Common Secret Key Attributes
                        bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                        bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                        bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                        // DES Secret Key Attributes
                        ByteString value;
                        ByteString kcv;
                        if (isPrivate)
                        {
                                token->encrypt(key->getKeyBits(), value);
                                token->encrypt(key->getKeyCheckValue(), kcv);
                        }
                        else
                        {
                                value = key->getKeyBits();
                                kcv = key->getKeyCheckValue();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        des->recycleKey(key);
        CryptoFactory::i()->recycleSymmetricAlgorithm(des);

        // Remove the key that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (oskey) oskey->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DES3 secret key
CK_RV SoftHSM::generateDES3
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Generate the secret key
        DESKey* key = new DESKey(168);
        SymmetricAlgorithm* des = CryptoFactory::i()->getSymmetricAlgorithm(SymAlgo::DES3);
        if (des == NULL)
        {
                ERROR_MSG("Could not get SymmetricAlgorithm");
                delete key;
                return CKR_GENERAL_ERROR;
        }
        RNG* rng = CryptoFactory::i()->getRNG();
        if (rng == NULL)
        {
                ERROR_MSG("Could not get RNG");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }
        if (!des->generateKey(*key, rng))
        {
                ERROR_MSG("Could not generate DES secret key");
                des->recycleKey(key);
                CryptoFactory::i()->recycleSymmetricAlgorithm(des);
                return CKR_GENERAL_ERROR;
        }

        CK_RV rv = CKR_OK;

        // Create the secret key object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_KEY_TYPE keyType = CKK_DES3;
        CK_ATTRIBUTE keyAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG keyAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - keyAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        keyAttribs[keyAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, keyAttribs, keyAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DES3_KEY_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // Common Secret Key Attributes
                        bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                        bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                        bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                        // DES Secret Key Attributes
                        ByteString value;
                        ByteString kcv;
                        if (isPrivate)
                        {
                                token->encrypt(key->getKeyBits(), value);
                                token->encrypt(key->getKeyCheckValue(), kcv);
                        }
                        else
                        {
                                value = key->getKeyBits();
                                kcv = key->getKeyCheckValue();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        des->recycleKey(key);
        CryptoFactory::i()->recycleSymmetricAlgorithm(des);

        // Remove the key that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* oskey = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (oskey) oskey->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate an RSA key pair
CK_RV SoftHSM::generateRSA
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey,
        CK_BBOOL isPublicKeyOnToken,
        CK_BBOOL isPublicKeyPrivate,
        CK_BBOOL isPrivateKeyOnToken,
        CK_BBOOL isPrivateKeyPrivate
)
{
        *phPublicKey = CK_INVALID_HANDLE;
        *phPrivateKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired key information: bitlen and public exponent
        size_t bitLen = 0;
        ByteString exponent("010001");
        for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
        {
                switch (pPublicKeyTemplate[i].type)
                {
                        case CKA_MODULUS_BITS:
                                if (pPublicKeyTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_MODULUS_BITS does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                bitLen = *(CK_ULONG*)pPublicKeyTemplate[i].pValue;
                                break;
                        case CKA_PUBLIC_EXPONENT:
                                exponent = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        default:
                                break;
                }
        }

        // CKA_MODULUS_BITS must be specified to be able to generate a key pair.
        if (bitLen == 0) {
                INFO_MSG("Missing CKA_MODULUS_BITS in pPublicKeyTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Set the parameters
        RSAParameters p;
        p.setE(exponent);
        p.setBitLength(bitLen);

        // Generate key pair
        AsymmetricKeyPair* kp = NULL;
        AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
        if (rsa == NULL)
                return CKR_GENERAL_ERROR;
        if (!rsa->generateKeyPair(&kp, &p))
        {
                ERROR_MSG("Could not generate key pair");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
                return CKR_GENERAL_ERROR;
        }

        RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
        RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();

        CK_RV rv = CKR_OK;

        // Create a public key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
                CK_KEY_TYPE publicKeyType = CKK_RSA;
                CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
                        { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
                        { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
                        { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
                };
                CK_ULONG publicKeyAttribsCount = 4;

                // Add the additional
                if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPublicKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                case CKA_PUBLIC_EXPONENT:
                                        continue;
                                default:
                                        publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_RSA_PKCS_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // RSA Public Key Attributes
                                ByteString modulus;
                                ByteString publicExponent;
                                if (isPublicKeyPrivate)
                                {
                                        token->encrypt(pub->getN(), modulus);
                                        token->encrypt(pub->getE(), publicExponent);
                                }
                                else
                                {
                                        modulus = pub->getN();
                                        publicExponent = pub->getE();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_MODULUS, modulus);
                                bOK = bOK && osobject->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Create a private key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
                CK_KEY_TYPE privateKeyType = CKK_RSA;
                CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
                        { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
                        { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
                        { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
                };
                CK_ULONG privateKeyAttribsCount = 4;
                if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPrivateKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_RSA_PKCS_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // Common Private Key Attributes
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                                // RSA Private Key Attributes
                                ByteString modulus;
                                ByteString publicExponent;
                                ByteString privateExponent;
                                ByteString prime1;
                                ByteString prime2;
                                ByteString exponent1;
                                ByteString exponent2;
                                ByteString coefficient;
                                if (isPrivateKeyPrivate)
                                {
                                        token->encrypt(priv->getN(), modulus);
                                        token->encrypt(priv->getE(), publicExponent);
                                        token->encrypt(priv->getD(), privateExponent);
                                        token->encrypt(priv->getP(), prime1);
                                        token->encrypt(priv->getQ(), prime2);
                                        token->encrypt(priv->getDP1(), exponent1);
                                        token->encrypt(priv->getDQ1(), exponent2);
                                        token->encrypt(priv->getPQ(), coefficient);
                                }
                                else
                                {
                                        modulus = priv->getN();
                                        publicExponent = priv->getE();
                                        privateExponent = priv->getD();
                                        prime1 = priv->getP();
                                        prime2 = priv->getQ();
                                        exponent1 =  priv->getDP1();
                                        exponent2 = priv->getDQ1();
                                        coefficient = priv->getPQ();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_MODULUS, modulus);
                                bOK = bOK && osobject->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);
                                bOK = bOK && osobject->setAttribute(CKA_PRIVATE_EXPONENT, privateExponent);
                                bOK = bOK && osobject->setAttribute(CKA_PRIME_1, prime1);
                                bOK = bOK && osobject->setAttribute(CKA_PRIME_2, prime2);
                                bOK = bOK && osobject->setAttribute(CKA_EXPONENT_1,exponent1);
                                bOK = bOK && osobject->setAttribute(CKA_EXPONENT_2, exponent2);
                                bOK = bOK && osobject->setAttribute(CKA_COEFFICIENT, coefficient);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Clean up
        rsa->recycleKeyPair(kp);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);

        // Remove keys that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phPrivateKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
                        handleManager->destroyObject(*phPrivateKey);
                        if (ospriv) ospriv->destroyObject();
                        *phPrivateKey = CK_INVALID_HANDLE;
                }

                if (*phPublicKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
                        handleManager->destroyObject(*phPublicKey);
                        if (ospub) ospub->destroyObject();
                        *phPublicKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DSA key pair
CK_RV SoftHSM::generateDSA
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey,
        CK_BBOOL isPublicKeyOnToken,
        CK_BBOOL isPublicKeyPrivate,
        CK_BBOOL isPrivateKeyOnToken,
        CK_BBOOL isPrivateKeyPrivate)
{
        *phPublicKey = CK_INVALID_HANDLE;
        *phPrivateKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired key information
        ByteString prime;
        ByteString subprime;
        ByteString generator;
        for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
        {
                switch (pPublicKeyTemplate[i].type)
                {
                        case CKA_PRIME:
                                prime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        case CKA_SUBPRIME:
                                subprime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        case CKA_BASE:
                                generator = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        default:
                                break;
                }
        }

        // The parameters must be specified to be able to generate a key pair.
        if (prime.size() == 0 || subprime.size() == 0 || generator.size() == 0) {
                INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Set the parameters
        DSAParameters p;
        p.setP(prime);
        p.setQ(subprime);
        p.setG(generator);

        // Generate key pair
        AsymmetricKeyPair* kp = NULL;
        AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
        if (dsa == NULL) return CKR_GENERAL_ERROR;
        if (!dsa->generateKeyPair(&kp, &p))
        {
                ERROR_MSG("Could not generate key pair");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
                return CKR_GENERAL_ERROR;
        }

        DSAPublicKey* pub = (DSAPublicKey*) kp->getPublicKey();
        DSAPrivateKey* priv = (DSAPrivateKey*) kp->getPrivateKey();

        CK_RV rv = CKR_OK;

        // Create a public key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
                CK_KEY_TYPE publicKeyType = CKK_DSA;
                CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
                        { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
                        { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
                        { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
                };
                CK_ULONG publicKeyAttribsCount = 4;

