xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Keys.c (revision 10a40e179c111088c21d8e895198ac95dcb83d14)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32 
33 /*
34  * C_GenerateKey will verify that the session handle is valid within
35  * the framework, that the mechanism is not disabled for the slot
36  * associated with this session, and then redirect to the underlying
37  * provider.
38  */
39 CK_RV
40 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
41     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
42 {
43 	CK_RV rv;
44 	pkcs11_session_t *sessp;
45 	CK_SLOT_ID slotid;
46 
47 	/* Check for a fastpath */
48 	if (purefastpath || policyfastpath) {
49 		if (policyfastpath &&
50 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
51 			return (CKR_MECHANISM_INVALID);
52 		}
53 		return (fast_funcs->C_GenerateKey(hSession, pMechanism,
54 			    pTemplate, ulCount, phKey));
55 	}
56 
57 	if (!pkcs11_initialized) {
58 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
59 	}
60 
61 	/* Obtain the session pointer */
62 	HANDLE2SESSION(hSession, sessp, rv);
63 
64 	if (rv != CKR_OK) {
65 		return (rv);
66 	}
67 
68 	slotid = sessp->se_slotid;
69 
70 	/* Make sure this is not a disabled mechanism */
71 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
72 		return (CKR_MECHANISM_INVALID);
73 	}
74 
75 	/* Initialize the digest with the underlying provider */
76 	rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle,
77 	    pMechanism, pTemplate, ulCount, phKey);
78 
79 	/* Present consistent interface to the application */
80 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
81 		return (CKR_FUNCTION_FAILED);
82 	}
83 
84 	return (rv);
85 
86 }
87 
88 /*
89  * C_GenerateKeyPair will verify that the session handle is valid within
90  * the framework, that the mechanism is not disabled for the slot
91  * associated with this session, and then redirect to the underlying
92  * provider.
93  */
94 CK_RV
95 C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
96     CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
97     CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
98     CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
99 {
100 	CK_RV rv;
101 	pkcs11_session_t *sessp;
102 	CK_SLOT_ID slotid;
103 
104 
105 	/* Check for a fastpath */
106 	if (purefastpath || policyfastpath) {
107 		if (policyfastpath &&
108 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
109 			return (CKR_MECHANISM_INVALID);
110 		}
111 		return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism,
112 			    pPublicKeyTemplate, ulPublicKeyAttributeCount,
113 			    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
114 			    phPublicKey, phPrivateKey));
115 	}
116 
117 	if (!pkcs11_initialized) {
118 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
119 	}
120 
121 	/* Obtain the session pointer */
122 	HANDLE2SESSION(hSession, sessp, rv);
123 
124 	if (rv != CKR_OK) {
125 		return (rv);
126 	}
127 
128 	slotid = sessp->se_slotid;
129 
130 	/* Make sure this is not a disabled mechanism */
131 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
132 		return (CKR_MECHANISM_INVALID);
133 	}
134 
135 	/* Initialize the digest with the underlying provider */
136 	rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle,
137 	    pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
138 	    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
139 	    phPublicKey, phPrivateKey);
140 
141 	/* Present consistent interface to the application */
142 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
143 		return (CKR_FUNCTION_FAILED);
144 	}
145 
146 	return (rv);
147 }
148 
149 /*
150  * C_WrapKey will verify that the session handle is valid within
151  * the framework, that the mechanism is not disabled for the slot
152  * associated with this session, and then redirect to the underlying
153  * provider.
