1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 30*7c478bd9Sstevel@tonic-gate #include "pkcs11Global.h" 31*7c478bd9Sstevel@tonic-gate #include "pkcs11Conf.h" 32*7c478bd9Sstevel@tonic-gate #include "pkcs11Session.h" 33*7c478bd9Sstevel@tonic-gate #include "pkcs11Slot.h" 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate /* 36*7c478bd9Sstevel@tonic-gate * C_EncryptInit will verify that the session handle is valid within 37*7c478bd9Sstevel@tonic-gate * the framework, that the mechanism is not disabled for the slot 38*7c478bd9Sstevel@tonic-gate * associated with this session, and then redirect to the underlying 39*7c478bd9Sstevel@tonic-gate * provider. Policy is checked for C_EncryptInit, and not C_Encrypt 40*7c478bd9Sstevel@tonic-gate * or C_EncryptUpdate, since C_EncryptInit is required to be called 41*7c478bd9Sstevel@tonic-gate * before C_Encrypt and C_EncryptUpdate. 42*7c478bd9Sstevel@tonic-gate */ 43*7c478bd9Sstevel@tonic-gate CK_RV 44*7c478bd9Sstevel@tonic-gate C_EncryptInit(CK_SESSION_HANDLE hSession, 45*7c478bd9Sstevel@tonic-gate CK_MECHANISM_PTR pMechanism, 46*7c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey) 47*7c478bd9Sstevel@tonic-gate { 48*7c478bd9Sstevel@tonic-gate CK_RV rv; 49*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 50*7c478bd9Sstevel@tonic-gate CK_SLOT_ID slotid; 51*7c478bd9Sstevel@tonic-gate 52*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 53*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 54*7c478bd9Sstevel@tonic-gate if (policyfastpath && 55*7c478bd9Sstevel@tonic-gate pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 56*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 57*7c478bd9Sstevel@tonic-gate } 58*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey)); 59*7c478bd9Sstevel@tonic-gate } 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 62*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 63*7c478bd9Sstevel@tonic-gate } 64*7c478bd9Sstevel@tonic-gate 65*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 66*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 69*7c478bd9Sstevel@tonic-gate return (rv); 70*7c478bd9Sstevel@tonic-gate } 71*7c478bd9Sstevel@tonic-gate 72*7c478bd9Sstevel@tonic-gate slotid = sessp->se_slotid; 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate /* Make sure this is not a disabled mechanism */ 75*7c478bd9Sstevel@tonic-gate if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 76*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 77*7c478bd9Sstevel@tonic-gate } 78*7c478bd9Sstevel@tonic-gate 79*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 80*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle, 81*7c478bd9Sstevel@tonic-gate pMechanism, hKey); 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 84*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 85*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 86*7c478bd9Sstevel@tonic-gate } 87*7c478bd9Sstevel@tonic-gate 88*7c478bd9Sstevel@tonic-gate return (rv); 89*7c478bd9Sstevel@tonic-gate } 90*7c478bd9Sstevel@tonic-gate 91*7c478bd9Sstevel@tonic-gate /* 92*7c478bd9Sstevel@tonic-gate * C_Encrypt is a pure wrapper to the underlying provider. 93*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 94*7c478bd9Sstevel@tonic-gate */ 95*7c478bd9Sstevel@tonic-gate CK_RV 96*7c478bd9Sstevel@tonic-gate C_Encrypt(CK_SESSION_HANDLE hSession, 97*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pData, 98*7c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, 99*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pEncryptedData, 100*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulEncryptedDataLen) 101*7c478bd9Sstevel@tonic-gate { 102*7c478bd9Sstevel@tonic-gate CK_RV rv; 103*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 104*7c478bd9Sstevel@tonic-gate 105*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 106*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 107*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen, 108*7c478bd9Sstevel@tonic-gate pEncryptedData, pulEncryptedDataLen)); 109*7c478bd9Sstevel@tonic-gate } 110*7c478bd9Sstevel@tonic-gate 111*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 112*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 113*7c478bd9Sstevel@tonic-gate } 114*7c478bd9Sstevel@tonic-gate 115*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 116*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 119*7c478bd9Sstevel@tonic-gate return (rv); 120*7c478bd9Sstevel@tonic-gate } 121*7c478bd9Sstevel@tonic-gate 122*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 123*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData, 124*7c478bd9Sstevel@tonic-gate ulDataLen, pEncryptedData, pulEncryptedDataLen); 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 127*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 128*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 129*7c478bd9Sstevel@tonic-gate } 130*7c478bd9Sstevel@tonic-gate 131*7c478bd9Sstevel@tonic-gate return (rv); 132*7c478bd9Sstevel@tonic-gate } 133*7c478bd9Sstevel@tonic-gate 134*7c478bd9Sstevel@tonic-gate /* 135*7c478bd9Sstevel@tonic-gate * C_EncryptUpdate is a pure wrapper to the underlying provider. 