                // Add the additional
                if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPublicKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // DSA Public Key Attributes
                                ByteString value;
                                if (isPublicKeyPrivate)
                                {
                                        token->encrypt(pub->getY(), value);
                                }
                                else
                                {
                                        value = pub->getY();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, value);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Create a private key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
                CK_KEY_TYPE privateKeyType = CKK_DSA;
                CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
                        { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
                        { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
                        { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
                };
                CK_ULONG privateKeyAttribsCount = 4;
                if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPrivateKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // Common Private Key Attributes
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                                // DSA Private Key Attributes
                                ByteString bPrime;
                                ByteString bSubprime;
                                ByteString bGenerator;
                                ByteString bValue;
                                if (isPrivateKeyPrivate)
                                {
                                        token->encrypt(priv->getP(), bPrime);
                                        token->encrypt(priv->getQ(), bSubprime);
                                        token->encrypt(priv->getG(), bGenerator);
                                        token->encrypt(priv->getX(), bValue);
                                }
                                else
                                {
                                        bPrime = priv->getP();
                                        bSubprime = priv->getQ();
                                        bGenerator = priv->getG();
                                        bValue = priv->getX();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_PRIME, bPrime);
                                bOK = bOK && osobject->setAttribute(CKA_SUBPRIME, bSubprime);
                                bOK = bOK && osobject->setAttribute(CKA_BASE, bGenerator);
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, bValue);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Clean up
        dsa->recycleKeyPair(kp);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);

        // Remove keys that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phPrivateKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
                        handleManager->destroyObject(*phPrivateKey);
                        if (ospriv) ospriv->destroyObject();
                        *phPrivateKey = CK_INVALID_HANDLE;
                }

                if (*phPublicKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
                        handleManager->destroyObject(*phPublicKey);
                        if (ospub) ospub->destroyObject();
                        *phPublicKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DSA domain parameter set
CK_RV SoftHSM::generateDSAParameters
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t bitLen = 0;
        size_t qLen = 0;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_PRIME_BITS:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_PRIME_BITS does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                bitLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        case CKA_SUBPRIME_BITS:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_SUBPRIME_BITS does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                qLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        default:
                                break;
                }
        }

        // CKA_PRIME_BITS must be specified
        if (bitLen == 0)
        {
                INFO_MSG("Missing CKA_PRIME_BITS in pTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // No real choice for CKA_SUBPRIME_BITS
        if ((qLen != 0) &&
            (((bitLen >= 2048) && (qLen != 256)) ||
             ((bitLen < 2048) && (qLen != 160))))
                INFO_MSG("CKA_SUBPRIME_BITS is ignored");


        // Generate domain parameters
        AsymmetricParameters* p = NULL;
        AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
        if (dsa == NULL) return CKR_GENERAL_ERROR;
        if (!dsa->generateParameters(&p, (void *)bitLen))
        {
                ERROR_MSG("Could not generate parameters");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
                return CKR_GENERAL_ERROR;
        }

        DSAParameters* params = (DSAParameters*) p;

        CK_RV rv = CKR_OK;

        // Create the domain parameter object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_DOMAIN_PARAMETERS;
        CK_KEY_TYPE keyType = CKK_DSA;
        CK_ATTRIBUTE paramsAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG paramsAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - paramsAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                                continue;
                default:
                        paramsAttribs[paramsAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, paramsAttribs, paramsAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DSA_PARAMETER_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // DSA Domain Parameters Attributes
                        ByteString prime;
                        ByteString subprime;
                        ByteString generator;
                        if (isPrivate)
                        {
                                token->encrypt(params->getP(), prime);
                                token->encrypt(params->getQ(), subprime);
                                token->encrypt(params->getG(), generator);
                        }
                        else
                        {
                                prime = params->getP();
                                subprime = params->getQ();
                                generator = params->getG();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_PRIME, prime);
                        bOK = bOK && osobject->setAttribute(CKA_SUBPRIME, subprime);
                        bOK = bOK && osobject->setAttribute(CKA_BASE, generator);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        dsa->recycleParameters(p);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);

        // Remove parameters that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* osparams = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (osparams) osparams->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate an EC key pair
CK_RV SoftHSM::generateEC
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey,
        CK_BBOOL isPublicKeyOnToken,
        CK_BBOOL isPublicKeyPrivate,
        CK_BBOOL isPrivateKeyOnToken,
        CK_BBOOL isPrivateKeyPrivate)
{
        *phPublicKey = CK_INVALID_HANDLE;
        *phPrivateKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired key information
        ByteString params;
        for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
        {
                switch (pPublicKeyTemplate[i].type)
                {
                        case CKA_EC_PARAMS:
                                params = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        default:
                                break;
                }
        }

        // The parameters must be specified to be able to generate a key pair.
        if (params.size() == 0) {
                INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Set the parameters
        ECParameters p;
        p.setEC(params);

        // Generate key pair
        AsymmetricKeyPair* kp = NULL;
        AsymmetricAlgorithm* ec = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
        if (ec == NULL) return CKR_GENERAL_ERROR;
        if (!ec->generateKeyPair(&kp, &p))
        {
                ERROR_MSG("Could not generate key pair");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
                return CKR_GENERAL_ERROR;
        }

        ECPublicKey* pub = (ECPublicKey*) kp->getPublicKey();
        ECPrivateKey* priv = (ECPrivateKey*) kp->getPrivateKey();

        CK_RV rv = CKR_OK;

        // Create a public key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
                CK_KEY_TYPE publicKeyType = CKK_EC;
                CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
                        { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
                        { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
                        { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
                };
                CK_ULONG publicKeyAttribsCount = 4;

                // Add the additional
                if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPublicKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // EC Public Key Attributes
                                ByteString point;
                                if (isPublicKeyPrivate)
                                {
                                        token->encrypt(pub->getQ(), point);
                                }
                                else
                                {
                                        point = pub->getQ();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_EC_POINT, point);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Create a private key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
                CK_KEY_TYPE privateKeyType = CKK_EC;
                CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
                        { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
                        { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
                        { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
                };
                CK_ULONG privateKeyAttribsCount = 4;
                if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPrivateKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // Common Private Key Attributes
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                                // EC Private Key Attributes
                                ByteString group;
                                ByteString value;
                                if (isPrivateKeyPrivate)
                                {
                                        token->encrypt(priv->getEC(), group);
                                        token->encrypt(priv->getD(), value);
                                }
                                else
                                {
                                        group = priv->getEC();
                                        value = priv->getD();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_EC_PARAMS, group);
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, value);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Clean up
        ec->recycleKeyPair(kp);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);

        // Remove keys that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phPrivateKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
                        handleManager->destroyObject(*phPrivateKey);
                        if (ospriv) ospriv->destroyObject();
                        *phPrivateKey = CK_INVALID_HANDLE;
                }

                if (*phPublicKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
                        handleManager->destroyObject(*phPublicKey);
                        if (ospub) ospub->destroyObject();
                        *phPublicKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DH key pair
CK_RV SoftHSM::generateDH
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey,
        CK_BBOOL isPublicKeyOnToken,
        CK_BBOOL isPublicKeyPrivate,
        CK_BBOOL isPrivateKeyOnToken,
        CK_BBOOL isPrivateKeyPrivate)
{
        *phPublicKey = CK_INVALID_HANDLE;
        *phPrivateKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired key information
        ByteString prime;
        ByteString generator;
        for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
        {
                switch (pPublicKeyTemplate[i].type)
                {
                        case CKA_PRIME:
                                prime = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        case CKA_BASE:
                                generator = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        default:
                                break;
                }
        }

        // The parameters must be specified to be able to generate a key pair.
        if (prime.size() == 0 || generator.size() == 0) {
                INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Extract optional bit length
        size_t bitLen = 0;
        for (CK_ULONG i = 0; i < ulPrivateKeyAttributeCount; i++)
        {
                switch (pPrivateKeyTemplate[i].type)
                {
                        case CKA_VALUE_BITS:
                                bitLen = *(CK_ULONG*)pPrivateKeyTemplate[i].pValue;
                                break;
                        default:
                                break;
                }
        }

        // Set the parameters
        DHParameters p;
        p.setP(prime);
        p.setG(generator);
        p.setXBitLength(bitLen);

        // Generate key pair
        AsymmetricKeyPair* kp = NULL;
        AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
        if (dh == NULL) return CKR_GENERAL_ERROR;
        if (!dh->generateKeyPair(&kp, &p))
        {
                ERROR_MSG("Could not generate key pair");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_GENERAL_ERROR;
        }

        DHPublicKey* pub = (DHPublicKey*) kp->getPublicKey();
        DHPrivateKey* priv = (DHPrivateKey*) kp->getPrivateKey();

        CK_RV rv = CKR_OK;

        // Create a public key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
                CK_KEY_TYPE publicKeyType = CKK_DH;
                CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
                        { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
                        { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
                        { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
                };
                CK_ULONG publicKeyAttribsCount = 4;

