1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <security/cryptoki.h> 30 #include "pkcs11Global.h" 31 #include "pkcs11Conf.h" 32 #include "pkcs11Session.h" 33 #include "pkcs11Slot.h" 34 35 /* 36 * C_SignInit will verify that the session handle is valid within the 37 * framework, that the mechanism is not disabled for the slot 38 * associated with this session, and then redirect to the underlying 39 * provider. Policy is only checked for C_SignInit, since it is 40 * required to be called before C_Sign and C_SignUpdate. 41 */ 42 CK_RV 43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 44 CK_OBJECT_HANDLE hKey) 45 { 46 47 CK_RV rv; 48 pkcs11_session_t *sessp; 49 CK_SLOT_ID slotid; 50 51 /* Check for a fastpath */ 52 if (purefastpath || policyfastpath) { 53 if (policyfastpath && 54 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 55 return (CKR_MECHANISM_INVALID); 56 } 57 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey)); 58 } 59 60 if (!pkcs11_initialized) { 61 return (CKR_CRYPTOKI_NOT_INITIALIZED); 62 } 63 64 /* Obtain the session pointer */ 65 HANDLE2SESSION(hSession, sessp, rv); 66 67 if (rv != CKR_OK) { 68 return (rv); 69 } 70 71 slotid = sessp->se_slotid; 72 73 /* Make sure this is not a disabled mechanism */ 74 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 75 return (CKR_MECHANISM_INVALID); 76 } 77 78 /* Initialize the digest with the underlying provider */ 79 rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle, 80 pMechanism, hKey); 81 82 /* Present consistent interface to the application */ 83 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 84 return (CKR_FUNCTION_FAILED); 85 } 86 87 return (rv); 88 } 89 90 /* 91 * C_Sign is a pure wrapper to the underlying provider. 92 * The only argument checked is whether or not hSession is valid. 93 */ 94 CK_RV 95 C_Sign(CK_SESSION_HANDLE hSession, 96 CK_BYTE_PTR pData, 97 CK_ULONG ulDataLen, 98 CK_BYTE_PTR pSignature, 99 CK_ULONG_PTR pulSignatureLen) 100 { 101 CK_RV rv; 102 pkcs11_session_t *sessp; 103 104 /* Check for a fastpath */ 105 if (purefastpath || policyfastpath) { 106 return (fast_funcs->C_Sign(hSession, pData, ulDataLen, 107 pSignature, pulSignatureLen)); 108 } 109 110 if (!pkcs11_initialized) { 111 return (CKR_CRYPTOKI_NOT_INITIALIZED); 112 } 113 114 /* Obtain the session pointer */ 115 HANDLE2SESSION(hSession, sessp, rv); 116 117 if (rv != CKR_OK) { 118 return (rv); 119 } 120 121 /* Pass data to the provider */ 122 rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData, 123 ulDataLen, pSignature, pulSignatureLen); 124 125 /* Present consistent interface to the application */ 126 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 127 return (CKR_FUNCTION_FAILED); 128 } 129 130 return (rv); 131 132 } 133 134 /* 135 * C_SignUpdate is a pure wrapper to the underlying provider. 136 * The only argument checked is whether or not hSession is valid. 137 */ 138 CK_RV 139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) 140 { 141 CK_RV rv; 142 pkcs11_session_t *sessp; 143 144 /* Check for a fastpath */ 145 if (purefastpath || policyfastpath) { 146 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen)); 147 } 148 149 if (!pkcs11_initialized) { 150 return (CKR_CRYPTOKI_NOT_INITIALIZED); 151 } 152 153 /* Obtain the session pointer */ 154 HANDLE2SESSION(hSession, sessp, rv); 155 156 if (rv != CKR_OK) { 157 return (rv); 158 } 159 160 /* Pass data to the provider */ 161 rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart, 162 ulPartLen); 163 164 /* Present consistent interface to the application */ 165 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 166 return (CKR_FUNCTION_FAILED); 167 } 168 169 return (rv); 170 171 } 172 173 /* 174 * C_SignFinal is a pure wrapper to the underlying provider. 175 * The only argument checked is whether or not hSession is valid. 176 */ 177 CK_RV 178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 179 CK_ULONG_PTR pulSignatureLen) 180 { 181 CK_RV rv; 182 pkcs11_session_t *sessp; 183 184 /* Check for a fastpath */ 185 if (purefastpath || policyfastpath) { 186 return (fast_funcs->C_SignFinal(hSession, pSignature, 187 pulSignatureLen)); 188 } 189 190 if (!pkcs11_initialized) { 191 return (CKR_CRYPTOKI_NOT_INITIALIZED); 192 } 193 194 /* Obtain the session pointer */ 195 HANDLE2SESSION(hSession, sessp, rv); 196 197 if (rv != CKR_OK) { 198 return (rv); 199 } 200 201 /* Pass data to the provider */ 202 rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle, 203 pSignature, pulSignatureLen); 204 205 /* Present consistent interface to the application */ 206 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 207 return (CKR_FUNCTION_FAILED); 208 } 209 210 return (rv); 211 } 212 213 /* 214 * C_SignRecoverInit will verify that the session handle is valid within 215 * the framework, that the mechanism is not disabled for the slot 216 * associated with this session, and then redirect to the underlying 217 * provider. Policy is only checked for C_SignRecoverInit, since it is 218 * required to be called before C_SignRecover. 219 */ 220 CK_RV 221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 222 CK_OBJECT_HANDLE hKey) 223 { 224 CK_RV rv; 225 pkcs11_session_t *sessp; 226 CK_SLOT_ID slotid; 227 228 /* Check for a fastpath */ 229 if (purefastpath || policyfastpath) { 230 if (policyfastpath && 231 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 232 return (CKR_MECHANISM_INVALID); 233 } 234 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism, 235 hKey)); 236 } 237 238 if (!pkcs11_initialized) { 239 return (CKR_CRYPTOKI_NOT_INITIALIZED); 240 } 241 242 /* Obtain the session pointer */ 243 HANDLE2SESSION(hSession, sessp, rv); 244 245 if (rv != CKR_OK) { 246 return (rv); 247 } 248 249 slotid = sessp->se_slotid; 250 251 /* Make sure this is not a disabled mechanism */ 252 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 253 return (CKR_MECHANISM_INVALID); 254 } 255 256 /* Initialize the digest with the underlying provider */ 257 rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle, 258 pMechanism, hKey); 259 260 /* Present consistent interface to the application */ 261 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 262 return (CKR_FUNCTION_FAILED); 263 } 264 265 return (rv); 266 267 } 268 269 /* 270 * C_SignRecover is a pure wrapper to the underlying provider. 271 * The only argument checked is whether or not hSession is valid. 272 */ 273 CK_RV 274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 275 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) 276 { 277 CK_RV rv; 278 pkcs11_session_t *sessp; 279 280 /* Check for a fastpath */ 281 if (purefastpath || policyfastpath) { 282 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen, 283 pSignature, pulSignatureLen)); 284 } 285 if (!pkcs11_initialized) { 286 return (CKR_CRYPTOKI_NOT_INITIALIZED); 287 } 288 289 /* Obtain the session pointer */ 290 HANDLE2SESSION(hSession, sessp, rv); 291 292 if (rv != CKR_OK) { 293 return (rv); 294 } 295 296 /* Pass data to the provider */ 297 rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData, 298 ulDataLen, pSignature, pulSignatureLen); 299 300 /* Present consistent interface to the application */ 301 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 302 return (CKR_FUNCTION_FAILED); 303 } 304 305 return (rv); 306 } 307