xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Crypt.c (revision 1a2d662a91cee3bf82f41cd47c7ae6f3825d9db2) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32 
33 /*
34  * C_EncryptInit will verify that the session handle is valid within
35  * the framework, that the mechanism is not disabled for the slot
36  * associated with this session, and then redirect to the underlying
37  * provider.  Policy is checked for C_EncryptInit, and not C_Encrypt
38  * or C_EncryptUpdate, since C_EncryptInit is required to be called
39  * before C_Encrypt and C_EncryptUpdate.
40  */
41 CK_RV
42 C_EncryptInit(CK_SESSION_HANDLE hSession,
43     CK_MECHANISM_PTR pMechanism,
44     CK_OBJECT_HANDLE hKey)
45 {
46 	CK_RV rv;
47 	pkcs11_session_t *sessp;
48 	CK_SLOT_ID slotid;
49 
50 	/* Check for a fastpath */
51 	if (purefastpath || policyfastpath) {
52 		if (policyfastpath &&
53 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
54 			return (CKR_MECHANISM_INVALID);
55 		}
56 		return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
57 	}
58 
59 	if (!pkcs11_initialized) {
60 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
61 	}
62 
63 	/* Obtain the session pointer */
64 	HANDLE2SESSION(hSession, sessp, rv);
65 
66 	if (rv != CKR_OK) {
67 		return (rv);
68 	}
69 
70 	slotid = sessp->se_slotid;
71 
72 	/* Make sure this is not a disabled mechanism */
73 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74 		return (CKR_MECHANISM_INVALID);
75 	}
76 
77 	/* Initialize the digest with the underlying provider */
78 	rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
79 	    pMechanism, hKey);
80 
81 	/* Present consistent interface to the application */
82 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83 		return (CKR_FUNCTION_FAILED);
84 	}
85 
86 	return (rv);
87 }
88 
89 /*
90  * C_Encrypt is a pure wrapper to the underlying provider.
91  * The only argument checked is whether or not hSession is valid.
92  */
93 CK_RV
94 C_Encrypt(CK_SESSION_HANDLE hSession,
95     CK_BYTE_PTR pData,
96     CK_ULONG ulDataLen,
97     CK_BYTE_PTR pEncryptedData,
98     CK_ULONG_PTR pulEncryptedDataLen)
99 {
100 	CK_RV rv;
101 	pkcs11_session_t *sessp;
102 
103 	/* Check for a fastpath */
104 	if (purefastpath || policyfastpath) {
105 		return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
106 			    pEncryptedData, pulEncryptedDataLen));
107 	}
108 
109 	if (!pkcs11_initialized) {
110 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
111 	}
112 
113 	/* Obtain the session pointer */
114 	HANDLE2SESSION(hSession, sessp, rv);
115 
116 	if (rv != CKR_OK) {
117 		return (rv);
118 	}
119 
120 	/* Initialize the digest with the underlying provider */
121 	rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData,
122 	    ulDataLen, pEncryptedData, pulEncryptedDataLen);
123 
124 	/* Present consistent interface to the application */
125 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
126 		return (CKR_FUNCTION_FAILED);
127 	}
128 
129 	return (rv);
130 }
131 
132 /*
133  * C_EncryptUpdate is a pure wrapper to the underlying provider.
134  * The only argument checked is whether or not hSession is valid.
135  */
136 CK_RV
137 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
138     CK_BYTE_PTR pPart,
139     CK_ULONG ulPartLen,
140     CK_BYTE_PTR pEncryptedPart,
141     CK_ULONG_PTR pulEncryptedPartLen)
142 {
143 	CK_RV rv;
144 	pkcs11_session_t *sessp;
145 
146 	/* Check for a fastpath */
147 	if (purefastpath || policyfastpath) {
148 		return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
149 			    pEncryptedPart, pulEncryptedPartLen));
150 	}
151 
152 	if (!pkcs11_initialized) {
153 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
154 	}
155 
156 	/* Obtain the session pointer */
157 	HANDLE2SESSION(hSession, sessp, rv);
158 
159 	if (rv != CKR_OK) {
160 		return (rv);
161 	}
162 
163 	/* Initialize the digest with the underlying provider */
164 	rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
165 	    pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
166 
167 	/* Present consistent interface to the application */
168 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
169 		return (CKR_FUNCTION_FAILED);
170 	}
171 
172 	return (rv);
173 }
174 
175 /*
176  * C_EncryptFinal is a pure wrapper to the underlying provider.
177  * The only argument checked is whether or not hSession is valid.
178  */
179 CK_RV
180 C_EncryptFinal(CK_SESSION_HANDLE hSession,
181     CK_BYTE_PTR pLastEncryptedPart,
182     CK_ULONG_PTR pulLastEncryptedPartLen)
183 {
184 	CK_RV rv;
185 	pkcs11_session_t *sessp;
186 
187 	/* Check for a fastpath */
188 	if (purefastpath || policyfastpath) {
189 		return (fast_funcs->C_EncryptFinal(hSession,
190 			    pLastEncryptedPart, pulLastEncryptedPartLen));
191 	}
192 
193 	if (!pkcs11_initialized) {
194 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
195 	}
196 
197 	/* Obtain the session pointer */
198 	HANDLE2SESSION(hSession, sessp, rv);
199 
200 	if (rv != CKR_OK) {
201 		return (rv);
202 	}
203 
204 	/* Initialize the digest with the underlying provider */
205 	rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
206 	    pLastEncryptedPart, pulLastEncryptedPartLen);
207 
208 	/* Present consistent interface to the application */
209 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
210 		return (CKR_FUNCTION_FAILED);
211 	}
212 
213 	return (rv);
214 }
215 
216 /*
217  * C_DecryptInit will verify that the session handle is valid within
218  * the framework, that the mechanism is not disabled for the slot
219  * associated with this session, and then redirect to the underlying
220  * provider.  Policy is checked for C_DecryptInit, and not C_Decrypt
221  * or C_DecryptUpdate, since C_DecryptInit is required to be called
222  * before C_Decrypt and C_DecryptUpdate.
