1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <security/cryptoki.h> 28 #include "pkcs11Global.h" 29 #include "pkcs11Conf.h" 30 #include "pkcs11Session.h" 31 #include "pkcs11Slot.h" 32 33 /* 34 * C_SignInit will verify that the session handle is valid within the 35 * framework, that the mechanism is not disabled for the slot 36 * associated with this session, and then redirect to the underlying 37 * provider. Policy is only checked for C_SignInit, since it is 38 * required to be called before C_Sign and C_SignUpdate. 39 */ 40 CK_RV 41 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 42 CK_OBJECT_HANDLE hKey) 43 { 44 45 CK_RV rv; 46 pkcs11_session_t *sessp; 47 CK_SLOT_ID slotid; 48 49 /* Check for a fastpath */ 50 if (purefastpath || policyfastpath) { 51 if (policyfastpath && 52 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 53 return (CKR_MECHANISM_INVALID); 54 } 55 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey)); 56 } 57 58 if (!pkcs11_initialized) { 59 return (CKR_CRYPTOKI_NOT_INITIALIZED); 60 } 61 62 /* Obtain the session pointer */ 63 HANDLE2SESSION(hSession, sessp, rv); 64 65 if (rv != CKR_OK) { 66 return (rv); 67 } 68 69 slotid = sessp->se_slotid; 70 71 /* Make sure this is not a disabled mechanism */ 72 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 73 return (CKR_MECHANISM_INVALID); 74 } 75 76 /* Initialize the digest with the underlying provider */ 77 rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle, 78 pMechanism, hKey); 79 80 /* Present consistent interface to the application */ 81 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 82 return (CKR_FUNCTION_FAILED); 83 } 84 85 return (rv); 86 } 87 88 /* 89 * C_Sign is a pure wrapper to the underlying provider. 90 * The only argument checked is whether or not hSession is valid. 91 */ 92 CK_RV 93 C_Sign(CK_SESSION_HANDLE hSession, 94 CK_BYTE_PTR pData, 95 CK_ULONG ulDataLen, 96 CK_BYTE_PTR pSignature, 97 CK_ULONG_PTR pulSignatureLen) 98 { 99 CK_RV rv; 100 pkcs11_session_t *sessp; 101 102 /* Check for a fastpath */ 103 if (purefastpath || policyfastpath) { 104 return (fast_funcs->C_Sign(hSession, pData, ulDataLen, 105 pSignature, pulSignatureLen)); 106 } 107 108 if (!pkcs11_initialized) { 109 return (CKR_CRYPTOKI_NOT_INITIALIZED); 110 } 111 112 /* Obtain the session pointer */ 113 HANDLE2SESSION(hSession, sessp, rv); 114 115 if (rv != CKR_OK) { 116 return (rv); 117 } 118 119 /* Pass data to the provider */ 120 rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData, 121 ulDataLen, pSignature, pulSignatureLen); 122 123 /* Present consistent interface to the application */ 124 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 125 return (CKR_FUNCTION_FAILED); 126 } 127 128 return (rv); 129 130 } 131 132 /* 133 * C_SignUpdate is a pure wrapper to the underlying provider. 134 * The only argument checked is whether or not hSession is valid. 135 */ 136 CK_RV 137 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) 138 { 139 CK_RV rv; 140 pkcs11_session_t *sessp; 141 142 /* Check for a fastpath */ 143 if (purefastpath || policyfastpath) { 144 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen)); 145 } 146 147 if (!pkcs11_initialized) { 148 return (CKR_CRYPTOKI_NOT_INITIALIZED); 149 } 150 151 /* Obtain the session pointer */ 152 HANDLE2SESSION(hSession, sessp, rv); 153 154 if (rv != CKR_OK) { 155 return (rv); 156 } 157 158 /* Pass data to the provider */ 159 rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart, 160 ulPartLen); 161 162 /* Present consistent interface to the application */ 163 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 164 return (CKR_FUNCTION_FAILED); 165 } 166 167 return (rv); 168 169 } 170 171 /* 172 * C_SignFinal is a pure wrapper to the underlying provider. 173 * The only argument checked is whether or not hSession is valid. 174 */ 175 CK_RV 176 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 177 CK_ULONG_PTR pulSignatureLen) 178 { 179 CK_RV rv; 180 pkcs11_session_t *sessp; 181 182 /* Check for a fastpath */ 183 if (purefastpath || policyfastpath) { 184 return (fast_funcs->C_SignFinal(hSession, pSignature, 185 pulSignatureLen)); 186 } 187 188 if (!pkcs11_initialized) { 189 return (CKR_CRYPTOKI_NOT_INITIALIZED); 190 } 191 192 /* Obtain the session pointer */ 193 HANDLE2SESSION(hSession, sessp, rv); 194 195 if (rv != CKR_OK) { 196 return (rv); 197 } 198 199 /* Pass data to the provider */ 200 rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle, 201 pSignature, pulSignatureLen); 202 203 /* Present consistent interface to the application */ 204 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 205 return (CKR_FUNCTION_FAILED); 206 } 207 208 return (rv); 209 } 210 211 /* 212 * C_SignRecoverInit will verify that the session handle is valid within 213 * the framework, that the mechanism is not disabled for the slot 214 * associated with this session, and then redirect to the underlying 215 * provider. Policy is only checked for C_SignRecoverInit, since it is 216 * required to be called before C_SignRecover. 217 */ 218 CK_RV 219 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 220 CK_OBJECT_HANDLE hKey) 221 { 222 CK_RV rv; 223 pkcs11_session_t *sessp; 224 CK_SLOT_ID slotid; 225 226 /* Check for a fastpath */ 227 if (purefastpath || policyfastpath) { 228 if (policyfastpath && 229 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 230 return (CKR_MECHANISM_INVALID); 231 } 232 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism, 233 hKey)); 234 } 235 236 if (!pkcs11_initialized) { 237 return (CKR_CRYPTOKI_NOT_INITIALIZED); 238 } 239 240 /* Obtain the session pointer */ 241 HANDLE2SESSION(hSession, sessp, rv); 242 243 if (rv != CKR_OK) { 244 return (rv); 245 } 246 247 slotid = sessp->se_slotid; 248 249 /* Make sure this is not a disabled mechanism */ 250 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 251 return (CKR_MECHANISM_INVALID); 252 } 253 254 /* Initialize the digest with the underlying provider */ 255 rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle, 256 pMechanism, hKey); 257 258 /* Present consistent interface to the application */ 259 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 260 return (CKR_FUNCTION_FAILED); 261 } 262 263 return (rv); 264 265 } 266 267 /* 268 * C_SignRecover is a pure wrapper to the underlying provider. 269 * The only argument checked is whether or not hSession is valid. 270 */ 271 CK_RV 272 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 273 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) 274 { 275 CK_RV rv; 276 pkcs11_session_t *sessp; 277 278 /* Check for a fastpath */ 279 if (purefastpath || policyfastpath) { 280 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen, 281 pSignature, pulSignatureLen)); 282 } 283 if (!pkcs11_initialized) { 284 return (CKR_CRYPTOKI_NOT_INITIALIZED); 285 } 286 287 /* Obtain the session pointer */ 288 HANDLE2SESSION(hSession, sessp, rv); 289 290 if (rv != CKR_OK) { 291 return (rv); 292 } 293 294 /* Pass data to the provider */ 295 rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData, 296 ulDataLen, pSignature, pulSignatureLen); 297 298 /* Present consistent interface to the application */ 299 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 300 return (CKR_FUNCTION_FAILED); 301 } 302 303 return (rv); 304 } 305