usr/src/lib/pkcs11/libpkcs11/common/pkcs11Crypt.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28
  29 #include <security/cryptoki.h>
  30 #include "pkcs11Global.h"
  31 #include "pkcs11Conf.h"
  32 #include "pkcs11Session.h"
  33 #include "pkcs11Slot.h"
  34
  35 /*
  36  * C_EncryptInit will verify that the session handle is valid within
  37  * the framework, that the mechanism is not disabled for the slot
  38  * associated with this session, and then redirect to the underlying
  39  * provider.  Policy is checked for C_EncryptInit, and not C_Encrypt
  40  * or C_EncryptUpdate, since C_EncryptInit is required to be called
  41  * before C_Encrypt and C_EncryptUpdate.
  42  */
  43 CK_RV
  44 C_EncryptInit(CK_SESSION_HANDLE hSession,
  45     CK_MECHANISM_PTR pMechanism,
  46     CK_OBJECT_HANDLE hKey)
  47 {
  48         CK_RV rv;
  49         pkcs11_session_t *sessp;
  50         CK_SLOT_ID slotid;
  51
  52         /* Check for a fastpath */
  53         if (purefastpath || policyfastpath) {
  54                 if (policyfastpath &&
  55                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
  56                         return (CKR_MECHANISM_INVALID);
  57                 }
  58                 return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
  59         }
  60
  61         if (!pkcs11_initialized) {
  62                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
  63         }
  64
  65         /* Obtain the session pointer */
  66         HANDLE2SESSION(hSession, sessp, rv);
  67
  68         if (rv != CKR_OK) {
  69                 return (rv);
  70         }
  71
  72         slotid = sessp->se_slotid;
  73
  74         /* Make sure this is not a disabled mechanism */
  75         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
  76                 return (CKR_MECHANISM_INVALID);
  77         }
  78
  79         /* Initialize the digest with the underlying provider */
  80         rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
  81             pMechanism, hKey);
  82
  83         /* Present consistent interface to the application */
  84         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
  85                 return (CKR_FUNCTION_FAILED);
  86         }
  87
  88         return (rv);
  89 }
  90
  91 /*
  92  * C_Encrypt is a pure wrapper to the underlying provider.
  93  * The only argument checked is whether or not hSession is valid.
  94  */
  95 CK_RV
  96 C_Encrypt(CK_SESSION_HANDLE hSession,
  97     CK_BYTE_PTR pData,
  98     CK_ULONG ulDataLen,
  99     CK_BYTE_PTR pEncryptedData,
 100     CK_ULONG_PTR pulEncryptedDataLen)
 101 {
 102         CK_RV rv;
 103         pkcs11_session_t *sessp;
 104
 105         /* Check for a fastpath */
 106         if (purefastpath || policyfastpath) {
 107                 return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
 108                             pEncryptedData, pulEncryptedDataLen));
 109         }
 110
 111         if (!pkcs11_initialized) {
 112                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 113         }
 114
 115         /* Obtain the session pointer */
 116         HANDLE2SESSION(hSession, sessp, rv);
 117
 118         if (rv != CKR_OK) {
 119                 return (rv);
 120         }
 121
 122         /* Initialize the digest with the underlying provider */
 123         rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle, pData,
 124             ulDataLen, pEncryptedData, pulEncryptedDataLen);
 125
 126         /* Present consistent interface to the application */
 127         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 128                 return (CKR_FUNCTION_FAILED);
 129         }
 130
 131         return (rv);
 132 }
 133
 134 /*
 135  * C_EncryptUpdate is a pure wrapper to the underlying provider.
 136  * The only argument checked is whether or not hSession is valid.
 137  */
 138 CK_RV
 139 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
 140     CK_BYTE_PTR pPart,
 141     CK_ULONG ulPartLen,
 142     CK_BYTE_PTR pEncryptedPart,
 143     CK_ULONG_PTR pulEncryptedPartLen)
 144 {
 145         CK_RV rv;
 146         pkcs11_session_t *sessp;
 147
 148         /* Check for a fastpath */
 149         if (purefastpath || policyfastpath) {
 150                 return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
 151                             pEncryptedPart, pulEncryptedPartLen));
 152         }
 153
 154         if (!pkcs11_initialized) {
 155                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 156         }
 157
 158         /* Obtain the session pointer */
 159         HANDLE2SESSION(hSession, sessp, rv);
 160
 161         if (rv != CKR_OK) {
 162                 return (rv);
 163         }
 164
 165         /* Initialize the digest with the underlying provider */
 166         rv = FUNCLIST(sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
 167             pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
 168
 169         /* Present consistent interface to the application */
 170         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 171                 return (CKR_FUNCTION_FAILED);
 172         }
 173
 174         return (rv);
 175 }
 176
 177 /*
 178  * C_EncryptFinal is a pure wrapper to the underlying provider.
 179  * The only argument checked is whether or not hSession is valid.