223  */
224 CK_RV
225 C_DecryptInit(CK_SESSION_HANDLE hSession,
226     CK_MECHANISM_PTR pMechanism,
227     CK_OBJECT_HANDLE hKey)
228 {
229 	CK_RV rv;
230 	pkcs11_session_t *sessp;
231 	CK_SLOT_ID slotid;
232 
233 	/* Check for a fastpath */
234 	if (purefastpath || policyfastpath) {
235 		if (policyfastpath &&
236 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
237 			return (CKR_MECHANISM_INVALID);
238 		}
239 		return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
240 	}
241 
242 	if (!pkcs11_initialized) {
243 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
244 	}
245 
246 	/* Obtain the session pointer */
247 	HANDLE2SESSION(hSession, sessp, rv);
248 
249 	if (rv != CKR_OK) {
250 		return (rv);
251 	}
252 
253 	slotid = sessp->se_slotid;
254 
255 	/* Make sure this is not a disabled mechanism */
256 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
257 		return (CKR_MECHANISM_INVALID);
258 	}
259 
260 	/* Initialize the digest with the underlying provider */
261 	rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
262 	    pMechanism, hKey);
263 
264 	/* Present consistent interface to the application */
265 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
266 		return (CKR_FUNCTION_FAILED);
267 	}
268 
269 	return (rv);
270 }
271 
272 /*
273  * C_Decrypt is a pure wrapper to the underlying provider.
274  * The only argument checked is whether or not hSession is valid.
275  */
276 CK_RV
277 C_Decrypt(CK_SESSION_HANDLE hSession,
278     CK_BYTE_PTR pEncryptedData,
279     CK_ULONG ulEncryptedDataLen,
280     CK_BYTE_PTR pData,
281     CK_ULONG_PTR pulDataLen)
282 {
283 	CK_RV rv;
284 	pkcs11_session_t *sessp;
285 
286 	/* Check for a fastpath */
287 	if (purefastpath || policyfastpath) {
288 		return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
289 		    ulEncryptedDataLen, pData, pulDataLen));
290 	}
291 
292 	if (!pkcs11_initialized) {
293 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
294 	}
295 
296 	/* Obtain the session pointer */
297 	HANDLE2SESSION(hSession, sessp, rv);
298 
299 	if (rv != CKR_OK) {
300 		return (rv);
301 	}
302 
303 	/* Initialize the digest with the underlying provider */
304 	rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
305 	    pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
306 
307 	/* Present consistent interface to the application */
308 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
309 		return (CKR_FUNCTION_FAILED);
310 	}
311 
312 	return (rv);
313 }
314 
315 /*
316  * C_DecryptUpdate is a pure wrapper to the underlying provider.
317  * The only argument checked is whether or not hSession is valid.
318  */
319 CK_RV
320 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
321     CK_BYTE_PTR pEncryptedPart,
322     CK_ULONG ulEncryptedPartLen,
323     CK_BYTE_PTR pPart,
324     CK_ULONG_PTR pulPartLen)
325 {
326 	CK_RV rv;
327 	pkcs11_session_t *sessp;
328 
329 	/* Check for a fastpath */
330 	if (purefastpath || policyfastpath) {
331 		return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
332 		    ulEncryptedPartLen, pPart, pulPartLen));
333 	}
334 
335 	if (!pkcs11_initialized) {
336 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
337 	}
338 
339 	/* Obtain the session pointer */
340 	HANDLE2SESSION(hSession, sessp, rv);
341 
342 	if (rv != CKR_OK) {
343 		return (rv);
344 	}
345 
346 	/* Initialize the digest with the underlying provider */
347 	rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle,
348 	    pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
349 
350 	/* Present consistent interface to the application */
351 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
352 		return (CKR_FUNCTION_FAILED);
353 	}
354 
355 	return (rv);
356 }
357 
358 /*
359  * C_DecryptFinal is a pure wrapper to the underlying provider.
360  * The only argument checked is whether or not hSession is valid.
361  */
362 CK_RV
363 C_DecryptFinal(CK_SESSION_HANDLE hSession,
364     CK_BYTE_PTR pLastPart,
365     CK_ULONG_PTR pulLastPartLen)
366 {
367 	CK_RV rv;
368 	pkcs11_session_t *sessp;
369 
370 	/* Check for a fastpath */
371 	if (purefastpath || policyfastpath) {
372 		return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
373 		    pulLastPartLen));
374 	}
375 
376 	if (!pkcs11_initialized) {
377 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
378 	}
379 
380 	/* Obtain the session pointer */
381 	HANDLE2SESSION(hSession, sessp, rv);
382 
383 	if (rv != CKR_OK) {
384 		return (rv);
385 	}
386 
387 	/* Initialize the digest with the underlying provider */
388 	rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
389 	    pLastPart, pulLastPartLen);
390 
391 	/* Present consistent interface to the application */
392 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
393 		return (CKR_FUNCTION_FAILED);
394 	}
395 
396 	return (rv);
397 }
398