1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32
33 /*
34 * C_GenerateKey will verify that the session handle is valid within
35 * the framework, that the mechanism is not disabled for the slot
36 * associated with this session, and then redirect to the underlying
37 * provider.
38 */
39 CK_RV
C_GenerateKey(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phKey)40 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
41 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
42 {
43 CK_RV rv;
44 pkcs11_session_t *sessp;
45 CK_SLOT_ID slotid;
46
47 /* Check for a fastpath */
48 if (purefastpath || policyfastpath) {
49 if (policyfastpath &&
50 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
51 return (CKR_MECHANISM_INVALID);
52 }
53 return (fast_funcs->C_GenerateKey(hSession, pMechanism,
54 pTemplate, ulCount, phKey));
55 }
56
57 if (!pkcs11_initialized) {
58 return (CKR_CRYPTOKI_NOT_INITIALIZED);
59 }
60
61 /* Obtain the session pointer */
62 HANDLE2SESSION(hSession, sessp, rv);
63
64 if (rv != CKR_OK) {
65 return (rv);
66 }
67
68 slotid = sessp->se_slotid;
69
70 /* Make sure this is not a disabled mechanism */
71 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
72 return (CKR_MECHANISM_INVALID);
73 }
74
75 /* Initialize the digest with the underlying provider */
76 rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle,
77 pMechanism, pTemplate, ulCount, phKey);
78
79 /* Present consistent interface to the application */
80 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
81 return (CKR_FUNCTION_FAILED);
82 }
83
84 return (rv);
85
86 }
87
88 /*
89 * C_GenerateKeyPair will verify that the session handle is valid within
90 * the framework, that the mechanism is not disabled for the slot
91 * associated with this session, and then redirect to the underlying
92 * provider.
93 */
94 CK_RV
C_GenerateKeyPair(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pPublicKeyTemplate,CK_ULONG ulPublicKeyAttributeCount,CK_ATTRIBUTE_PTR pPrivateKeyTemplate,CK_ULONG ulPrivateKeyAttributeCount,CK_OBJECT_HANDLE_PTR phPublicKey,CK_OBJECT_HANDLE_PTR phPrivateKey)95 C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
96 CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
97 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
98 CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
99 {
100 CK_RV rv;
101 pkcs11_session_t *sessp;
102 CK_SLOT_ID slotid;
103
104
105 /* Check for a fastpath */
106 if (purefastpath || policyfastpath) {
107 if (policyfastpath &&
108 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
109 return (CKR_MECHANISM_INVALID);
110 }
111 return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism,
112 pPublicKeyTemplate, ulPublicKeyAttributeCount,
113 pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
114 phPublicKey, phPrivateKey));
115 }
116
117 if (!pkcs11_initialized) {
118 return (CKR_CRYPTOKI_NOT_INITIALIZED);
119 }
120
121 /* Obtain the session pointer */
122 HANDLE2SESSION(hSession, sessp, rv);
123
124 if (rv != CKR_OK) {
125 return (rv);
126 }
127
128 slotid = sessp->se_slotid;
129
130 /* Make sure this is not a disabled mechanism */
131 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
132 return (CKR_MECHANISM_INVALID);
133 }
134
135 /* Initialize the digest with the underlying provider */
136 rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle,
137 pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
138 pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
139 phPublicKey, phPrivateKey);
140
141 /* Present consistent interface to the application */
142 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
143 return (CKR_FUNCTION_FAILED);
144 }
145
146 return (rv);
147 }
148
149 /*
150 * C_WrapKey will verify that the session handle is valid within
151 * the framework, that the mechanism is not disabled for the slot
152 * associated with this session, and then redirect to the underlying
153 * provider.