                // Add the additional
                if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPublicKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // DH Public Key Attributes
                                ByteString value;
                                if (isPublicKeyPrivate)
                                {
                                        token->encrypt(pub->getY(), value);
                                }
                                else
                                {
                                        value = pub->getY();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, value);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Create a private key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
                CK_KEY_TYPE privateKeyType = CKK_DH;
                CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
                        { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
                        { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
                        { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
                };
                CK_ULONG privateKeyAttribsCount = 4;
                if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPrivateKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // Common Private Key Attributes
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                                // DH Private Key Attributes
                                ByteString bPrime;
                                ByteString bGenerator;
                                ByteString bValue;
                                if (isPrivateKeyPrivate)
                                {
                                        token->encrypt(priv->getP(), bPrime);
                                        token->encrypt(priv->getG(), bGenerator);
                                        token->encrypt(priv->getX(), bValue);
                                }
                                else
                                {
                                        bPrime = priv->getP();
                                        bGenerator = priv->getG();
                                        bValue = priv->getX();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_PRIME, bPrime);
                                bOK = bOK && osobject->setAttribute(CKA_BASE, bGenerator);
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, bValue);

                                if (bitLen == 0)
                                {
                                        bOK = bOK && osobject->setAttribute(CKA_VALUE_BITS, (unsigned long)priv->getX().bits());
                                }

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Clean up
        dh->recycleKeyPair(kp);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);

        // Remove keys that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phPrivateKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
                        handleManager->destroyObject(*phPrivateKey);
                        if (ospriv) ospriv->destroyObject();
                        *phPrivateKey = CK_INVALID_HANDLE;
                }

                if (*phPublicKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
                        handleManager->destroyObject(*phPublicKey);
                        if (ospub) ospub->destroyObject();
                        *phPublicKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a DH domain parameter set
CK_RV SoftHSM::generateDHParameters
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t bitLen = 0;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_PRIME_BITS:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_PRIME_BITS does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                bitLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        default:
                                break;
                }
        }

        // CKA_PRIME_BITS must be specified
        if (bitLen == 0)
        {
                INFO_MSG("Missing CKA_PRIME_BITS in pTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Generate domain parameters
        AsymmetricParameters* p = NULL;
        AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
        if (dh == NULL) return CKR_GENERAL_ERROR;
        if (!dh->generateParameters(&p, (void *)bitLen))
        {
                ERROR_MSG("Could not generate parameters");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_GENERAL_ERROR;
        }

        DHParameters* params = (DHParameters*) p;

        CK_RV rv = CKR_OK;

        // Create the domain parameter object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_DOMAIN_PARAMETERS;
        CK_KEY_TYPE keyType = CKK_DH;
        CK_ATTRIBUTE paramsAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG paramsAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - paramsAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                                continue;
                default:
                        paramsAttribs[paramsAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, paramsAttribs, paramsAttribsCount, phKey,OBJECT_OP_GENERATE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                        CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_DH_PKCS_PARAMETER_GEN;
                        bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                        // DH Domain Parameters Attributes
                        ByteString prime;
                        ByteString generator;
                        if (isPrivate)
                        {
                                token->encrypt(params->getP(), prime);
                                token->encrypt(params->getG(), generator);
                        }
                        else
                        {
                                prime = params->getP();
                                generator = params->getG();
                        }
                        bOK = bOK && osobject->setAttribute(CKA_PRIME, prime);
                        bOK = bOK && osobject->setAttribute(CKA_BASE, generator);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        dh->recycleParameters(p);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);

        // Remove parameters that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* osparams = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (osparams) osparams->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Generate a GOST key pair
CK_RV SoftHSM::generateGOST
(CK_SESSION_HANDLE hSession,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        CK_OBJECT_HANDLE_PTR phPublicKey,
        CK_OBJECT_HANDLE_PTR phPrivateKey,
        CK_BBOOL isPublicKeyOnToken,
        CK_BBOOL isPublicKeyPrivate,
        CK_BBOOL isPrivateKeyOnToken,
        CK_BBOOL isPrivateKeyPrivate)
{
        *phPublicKey = CK_INVALID_HANDLE;
        *phPrivateKey = CK_INVALID_HANDLE;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired key information
        ByteString param_3410;
        ByteString param_3411;
        ByteString param_28147;
        for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
        {
                switch (pPublicKeyTemplate[i].type)
                {
                        case CKA_GOSTR3410_PARAMS:
                                param_3410 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        case CKA_GOSTR3411_PARAMS:
                                param_3411 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        case CKA_GOST28147_PARAMS:
                                param_28147 = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
                                break;
                        default:
                                break;
                }
        }

        // The parameters must be specified to be able to generate a key pair.
        if (param_3410.size() == 0 || param_3411.size() == 0) {
                INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
                return CKR_TEMPLATE_INCOMPLETE;
        }

        // Set the parameters
        ECParameters p;
        p.setEC(param_3410);

        // Generate key pair
        AsymmetricKeyPair* kp = NULL;
        AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);
        if (gost == NULL) return CKR_GENERAL_ERROR;
        if (!gost->generateKeyPair(&kp, &p))
        {
                ERROR_MSG("Could not generate key pair");
                CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
                return CKR_GENERAL_ERROR;
        }

        GOSTPublicKey* pub = (GOSTPublicKey*) kp->getPublicKey();
        GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey();

        CK_RV rv = CKR_OK;

        // Create a public key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
                CK_KEY_TYPE publicKeyType = CKK_GOSTR3410;
                CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
                        { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
                        { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
                        { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
                };
                CK_ULONG publicKeyAttribsCount = 4;

                // Add the additional
                if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPublicKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // EC Public Key Attributes
                                ByteString point;
                                if (isPublicKeyPrivate)
                                {
                                        token->encrypt(pub->getQ(), point);
                                }
                                else
                                {
                                        point = pub->getQ();
                                }
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, point);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                rv = CKR_FUNCTION_FAILED;
                }
        }

        // Create a private key using C_CreateObject
        if (rv == CKR_OK)
        {
                const CK_ULONG maxAttribs = 32;
                CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
                CK_KEY_TYPE privateKeyType = CKK_GOSTR3410;
                CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
                        { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
                        { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
                        { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
                        { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
                };
                CK_ULONG privateKeyAttribsCount = 4;
                if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
                        rv = CKR_TEMPLATE_INCONSISTENT;
                for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
                {
                        switch (pPrivateKeyTemplate[i].type)
                        {
                                case CKA_CLASS:
                                case CKA_TOKEN:
                                case CKA_PRIVATE:
                                case CKA_KEY_TYPE:
                                        continue;
                                default:
                                        privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
                        }
                }

                if (rv == CKR_OK)
                        rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);

                // Store the attributes that are being supplied by the key generation to the object
                if (rv == CKR_OK)
                {
                        OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
                        if (osobject == NULL_PTR || !osobject->isValid()) {
                                rv = CKR_FUNCTION_FAILED;
                        } else if (osobject->startTransaction()) {
                                bool bOK = true;

                                // Common Key Attributes
                                bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
                                CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_EC_KEY_PAIR_GEN;
                                bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);

                                // Common Private Key Attributes
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);

                                // GOST Private Key Attributes
                                ByteString value;
                                ByteString param_a;
                                ByteString param_b;
                                ByteString param_c;
                                if (isPrivateKeyPrivate)
                                {
                                        token->encrypt(priv->getD(), value);
                                        token->encrypt(priv->getEC(), param_a);
                                        token->encrypt(param_3411, param_b);
                                        token->encrypt(param_28147, param_c);
                                }
                                else
                                {
                                        value = priv->getD();
                                        param_a = priv->getEC();
                                        param_b = param_3411;
                                        param_c = param_28147;
                                }
                                bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                                bOK = bOK && osobject->setAttribute(CKA_GOSTR3410_PARAMS, param_a);
                                bOK = bOK && osobject->setAttribute(CKA_GOSTR3411_PARAMS, param_b);
                                bOK = bOK && osobject->setAttribute(CKA_GOST28147_PARAMS, param_c);

                                if (bOK)
                                        bOK = osobject->commitTransaction();
                                else
                                        osobject->abortTransaction();

                                if (!bOK)
                                        rv = CKR_FUNCTION_FAILED;
                        } else
                                  rv = CKR_FUNCTION_FAILED;
                }
        }

        // Clean up
        gost->recycleKeyPair(kp);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);

        // Remove keys that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phPrivateKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
                        handleManager->destroyObject(*phPrivateKey);
                        if (ospriv) ospriv->destroyObject();
                        *phPrivateKey = CK_INVALID_HANDLE;
                }

                if (*phPublicKey != CK_INVALID_HANDLE)
                {
                        OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
                        handleManager->destroyObject(*phPublicKey);
                        if (ospub) ospub->destroyObject();
                        *phPublicKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Derive a DH secret
CK_RV SoftHSM::deriveDH
(CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hBaseKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_KEY_TYPE keyType,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        if (pMechanism->pParameter == NULL_PTR) return CKR_MECHANISM_PARAM_INVALID;
        if (pMechanism->ulParameterLen == 0) return CKR_MECHANISM_PARAM_INVALID;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t byteLen = 0;
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_VALUE:
                                INFO_MSG("CKA_VALUE must not be included");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        case CKA_VALUE_LEN:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                byteLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Check the length
        switch (keyType)
        {
                case CKK_GENERIC_SECRET:
                        if (byteLen == 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be set");
                                return CKR_TEMPLATE_INCOMPLETE;
                        }
                        break;
#ifndef WITH_FIPS
                case CKK_DES:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 8;
                        break;
#endif
                case CKK_DES2:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 16;
                        break;
                case CKK_DES3:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 24;
                        break;
                case CKK_AES:
                        if (byteLen != 16 && byteLen != 24 && byteLen != 32)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 16, 24, or 32");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        break;
                default:
                        return CKR_ATTRIBUTE_VALUE_INVALID;
        }

