1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34
35 /*
36 * C_SignInit will verify that the session handle is valid within the
37 * framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider. Policy is only checked for C_SignInit, since it is
40 * required to be called before C_Sign and C_SignUpdate.
41 */
42 CK_RV
C_SignInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44 CK_OBJECT_HANDLE hKey)
45 {
46
47 CK_RV rv;
48 pkcs11_session_t *sessp;
49 CK_SLOT_ID slotid;
50
51 /* Check for a fastpath */
52 if (purefastpath || policyfastpath) {
53 if (policyfastpath &&
54 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
55 return (CKR_MECHANISM_INVALID);
56 }
57 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
58 }
59
60 if (!pkcs11_initialized) {
61 return (CKR_CRYPTOKI_NOT_INITIALIZED);
62 }
63
64 /* Obtain the session pointer */
65 HANDLE2SESSION(hSession, sessp, rv);
66
67 if (rv != CKR_OK) {
68 return (rv);
69 }
70
71 slotid = sessp->se_slotid;
72
73 /* Make sure this is not a disabled mechanism */
74 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
75 return (CKR_MECHANISM_INVALID);
76 }
77
78 /* Initialize the digest with the underlying provider */
79 rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
80 pMechanism, hKey);
81
82 /* Present consistent interface to the application */
83 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
84 return (CKR_FUNCTION_FAILED);
85 }
86
87 return (rv);
88 }
89
90 /*
91 * C_Sign is a pure wrapper to the underlying provider.
92 * The only argument checked is whether or not hSession is valid.
93 */
94 CK_RV
C_Sign(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)95 C_Sign(CK_SESSION_HANDLE hSession,
96 CK_BYTE_PTR pData,
97 CK_ULONG ulDataLen,
98 CK_BYTE_PTR pSignature,
99 CK_ULONG_PTR pulSignatureLen)
100 {
101 CK_RV rv;
102 pkcs11_session_t *sessp;
103
104 /* Check for a fastpath */
105 if (purefastpath || policyfastpath) {
106 return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
107 pSignature, pulSignatureLen));
108 }
109
110 if (!pkcs11_initialized) {
111 return (CKR_CRYPTOKI_NOT_INITIALIZED);
112 }
113
114 /* Obtain the session pointer */
115 HANDLE2SESSION(hSession, sessp, rv);
116
117 if (rv != CKR_OK) {
118 return (rv);
119 }
120
121 /* Pass data to the provider */
122 rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
123 ulDataLen, pSignature, pulSignatureLen);
124
125 /* Present consistent interface to the application */
126 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
127 return (CKR_FUNCTION_FAILED);
128 }
129
130 return (rv);
131
132 }
133
134 /*
135 * C_SignUpdate is a pure wrapper to the underlying provider.
136 * The only argument checked is whether or not hSession is valid.
137 */
138 CK_RV
C_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
140 {
141 CK_RV rv;
142 pkcs11_session_t *sessp;
143
144 /* Check for a fastpath */
145 if (purefastpath || policyfastpath) {
146 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
147 }
148
149 if (!pkcs11_initialized) {
150 return (CKR_CRYPTOKI_NOT_INITIALIZED);
151 }
152
153 /* Obtain the session pointer */
154 HANDLE2SESSION(hSession, sessp, rv);
155
156 if (rv != CKR_OK) {
157 return (rv);
158 }
159
160 /* Pass data to the provider */
161 rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
162 ulPartLen);
163
164 /* Present consistent interface to the application */
165 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
166 return (CKR_FUNCTION_FAILED);
167 }
168
169 return (rv);
170
171 }
172
173 /*
174 * C_SignFinal is a pure wrapper to the underlying provider.
175 * The only argument checked is whether or not hSession is valid.
176 */
177 CK_RV
C_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
179 CK_ULONG_PTR pulSignatureLen)
180 {
181 CK_RV rv;
182 pkcs11_session_t *sessp;
183
184 /* Check for a fastpath */
185 if (purefastpath || policyfastpath) {
186 return (fast_funcs->C_SignFinal(hSession, pSignature,
187 pulSignatureLen));
188 }
189
190 if (!pkcs11_initialized) {
191 return (CKR_CRYPTOKI_NOT_INITIALIZED);
192 }
193
194 /* Obtain the session pointer */
195 HANDLE2SESSION(hSession, sessp, rv);
196
197 if (rv != CKR_OK) {
198 return (rv);
199 }
200
201 /* Pass data to the provider */
202 rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
203 pSignature, pulSignatureLen);
204
205 /* Present consistent interface to the application */
206 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
207 return (CKR_FUNCTION_FAILED);
208 }
209
210 return (rv);
211 }
212
213 /*
214 * C_SignRecoverInit will verify that the session handle is valid within
215 * the framework, that the mechanism is not disabled for the slot
216 * associated with this session, and then redirect to the underlying
217 * provider. Policy is only checked for C_SignRecoverInit, since it is
218 * required to be called before C_SignRecover.
219 */
220 CK_RV
C_SignRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
222 CK_OBJECT_HANDLE hKey)
223 {
224 CK_RV rv;
225 pkcs11_session_t *sessp;
226 CK_SLOT_ID slotid;
227
228 /* Check for a fastpath */
229 if (purefastpath || policyfastpath) {
230 if (policyfastpath &&
231 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
232 return (CKR_MECHANISM_INVALID);
233 }
234 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
235 hKey));
236 }
237
238 if (!pkcs11_initialized) {
239 return (CKR_CRYPTOKI_NOT_INITIALIZED);
240 }
241
242 /* Obtain the session pointer */
243 HANDLE2SESSION(hSession, sessp, rv);
244
245 if (rv != CKR_OK) {
246 return (rv);
247 }
248
249 slotid = sessp->se_slotid;
250
251 /* Make sure this is not a disabled mechanism */
252 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
253 return (CKR_MECHANISM_INVALID);
254 }
255
256 /* Initialize the digest with the underlying provider */
257 rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
258 pMechanism, hKey);
259
260 /* Present consistent interface to the application */
261 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
262 return (CKR_FUNCTION_FAILED);
263 }
264
265 return (rv);
266
267 }
268
269 /*
270 * C_SignRecover is a pure wrapper to the underlying provider.
271 * The only argument checked is whether or not hSession is valid.
272 */
273 CK_RV
C_SignRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
275 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
276 {
277 CK_RV rv;
278 pkcs11_session_t *sessp;
279
280 /* Check for a fastpath */
281 if (purefastpath || policyfastpath) {
282 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
283 pSignature, pulSignatureLen));
284 }
285 if (!pkcs11_initialized) {
286 return (CKR_CRYPTOKI_NOT_INITIALIZED);
287 }
288
289 /* Obtain the session pointer */
290 HANDLE2SESSION(hSession, sessp, rv);
291
292 if (rv != CKR_OK) {
293 return (rv);
294 }
295
296 /* Pass data to the provider */
297 rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
298 ulDataLen, pSignature, pulSignatureLen);
299
300 /* Present consistent interface to the application */
301 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302 return (CKR_FUNCTION_FAILED);
303 }
304
305 return (rv);
306 }
307