136*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 137*7c478bd9Sstevel@tonic-gate */ 138*7c478bd9Sstevel@tonic-gate CK_RV 139*7c478bd9Sstevel@tonic-gate C_EncryptUpdate(CK_SESSION_HANDLE hSession, 140*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pPart, 141*7c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen, 142*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pEncryptedPart, 143*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulEncryptedPartLen) 144*7c478bd9Sstevel@tonic-gate { 145*7c478bd9Sstevel@tonic-gate CK_RV rv; 146*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 147*7c478bd9Sstevel@tonic-gate 148*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 149*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 150*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen, 151*7c478bd9Sstevel@tonic-gate pEncryptedPart, pulEncryptedPartLen)); 152*7c478bd9Sstevel@tonic-gate } 153*7c478bd9Sstevel@tonic-gate 154*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 155*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 156*7c478bd9Sstevel@tonic-gate } 157*7c478bd9Sstevel@tonic-gate 158*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 159*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 160*7c478bd9Sstevel@tonic-gate 161*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 162*7c478bd9Sstevel@tonic-gate return (rv); 163*7c478bd9Sstevel@tonic-gate } 164*7c478bd9Sstevel@tonic-gate 165*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 166*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle, 167*7c478bd9Sstevel@tonic-gate pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); 168*7c478bd9Sstevel@tonic-gate 169*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 170*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 171*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 172*7c478bd9Sstevel@tonic-gate } 173*7c478bd9Sstevel@tonic-gate 174*7c478bd9Sstevel@tonic-gate return (rv); 175*7c478bd9Sstevel@tonic-gate } 176*7c478bd9Sstevel@tonic-gate 177*7c478bd9Sstevel@tonic-gate /* 178*7c478bd9Sstevel@tonic-gate * C_EncryptFinal is a pure wrapper to the underlying provider. 179*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 180*7c478bd9Sstevel@tonic-gate */ 181*7c478bd9Sstevel@tonic-gate CK_RV 182*7c478bd9Sstevel@tonic-gate C_EncryptFinal(CK_SESSION_HANDLE hSession, 183*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pLastEncryptedPart, 184*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulLastEncryptedPartLen) 185*7c478bd9Sstevel@tonic-gate { 186*7c478bd9Sstevel@tonic-gate CK_RV rv; 187*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 190*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 191*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_EncryptFinal(hSession, 192*7c478bd9Sstevel@tonic-gate pLastEncryptedPart, pulLastEncryptedPartLen)); 193*7c478bd9Sstevel@tonic-gate } 194*7c478bd9Sstevel@tonic-gate 195*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 196*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 197*7c478bd9Sstevel@tonic-gate } 198*7c478bd9Sstevel@tonic-gate 199*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 200*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 201*7c478bd9Sstevel@tonic-gate 202*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 203*7c478bd9Sstevel@tonic-gate return (rv); 204*7c478bd9Sstevel@tonic-gate } 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 207*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle, 208*7c478bd9Sstevel@tonic-gate pLastEncryptedPart, pulLastEncryptedPartLen); 209*7c478bd9Sstevel@tonic-gate 210*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 211*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 212*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 213*7c478bd9Sstevel@tonic-gate } 214*7c478bd9Sstevel@tonic-gate 215*7c478bd9Sstevel@tonic-gate return (rv); 216*7c478bd9Sstevel@tonic-gate } 217*7c478bd9Sstevel@tonic-gate 218*7c478bd9Sstevel@tonic-gate /* 219*7c478bd9Sstevel@tonic-gate * C_DecryptInit will verify that the session handle is valid within 220*7c478bd9Sstevel@tonic-gate * the framework, that the mechanism is not disabled for the slot 221*7c478bd9Sstevel@tonic-gate * associated with this session, and then redirect to the underlying 222*7c478bd9Sstevel@tonic-gate * provider. Policy is checked for C_DecryptInit, and not C_Decrypt 223*7c478bd9Sstevel@tonic-gate * or C_DecryptUpdate, since C_DecryptInit is required to be called 224*7c478bd9Sstevel@tonic-gate * before C_Decrypt and C_DecryptUpdate. 