xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Crypt.c (revision 24da5b34f49324ed742a340010ed5bd3d4e06625)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34 
35 /*
36  * C_EncryptInit will verify that the session handle is valid within
37  * the framework, that the mechanism is not disabled for the slot
38  * associated with this session, and then redirect to the underlying
39  * provider.  Policy is checked for C_EncryptInit, and not C_Encrypt
40  * or C_EncryptUpdate, since C_EncryptInit is required to be called
41  * before C_Encrypt and C_EncryptUpdate.
42  */
43 CK_RV
44 C_EncryptInit(CK_SESSION_HANDLE hSession,
45     CK_MECHANISM_PTR pMechanism,
46     CK_OBJECT_HANDLE hKey)
47 {
48 	CK_RV rv;
49 	pkcs11_session_t *sessp;
50 	CK_SLOT_ID slotid;
51 
52 	/* Check for a fastpath */
53 	if (purefastpath || policyfastpath) {
54 		if (policyfastpath &&
55 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
56 			return (CKR_MECHANISM_INVALID);
57 		}
58 		return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
59 	}
60 
61 	if (!pkcs11_initialized) {
62 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
63 	}
64 
65 	/* Obtain the session pointer */
66 	HANDLE2SESSION(hSession, sessp, rv);
67 
68 	if (rv != CKR_OK) {
69 		return (rv);
70 	}
71 
72 	slotid = sessp->se_slotid;
73 
74 	/* Make sure this is not a disabled mechanism */
75 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
76 		return (CKR_MECHANISM_INVALID);
77 	}
78 
79 	/* Initialize the digest with the underlying provider */
80 	rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
81 	    pMechanism, hKey);
82 
83 	/* Present consistent interface to the application */
84 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
85 		return (CKR_FUNCTION_FAILED);
86 	}
87 
88 	return (rv);
89 }
90 
91 /*
92  * C_Encrypt is a pure wrapper to the underlying provider.
93  * The only argument checked is whether or not hSession is valid.
94  */
95 CK_RV
96 C_Encrypt(CK_SESSION_HANDLE hSession,
97     CK_BYTE_PTR pData,
98     CK_ULONG ulDataLen,
99     CK_BYTE_PTR pEncryptedData,
100     CK_ULONG_PTR pulEncryptedDataLen)
101 {
102 	CK_RV rv;
103 	pkcs11_session_t *sessp;
104 
105 	/* Check for a fastpath */
106 	if (purefastpath || policyfastpath) {
107 		return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
108 			    pEncryptedData, pulEncryptedDataLen));
109 	}
110 
111 	if (!pkcs11_initialized) {
112 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
113 	}
114 
115 	/* Obtain the session pointer */
116 	HANDLE2SESSION(hSession, sessp, rv);
117 
118 	if (rv != CKR_OK) {
119 		return (rv);
120 	}
121 
122 	/* Initialize the digest with the underlying provider */
123 	rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData,
124 	    ulDataLen, pEncryptedData, pulEncryptedDataLen);
125 
126 	/* Present consistent interface to the application */
127 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
128 		return (CKR_FUNCTION_FAILED);
129 	}
130 
131 	return (rv);
132 }
133 
134 /*
135  * C_EncryptUpdate is a pure wrapper to the underlying provider.
136  * The only argument checked is whether or not hSession is valid.
137  */
138 CK_RV
139 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
140     CK_BYTE_PTR pPart,
141     CK_ULONG ulPartLen,
142     CK_BYTE_PTR pEncryptedPart,
143     CK_ULONG_PTR pulEncryptedPartLen)
144 {
145 	CK_RV rv;
146 	pkcs11_session_t *sessp;
147 
148 	/* Check for a fastpath */
149 	if (purefastpath || policyfastpath) {
150 		return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
151 			    pEncryptedPart, pulEncryptedPartLen));
152 	}
153 
154 	if (!pkcs11_initialized) {
155 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
156 	}
157 
158 	/* Obtain the session pointer */
159 	HANDLE2SESSION(hSession, sessp, rv);
160 
161 	if (rv != CKR_OK) {
162 		return (rv);
163 	}
164 
165 	/* Initialize the digest with the underlying provider */
166 	rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
167 	    pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
168 
169 	/* Present consistent interface to the application */
170 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
171 		return (CKR_FUNCTION_FAILED);
172 	}
173 
174 	return (rv);
175 }
176 
177 /*
178  * C_EncryptFinal is a pure wrapper to the underlying provider.
179  * The only argument checked is whether or not hSession is valid.
180  */
181 CK_RV
182 C_EncryptFinal(CK_SESSION_HANDLE hSession,
183     CK_BYTE_PTR pLastEncryptedPart,
184     CK_ULONG_PTR pulLastEncryptedPartLen)
185 {
186 	CK_RV rv;
187 	pkcs11_session_t *sessp;
188 
189 	/* Check for a fastpath */
190 	if (purefastpath || policyfastpath) {
191 		return (fast_funcs->C_EncryptFinal(hSession,
192 			    pLastEncryptedPart, pulLastEncryptedPartLen));
193 	}
194 
195 	if (!pkcs11_initialized) {
196 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
197 	}
198 
199 	/* Obtain the session pointer */
200 	HANDLE2SESSION(hSession, sessp, rv);
201 
202 	if (rv != CKR_OK) {
203 		return (rv);
204 	}
205 
206 	/* Initialize the digest with the underlying provider */
207 	rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
208 	    pLastEncryptedPart, pulLastEncryptedPartLen);
209 
210 	/* Present consistent interface to the application */
211 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
212 		return (CKR_FUNCTION_FAILED);
213 	}
214 
215 	return (rv);
216 }
217 
218 /*
219  * C_DecryptInit will verify that the session handle is valid within
220  * the framework, that the mechanism is not disabled for the slot
221  * associated with this session, and then redirect to the underlying
222  * provider.  Policy is checked for C_DecryptInit, and not C_Decrypt
223  * or C_DecryptUpdate, since C_DecryptInit is required to be called
224  * before C_Decrypt and C_DecryptUpdate.