        // Get the base key handle
        OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
        if (baseKey == NULL || !baseKey->isValid())
                return CKR_KEY_HANDLE_INVALID;

        // Get the DH algorithm handler
        AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
        if (dh == NULL)
                return CKR_MECHANISM_INVALID;

        // Get the keys
        PrivateKey* privateKey = dh->newPrivateKey();
        if (privateKey == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_HOST_MEMORY;
        }
        if (getDHPrivateKey((DHPrivateKey*)privateKey, token, baseKey) != CKR_OK)
        {
                dh->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_GENERAL_ERROR;
        }

        ByteString mechParameters;
        mechParameters.resize(pMechanism->ulParameterLen);
        memcpy(&mechParameters[0], pMechanism->pParameter, pMechanism->ulParameterLen);
        PublicKey* publicKey = dh->newPublicKey();
        if (publicKey == NULL)
        {
                dh->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_HOST_MEMORY;
        }
        if (getDHPublicKey((DHPublicKey*)publicKey, (DHPrivateKey*)privateKey, mechParameters) != CKR_OK)
        {
                dh->recyclePrivateKey(privateKey);
                dh->recyclePublicKey(publicKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return CKR_GENERAL_ERROR;
        }

        // Derive the secret
        SymmetricKey* secret = NULL;
        CK_RV rv = CKR_OK;
        if (!dh->deriveKey(&secret, publicKey, privateKey))
                rv = CKR_GENERAL_ERROR;
        dh->recyclePrivateKey(privateKey);
        dh->recyclePublicKey(publicKey);

        // Create the secret object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_ATTRIBUTE secretAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG secretAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - secretAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        secretAttribs[secretAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);

                        // Common Secret Key Attributes
                        if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
                        {
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
                        }
                        if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
                        {
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
                        }

                        // Secret Attributes
                        ByteString secretValue = secret->getKeyBits();
                        ByteString value;
                        ByteString plainKCV;
                        ByteString kcv;

                        if (byteLen > secretValue.size())
                        {
                                INFO_MSG("The derived secret is too short");
                                bOK = false;
                        }
                        else
                        {
                                // Truncate value when requested, remove from the leading end
                                if (byteLen < secretValue.size())
                                        secretValue.split(secretValue.size() - byteLen);

                                // Fix the odd parity for DES
                                if (keyType == CKK_DES ||
                                    keyType == CKK_DES2 ||
                                    keyType == CKK_DES3)
                                {
                                        for (size_t i = 0; i < secretValue.size(); i++)
                                        {
                                                secretValue[i] = odd_parity[secretValue[i]];
                                        }
                                }

                                // Get the KCV
                                switch (keyType)
                                {
                                        case CKK_GENERIC_SECRET:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = secret->getKeyCheckValue();
                                                break;
                                        case CKK_DES:
                                        case CKK_DES2:
                                        case CKK_DES3:
                                                secret->setBitLen(byteLen * 7);
                                                plainKCV = ((DESKey*)secret)->getKeyCheckValue();
                                                break;
                                        case CKK_AES:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = ((AESKey*)secret)->getKeyCheckValue();
                                                break;
                                        default:
                                                bOK = false;
                                                break;
                                }

                                if (isPrivate)
                                {
                                        token->encrypt(secretValue, value);
                                        token->encrypt(plainKCV, kcv);
                                }
                                else
                                {
                                        value = secretValue;
                                        kcv = plainKCV;
                                }
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        dh->recycleSymmetricKey(secret);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);

        // Remove secret that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (ossecret) ossecret->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

// Derive an ECDH secret
CK_RV SoftHSM::deriveECDH
(CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hBaseKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_KEY_TYPE keyType,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
#ifdef WITH_ECC
        *phKey = CK_INVALID_HANDLE;

        if ((pMechanism->pParameter == NULL_PTR) ||
            (pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)))
        {
                DEBUG_MSG("pParameter must be of type CK_ECDH1_DERIVE_PARAMS");
                return CKR_MECHANISM_PARAM_INVALID;
        }
        if (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->kdf != CKD_NULL)
        {
                DEBUG_MSG("kdf must be CKD_NULL");
                return CKR_MECHANISM_PARAM_INVALID;
        }
        if ((CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulSharedDataLen != 0) ||
            (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pSharedData != NULL_PTR))
        {
                DEBUG_MSG("there must be no shared data");
                return CKR_MECHANISM_PARAM_INVALID;
        }
        if ((CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen == 0) ||
            (CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pPublicData == NULL_PTR))
        {
                DEBUG_MSG("there must be a public data");
                return CKR_MECHANISM_PARAM_INVALID;
        }

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t byteLen = 0;
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_VALUE:
                                INFO_MSG("CKA_VALUE must not be included");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        case CKA_VALUE_LEN:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                byteLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Check the length
        // byteLen == 0 impiles return max size the ECC can derive
        switch (keyType)
        {
                case CKK_GENERIC_SECRET:
                        break;
#ifndef WITH_FIPS
                case CKK_DES:
                        if (byteLen != 0 && byteLen != 8)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 0 or 8");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        byteLen = 8;
                        break;
#endif
                case CKK_DES2:
                        if (byteLen != 0 && byteLen != 16)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 0 or 16");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        byteLen = 16;
                        break;
                case CKK_DES3:
                        if (byteLen != 0 && byteLen != 24)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 0 or 24");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        byteLen = 24;
                        break;
                case CKK_AES:
                        if (byteLen != 0 && byteLen != 16 && byteLen != 24 && byteLen != 32)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 0, 16, 24, or 32");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        break;
                default:
                        return CKR_ATTRIBUTE_VALUE_INVALID;
        }

        // Get the base key handle
        OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
        if (baseKey == NULL || !baseKey->isValid())
                return CKR_KEY_HANDLE_INVALID;

        // Get the ECDH algorithm handler
        AsymmetricAlgorithm* ecdh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDH);
        if (ecdh == NULL)
                return CKR_MECHANISM_INVALID;

        // Get the keys
        PrivateKey* privateKey = ecdh->newPrivateKey();
        if (privateKey == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
                return CKR_HOST_MEMORY;
        }
        if (getECPrivateKey((ECPrivateKey*)privateKey, token, baseKey) != CKR_OK)
        {
                ecdh->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
                return CKR_GENERAL_ERROR;
        }

        ByteString publicData;
        publicData.resize(CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen);
        memcpy(&publicData[0],
               CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->pPublicData,
               CK_ECDH1_DERIVE_PARAMS_PTR(pMechanism->pParameter)->ulPublicDataLen);
        PublicKey* publicKey = ecdh->newPublicKey();
        if (publicKey == NULL)
        {
                ecdh->recyclePrivateKey(privateKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
                return CKR_HOST_MEMORY;
        }
        if (getECDHPublicKey((ECPublicKey*)publicKey, (ECPrivateKey*)privateKey, publicData) != CKR_OK)
        {
                ecdh->recyclePrivateKey(privateKey);
                ecdh->recyclePublicKey(publicKey);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);
                return CKR_GENERAL_ERROR;
        }

        // Derive the secret
        SymmetricKey* secret = NULL;
        CK_RV rv = CKR_OK;
        if (!ecdh->deriveKey(&secret, publicKey, privateKey))
                rv = CKR_GENERAL_ERROR;
        ecdh->recyclePrivateKey(privateKey);
        ecdh->recyclePublicKey(publicKey);

        // Create the secret object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_ATTRIBUTE secretAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG secretAttribsCount = 4;

        // Add the additional
        if (ulCount > (maxAttribs - secretAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                default:
                        secretAttribs[secretAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);

                        // Common Secret Key Attributes
                        if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
                        {
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
                        }
                        if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
                        {
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
                        }

                        // Secret Attributes
                        ByteString secretValue = secret->getKeyBits();
                        ByteString value;
                        ByteString plainKCV;
                        ByteString kcv;

                        // For generic and AES keys:
                        // default to return max size available.
                        if (byteLen == 0)
                        {
                                switch (keyType)
                                {
                                        case CKK_GENERIC_SECRET:
                                                byteLen = secretValue.size();
                                                break;
                                        case CKK_AES:
                                                if (secretValue.size() >= 32)
                                                        byteLen = 32;
                                                else if (secretValue.size() >= 24)
                                                        byteLen = 24;
                                                else
                                                        byteLen = 16;
                                }
                        }

                        if (byteLen > secretValue.size())
                        {
                                INFO_MSG("The derived secret is too short");
                                bOK = false;
                        }
                        else
                        {
                                // Truncate value when requested, remove from the leading end
                                if (byteLen < secretValue.size())
                                        secretValue.split(secretValue.size() - byteLen);

