1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32
33 /*
34 * C_SignInit will verify that the session handle is valid within the
35 * framework, that the mechanism is not disabled for the slot
36 * associated with this session, and then redirect to the underlying
37 * provider. Policy is only checked for C_SignInit, since it is
38 * required to be called before C_Sign and C_SignUpdate.
39 */
40 CK_RV
C_SignInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)41 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
42 CK_OBJECT_HANDLE hKey)
43 {
44
45 CK_RV rv;
46 pkcs11_session_t *sessp;
47 CK_SLOT_ID slotid;
48
49 /* Check for a fastpath */
50 if (purefastpath || policyfastpath) {
51 if (policyfastpath &&
52 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
53 return (CKR_MECHANISM_INVALID);
54 }
55 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
56 }
57
58 if (!pkcs11_initialized) {
59 return (CKR_CRYPTOKI_NOT_INITIALIZED);
60 }
61
62 /* Obtain the session pointer */
63 HANDLE2SESSION(hSession, sessp, rv);
64
65 if (rv != CKR_OK) {
66 return (rv);
67 }
68
69 slotid = sessp->se_slotid;
70
71 /* Make sure this is not a disabled mechanism */
72 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
73 return (CKR_MECHANISM_INVALID);
74 }
75
76 /* Initialize the digest with the underlying provider */
77 rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
78 pMechanism, hKey);
79
80 /* Present consistent interface to the application */
81 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
82 return (CKR_FUNCTION_FAILED);
83 }
84
85 return (rv);
86 }
87
88 /*
89 * C_Sign is a pure wrapper to the underlying provider.
90 * The only argument checked is whether or not hSession is valid.
91 */
92 CK_RV
C_Sign(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)93 C_Sign(CK_SESSION_HANDLE hSession,
94 CK_BYTE_PTR pData,
95 CK_ULONG ulDataLen,
96 CK_BYTE_PTR pSignature,
97 CK_ULONG_PTR pulSignatureLen)
98 {
99 CK_RV rv;
100 pkcs11_session_t *sessp;
101
102 /* Check for a fastpath */
103 if (purefastpath || policyfastpath) {
104 return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
105 pSignature, pulSignatureLen));
106 }
107
108 if (!pkcs11_initialized) {
109 return (CKR_CRYPTOKI_NOT_INITIALIZED);
110 }
111
112 /* Obtain the session pointer */
113 HANDLE2SESSION(hSession, sessp, rv);
114
115 if (rv != CKR_OK) {
116 return (rv);
117 }
118
119 /* Pass data to the provider */
120 rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
121 ulDataLen, pSignature, pulSignatureLen);
122
123 /* Present consistent interface to the application */
124 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
125 return (CKR_FUNCTION_FAILED);
126 }
127
128 return (rv);
129
130 }
131
132 /*
133 * C_SignUpdate is a pure wrapper to the underlying provider.
134 * The only argument checked is whether or not hSession is valid.
135 */
136 CK_RV
C_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)137 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
138 {
139 CK_RV rv;
140 pkcs11_session_t *sessp;
141
142 /* Check for a fastpath */
143 if (purefastpath || policyfastpath) {
144 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
145 }
146
147 if (!pkcs11_initialized) {
148 return (CKR_CRYPTOKI_NOT_INITIALIZED);
149 }
150
151 /* Obtain the session pointer */
152 HANDLE2SESSION(hSession, sessp, rv);
153
154 if (rv != CKR_OK) {
155 return (rv);
156 }
157
158 /* Pass data to the provider */
159 rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
160 ulPartLen);
161
162 /* Present consistent interface to the application */
163 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
164 return (CKR_FUNCTION_FAILED);
165 }
166
167 return (rv);
168
169 }
170
171 /*
172 * C_SignFinal is a pure wrapper to the underlying provider.
173 * The only argument checked is whether or not hSession is valid.
174 */
175 CK_RV
C_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)176 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
177 CK_ULONG_PTR pulSignatureLen)
178 {
179 CK_RV rv;
180 pkcs11_session_t *sessp;
181
182 /* Check for a fastpath */
183 if (purefastpath || policyfastpath) {
184 return (fast_funcs->C_SignFinal(hSession, pSignature,
185 pulSignatureLen));
186 }
187
188 if (!pkcs11_initialized) {
189 return (CKR_CRYPTOKI_NOT_INITIALIZED);
190 }
191
192 /* Obtain the session pointer */
193 HANDLE2SESSION(hSession, sessp, rv);
194
195 if (rv != CKR_OK) {
196 return (rv);
197 }
198
199 /* Pass data to the provider */
200 rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
201 pSignature, pulSignatureLen);
202
203 /* Present consistent interface to the application */
204 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
205 return (CKR_FUNCTION_FAILED);
206 }
207
208 return (rv);
209 }
210
211 /*
212 * C_SignRecoverInit will verify that the session handle is valid within
213 * the framework, that the mechanism is not disabled for the slot
214 * associated with this session, and then redirect to the underlying
215 * provider. Policy is only checked for C_SignRecoverInit, since it is
216 * required to be called before C_SignRecover.
217 */
218 CK_RV
C_SignRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)219 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
220 CK_OBJECT_HANDLE hKey)
221 {
222 CK_RV rv;
223 pkcs11_session_t *sessp;
224 CK_SLOT_ID slotid;
225
226 /* Check for a fastpath */
227 if (purefastpath || policyfastpath) {
228 if (policyfastpath &&
229 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
230 return (CKR_MECHANISM_INVALID);
231 }
232 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
233 hKey));
234 }
235
236 if (!pkcs11_initialized) {
237 return (CKR_CRYPTOKI_NOT_INITIALIZED);
238 }
239
240 /* Obtain the session pointer */
241 HANDLE2SESSION(hSession, sessp, rv);
242
243 if (rv != CKR_OK) {
244 return (rv);
245 }
246
247 slotid = sessp->se_slotid;
248
249 /* Make sure this is not a disabled mechanism */
250 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
251 return (CKR_MECHANISM_INVALID);
252 }
253
254 /* Initialize the digest with the underlying provider */
255 rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
256 pMechanism, hKey);
257
258 /* Present consistent interface to the application */
259 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
260 return (CKR_FUNCTION_FAILED);
261 }
262
263 return (rv);
264
265 }
266
267 /*
268 * C_SignRecover is a pure wrapper to the underlying provider.
269 * The only argument checked is whether or not hSession is valid.
270 */
271 CK_RV
C_SignRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)272 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
273 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
274 {
275 CK_RV rv;
276 pkcs11_session_t *sessp;
277
278 /* Check for a fastpath */
279 if (purefastpath || policyfastpath) {
280 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
281 pSignature, pulSignatureLen));
282 }
283 if (!pkcs11_initialized) {
284 return (CKR_CRYPTOKI_NOT_INITIALIZED);
285 }
286
287 /* Obtain the session pointer */
288 HANDLE2SESSION(hSession, sessp, rv);
289
290 if (rv != CKR_OK) {
291 return (rv);
292 }
293
294 /* Pass data to the provider */
295 rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
296 ulDataLen, pSignature, pulSignatureLen);
297
298 /* Present consistent interface to the application */
299 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
300 return (CKR_FUNCTION_FAILED);
301 }
302
303 return (rv);
304 }
305