1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34
35 /*
36 * C_EncryptInit will verify that the session handle is valid within
37 * the framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider. Policy is checked for C_EncryptInit, and not C_Encrypt
40 * or C_EncryptUpdate, since C_EncryptInit is required to be called
41 * before C_Encrypt and C_EncryptUpdate.
42 */
43 CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)44 C_EncryptInit(CK_SESSION_HANDLE hSession,
45 CK_MECHANISM_PTR pMechanism,
46 CK_OBJECT_HANDLE hKey)
47 {
48 CK_RV rv;
49 pkcs11_session_t *sessp;
50 CK_SLOT_ID slotid;
51
52 /* Check for a fastpath */
53 if (purefastpath || policyfastpath) {
54 if (policyfastpath &&
55 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
56 return (CKR_MECHANISM_INVALID);
57 }
58 return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
59 }
60
61 if (!pkcs11_initialized) {
62 return (CKR_CRYPTOKI_NOT_INITIALIZED);
63 }
64
65 /* Obtain the session pointer */
66 HANDLE2SESSION(hSession, sessp, rv);
67
68 if (rv != CKR_OK) {
69 return (rv);
70 }
71
72 slotid = sessp->se_slotid;
73
74 /* Make sure this is not a disabled mechanism */
75 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
76 return (CKR_MECHANISM_INVALID);
77 }
78
79 /* Initialize the digest with the underlying provider */
80 rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
81 pMechanism, hKey);
82
83 /* Present consistent interface to the application */
84 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
85 return (CKR_FUNCTION_FAILED);
86 }
87
88 return (rv);
89 }
90
91 /*
92 * C_Encrypt is a pure wrapper to the underlying provider.
93 * The only argument checked is whether or not hSession is valid.
94 */
95 CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pEncryptedData,CK_ULONG_PTR pulEncryptedDataLen)96 C_Encrypt(CK_SESSION_HANDLE hSession,
97 CK_BYTE_PTR pData,
98 CK_ULONG ulDataLen,
99 CK_BYTE_PTR pEncryptedData,
100 CK_ULONG_PTR pulEncryptedDataLen)
101 {
102 CK_RV rv;
103 pkcs11_session_t *sessp;
104
105 /* Check for a fastpath */
106 if (purefastpath || policyfastpath) {
107 return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
108 pEncryptedData, pulEncryptedDataLen));
109 }
110
111 if (!pkcs11_initialized) {
112 return (CKR_CRYPTOKI_NOT_INITIALIZED);
113 }
114
115 /* Obtain the session pointer */
116 HANDLE2SESSION(hSession, sessp, rv);
117
118 if (rv != CKR_OK) {
119 return (rv);
120 }
121
122 /* Initialize the digest with the underlying provider */
123 rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData,
124 ulDataLen, pEncryptedData, pulEncryptedDataLen);
125
126 /* Present consistent interface to the application */
127 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
128 return (CKR_FUNCTION_FAILED);
129 }
130
131 return (rv);
132 }
133
134 /*
135 * C_EncryptUpdate is a pure wrapper to the underlying provider.
136 * The only argument checked is whether or not hSession is valid.
137 */
138 CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)139 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
140 CK_BYTE_PTR pPart,
141 CK_ULONG ulPartLen,
142 CK_BYTE_PTR pEncryptedPart,
143 CK_ULONG_PTR pulEncryptedPartLen)
144 {
145 CK_RV rv;
146 pkcs11_session_t *sessp;
147
148 /* Check for a fastpath */
149 if (purefastpath || policyfastpath) {
150 return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
151 pEncryptedPart, pulEncryptedPartLen));
152 }
153
154 if (!pkcs11_initialized) {
155 return (CKR_CRYPTOKI_NOT_INITIALIZED);
156 }
157
158 /* Obtain the session pointer */
159 HANDLE2SESSION(hSession, sessp, rv);
160
161 if (rv != CKR_OK) {
162 return (rv);
163 }
164
165 /* Initialize the digest with the underlying provider */
166 rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
167 pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
168
169 /* Present consistent interface to the application */
170 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
171 return (CKR_FUNCTION_FAILED);
172 }
173
174 return (rv);
175 }
176
177 /*
178 * C_EncryptFinal is a pure wrapper to the underlying provider.
179 * The only argument checked is whether or not hSession is valid.
180 */
181 CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastEncryptedPart,CK_ULONG_PTR pulLastEncryptedPartLen)182 C_EncryptFinal(CK_SESSION_HANDLE hSession,
183 CK_BYTE_PTR pLastEncryptedPart,
184 CK_ULONG_PTR pulLastEncryptedPartLen)
185 {
186 CK_RV rv;
187 pkcs11_session_t *sessp;
188
189 /* Check for a fastpath */
190 if (purefastpath || policyfastpath) {
191 return (fast_funcs->C_EncryptFinal(hSession,
192 pLastEncryptedPart, pulLastEncryptedPartLen));
193 }
194
195 if (!pkcs11_initialized) {
196 return (CKR_CRYPTOKI_NOT_INITIALIZED);
197 }
198
199 /* Obtain the session pointer */
200 HANDLE2SESSION(hSession, sessp, rv);
201
202 if (rv != CKR_OK) {
203 return (rv);
204 }
205
206 /* Initialize the digest with the underlying provider */
207 rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
208 pLastEncryptedPart, pulLastEncryptedPartLen);
209
210 /* Present consistent interface to the application */
211 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
212 return (CKR_FUNCTION_FAILED);
213 }
214
215 return (rv);
216 }
217
218 /*
219 * C_DecryptInit will verify that the session handle is valid within
220 * the framework, that the mechanism is not disabled for the slot
221 * associated with this session, and then redirect to the underlying
222 * provider. Policy is checked for C_DecryptInit, and not C_Decrypt
223 * or C_DecryptUpdate, since C_DecryptInit is required to be called
224 * before C_Decrypt and C_DecryptUpdate.