                                // Fix the odd parity for DES
                                if (keyType == CKK_DES ||
                                    keyType == CKK_DES2 ||
                                    keyType == CKK_DES3)
                                {
                                        for (size_t i = 0; i < secretValue.size(); i++)
                                        {
                                                secretValue[i] = odd_parity[secretValue[i]];
                                        }
                                }

                                // Get the KCV
                                switch (keyType)
                                {
                                        case CKK_GENERIC_SECRET:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = secret->getKeyCheckValue();
                                                break;
                                        case CKK_DES:
                                        case CKK_DES2:
                                        case CKK_DES3:
                                                secret->setBitLen(byteLen * 7);
                                                plainKCV = ((DESKey*)secret)->getKeyCheckValue();
                                                break;
                                        case CKK_AES:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = ((AESKey*)secret)->getKeyCheckValue();
                                                break;
                                        default:
                                                bOK = false;
                                                break;
                                }

                                if (isPrivate)
                                {
                                        token->encrypt(secretValue, value);
                                        token->encrypt(plainKCV, kcv);
                                }
                                else
                                {
                                        value = secretValue;
                                        kcv = plainKCV;
                                }
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Clean up
        ecdh->recycleSymmetricKey(secret);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(ecdh);

        // Remove secret that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (ossecret) ossecret->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
#else
        return CKR_MECHANISM_INVALID;
#endif
}

// Derive an symmetric secret
CK_RV SoftHSM::deriveSymmetric
(CK_SESSION_HANDLE hSession,
        CK_MECHANISM_PTR pMechanism,
        CK_OBJECT_HANDLE hBaseKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount,
        CK_OBJECT_HANDLE_PTR phKey,
        CK_KEY_TYPE keyType,
        CK_BBOOL isOnToken,
        CK_BBOOL isPrivate)
{
        *phKey = CK_INVALID_HANDLE;

        if (pMechanism->pParameter == NULL_PTR)
        {
                DEBUG_MSG("pParameter must be supplied");
                return CKR_MECHANISM_PARAM_INVALID;
        }

        ByteString data;

        if ((pMechanism->mechanism == CKM_DES_ECB_ENCRYPT_DATA ||
            pMechanism->mechanism == CKM_DES3_ECB_ENCRYPT_DATA) &&
            pMechanism->ulParameterLen == sizeof(CK_KEY_DERIVATION_STRING_DATA))
        {
                CK_BYTE_PTR pData = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->pData;
                CK_ULONG ulLen = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->ulLen;
                if (ulLen == 0 || pData == NULL_PTR)
                {
                        DEBUG_MSG("There must be data in the parameter");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                if (ulLen % 8 != 0)
                {
                        DEBUG_MSG("The data must be a multiple of 8 bytes long");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                data.resize(ulLen);
                memcpy(&data[0],
                       pData,
                       ulLen);
        }
        else if ((pMechanism->mechanism == CKM_DES_CBC_ENCRYPT_DATA ||
                 pMechanism->mechanism == CKM_DES3_CBC_ENCRYPT_DATA) &&
                 pMechanism->ulParameterLen == sizeof(CK_DES_CBC_ENCRYPT_DATA_PARAMS))
        {
                CK_BYTE_PTR pData = CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->pData;
                CK_ULONG length = CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->length;
                if (length == 0 || pData == NULL_PTR)
                {
                        DEBUG_MSG("There must be data in the parameter");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                if (length % 8 != 0)
                {
                        DEBUG_MSG("The data must be a multiple of 8 bytes long");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                data.resize(length);
                memcpy(&data[0],
                       pData,
                       length);
        }
        else if (pMechanism->mechanism == CKM_AES_ECB_ENCRYPT_DATA &&
                 pMechanism->ulParameterLen == sizeof(CK_KEY_DERIVATION_STRING_DATA))
        {
                CK_BYTE_PTR pData = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->pData;
                CK_ULONG ulLen = CK_KEY_DERIVATION_STRING_DATA_PTR(pMechanism->pParameter)->ulLen;
                if (ulLen == 0 || pData == NULL_PTR)
                {
                        DEBUG_MSG("There must be data in the parameter");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                if (ulLen % 16 != 0)
                {
                        DEBUG_MSG("The data must be a multiple of 16 bytes long");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                data.resize(ulLen);
                memcpy(&data[0],
                       pData,
                       ulLen);
        }
        else if ((pMechanism->mechanism == CKM_AES_CBC_ENCRYPT_DATA) &&
                 pMechanism->ulParameterLen == sizeof(CK_AES_CBC_ENCRYPT_DATA_PARAMS))
        {
                CK_BYTE_PTR pData = CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->pData;
                CK_ULONG length = CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->length;
                if (length == 0 || pData == NULL_PTR)
                {
                        DEBUG_MSG("There must be data in the parameter");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                if (length % 16 != 0)
                {
                        DEBUG_MSG("The data must be a multiple of 16 bytes long");
                        return CKR_MECHANISM_PARAM_INVALID;
                }
                data.resize(length);
                memcpy(&data[0],
                       pData,
                       length);
        }
        else
        {
                DEBUG_MSG("pParameter is invalid");
                return CKR_MECHANISM_PARAM_INVALID;
        }

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL)
                return CKR_SESSION_HANDLE_INVALID;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL)
                return CKR_GENERAL_ERROR;

        // Extract desired parameter information
        size_t byteLen = 0;
        bool checkValue = true;
        for (CK_ULONG i = 0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_VALUE:
                                INFO_MSG("CKA_VALUE must not be included");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        case CKA_VALUE_LEN:
                                if (pTemplate[i].ulValueLen != sizeof(CK_ULONG))
                                {
                                        INFO_MSG("CKA_VALUE_LEN does not have the size of CK_ULONG");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                byteLen = *(CK_ULONG*)pTemplate[i].pValue;
                                break;
                        case CKA_CHECK_VALUE:
                                if (pTemplate[i].ulValueLen > 0)
                                {
                                        INFO_MSG("CKA_CHECK_VALUE must be a no-value (0 length) entry");
                                        return CKR_ATTRIBUTE_VALUE_INVALID;
                                }
                                checkValue = false;
                                break;
                        default:
                                break;
                }
        }

        // Check the length
        switch (keyType)
        {
                case CKK_GENERIC_SECRET:
                        if (byteLen == 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be set");
                                return CKR_TEMPLATE_INCOMPLETE;
                        }
                        break;
#ifndef WITH_FIPS
                case CKK_DES:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 8;
                        break;
#endif
                case CKK_DES2:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 16;
                        break;
                case CKK_DES3:
                        if (byteLen != 0)
                        {
                                INFO_MSG("CKA_VALUE_LEN must not be set");
                                return CKR_ATTRIBUTE_READ_ONLY;
                        }
                        byteLen = 24;
                        break;
                case CKK_AES:
                        if (byteLen != 16 && byteLen != 24 && byteLen != 32)
                        {
                                INFO_MSG("CKA_VALUE_LEN must be 16, 24, or 32");
                                return CKR_ATTRIBUTE_VALUE_INVALID;
                        }
                        break;
                default:
                        return CKR_ATTRIBUTE_VALUE_INVALID;
        }

        // Get the symmetric algorithm matching the mechanism
        SymAlgo::Type algo = SymAlgo::Unknown;
        SymMode::Type mode = SymMode::Unknown;
        bool padding = false;
        ByteString iv;
        size_t bb = 8;
        switch(pMechanism->mechanism) {
#ifndef WITH_FIPS
                case CKM_DES_ECB_ENCRYPT_DATA:
                        algo = SymAlgo::DES;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES_CBC_ENCRYPT_DATA:
                        algo = SymAlgo::DES;
                        mode = SymMode::CBC;
                        bb = 7;
                        iv.resize(8);
                        memcpy(&iv[0],
                               &(CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
                               8);
                        break;
#endif
                case CKM_DES3_ECB_ENCRYPT_DATA:
                        algo = SymAlgo::DES3;
                        mode = SymMode::ECB;
                        bb = 7;
                        break;
                case CKM_DES3_CBC_ENCRYPT_DATA:
                        algo = SymAlgo::DES3;
                        mode = SymMode::CBC;
                        bb = 7;
                        iv.resize(8);
                        memcpy(&iv[0],
                               &(CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
                               8);
                        break;
                case CKM_AES_ECB_ENCRYPT_DATA:
                        algo = SymAlgo::AES;
                        mode = SymMode::ECB;
                        break;
                case CKM_AES_CBC_ENCRYPT_DATA:
                        algo = SymAlgo::AES;
                        mode = SymMode::CBC;
                        iv.resize(16);
                        memcpy(&iv[0],
                               &(CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR(pMechanism->pParameter)->iv[0]),
                               16);
                        break;
                default:
                        return CKR_MECHANISM_INVALID;
        }

        // Check the key handle
        OSObject *baseKey = (OSObject *)handleManager->getObject(hBaseKey);
        if (baseKey == NULL_PTR || !baseKey->isValid()) return CKR_OBJECT_HANDLE_INVALID;

        SymmetricAlgorithm* cipher = CryptoFactory::i()->getSymmetricAlgorithm(algo);
        if (cipher == NULL) return CKR_MECHANISM_INVALID;

