1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32
33 /*
34 * C_EncryptInit will verify that the session handle is valid within
35 * the framework, that the mechanism is not disabled for the slot
36 * associated with this session, and then redirect to the underlying
37 * provider. Policy is checked for C_EncryptInit, and not C_Encrypt
38 * or C_EncryptUpdate, since C_EncryptInit is required to be called
39 * before C_Encrypt and C_EncryptUpdate.
40 */
41 CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)42 C_EncryptInit(CK_SESSION_HANDLE hSession,
43 CK_MECHANISM_PTR pMechanism,
44 CK_OBJECT_HANDLE hKey)
45 {
46 CK_RV rv;
47 pkcs11_session_t *sessp;
48 CK_SLOT_ID slotid;
49
50 /* Check for a fastpath */
51 if (purefastpath || policyfastpath) {
52 if (policyfastpath &&
53 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
54 return (CKR_MECHANISM_INVALID);
55 }
56 return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
57 }
58
59 if (!pkcs11_initialized) {
60 return (CKR_CRYPTOKI_NOT_INITIALIZED);
61 }
62
63 /* Obtain the session pointer */
64 HANDLE2SESSION(hSession, sessp, rv);
65
66 if (rv != CKR_OK) {
67 return (rv);
68 }
69
70 slotid = sessp->se_slotid;
71
72 /* Make sure this is not a disabled mechanism */
73 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74 return (CKR_MECHANISM_INVALID);
75 }
76
77 /* Initialize the digest with the underlying provider */
78 rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
79 pMechanism, hKey);
80
81 /* Present consistent interface to the application */
82 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83 return (CKR_FUNCTION_FAILED);
84 }
85
86 return (rv);
87 }
88
89 /*
90 * C_Encrypt is a pure wrapper to the underlying provider.
91 * The only argument checked is whether or not hSession is valid.
92 */
93 CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pEncryptedData,CK_ULONG_PTR pulEncryptedDataLen)94 C_Encrypt(CK_SESSION_HANDLE hSession,
95 CK_BYTE_PTR pData,
96 CK_ULONG ulDataLen,
97 CK_BYTE_PTR pEncryptedData,
98 CK_ULONG_PTR pulEncryptedDataLen)
99 {
100 CK_RV rv;
101 pkcs11_session_t *sessp;
102
103 /* Check for a fastpath */
104 if (purefastpath || policyfastpath) {
105 return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
106 pEncryptedData, pulEncryptedDataLen));
107 }
108
109 if (!pkcs11_initialized) {
110 return (CKR_CRYPTOKI_NOT_INITIALIZED);
111 }
112
113 /* Obtain the session pointer */
114 HANDLE2SESSION(hSession, sessp, rv);
115
116 if (rv != CKR_OK) {
117 return (rv);
118 }
119
120 /* Initialize the digest with the underlying provider */
121 rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData,
122 ulDataLen, pEncryptedData, pulEncryptedDataLen);
123
124 /* Present consistent interface to the application */
125 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
126 return (CKR_FUNCTION_FAILED);
127 }
128
129 return (rv);
130 }
131
132 /*
133 * C_EncryptUpdate is a pure wrapper to the underlying provider.
134 * The only argument checked is whether or not hSession is valid.
135 */
136 CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)137 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
138 CK_BYTE_PTR pPart,
139 CK_ULONG ulPartLen,
140 CK_BYTE_PTR pEncryptedPart,
141 CK_ULONG_PTR pulEncryptedPartLen)
142 {
143 CK_RV rv;
144 pkcs11_session_t *sessp;
145
146 /* Check for a fastpath */
147 if (purefastpath || policyfastpath) {
148 return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
149 pEncryptedPart, pulEncryptedPartLen));
150 }
151
152 if (!pkcs11_initialized) {
153 return (CKR_CRYPTOKI_NOT_INITIALIZED);
154 }
155
156 /* Obtain the session pointer */
157 HANDLE2SESSION(hSession, sessp, rv);
158
159 if (rv != CKR_OK) {
160 return (rv);
161 }
162
163 /* Initialize the digest with the underlying provider */
164 rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
165 pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
166
167 /* Present consistent interface to the application */
168 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
169 return (CKR_FUNCTION_FAILED);
170 }
171
172 return (rv);
173 }
174
175 /*
176 * C_EncryptFinal is a pure wrapper to the underlying provider.
177 * The only argument checked is whether or not hSession is valid.
178 */
179 CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastEncryptedPart,CK_ULONG_PTR pulLastEncryptedPartLen)180 C_EncryptFinal(CK_SESSION_HANDLE hSession,
181 CK_BYTE_PTR pLastEncryptedPart,
182 CK_ULONG_PTR pulLastEncryptedPartLen)
183 {
184 CK_RV rv;
185 pkcs11_session_t *sessp;
186
187 /* Check for a fastpath */
188 if (purefastpath || policyfastpath) {
189 return (fast_funcs->C_EncryptFinal(hSession,
190 pLastEncryptedPart, pulLastEncryptedPartLen));
191 }
192
193 if (!pkcs11_initialized) {
194 return (CKR_CRYPTOKI_NOT_INITIALIZED);
195 }
196
197 /* Obtain the session pointer */
198 HANDLE2SESSION(hSession, sessp, rv);
199
200 if (rv != CKR_OK) {
201 return (rv);
202 }
203
204 /* Initialize the digest with the underlying provider */
205 rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
206 pLastEncryptedPart, pulLastEncryptedPartLen);
207
208 /* Present consistent interface to the application */
209 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
210 return (CKR_FUNCTION_FAILED);
211 }
212
213 return (rv);
214 }
215
216 /*
217 * C_DecryptInit will verify that the session handle is valid within
218 * the framework, that the mechanism is not disabled for the slot
219 * associated with this session, and then redirect to the underlying
220 * provider. Policy is checked for C_DecryptInit, and not C_Decrypt
221 * or C_DecryptUpdate, since C_DecryptInit is required to be called
222 * before C_Decrypt and C_DecryptUpdate.
