Home | History | Annotate | Download | only in common
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License, Version 1.0 only
      6  * (the "License").  You may not use this file except in compliance
      7  * with the License.
      8  *
      9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10  * or http://www.opensolaris.org/os/licensing.
     11  * See the License for the specific language governing permissions
     12  * and limitations under the License.
     13  *
     14  * When distributing Covered Code, include this CDDL HEADER in each
     15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16  * If applicable, add the following below this CDDL HEADER, with the
     17  * fields enclosed by brackets "[]" replaced with your own identifying
     18  * information: Portions Copyright [yyyy] [name of copyright owner]
     19  *
     20  * CDDL HEADER END
     21  */
     22 /*
     23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     28 
     29 #include <security/cryptoki.h>
     30 #include "pkcs11Global.h"
     31 #include "pkcs11Conf.h"
     32 #include "pkcs11Session.h"
     33 #include "pkcs11Slot.h"
     34 
     35 /*
     36  * C_SignInit will verify that the session handle is valid within the
     37  * framework, that the mechanism is not disabled for the slot
     38  * associated with this session, and then redirect to the underlying
     39  * provider.  Policy is only checked for C_SignInit, since it is
     40  * required to be called before C_Sign and C_SignUpdate.
     41  */
     42 CK_RV
     43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
     44     CK_OBJECT_HANDLE hKey)
     45 {
     46 
     47 	CK_RV rv;
     48 	pkcs11_session_t *sessp;
     49 	CK_SLOT_ID slotid;
     50 
     51 	/* Check for a fastpath */
     52 	if (purefastpath || policyfastpath) {
     53 		if (policyfastpath &&
     54 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
     55 			return (CKR_MECHANISM_INVALID);
     56 		}
     57 		return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
     58 	}
     59 
     60 	if (!pkcs11_initialized) {
     61 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
     62 	}
     63 
     64 	/* Obtain the session pointer */
     65 	HANDLE2SESSION(hSession, sessp, rv);
     66 
     67 	if (rv != CKR_OK) {
     68 		return (rv);
     69 	}
     70 
     71 	slotid = sessp->se_slotid;
     72 
     73 	/* Make sure this is not a disabled mechanism */
     74 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
     75 		return (CKR_MECHANISM_INVALID);
     76 	}
     77 
     78 	/* Initialize the digest with the underlying provider */
     79 	rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
     80 	    pMechanism, hKey);
     81 
     82 	/* Present consistent interface to the application */
     83 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
     84 		return (CKR_FUNCTION_FAILED);
     85 	}
     86 
     87 	return (rv);
     88 }
     89 
     90 /*
     91  * C_Sign is a pure wrapper to the underlying provider.
     92  * The only argument checked is whether or not hSession is valid.
     93  */
     94 CK_RV
     95 C_Sign(CK_SESSION_HANDLE hSession,
     96     CK_BYTE_PTR pData,
     97     CK_ULONG ulDataLen,
     98     CK_BYTE_PTR pSignature,
     99     CK_ULONG_PTR pulSignatureLen)
    100 {
    101 	CK_RV rv;
    102 	pkcs11_session_t *sessp;
    103 
    104 	/* Check for a fastpath */
    105 	if (purefastpath || policyfastpath) {
    106 		return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
    107 			    pSignature, pulSignatureLen));
    108 	}
    109 
    110 	if (!pkcs11_initialized) {
    111 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    112 	}
    113 
    114 	/* Obtain the session pointer */
    115 	HANDLE2SESSION(hSession, sessp, rv);
    116 
    117 	if (rv != CKR_OK) {
    118 		return (rv);
    119 	}
    120 
    121 	/* Pass data to the provider */
    122 	rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
    123 	    ulDataLen, pSignature, pulSignatureLen);
    124 
    125 	/* Present consistent interface to the application */
    126 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    127 		return (CKR_FUNCTION_FAILED);
    128 	}
    129 
    130 	return (rv);
    131 
    132 }
    133 
    134 /*
    135  * C_SignUpdate is a pure wrapper to the underlying provider.
    136  * The only argument checked is whether or not hSession is valid.