        SymmetricKey* secretkey = new SymmetricKey();

        if (getSymmetricKey(secretkey, token, baseKey) != CKR_OK)
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // adjust key bit length
        secretkey->setBitLen(secretkey->getKeyBits().size() * bb);

        // Initialize encryption
        if (!cipher->encryptInit(secretkey, mode, iv, padding))
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_MECHANISM_INVALID;
        }

        // Get the data
        ByteString secretValue;

        // Encrypt the data
        if (!cipher->encryptUpdate(data, secretValue))
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }

        // Finalize encryption
        ByteString encryptedFinal;
        if (!cipher->encryptFinal(encryptedFinal))
        {
                cipher->recycleKey(secretkey);
                CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
                return CKR_GENERAL_ERROR;
        }
        cipher->recycleKey(secretkey);
        CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
        secretValue += encryptedFinal;

        // Create the secret object using C_CreateObject
        const CK_ULONG maxAttribs = 32;
        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
        CK_ATTRIBUTE secretAttribs[maxAttribs] = {
                { CKA_CLASS, &objClass, sizeof(objClass) },
                { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
                { CKA_PRIVATE, &isPrivate, sizeof(isPrivate) },
                { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
        };
        CK_ULONG secretAttribsCount = 4;

        // Add the additional
        CK_RV rv = CKR_OK;
        if (ulCount > (maxAttribs - secretAttribsCount))
                rv = CKR_TEMPLATE_INCONSISTENT;
        for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CLASS:
                        case CKA_TOKEN:
                        case CKA_PRIVATE:
                        case CKA_KEY_TYPE:
                        case CKA_CHECK_VALUE:
                                continue;
                        default:
                                secretAttribs[secretAttribsCount++] = pTemplate[i];
                }
        }

        if (rv == CKR_OK)
                rv = this->CreateObject(hSession, secretAttribs, secretAttribsCount, phKey, OBJECT_OP_DERIVE);

        // Store the attributes that are being supplied
        if (rv == CKR_OK)
        {
                OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
                if (osobject == NULL_PTR || !osobject->isValid()) {
                        rv = CKR_FUNCTION_FAILED;
                } else if (osobject->startTransaction()) {
                        bool bOK = true;

                        // Common Attributes
                        bOK = bOK && osobject->setAttribute(CKA_LOCAL,false);

                        // Common Secret Key Attributes
                        if (baseKey->getBooleanValue(CKA_ALWAYS_SENSITIVE, false))
                        {
                                bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,false);
                        }
                        if (baseKey->getBooleanValue(CKA_NEVER_EXTRACTABLE, true))
                        {
                                bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,bNeverExtractable);
                        }
                        else
                        {
                                bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE,false);
                        }

                        ByteString value;
                        ByteString plainKCV;
                        ByteString kcv;

                        if (byteLen > secretValue.size())
                        {
                                INFO_MSG("The derived secret is too short");
                                bOK = false;
                        }
                        else
                        {
                                // Truncate value when requested, remove from the trailing end
                                if (byteLen < secretValue.size())
                                        secretValue.resize(byteLen);

                                // Fix the odd parity for DES
                                if (keyType == CKK_DES ||
                                    keyType == CKK_DES2 ||
                                    keyType == CKK_DES3)
                                {
                                        for (size_t i = 0; i < secretValue.size(); i++)
                                        {
                                                secretValue[i] = odd_parity[secretValue[i]];
                                        }
                                }

                                // Get the KCV
                                SymmetricKey* secret = new SymmetricKey();
                                secret->setKeyBits(secretValue);
                                switch (keyType)
                                {
                                        case CKK_GENERIC_SECRET:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = secret->getKeyCheckValue();
                                                break;
                                        case CKK_DES:
                                        case CKK_DES2:
                                        case CKK_DES3:
                                                secret->setBitLen(byteLen * 7);
                                                plainKCV = ((DESKey*)secret)->getKeyCheckValue();
                                                break;
                                        case CKK_AES:
                                                secret->setBitLen(byteLen * 8);
                                                plainKCV = ((AESKey*)secret)->getKeyCheckValue();
                                                break;
                                        default:
                                                bOK = false;
                                                break;
                                }
                                delete secret;

                                if (isPrivate)
                                {
                                        token->encrypt(secretValue, value);
                                        token->encrypt(plainKCV, kcv);
                                }
                                else
                                {
                                        value = secretValue;
                                        kcv = plainKCV;
                                }
                        }
                        bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
                        if (checkValue)
                                bOK = bOK && osobject->setAttribute(CKA_CHECK_VALUE, kcv);

                        if (bOK)
                                bOK = osobject->commitTransaction();
                        else
                                osobject->abortTransaction();

                        if (!bOK)
                                rv = CKR_FUNCTION_FAILED;
                } else
                        rv = CKR_FUNCTION_FAILED;
        }

        // Remove secret that may have been created already when the function fails.
        if (rv != CKR_OK)
        {
                if (*phKey != CK_INVALID_HANDLE)
                {
                        OSObject* ossecret = (OSObject*)handleManager->getObject(*phKey);
                        handleManager->destroyObject(*phKey);
                        if (ossecret) ossecret->destroyObject();
                        *phKey = CK_INVALID_HANDLE;
                }
        }

        return rv;
}

CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject, int op)
{
        if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;

        if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
        if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;

        // Get the session
        Session* session = (Session*)handleManager->getSession(hSession);
        if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

        // Get the slot
        Slot* slot = session->getSlot();
        if (slot == NULL_PTR) return CKR_GENERAL_ERROR;

        // Get the token
        Token* token = session->getToken();
        if (token == NULL_PTR) return CKR_GENERAL_ERROR;

        // Extract information from the template that is needed to create the object.
        CK_OBJECT_CLASS objClass = CKO_DATA;
        CK_KEY_TYPE keyType = CKK_RSA;
        CK_CERTIFICATE_TYPE certType = CKC_X_509;
        CK_BBOOL isOnToken = CK_FALSE;
        CK_BBOOL isPrivate = CK_TRUE;
        bool isImplicit = false;
        CK_RV rv = extractObjectInformation(pTemplate,ulCount,objClass,keyType,certType, isOnToken, isPrivate, isImplicit);
        if (rv != CKR_OK)
        {
                ERROR_MSG("Mandatory attribute not present in template");
                return rv;
        }

        // Check user credentials
        rv = haveWrite(session->getState(), isOnToken, isPrivate);
        if (rv != CKR_OK)
        {
                if (rv == CKR_USER_NOT_LOGGED_IN)
                        INFO_MSG("User is not authorized");
                if (rv == CKR_SESSION_READ_ONLY)
                        INFO_MSG("Session is read-only");

                return rv;
        }

        // Change order of attributes
        const CK_ULONG maxAttribs = 32;
        CK_ATTRIBUTE attribs[maxAttribs];
        CK_ATTRIBUTE saveAttribs[maxAttribs];
        CK_ULONG attribsCount = 0;
        CK_ULONG saveAttribsCount = 0;
        if (ulCount > maxAttribs)
        {
                return CKR_TEMPLATE_INCONSISTENT;
        }
        for (CK_ULONG i=0; i < ulCount; i++)
        {
                switch (pTemplate[i].type)
                {
                        case CKA_CHECK_VALUE:
                                saveAttribs[saveAttribsCount++] = pTemplate[i];
                                break;
                        default:
                                attribs[attribsCount++] = pTemplate[i];
                }
        }
        for (CK_ULONG i=0; i < saveAttribsCount; i++)
        {
                attribs[attribsCount++] = saveAttribs[i];
        }

        P11Object* p11object = NULL;
        rv = newP11Object(objClass,keyType,certType,&p11object);
        if (rv != CKR_OK)
                return rv;

        // Create the object in session or on the token
        OSObject *object = NULL_PTR;
        if (isOnToken)
        {
                object = (OSObject*) token->createObject();
        }
        else
        {
                object = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
        }

        if (object == NULL || !p11object->init(object))
        {
                delete p11object;
                return CKR_GENERAL_ERROR;
        }

        rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, attribs,attribsCount,op);
        delete p11object;
        if (rv != CKR_OK)
                return rv;

        if (op == OBJECT_OP_CREATE)
        {
                if (objClass == CKO_PUBLIC_KEY &&
                    (!object->startTransaction() ||
                    !object->setAttribute(CKA_LOCAL, false) ||
                    !object->commitTransaction()))
                {
                        return CKR_GENERAL_ERROR;
                }

                if ((objClass == CKO_SECRET_KEY || objClass == CKO_PRIVATE_KEY) &&
                    (!object->startTransaction() ||
                    !object->setAttribute(CKA_LOCAL, false) ||
                    !object->setAttribute(CKA_ALWAYS_SENSITIVE, false) ||
                    !object->setAttribute(CKA_NEVER_EXTRACTABLE, false) ||
                    !object->commitTransaction()))
                {
                        return CKR_GENERAL_ERROR;
                }
        }

        if (isOnToken)
        {
                *phObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, object);
        } else {
                *phObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, object);
        }