225*7c478bd9Sstevel@tonic-gate */ 226*7c478bd9Sstevel@tonic-gate CK_RV 227*7c478bd9Sstevel@tonic-gate C_DecryptInit(CK_SESSION_HANDLE hSession, 228*7c478bd9Sstevel@tonic-gate CK_MECHANISM_PTR pMechanism, 229*7c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey) 230*7c478bd9Sstevel@tonic-gate { 231*7c478bd9Sstevel@tonic-gate CK_RV rv; 232*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 233*7c478bd9Sstevel@tonic-gate CK_SLOT_ID slotid; 234*7c478bd9Sstevel@tonic-gate 235*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 236*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 237*7c478bd9Sstevel@tonic-gate if (policyfastpath && 238*7c478bd9Sstevel@tonic-gate pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 239*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 240*7c478bd9Sstevel@tonic-gate } 241*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey)); 242*7c478bd9Sstevel@tonic-gate } 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 245*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 246*7c478bd9Sstevel@tonic-gate } 247*7c478bd9Sstevel@tonic-gate 248*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 249*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 250*7c478bd9Sstevel@tonic-gate 251*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 252*7c478bd9Sstevel@tonic-gate return (rv); 253*7c478bd9Sstevel@tonic-gate } 254*7c478bd9Sstevel@tonic-gate 255*7c478bd9Sstevel@tonic-gate slotid = sessp->se_slotid; 256*7c478bd9Sstevel@tonic-gate 257*7c478bd9Sstevel@tonic-gate /* Make sure this is not a disabled mechanism */ 258*7c478bd9Sstevel@tonic-gate if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 259*7c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID); 260*7c478bd9Sstevel@tonic-gate } 261*7c478bd9Sstevel@tonic-gate 262*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 263*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle, 264*7c478bd9Sstevel@tonic-gate pMechanism, hKey); 265*7c478bd9Sstevel@tonic-gate 266*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 267*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 268*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 269*7c478bd9Sstevel@tonic-gate } 270*7c478bd9Sstevel@tonic-gate 271*7c478bd9Sstevel@tonic-gate return (rv); 272*7c478bd9Sstevel@tonic-gate } 273*7c478bd9Sstevel@tonic-gate 274*7c478bd9Sstevel@tonic-gate /* 275*7c478bd9Sstevel@tonic-gate * C_Decrypt is a pure wrapper to the underlying provider. 276*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 277*7c478bd9Sstevel@tonic-gate */ 278*7c478bd9Sstevel@tonic-gate CK_RV 279*7c478bd9Sstevel@tonic-gate C_Decrypt(CK_SESSION_HANDLE hSession, 280*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pEncryptedData, 281*7c478bd9Sstevel@tonic-gate CK_ULONG ulEncryptedDataLen, 282*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pData, 283*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulDataLen) 284*7c478bd9Sstevel@tonic-gate { 285*7c478bd9Sstevel@tonic-gate CK_RV rv; 286*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 287*7c478bd9Sstevel@tonic-gate 288*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 289*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 290*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_Decrypt(hSession, pEncryptedData, 291*7c478bd9Sstevel@tonic-gate ulEncryptedDataLen, pData, pulDataLen)); 292*7c478bd9Sstevel@tonic-gate } 293*7c478bd9Sstevel@tonic-gate 294*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 295*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 296*7c478bd9Sstevel@tonic-gate } 297*7c478bd9Sstevel@tonic-gate 298*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 299*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 300*7c478bd9Sstevel@tonic-gate 301*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 302*7c478bd9Sstevel@tonic-gate return (rv); 303*7c478bd9Sstevel@tonic-gate } 304*7c478bd9Sstevel@tonic-gate 305*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 306*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle, 307*7c478bd9Sstevel@tonic-gate pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); 308*7c478bd9Sstevel@tonic-gate 309*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 310*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 311*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 312*7c478bd9Sstevel@tonic-gate } 313*7c478bd9Sstevel@tonic-gate 314*7c478bd9Sstevel@tonic-gate return (rv); 315*7c478bd9Sstevel@tonic-gate } 316*7c478bd9Sstevel@tonic-gate 317*7c478bd9Sstevel@tonic-gate /* 318*7c478bd9Sstevel@tonic-gate * C_DecryptUpdate is a pure wrapper to the underlying provider. 