225 */
226 CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)227 C_DecryptInit(CK_SESSION_HANDLE hSession,
228 CK_MECHANISM_PTR pMechanism,
229 CK_OBJECT_HANDLE hKey)
230 {
231 CK_RV rv;
232 pkcs11_session_t *sessp;
233 CK_SLOT_ID slotid;
234
235 /* Check for a fastpath */
236 if (purefastpath || policyfastpath) {
237 if (policyfastpath &&
238 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
239 return (CKR_MECHANISM_INVALID);
240 }
241 return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
242 }
243
244 if (!pkcs11_initialized) {
245 return (CKR_CRYPTOKI_NOT_INITIALIZED);
246 }
247
248 /* Obtain the session pointer */
249 HANDLE2SESSION(hSession, sessp, rv);
250
251 if (rv != CKR_OK) {
252 return (rv);
253 }
254
255 slotid = sessp->se_slotid;
256
257 /* Make sure this is not a disabled mechanism */
258 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
259 return (CKR_MECHANISM_INVALID);
260 }
261
262 /* Initialize the digest with the underlying provider */
263 rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
264 pMechanism, hKey);
265
266 /* Present consistent interface to the application */
267 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
268 return (CKR_FUNCTION_FAILED);
269 }
270
271 return (rv);
272 }
273
274 /*
275 * C_Decrypt is a pure wrapper to the underlying provider.
276 * The only argument checked is whether or not hSession is valid.
277 */
278 CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)279 C_Decrypt(CK_SESSION_HANDLE hSession,
280 CK_BYTE_PTR pEncryptedData,
281 CK_ULONG ulEncryptedDataLen,
282 CK_BYTE_PTR pData,
283 CK_ULONG_PTR pulDataLen)
284 {
285 CK_RV rv;
286 pkcs11_session_t *sessp;
287
288 /* Check for a fastpath */
289 if (purefastpath || policyfastpath) {
290 return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
291 ulEncryptedDataLen, pData, pulDataLen));
292 }
293
294 if (!pkcs11_initialized) {
295 return (CKR_CRYPTOKI_NOT_INITIALIZED);
296 }
297
298 /* Obtain the session pointer */
299 HANDLE2SESSION(hSession, sessp, rv);
300
301 if (rv != CKR_OK) {
302 return (rv);
303 }
304
305 /* Initialize the digest with the underlying provider */
306 rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
307 pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
308
309 /* Present consistent interface to the application */
310 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
311 return (CKR_FUNCTION_FAILED);
312 }
313
314 return (rv);
315 }
316
317 /*
318 * C_DecryptUpdate is a pure wrapper to the underlying provider.
319 * The only argument checked is whether or not hSession is valid.
320 */
321 CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)322 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
323 CK_BYTE_PTR pEncryptedPart,
324 CK_ULONG ulEncryptedPartLen,
325 CK_BYTE_PTR pPart,
326 CK_ULONG_PTR pulPartLen)
327 {
328 CK_RV rv;
329 pkcs11_session_t *sessp;
330
331 /* Check for a fastpath */
332 if (purefastpath || policyfastpath) {
333 return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
334 ulEncryptedPartLen, pPart, pulPartLen));
335 }
336
337 if (!pkcs11_initialized) {
338 return (CKR_CRYPTOKI_NOT_INITIALIZED);
339 }
340
341 /* Obtain the session pointer */
342 HANDLE2SESSION(hSession, sessp, rv);
343
344 if (rv != CKR_OK) {
345 return (rv);
346 }
347
348 /* Initialize the digest with the underlying provider */
349 rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle,
350 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
351
352 /* Present consistent interface to the application */
353 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
354 return (CKR_FUNCTION_FAILED);
355 }
356
357 return (rv);
358 }
359
360 /*
361 * C_DecryptFinal is a pure wrapper to the underlying provider.
362 * The only argument checked is whether or not hSession is valid.
363 */
364 CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pLastPart,CK_ULONG_PTR pulLastPartLen)365 C_DecryptFinal(CK_SESSION_HANDLE hSession,
366 CK_BYTE_PTR pLastPart,
367 CK_ULONG_PTR pulLastPartLen)
368 {
369 CK_RV rv;
370 pkcs11_session_t *sessp;
371
372 /* Check for a fastpath */
373 if (purefastpath || policyfastpath) {
374 return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
375 pulLastPartLen));
376 }
377
378 if (!pkcs11_initialized) {
379 return (CKR_CRYPTOKI_NOT_INITIALIZED);
380 }
381
382 /* Obtain the session pointer */
383 HANDLE2SESSION(hSession, sessp, rv);
384
385 if (rv != CKR_OK) {
386 return (rv);
387 }
388
389 /* Initialize the digest with the underlying provider */
390 rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
391 pLastPart, pulLastPartLen);
392
393 /* Present consistent interface to the application */
394 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
395 return (CKR_FUNCTION_FAILED);
396 }
397
398 return (rv);
399 }
400