    137  */
    138 CK_RV
    139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
    140 {
    141 	CK_RV rv;
    142 	pkcs11_session_t *sessp;
    143 
    144 	/* Check for a fastpath */
    145 	if (purefastpath || policyfastpath) {
    146 		return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
    147 	}
    148 
    149 	if (!pkcs11_initialized) {
    150 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    151 	}
    152 
    153 	/* Obtain the session pointer */
    154 	HANDLE2SESSION(hSession, sessp, rv);
    155 
    156 	if (rv != CKR_OK) {
    157 		return (rv);
    158 	}
    159 
    160 	/* Pass data to the provider */
    161 	rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
    162 	    ulPartLen);
    163 
    164 	/* Present consistent interface to the application */
    165 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    166 		return (CKR_FUNCTION_FAILED);
    167 	}
    168 
    169 	return (rv);
    170 
    171 }
    172 
    173 /*
    174  * C_SignFinal is a pure wrapper to the underlying provider.
    175  * The only argument checked is whether or not hSession is valid.
    176  */
    177 CK_RV
    178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
    179     CK_ULONG_PTR pulSignatureLen)
    180 {
    181 	CK_RV rv;
    182 	pkcs11_session_t *sessp;
    183 
    184 	/* Check for a fastpath */
    185 	if (purefastpath || policyfastpath) {
    186 		return (fast_funcs->C_SignFinal(hSession, pSignature,
    187 			    pulSignatureLen));
    188 	}
    189 
    190 	if (!pkcs11_initialized) {
    191 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    192 	}
    193 
    194 	/* Obtain the session pointer */
    195 	HANDLE2SESSION(hSession, sessp, rv);
    196 
    197 	if (rv != CKR_OK) {
    198 		return (rv);
    199 	}
    200 
    201 	/* Pass data to the provider */
    202 	rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
    203 	    pSignature, pulSignatureLen);
    204 
    205 	/* Present consistent interface to the application */
    206 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    207 		return (CKR_FUNCTION_FAILED);
    208 	}
    209 
    210 	return (rv);
    211 }
    212 
    213 /*
    214  * C_SignRecoverInit will verify that the session handle is valid within
    215  * the framework, that the mechanism is not disabled for the slot
    216  * associated with this session, and then redirect to the underlying
    217  * provider.  Policy is only checked for C_SignRecoverInit, since it is
    218  * required to be called before C_SignRecover.
    219  */
    220 CK_RV
    221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    222     CK_OBJECT_HANDLE hKey)
    223 {
    224 	CK_RV rv;
    225 	pkcs11_session_t *sessp;
    226 	CK_SLOT_ID slotid;
    227 
    228 	/* Check for a fastpath */
    229 	if (purefastpath || policyfastpath) {
    230 		if (policyfastpath &&
    231 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
    232 			return (CKR_MECHANISM_INVALID);
    233 		}
    234 		return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
    235 			    hKey));
    236 	}
    237 
    238 	if (!pkcs11_initialized) {
    239 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    240 	}
    241 
    242 	/* Obtain the session pointer */
    243 	HANDLE2SESSION(hSession, sessp, rv);
    244 
    245 	if (rv != CKR_OK) {
    246 		return (rv);
    247 	}
    248 
    249 	slotid = sessp->se_slotid;
    250 
    251 	/* Make sure this is not a disabled mechanism */
    252 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
    253 		return (CKR_MECHANISM_INVALID);
    254 	}
    255 
    256 	/* Initialize the digest with the underlying provider */
    257 	rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
    258 	    pMechanism, hKey);
    259 
    260 	/* Present consistent interface to the application */
    261 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    262 		return (CKR_FUNCTION_FAILED);
    263 	}
    264 
    265 	return (rv);
    266 
    267 }
    268 
    269 /*
    270  * C_SignRecover is a pure wrapper to the underlying provider.
    271  * The only argument checked is whether or not hSession is valid.
    272  */
    273 CK_RV
    274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
    275     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
    276 {
    277 	CK_RV rv;
    278 	pkcs11_session_t *sessp;
    279 
    280 	/* Check for a fastpath */
    281 	if (purefastpath || policyfastpath) {
    282 		return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
    283 			    pSignature, pulSignatureLen));
    284 	}
    285 	if (!pkcs11_initialized) {
    286 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    287 	}
    288 
    289 	/* Obtain the session pointer */
    290 	HANDLE2SESSION(hSession, sessp, rv);
    291 
    292 	if (rv != CKR_OK) {
    293 		return (rv);
    294 	}
    295 
    296 	/* Pass data to the provider */
    297 	rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
    298 	    ulDataLen, pSignature, pulSignatureLen);
    299 
    300 	/* Present consistent interface to the application */
    301 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    302 		return (CKR_FUNCTION_FAILED);
    303 	}
    304 
    305 	return (rv);
    306 }
    307