225  */
226 CK_RV
227 C_DecryptInit(CK_SESSION_HANDLE hSession,
228     CK_MECHANISM_PTR pMechanism,
229     CK_OBJECT_HANDLE hKey)
230 {
231 	CK_RV rv;
232 	pkcs11_session_t *sessp;
233 	CK_SLOT_ID slotid;
234 
235 	/* Check for a fastpath */
236 	if (purefastpath || policyfastpath) {
237 		if (policyfastpath &&
238 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
239 			return (CKR_MECHANISM_INVALID);
240 		}
241 		return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
242 	}
243 
244 	if (!pkcs11_initialized) {
245 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
246 	}
247 
248 	/* Obtain the session pointer */
249 	HANDLE2SESSION(hSession, sessp, rv);
250 
251 	if (rv != CKR_OK) {
252 		return (rv);
253 	}
254 
255 	slotid = sessp->se_slotid;
256 
257 	/* Make sure this is not a disabled mechanism */
258 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
259 		return (CKR_MECHANISM_INVALID);
260 	}
261 
262 	/* Initialize the digest with the underlying provider */
263 	rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
264 	    pMechanism, hKey);
265 
266 	/* Present consistent interface to the application */
267 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
268 		return (CKR_FUNCTION_FAILED);
269 	}
270 
271 	return (rv);
272 }
273 
274 /*
275  * C_Decrypt is a pure wrapper to the underlying provider.
276  * The only argument checked is whether or not hSession is valid.
277  */
278 CK_RV
279 C_Decrypt(CK_SESSION_HANDLE hSession,
280     CK_BYTE_PTR pEncryptedData,
281     CK_ULONG ulEncryptedDataLen,
282     CK_BYTE_PTR pData,
283     CK_ULONG_PTR pulDataLen)
284 {
285 	CK_RV rv;
286 	pkcs11_session_t *sessp;
287 
288 	/* Check for a fastpath */
289 	if (purefastpath || policyfastpath) {
290 		return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
291 		    ulEncryptedDataLen, pData, pulDataLen));
292 	}
293 
294 	if (!pkcs11_initialized) {
295 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
296 	}
297 
298 	/* Obtain the session pointer */
299 	HANDLE2SESSION(hSession, sessp, rv);
300 
301 	if (rv != CKR_OK) {
302 		return (rv);
303 	}
304 
305 	/* Initialize the digest with the underlying provider */
306 	rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
307 	    pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
308 
309 	/* Present consistent interface to the application */
310 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
311 		return (CKR_FUNCTION_FAILED);
312 	}
313 
314 	return (rv);
315 }
316 
317 /*
318  * C_DecryptUpdate is a pure wrapper to the underlying provider.
319  * The only argument checked is whether or not hSession is valid.
320  */
321 CK_RV
322 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
323     CK_BYTE_PTR pEncryptedPart,
324     CK_ULONG ulEncryptedPartLen,
325     CK_BYTE_PTR pPart,
326     CK_ULONG_PTR pulPartLen)
327 {
328 	CK_RV rv;
329 	pkcs11_session_t *sessp;
330 
331 	/* Check for a fastpath */
332 	if (purefastpath || policyfastpath) {
333 		return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
334 		    ulEncryptedPartLen, pPart, pulPartLen));
335 	}
336 
337 	if (!pkcs11_initialized) {
338 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
339 	}
340 
341 	/* Obtain the session pointer */
342 	HANDLE2SESSION(hSession, sessp, rv);
343 
344 	if (rv != CKR_OK) {
345 		return (rv);
346 	}
347 
348 	/* Initialize the digest with the underlying provider */
349 	rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle,
350 	    pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
351 
352 	/* Present consistent interface to the application */
353 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
354 		return (CKR_FUNCTION_FAILED);
355 	}
356 
357 	return (rv);
358 }
359 
360 /*
361  * C_DecryptFinal is a pure wrapper to the underlying provider.
362  * The only argument checked is whether or not hSession is valid.
363  */
364 CK_RV
365 C_DecryptFinal(CK_SESSION_HANDLE hSession,
366     CK_BYTE_PTR pLastPart,
367     CK_ULONG_PTR pulLastPartLen)
368 {
369 	CK_RV rv;
370 	pkcs11_session_t *sessp;
371 
372 	/* Check for a fastpath */
373 	if (purefastpath || policyfastpath) {
374 		return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
375 		    pulLastPartLen));
376 	}
377 
378 	if (!pkcs11_initialized) {
379 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
380 	}
381 
382 	/* Obtain the session pointer */
383 	HANDLE2SESSION(hSession, sessp, rv);
384 
385 	if (rv != CKR_OK) {
386 		return (rv);
387 	}
388 
389 	/* Initialize the digest with the underlying provider */
390 	rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
391 	    pLastPart, pulLastPartLen);
392 
393 	/* Present consistent interface to the application */
394 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
395 		return (CKR_FUNCTION_FAILED);
396 	}
397 
398 	return (rv);
399 }
400