        return CKR_OK;
}

CK_RV SoftHSM::getRSAPrivateKey(RSAPrivateKey* privateKey, Token* token, OSObject* key)
{
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // RSA Private Key Attributes
        ByteString modulus;
        ByteString publicExponent;
        ByteString privateExponent;
        ByteString prime1;
        ByteString prime2;
        ByteString exponent1;
        ByteString exponent2;
        ByteString coefficient;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_MODULUS), modulus);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PUBLIC_EXPONENT), publicExponent);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIVATE_EXPONENT), privateExponent);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME_1), prime1);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME_2), prime2);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EXPONENT_1), exponent1);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EXPONENT_2), exponent2);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_COEFFICIENT), coefficient);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                modulus = key->getByteStringValue(CKA_MODULUS);
                publicExponent = key->getByteStringValue(CKA_PUBLIC_EXPONENT);
                privateExponent = key->getByteStringValue(CKA_PRIVATE_EXPONENT);
                prime1 = key->getByteStringValue(CKA_PRIME_1);
                prime2 = key->getByteStringValue(CKA_PRIME_2);
                exponent1 =  key->getByteStringValue(CKA_EXPONENT_1);
                exponent2 = key->getByteStringValue(CKA_EXPONENT_2);
                coefficient = key->getByteStringValue(CKA_COEFFICIENT);
        }

        privateKey->setN(modulus);
        privateKey->setE(publicExponent);
        privateKey->setD(privateExponent);
        privateKey->setP(prime1);
        privateKey->setQ(prime2);
        privateKey->setDP1(exponent1);
        privateKey->setDQ1(exponent2);
        privateKey->setPQ(coefficient);

        return CKR_OK;
}

CK_RV SoftHSM::getRSAPublicKey(RSAPublicKey* publicKey, Token* token, OSObject* key)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // RSA Public Key Attributes
        ByteString modulus;
        ByteString publicExponent;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_MODULUS), modulus);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PUBLIC_EXPONENT), publicExponent);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                modulus = key->getByteStringValue(CKA_MODULUS);
                publicExponent = key->getByteStringValue(CKA_PUBLIC_EXPONENT);
        }

        publicKey->setN(modulus);
        publicKey->setE(publicExponent);

        return CKR_OK;
}

CK_RV SoftHSM::getDSAPrivateKey(DSAPrivateKey* privateKey, Token* token, OSObject* key)
{
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // DSA Private Key Attributes
        ByteString prime;
        ByteString subprime;
        ByteString generator;
        ByteString value;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SUBPRIME), subprime);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                prime = key->getByteStringValue(CKA_PRIME);
                subprime = key->getByteStringValue(CKA_SUBPRIME);
                generator = key->getByteStringValue(CKA_BASE);
                value = key->getByteStringValue(CKA_VALUE);
        }

        privateKey->setP(prime);
        privateKey->setQ(subprime);
        privateKey->setG(generator);
        privateKey->setX(value);

        return CKR_OK;
}

CK_RV SoftHSM::getDSAPublicKey(DSAPublicKey* publicKey, Token* token, OSObject* key)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // DSA Public Key Attributes
        ByteString prime;
        ByteString subprime;
        ByteString generator;
        ByteString value;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SUBPRIME), subprime);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                prime = key->getByteStringValue(CKA_PRIME);
                subprime = key->getByteStringValue(CKA_SUBPRIME);
                generator = key->getByteStringValue(CKA_BASE);
                value = key->getByteStringValue(CKA_VALUE);
        }

        publicKey->setP(prime);
        publicKey->setQ(subprime);
        publicKey->setG(generator);
        publicKey->setY(value);

        return CKR_OK;
}

CK_RV SoftHSM::getECPrivateKey(ECPrivateKey* privateKey, Token* token, OSObject* key)
{
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // EC Private Key Attributes
        ByteString group;
        ByteString value;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_PARAMS), group);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                group = key->getByteStringValue(CKA_EC_PARAMS);
                value = key->getByteStringValue(CKA_VALUE);
        }

        privateKey->setEC(group);
        privateKey->setD(value);

        return CKR_OK;
}

CK_RV SoftHSM::getECPublicKey(ECPublicKey* publicKey, Token* token, OSObject* key)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // EC Public Key Attributes
        ByteString group;
        ByteString point;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_PARAMS), group);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_POINT), point);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                group = key->getByteStringValue(CKA_EC_PARAMS);
                point = key->getByteStringValue(CKA_EC_POINT);
        }

        publicKey->setEC(group);
        publicKey->setQ(point);

        return CKR_OK;
}

CK_RV SoftHSM::getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key)
{
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // DH Private Key Attributes
        ByteString prime;
        ByteString generator;
        ByteString value;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_PRIME), prime);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_BASE), generator);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                prime = key->getByteStringValue(CKA_PRIME);
                generator = key->getByteStringValue(CKA_BASE);
                value = key->getByteStringValue(CKA_VALUE);
        }

        privateKey->setP(prime);
        privateKey->setG(generator);
        privateKey->setX(value);

        return CKR_OK;
}

CK_RV SoftHSM::getDHPublicKey(DHPublicKey* publicKey, DHPrivateKey* privateKey, ByteString& pubParams)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;

        // Copy Domain Parameters from Private Key
        publicKey->setP(privateKey->getP());
        publicKey->setG(privateKey->getG());

        // Set value
        publicKey->setY(pubParams);

        return CKR_OK;
}

CK_RV SoftHSM::getECDHPublicKey(ECPublicKey* publicKey, ECPrivateKey* privateKey, ByteString& pubData)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;

        // Copy Domain Parameters from Private Key
        publicKey->setEC(privateKey->getEC());

        // Set value
        ByteString data = getECDHPubData(pubData);
        publicKey->setQ(data);

        return CKR_OK;
}

// ECDH pubData can be in RAW or DER format.
// Need to convert RAW as SoftHSM uses DER.
ByteString SoftHSM::getECDHPubData(ByteString& pubData)
{
        size_t len = pubData.size();
        size_t controlOctets = 2;
        if (len == 65 || len == 97 || len == 133)
        {
                // Raw: Length matches the public key size of P-256, P-384, or P-521
                controlOctets = 0;
        }
        else if (len < controlOctets || pubData[0] != 0x04)
        {
                // Raw: Too short or does not start with 0x04
                controlOctets = 0;
        }
        else if (pubData[1] < 0x80)
        {
                // Raw: Length octet does not match remaining data length
                if (pubData[1] != (len - controlOctets)) controlOctets = 0;
        }
        else
        {
                size_t lengthOctets = pubData[1] & 0x7F;
                controlOctets += lengthOctets;

                if (controlOctets >= len)
                {
                        // Raw: Too short
                        controlOctets = 0;
                }
                else
                {
                        ByteString length(&pubData[2], lengthOctets);

                        if (length.long_val() != (len - controlOctets))
                        {
                                // Raw: Length octets does not match remaining data length
                                controlOctets = 0;
                        }
                }
        }

        // DER format
        if (controlOctets != 0) return pubData;

        // RAW format
        ByteString header;
        if (len < 0x80)
        {
                header.resize(2);
                header[0] = (unsigned char)0x04;
                header[1] = (unsigned char)(len & 0x7F);
        }
        else
        {
                // Count significate bytes
                size_t bytes = sizeof(size_t);
                for(; bytes > 0; bytes--)
                {
                        size_t value = len >> ((bytes - 1) * 8);
                        if (value & 0xFF) break;
                }

                // Set header data
                header.resize(2 + bytes);
                header[0] = (unsigned char)0x04;
                header[1] = (unsigned char)(0x80 | bytes);
                for (size_t i = 1; i <= bytes; i++)
                {
                        header[2+bytes-i] = (unsigned char) (len & 0xFF);
                        len >>= 8;
                }
        }

        return header + pubData;
}

CK_RV SoftHSM::getGOSTPrivateKey(GOSTPrivateKey* privateKey, Token* token, OSObject* key)
{
        if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // GOST Private Key Attributes
        ByteString value;
        ByteString param;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_GOSTR3410_PARAMS), param);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                value = key->getByteStringValue(CKA_VALUE);
                param = key->getByteStringValue(CKA_GOSTR3410_PARAMS);
        }

        privateKey->setD(value);
        privateKey->setEC(param);

        return CKR_OK;
}

CK_RV SoftHSM::getGOSTPublicKey(GOSTPublicKey* publicKey, Token* token, OSObject* key)
{
        if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        // GOST Public Key Attributes
        ByteString point;
        ByteString param;
        if (isKeyPrivate)
        {
                bool bOK = true;
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), point);
                bOK = bOK && token->decrypt(key->getByteStringValue(CKA_GOSTR3410_PARAMS), param);
                if (!bOK)
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                point = key->getByteStringValue(CKA_VALUE);
                param = key->getByteStringValue(CKA_GOSTR3410_PARAMS);
        }

        publicKey->setQ(point);
        publicKey->setEC(param);

        return CKR_OK;
}

CK_RV SoftHSM::getSymmetricKey(SymmetricKey* skey, Token* token, OSObject* key)
{
        if (skey == NULL) return CKR_ARGUMENTS_BAD;
        if (token == NULL) return CKR_ARGUMENTS_BAD;
        if (key == NULL) return CKR_ARGUMENTS_BAD;