319*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 320*7c478bd9Sstevel@tonic-gate */ 321*7c478bd9Sstevel@tonic-gate CK_RV 322*7c478bd9Sstevel@tonic-gate C_DecryptUpdate(CK_SESSION_HANDLE hSession, 323*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pEncryptedPart, 324*7c478bd9Sstevel@tonic-gate CK_ULONG ulEncryptedPartLen, 325*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pPart, 326*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulPartLen) 327*7c478bd9Sstevel@tonic-gate { 328*7c478bd9Sstevel@tonic-gate CK_RV rv; 329*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 330*7c478bd9Sstevel@tonic-gate 331*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 332*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 333*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart, 334*7c478bd9Sstevel@tonic-gate ulEncryptedPartLen, pPart, pulPartLen)); 335*7c478bd9Sstevel@tonic-gate } 336*7c478bd9Sstevel@tonic-gate 337*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 338*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 339*7c478bd9Sstevel@tonic-gate } 340*7c478bd9Sstevel@tonic-gate 341*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 342*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 343*7c478bd9Sstevel@tonic-gate 344*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 345*7c478bd9Sstevel@tonic-gate return (rv); 346*7c478bd9Sstevel@tonic-gate } 347*7c478bd9Sstevel@tonic-gate 348*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 349*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle, 350*7c478bd9Sstevel@tonic-gate pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); 351*7c478bd9Sstevel@tonic-gate 352*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 353*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 354*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 355*7c478bd9Sstevel@tonic-gate } 356*7c478bd9Sstevel@tonic-gate 357*7c478bd9Sstevel@tonic-gate return (rv); 358*7c478bd9Sstevel@tonic-gate } 359*7c478bd9Sstevel@tonic-gate 360*7c478bd9Sstevel@tonic-gate /* 361*7c478bd9Sstevel@tonic-gate * C_DecryptFinal is a pure wrapper to the underlying provider. 362*7c478bd9Sstevel@tonic-gate * The only argument checked is whether or not hSession is valid. 363*7c478bd9Sstevel@tonic-gate */ 364*7c478bd9Sstevel@tonic-gate CK_RV 365*7c478bd9Sstevel@tonic-gate C_DecryptFinal(CK_SESSION_HANDLE hSession, 366*7c478bd9Sstevel@tonic-gate CK_BYTE_PTR pLastPart, 367*7c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulLastPartLen) 368*7c478bd9Sstevel@tonic-gate { 369*7c478bd9Sstevel@tonic-gate CK_RV rv; 370*7c478bd9Sstevel@tonic-gate pkcs11_session_t *sessp; 371*7c478bd9Sstevel@tonic-gate 372*7c478bd9Sstevel@tonic-gate /* Check for a fastpath */ 373*7c478bd9Sstevel@tonic-gate if (purefastpath || policyfastpath) { 374*7c478bd9Sstevel@tonic-gate return (fast_funcs->C_DecryptFinal(hSession, pLastPart, 375*7c478bd9Sstevel@tonic-gate pulLastPartLen)); 376*7c478bd9Sstevel@tonic-gate } 377*7c478bd9Sstevel@tonic-gate 378*7c478bd9Sstevel@tonic-gate if (!pkcs11_initialized) { 379*7c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 380*7c478bd9Sstevel@tonic-gate } 381*7c478bd9Sstevel@tonic-gate 382*7c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 383*7c478bd9Sstevel@tonic-gate HANDLE2SESSION(hSession, sessp, rv); 384*7c478bd9Sstevel@tonic-gate 385*7c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 386*7c478bd9Sstevel@tonic-gate return (rv); 387*7c478bd9Sstevel@tonic-gate } 388*7c478bd9Sstevel@tonic-gate 389*7c478bd9Sstevel@tonic-gate /* Initialize the digest with the underlying provider */ 390*7c478bd9Sstevel@tonic-gate rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle, 391*7c478bd9Sstevel@tonic-gate pLastPart, pulLastPartLen); 392*7c478bd9Sstevel@tonic-gate 393*7c478bd9Sstevel@tonic-gate /* Present consistent interface to the application */ 394*7c478bd9Sstevel@tonic-gate if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 395*7c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 396*7c478bd9Sstevel@tonic-gate } 397*7c478bd9Sstevel@tonic-gate 398*7c478bd9Sstevel@tonic-gate return (rv); 399*7c478bd9Sstevel@tonic-gate } 400