223 */
224 CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)225 C_DecryptInit(CK_SESSION_HANDLE hSession,
226 CK_MECHANISM_PTR pMechanism,
227 CK_OBJECT_HANDLE hKey)
228 {
229 CK_RV rv;
230 pkcs11_session_t *sessp;
231 CK_SLOT_ID slotid;
232
233 /* Check for a fastpath */
234 if (purefastpath || policyfastpath) {
235 if (policyfastpath &&
236 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
237 return (CKR_MECHANISM_INVALID);
238 }
239 return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
240 }
241
242 if (!pkcs11_initialized) {
243 return (CKR_CRYPTOKI_NOT_INITIALIZED);
244 }
245
246 /* Obtain the session pointer */
247 HANDLE2SESSION(hSession, sessp, rv);
248
249 if (rv != CKR_OK) {
250 return (rv);
251 }
252
253 slotid = sessp->se_slotid;
254
255 /* Make sure this is not a disabled mechanism */
256 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
257 return (CKR_MECHANISM_INVALID);
258 }
259
260 /* Initialize the digest with the underlying provider */
261 rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
262 pMechanism, hKey);
263
264 /* Present consistent interface to the application */
265 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
266 return (CKR_FUNCTION_FAILED);
267 }
268
269 return (rv);
270 }
271
272 /*
273 * C_Decrypt is a pure wrapper to the underlying provider.
274 * The only argument checked is whether or not hSession is valid.
275 */
276 CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)277 C_Decrypt(CK_SESSION_HANDLE hSession,
278 CK_BYTE_PTR pEncryptedData,
279 CK_ULONG ulEncryptedDataLen,
280 CK_BYTE_PTR pData,
281 CK_ULONG_PTR pulDataLen)
282 {
283 CK_RV rv;
284 pkcs11_session_t *sessp;
285
286 /* Check for a fastpath */
287 if (purefastpath || policyfastpath) {
288 return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
289 ulEncryptedDataLen, pData, pulDataLen));
290 }
291
292 if (!pkcs11_initialized) {
293 return (CKR_CRYPTOKI_NOT_INITIALIZED);
294 }
295
296 /* Obtain the session pointer */
297 HANDLE2SESSION(hSession, sessp, rv);
298
299 if (rv != CKR_OK) {
300 return (rv);
301 }
302
303 /* Initialize the digest with the underlying provider */
304 rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
305 pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
306
307 /* Present consistent interface to the application */
308 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
309 return (CKR_FUNCTION_FAILED);
310 }
311
312 return (rv);
313 }
314
315 /*
316 * C_DecryptUpdate is a pure wrapper to the underlying provider.
317 * The only argument checked is whether or not hSession is valid.
318 */
319 CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)320 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
321 CK_BYTE_PTR pEncryptedPart,
322 CK_ULONG ulEncryptedPartLen,
323 CK_BYTE_PTR pPart,
324 CK_ULONG_PTR pulPartLen)
325 {
326 CK_RV rv;
327 pkcs11_session_t *sessp;
328
329 /* Check for a fastpath */
330 if (purefastpath || policyfastpath) {
331 return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
332 ulEncryptedPartLen, pPart, pulPartLen));
333 }
334
335 if (!pkcs11_initialized) {
336 return (CKR_CRYPTOKI_NOT_INITIALIZED);
337 }
338
339 /* Obtain the session pointer */
340 HANDLE2SESSION(hSession, sessp, rv);
341
342 if (rv != CKR_OK) {
343 return (rv);
344 }
345
346 /* Initialize the digest with the underlying provider */
347 rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle,
348 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
349
350 /* Present consistent interface to the application */
351 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
352 return (CKR_FUNCTION_FAILED);
353 }
354
355 return (rv);
356 }
357
358 /*
359 * C_DecryptFinal is a pure wrapper to the underlying provider.
360 * The only argument checked is whether or not hSession is valid.
361 */
362 CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastPart,CK_ULONG_PTR pulLastPartLen)363 C_DecryptFinal(CK_SESSION_HANDLE hSession,
364 CK_BYTE_PTR pLastPart,
365 CK_ULONG_PTR pulLastPartLen)
366 {
367 CK_RV rv;
368 pkcs11_session_t *sessp;
369
370 /* Check for a fastpath */
371 if (purefastpath || policyfastpath) {
372 return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
373 pulLastPartLen));
374 }
375
376 if (!pkcs11_initialized) {
377 return (CKR_CRYPTOKI_NOT_INITIALIZED);
378 }
379
380 /* Obtain the session pointer */
381 HANDLE2SESSION(hSession, sessp, rv);
382
383 if (rv != CKR_OK) {
384 return (rv);
385 }
386
387 /* Initialize the digest with the underlying provider */
388 rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
389 pLastPart, pulLastPartLen);
390
391 /* Present consistent interface to the application */
392 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
393 return (CKR_FUNCTION_FAILED);
394 }
395
396 return (rv);
397 }
398