        // Get the CKA_PRIVATE attribute, when the attribute is not present use default false
        bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);

        ByteString keybits;
        if (isKeyPrivate)
        {
                if (!token->decrypt(key->getByteStringValue(CKA_VALUE), keybits))
                        return CKR_GENERAL_ERROR;
        }
        else
        {
                keybits = key->getByteStringValue(CKA_VALUE);
        }

        skey->setKeyBits(keybits);

        return CKR_OK;
}

bool SoftHSM::setRSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
{
        AsymmetricAlgorithm* rsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::RSA);
        if (rsa == NULL)
                return false;
        PrivateKey* priv = rsa->newPrivateKey();
        if (priv == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
                return false;
        }
        if (!priv->PKCS8Decode(ber))
        {
                rsa->recyclePrivateKey(priv);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);
                return false;
        }
        // RSA Private Key Attributes
        ByteString modulus;
        ByteString publicExponent;
        ByteString privateExponent;
        ByteString prime1;
        ByteString prime2;
        ByteString exponent1;
        ByteString exponent2;
        ByteString coefficient;
        if (isPrivate)
        {
                token->encrypt(((RSAPrivateKey*)priv)->getN(), modulus);
                token->encrypt(((RSAPrivateKey*)priv)->getE(), publicExponent);
                token->encrypt(((RSAPrivateKey*)priv)->getD(), privateExponent);
                token->encrypt(((RSAPrivateKey*)priv)->getP(), prime1);
                token->encrypt(((RSAPrivateKey*)priv)->getQ(), prime2);
                token->encrypt(((RSAPrivateKey*)priv)->getDP1(), exponent1);
                token->encrypt(((RSAPrivateKey*)priv)->getDQ1(), exponent2);
                token->encrypt(((RSAPrivateKey*)priv)->getPQ(), coefficient);
        }
        else
        {
                modulus = ((RSAPrivateKey*)priv)->getN();
                publicExponent = ((RSAPrivateKey*)priv)->getE();
                privateExponent = ((RSAPrivateKey*)priv)->getD();
                prime1 = ((RSAPrivateKey*)priv)->getP();
                prime2 = ((RSAPrivateKey*)priv)->getQ();
                exponent1 =  ((RSAPrivateKey*)priv)->getDP1();
                exponent2 = ((RSAPrivateKey*)priv)->getDQ1();
                coefficient = ((RSAPrivateKey*)priv)->getPQ();
        }
        bool bOK = true;
        bOK = bOK && key->setAttribute(CKA_MODULUS, modulus);
        bOK = bOK && key->setAttribute(CKA_PUBLIC_EXPONENT, publicExponent);
        bOK = bOK && key->setAttribute(CKA_PRIVATE_EXPONENT, privateExponent);
        bOK = bOK && key->setAttribute(CKA_PRIME_1, prime1);
        bOK = bOK && key->setAttribute(CKA_PRIME_2, prime2);
        bOK = bOK && key->setAttribute(CKA_EXPONENT_1,exponent1);
        bOK = bOK && key->setAttribute(CKA_EXPONENT_2, exponent2);
        bOK = bOK && key->setAttribute(CKA_COEFFICIENT, coefficient);

        rsa->recyclePrivateKey(priv);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(rsa);

        return bOK;
}

bool SoftHSM::setDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
{
        AsymmetricAlgorithm* dsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DSA);
        if (dsa == NULL)
                return false;
        PrivateKey* priv = dsa->newPrivateKey();
        if (priv == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
                return false;
        }
        if (!priv->PKCS8Decode(ber))
        {
                dsa->recyclePrivateKey(priv);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);
                return false;
        }
        // DSA Private Key Attributes
        ByteString prime;
        ByteString subprime;
        ByteString generator;
        ByteString value;
        if (isPrivate)
        {
                token->encrypt(((DSAPrivateKey*)priv)->getP(), prime);
                token->encrypt(((DSAPrivateKey*)priv)->getQ(), subprime);
                token->encrypt(((DSAPrivateKey*)priv)->getG(), generator);
                token->encrypt(((DSAPrivateKey*)priv)->getX(), value);
        }
        else
        {
                prime = ((DSAPrivateKey*)priv)->getP();
                subprime = ((DSAPrivateKey*)priv)->getQ();
                generator = ((DSAPrivateKey*)priv)->getG();
                value = ((DSAPrivateKey*)priv)->getX();
        }
        bool bOK = true;
        bOK = bOK && key->setAttribute(CKA_PRIME, prime);
        bOK = bOK && key->setAttribute(CKA_SUBPRIME, subprime);
        bOK = bOK && key->setAttribute(CKA_BASE, generator);
        bOK = bOK && key->setAttribute(CKA_VALUE, value);

        dsa->recyclePrivateKey(priv);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dsa);

        return bOK;
}

bool SoftHSM::setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
{
        AsymmetricAlgorithm* dh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::DH);
        if (dh == NULL)
                return false;
        PrivateKey* priv = dh->newPrivateKey();
        if (priv == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return false;
        }
        if (!priv->PKCS8Decode(ber))
        {
                dh->recyclePrivateKey(priv);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);
                return false;
        }
        // DH Private Key Attributes
        ByteString prime;
        ByteString generator;
        ByteString value;
        if (isPrivate)
        {
                token->encrypt(((DHPrivateKey*)priv)->getP(), prime);
                token->encrypt(((DHPrivateKey*)priv)->getG(), generator);
                token->encrypt(((DHPrivateKey*)priv)->getX(), value);
        }
        else
        {
                prime = ((DHPrivateKey*)priv)->getP();
                generator = ((DHPrivateKey*)priv)->getG();
                value = ((DHPrivateKey*)priv)->getX();
        }
        bool bOK = true;
        bOK = bOK && key->setAttribute(CKA_PRIME, prime);
        bOK = bOK && key->setAttribute(CKA_BASE, generator);
        bOK = bOK && key->setAttribute(CKA_VALUE, value);

        dh->recyclePrivateKey(priv);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(dh);

        return bOK;
}
bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
{
        AsymmetricAlgorithm* ecc = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA);
        if (ecc == NULL)
                return false;
        PrivateKey* priv = ecc->newPrivateKey();
        if (priv == NULL)
        {
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);
                return false;
        }
        if (!priv->PKCS8Decode(ber))
        {
                ecc->recyclePrivateKey(priv);
                CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);
                return false;
        }
        // EC Private Key Attributes
        ByteString group;
        ByteString value;
        if (isPrivate)
        {
                token->encrypt(((ECPrivateKey*)priv)->getEC(), group);
                token->encrypt(((ECPrivateKey*)priv)->getD(), value);
        }
        else
        {
                group = ((ECPrivateKey*)priv)->getEC();
                value = ((ECPrivateKey*)priv)->getD();
        }
        bool bOK = true;
        bOK = bOK && key->setAttribute(CKA_EC_PARAMS, group);
        bOK = bOK && key->setAttribute(CKA_VALUE, value);

        ecc->recyclePrivateKey(priv);
        CryptoFactory::i()->recycleAsymmetricAlgorithm(ecc);

        return bOK;
}

CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism)
{
        // This is a programming error
        if (pMechanism->mechanism != CKM_RSA_PKCS_OAEP) {
                ERROR_MSG("MechParamCheckRSAPKCSOAEP called on wrong mechanism");
                return CKR_GENERAL_ERROR;
        }

        if (pMechanism->pParameter == NULL_PTR ||
            pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS))
        {
                ERROR_MSG("pParameter must be of type CK_RSA_PKCS_OAEP_PARAMS");
                return CKR_ARGUMENTS_BAD;
        }

        CK_RSA_PKCS_OAEP_PARAMS_PTR params = (CK_RSA_PKCS_OAEP_PARAMS_PTR)pMechanism->pParameter;
        if (params->hashAlg != CKM_SHA_1)
        {
                ERROR_MSG("hashAlg must be CKM_SHA_1");
                return CKR_ARGUMENTS_BAD;
        }
        if (params->mgf != CKG_MGF1_SHA1)
        {
                ERROR_MSG("mgf must be CKG_MGF1_SHA1");
                return CKR_ARGUMENTS_BAD;
        }
        if (params->source != CKZ_DATA_SPECIFIED)
        {
                ERROR_MSG("source must be CKZ_DATA_SPECIFIED");
                return CKR_ARGUMENTS_BAD;
        }
        if (params->pSourceData != NULL)
        {
                ERROR_MSG("pSourceData must be NULL");
                return CKR_ARGUMENTS_BAD;
        }
        if (params->ulSourceDataLen != 0)
        {
                ERROR_MSG("ulSourceDataLen must be 0");
                return CKR_ARGUMENTS_BAD;
        }
        return CKR_OK;
}

bool SoftHSM::isMechanismPermitted(OSObject* key, CK_MECHANISM_PTR pMechanism) {
        OSAttribute attribute = key->getAttribute(CKA_ALLOWED_MECHANISMS);
        std::set<CK_MECHANISM_TYPE> allowed = attribute.getMechanismTypeSetValue();
        if (allowed.empty()) {
                return true;
        }

        return allowed.find(pMechanism->mechanism) != allowed.end();
}