154  */
155 CK_RV
156 C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
157     CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
158     CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
159 {
160 	CK_RV rv;
161 	pkcs11_session_t *sessp;
162 	CK_SLOT_ID slotid;
163 
164 	/* Check for a fastpath */
165 	if (purefastpath || policyfastpath) {
166 		if (policyfastpath &&
167 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
168 			return (CKR_MECHANISM_INVALID);
169 		}
170 		return (fast_funcs->C_WrapKey(hSession, pMechanism,
171 			    hWrappingKey, hKey, pWrappedKey,
172 			    pulWrappedKeyLen));
173 	}
174 
175 	if (!pkcs11_initialized) {
176 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
177 	}
178 
179 	/* Obtain the session pointer */
180 	HANDLE2SESSION(hSession, sessp, rv);
181 
182 	if (rv != CKR_OK) {
183 		return (rv);
184 	}
185 
186 	slotid = sessp->se_slotid;
187 
188 	/* Make sure this is not a disabled mechanism */
189 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
190 		return (CKR_MECHANISM_INVALID);
191 	}
192 
193 	/* Initialize the digest with the underlying provider */
194 	rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle,
195 	    pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
196 
197 	/* Present consistent interface to the application */
198 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
199 		return (CKR_FUNCTION_FAILED);
200 	}
201 
202 	return (rv);
203 }
204 
205 /*
206  * C_UnwrapKey will verify that the session handle is valid within
207  * the framework, that the mechanism is not disabled for the slot
208  * associated with this session, and then redirect to the underlying
209  * provider.
210  */
211 CK_RV
212 C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
213     CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
214     CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
215     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
216 {
217 	CK_RV rv;
218 	pkcs11_session_t *sessp;
219 	CK_SLOT_ID slotid;
220 
221 	/* Check for a fastpath */
222 	if (purefastpath || policyfastpath) {
223 		if (policyfastpath &&
224 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
225 			return (CKR_MECHANISM_INVALID);
226 		}
227 		return (fast_funcs->C_UnwrapKey(hSession, pMechanism,
228 			    hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
229 			    pTemplate, ulAttributeCount, phKey));
230 	}
231 
232 	if (!pkcs11_initialized) {
233 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
234 	}
235 
236 	/* Obtain the session pointer */
237 	HANDLE2SESSION(hSession, sessp, rv);
238 
239 	if (rv != CKR_OK) {
240 		return (rv);
241 	}
242 
243 	slotid = sessp->se_slotid;
244 
245 	/* Make sure this is not a disabled mechanism */
246 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
247 		return (CKR_MECHANISM_INVALID);
248 	}
249 
250 	/* Initialize the digest with the underlying provider */
251 	rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle,
252 	    pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
253 	    pTemplate, ulAttributeCount, phKey);
254 
255 	/* Present consistent interface to the application */
256 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
257 		return (CKR_FUNCTION_FAILED);
258 	}
259 
260 	return (rv);
261 }
262 
263 /*
264  * C_DeriveKey will verify that the session handle is valid within
265  * the framework, that the mechanism is not disabled for the slot
266  * associated with this session, and then redirect to the underlying
267  * provider.
268  */
269 CK_RV
270 C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
271     CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
272     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
273 {
274 	CK_RV rv;
275 	pkcs11_session_t *sessp;
276 	CK_SLOT_ID slotid;
277 
278 	/* Check for a fastpath */
279 	if (purefastpath || policyfastpath) {
280 		if (policyfastpath &&
281 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
282 			return (CKR_MECHANISM_INVALID);
283 		}
284 		return (fast_funcs->C_DeriveKey(hSession, pMechanism,
285 			    hBaseKey, pTemplate, ulAttributeCount, phKey));
286 	}
287 
288 	if (!pkcs11_initialized) {
289 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
290 	}
291 
292 	/* Obtain the session pointer */
293 	HANDLE2SESSION(hSession, sessp, rv);
294 
295 	if (rv != CKR_OK) {
296 		return (rv);
297 	}
298 
299 	slotid = sessp->se_slotid;
300 
301 	/* Make sure this is not a disabled mechanism */
302 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
303 		return (CKR_MECHANISM_INVALID);
304 	}
305 
306 	/* Initialize the digest with the underlying provider */
307 	rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle,
308 	    pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
309 
310 	/* Present consistent interface to the application */
311 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
312 		return (CKR_FUNCTION_FAILED);
313 	}
314 
315 	return (rv);
316 }
317