xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Sign.c (revision 269e59f9a28bf47e0f463e64fc5af4a408b73b21)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34 
35 /*
36  * C_SignInit will verify that the session handle is valid within the
37  * framework, that the mechanism is not disabled for the slot
38  * associated with this session, and then redirect to the underlying
39  * provider.  Policy is only checked for C_SignInit, since it is
40  * required to be called before C_Sign and C_SignUpdate.
41  */
42 CK_RV
43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44     CK_OBJECT_HANDLE hKey)
45 {
46 
47 	CK_RV rv;
48 	pkcs11_session_t *sessp;
49 	CK_SLOT_ID slotid;
50 
51 	/* Check for a fastpath */
52 	if (purefastpath || policyfastpath) {
53 		if (policyfastpath &&
54 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
55 			return (CKR_MECHANISM_INVALID);
56 		}
57 		return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
58 	}
59 
60 	if (!pkcs11_initialized) {
61 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
62 	}
63 
64 	/* Obtain the session pointer */
65 	HANDLE2SESSION(hSession, sessp, rv);
66 
67 	if (rv != CKR_OK) {
68 		return (rv);
69 	}
70 
71 	slotid = sessp->se_slotid;
72 
73 	/* Make sure this is not a disabled mechanism */
74 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
75 		return (CKR_MECHANISM_INVALID);
76 	}
77 
78 	/* Initialize the digest with the underlying provider */
79 	rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
80 	    pMechanism, hKey);
81 
82 	/* Present consistent interface to the application */
83 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
84 		return (CKR_FUNCTION_FAILED);
85 	}
86 
87 	return (rv);
88 }
89 
90 /*
91  * C_Sign is a pure wrapper to the underlying provider.
92  * The only argument checked is whether or not hSession is valid.
93  */
94 CK_RV
95 C_Sign(CK_SESSION_HANDLE hSession,
96     CK_BYTE_PTR pData,
97     CK_ULONG ulDataLen,
98     CK_BYTE_PTR pSignature,
99     CK_ULONG_PTR pulSignatureLen)
100 {
101 	CK_RV rv;
102 	pkcs11_session_t *sessp;
103 
104 	/* Check for a fastpath */
105 	if (purefastpath || policyfastpath) {
106 		return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
107 			    pSignature, pulSignatureLen));
108 	}
109 
110 	if (!pkcs11_initialized) {
111 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
112 	}
113 
114 	/* Obtain the session pointer */
115 	HANDLE2SESSION(hSession, sessp, rv);
116 
117 	if (rv != CKR_OK) {
118 		return (rv);
119 	}
120 
121 	/* Pass data to the provider */
122 	rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
123 	    ulDataLen, pSignature, pulSignatureLen);
124 
125 	/* Present consistent interface to the application */
126 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
127 		return (CKR_FUNCTION_FAILED);
128 	}
129 
130 	return (rv);
131 
132 }
133 
134 /*
135  * C_SignUpdate is a pure wrapper to the underlying provider.
136  * The only argument checked is whether or not hSession is valid.
137  */
138 CK_RV
139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
140 {
141 	CK_RV rv;
142 	pkcs11_session_t *sessp;
143 
144 	/* Check for a fastpath */
145 	if (purefastpath || policyfastpath) {
146 		return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
147 	}
148 
149 	if (!pkcs11_initialized) {
150 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
151 	}
152 
153 	/* Obtain the session pointer */
154 	HANDLE2SESSION(hSession, sessp, rv);
155 
156 	if (rv != CKR_OK) {
157 		return (rv);
158 	}
159 
160 	/* Pass data to the provider */
161 	rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
162 	    ulPartLen);
163 
164 	/* Present consistent interface to the application */
165 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
166 		return (CKR_FUNCTION_FAILED);
167 	}
168 
169 	return (rv);
170 
171 }
172 
173 /*
174  * C_SignFinal is a pure wrapper to the underlying provider.
175  * The only argument checked is whether or not hSession is valid.
176  */
177 CK_RV
178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
179     CK_ULONG_PTR pulSignatureLen)
180 {
181 	CK_RV rv;
182 	pkcs11_session_t *sessp;
183 
184 	/* Check for a fastpath */
185 	if (purefastpath || policyfastpath) {
186 		return (fast_funcs->C_SignFinal(hSession, pSignature,
187 			    pulSignatureLen));
188 	}
189 
190 	if (!pkcs11_initialized) {
191 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
192 	}
193 
194 	/* Obtain the session pointer */
195 	HANDLE2SESSION(hSession, sessp, rv);
196 
197 	if (rv != CKR_OK) {
198 		return (rv);
199 	}
200 
201 	/* Pass data to the provider */
202 	rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
203 	    pSignature, pulSignatureLen);
204 
205 	/* Present consistent interface to the application */
206 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
207 		return (CKR_FUNCTION_FAILED);
208 	}
209 
210 	return (rv);
211 }
212 
213 /*
214  * C_SignRecoverInit will verify that the session handle is valid within
215  * the framework, that the mechanism is not disabled for the slot
216  * associated with this session, and then redirect to the underlying
217  * provider.  Policy is only checked for C_SignRecoverInit, since it is
218  * required to be called before C_SignRecover.
219  */
220 CK_RV
221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
222     CK_OBJECT_HANDLE hKey)
223 {
224 	CK_RV rv;
225 	pkcs11_session_t *sessp;
226 	CK_SLOT_ID slotid;
227 
228 	/* Check for a fastpath */
229 	if (purefastpath || policyfastpath) {
230 		if (policyfastpath &&
231 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
232 			return (CKR_MECHANISM_INVALID);
233 		}
234 		return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
235 			    hKey));
236 	}
237 
238 	if (!pkcs11_initialized) {
239 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
240 	}
241 
242 	/* Obtain the session pointer */
243 	HANDLE2SESSION(hSession, sessp, rv);
244 
245 	if (rv != CKR_OK) {
246 		return (rv);
247 	}
248 
249 	slotid = sessp->se_slotid;
250 
251 	/* Make sure this is not a disabled mechanism */
252 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
253 		return (CKR_MECHANISM_INVALID);
254 	}
255 
256 	/* Initialize the digest with the underlying provider */
257 	rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
258 	    pMechanism, hKey);
259 
260 	/* Present consistent interface to the application */
261 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
262 		return (CKR_FUNCTION_FAILED);
263 	}
264 
265 	return (rv);
266 
267 }
268 
269 /*
270  * C_SignRecover is a pure wrapper to the underlying provider.
271  * The only argument checked is whether or not hSession is valid.
272  */
273 CK_RV
274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
275     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
276 {
277 	CK_RV rv;
278 	pkcs11_session_t *sessp;
279 
280 	/* Check for a fastpath */
281 	if (purefastpath || policyfastpath) {
282 		return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
283 			    pSignature, pulSignatureLen));
284 	}
285 	if (!pkcs11_initialized) {
286 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
287 	}
288 
289 	/* Obtain the session pointer */
290 	HANDLE2SESSION(hSession, sessp, rv);
291 
292 	if (rv != CKR_OK) {
293 		return (rv);
294 	}
295 
296 	/* Pass data to the provider */
297 	rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
298 	    ulDataLen, pSignature, pulSignatureLen);
299 
300 	/* Present consistent interface to the application */
301 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302 		return (CKR_FUNCTION_FAILED);
303 	}
304 
305 	return (rv);
306 }
307