154 */
155 CK_RV
C_WrapKey(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hWrappingKey,CK_OBJECT_HANDLE hKey,CK_BYTE_PTR pWrappedKey,CK_ULONG_PTR pulWrappedKeyLen)156 C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
157 CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
158 CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
159 {
160 CK_RV rv;
161 pkcs11_session_t *sessp;
162 CK_SLOT_ID slotid;
163
164 /* Check for a fastpath */
165 if (purefastpath || policyfastpath) {
166 if (policyfastpath &&
167 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
168 return (CKR_MECHANISM_INVALID);
169 }
170 return (fast_funcs->C_WrapKey(hSession, pMechanism,
171 hWrappingKey, hKey, pWrappedKey,
172 pulWrappedKeyLen));
173 }
174
175 if (!pkcs11_initialized) {
176 return (CKR_CRYPTOKI_NOT_INITIALIZED);
177 }
178
179 /* Obtain the session pointer */
180 HANDLE2SESSION(hSession, sessp, rv);
181
182 if (rv != CKR_OK) {
183 return (rv);
184 }
185
186 slotid = sessp->se_slotid;
187
188 /* Make sure this is not a disabled mechanism */
189 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
190 return (CKR_MECHANISM_INVALID);
191 }
192
193 /* Initialize the digest with the underlying provider */
194 rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle,
195 pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
196
197 /* Present consistent interface to the application */
198 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
199 return (CKR_FUNCTION_FAILED);
200 }
201
202 return (rv);
203 }
204
205 /*
206 * C_UnwrapKey will verify that the session handle is valid within
207 * the framework, that the mechanism is not disabled for the slot
208 * associated with this session, and then redirect to the underlying
209 * provider.
210 */
211 CK_RV
C_UnwrapKey(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hUnwrappingKey,CK_BYTE_PTR pWrappedKey,CK_ULONG ulWrappedKeyLen,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulAttributeCount,CK_OBJECT_HANDLE_PTR phKey)212 C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
213 CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
214 CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
215 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
216 {
217 CK_RV rv;
218 pkcs11_session_t *sessp;
219 CK_SLOT_ID slotid;
220
221 /* Check for a fastpath */
222 if (purefastpath || policyfastpath) {
223 if (policyfastpath &&
224 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
225 return (CKR_MECHANISM_INVALID);
226 }
227 return (fast_funcs->C_UnwrapKey(hSession, pMechanism,
228 hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
229 pTemplate, ulAttributeCount, phKey));
230 }
231
232 if (!pkcs11_initialized) {
233 return (CKR_CRYPTOKI_NOT_INITIALIZED);
234 }
235
236 /* Obtain the session pointer */
237 HANDLE2SESSION(hSession, sessp, rv);
238
239 if (rv != CKR_OK) {
240 return (rv);
241 }
242
243 slotid = sessp->se_slotid;
244
245 /* Make sure this is not a disabled mechanism */
246 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
247 return (CKR_MECHANISM_INVALID);
248 }
249
250 /* Initialize the digest with the underlying provider */
251 rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle,
252 pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
253 pTemplate, ulAttributeCount, phKey);
254
255 /* Present consistent interface to the application */
256 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
257 return (CKR_FUNCTION_FAILED);
258 }
259
260 return (rv);
261 }
262
263 /*
264 * C_DeriveKey will verify that the session handle is valid within
265 * the framework, that the mechanism is not disabled for the slot
266 * associated with this session, and then redirect to the underlying
267 * provider.
268 */
269 CK_RV
C_DeriveKey(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hBaseKey,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulAttributeCount,CK_OBJECT_HANDLE_PTR phKey)270 C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
271 CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
272 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
273 {
274 CK_RV rv;
275 pkcs11_session_t *sessp;
276 CK_SLOT_ID slotid;
277
278 /* Check for a fastpath */
279 if (purefastpath || policyfastpath) {
280 if (policyfastpath &&
281 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
282 return (CKR_MECHANISM_INVALID);
283 }
284 return (fast_funcs->C_DeriveKey(hSession, pMechanism,
285 hBaseKey, pTemplate, ulAttributeCount, phKey));
286 }
287
288 if (!pkcs11_initialized) {
289 return (CKR_CRYPTOKI_NOT_INITIALIZED);
290 }
291
292 /* Obtain the session pointer */
293 HANDLE2SESSION(hSession, sessp, rv);
294
295 if (rv != CKR_OK) {
296 return (rv);
297 }
298
299 slotid = sessp->se_slotid;
300
301 /* Make sure this is not a disabled mechanism */
302 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
303 return (CKR_MECHANISM_INVALID);
304 }
305
306 /* Initialize the digest with the underlying provider */
307 rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle,
308 pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
309
310 /* Present consistent interface to the application */
311 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
312 return (CKR_FUNCTION_FAILED);
313 }
314
315 return (rv);
316 }
317