 180  */
 181 CK_RV
 182 C_EncryptFinal(CK_SESSION_HANDLE hSession,
 183     CK_BYTE_PTR pLastEncryptedPart,
 184     CK_ULONG_PTR pulLastEncryptedPartLen)
 185 {
 186         CK_RV rv;
 187         pkcs11_session_t *sessp;
 188
 189         /* Check for a fastpath */
 190         if (purefastpath || policyfastpath) {
 191                 return (fast_funcs->C_EncryptFinal(hSession,
 192                             pLastEncryptedPart, pulLastEncryptedPartLen));
 193         }
 194
 195         if (!pkcs11_initialized) {
 196                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 197         }
 198
 199         /* Obtain the session pointer */
 200         HANDLE2SESSION(hSession, sessp, rv);
 201
 202         if (rv != CKR_OK) {
 203                 return (rv);
 204         }
 205
 206         /* Initialize the digest with the underlying provider */
 207         rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
 208             pLastEncryptedPart, pulLastEncryptedPartLen);
 209
 210         /* Present consistent interface to the application */
 211         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 212                 return (CKR_FUNCTION_FAILED);
 213         }
 214
 215         return (rv);
 216 }
 217
 218 /*
 219  * C_DecryptInit will verify that the session handle is valid within
 220  * the framework, that the mechanism is not disabled for the slot
 221  * associated with this session, and then redirect to the underlying
 222  * provider.  Policy is checked for C_DecryptInit, and not C_Decrypt
 223  * or C_DecryptUpdate, since C_DecryptInit is required to be called
 224  * before C_Decrypt and C_DecryptUpdate.
 225  */
 226 CK_RV
 227 C_DecryptInit(CK_SESSION_HANDLE hSession,
 228     CK_MECHANISM_PTR pMechanism,
 229     CK_OBJECT_HANDLE hKey)
 230 {
 231         CK_RV rv;
 232         pkcs11_session_t *sessp;
 233         CK_SLOT_ID slotid;
 234
 235         /* Check for a fastpath */
 236         if (purefastpath || policyfastpath) {
 237                 if (policyfastpath &&
 238                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
 239                         return (CKR_MECHANISM_INVALID);
 240                 }
 241                 return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
 242         }
 243
 244         if (!pkcs11_initialized) {
 245                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 246         }
 247
 248         /* Obtain the session pointer */
 249         HANDLE2SESSION(hSession, sessp, rv);
 250
 251         if (rv != CKR_OK) {
 252                 return (rv);
 253         }
 254
 255         slotid = sessp->se_slotid;
 256
 257         /* Make sure this is not a disabled mechanism */
 258         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
 259                 return (CKR_MECHANISM_INVALID);
 260         }
 261
 262         /* Initialize the digest with the underlying provider */
 263         rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
 264             pMechanism, hKey);
 265
 266         /* Present consistent interface to the application */
 267         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 268                 return (CKR_FUNCTION_FAILED);
 269         }
 270
 271         return (rv);
 272 }
 273
 274 /*
 275  * C_Decrypt is a pure wrapper to the underlying provider.
 276  * The only argument checked is whether or not hSession is valid.
 277  */
 278 CK_RV
 279 C_Decrypt(CK_SESSION_HANDLE hSession,
 280     CK_BYTE_PTR pEncryptedData,
 281     CK_ULONG ulEncryptedDataLen,
 282     CK_BYTE_PTR pData,
 283     CK_ULONG_PTR pulDataLen)
 284 {
 285         CK_RV rv;
 286         pkcs11_session_t *sessp;
 287
 288         /* Check for a fastpath */
 289         if (purefastpath || policyfastpath) {
 290                 return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
 291                     ulEncryptedDataLen, pData, pulDataLen));
 292         }
 293
 294         if (!pkcs11_initialized) {
 295                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 296         }
 297
 298         /* Obtain the session pointer */
 299         HANDLE2SESSION(hSession, sessp, rv);
 300
 301         if (rv != CKR_OK) {
 302                 return (rv);
 303         }
 304
 305         /* Initialize the digest with the underlying provider */
 306         rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
 307             pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
 308
 309         /* Present consistent interface to the application */
 310         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 311                 return (CKR_FUNCTION_FAILED);
 312         }
 313
 314         return (rv);
 315 }
 316
 317 /*
 318  * C_DecryptUpdate is a pure wrapper to the underlying provider.
 319  * The only argument checked is whether or not hSession is valid.
 320  */
 321 CK_RV
 322 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
 323     CK_BYTE_PTR pEncryptedPart,
 324     CK_ULONG ulEncryptedPartLen,
 325     CK_BYTE_PTR pPart,
 326     CK_ULONG_PTR pulPartLen)
 327 {
 328         CK_RV rv;
 329         pkcs11_session_t *sessp;
 330
 331         /* Check for a fastpath */
 332         if (purefastpath || policyfastpath) {
 333                 return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
 334                     ulEncryptedPartLen, pPart, pulPartLen));
 335         }
 336
 337         if (!pkcs11_initialized) {
 338                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 339         }
 340
 341         /* Obtain the session pointer */
 342         HANDLE2SESSION(hSession, sessp, rv);
 343
 344         if (rv != CKR_OK) {
 345                 return (rv);
 346         }
 347
 348         /* Initialize the digest with the underlying provider */
 349         rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(sessp->se_handle,
 350             pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
 351
 352         /* Present consistent interface to the application */
 353         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 354                 return (CKR_FUNCTION_FAILED);
 355         }
 356
 357         return (rv);
 358 }
 359
 360 /*
 361  * C_DecryptFinal is a pure wrapper to the underlying provider.
 362  * The only argument checked is whether or not hSession is valid.
 363  */
 364 CK_RV
 365 C_DecryptFinal(CK_SESSION_HANDLE hSession,
 366     CK_BYTE_PTR pLastPart,
 367     CK_ULONG_PTR pulLastPartLen)
 368 {
 369         CK_RV rv;
 370         pkcs11_session_t *sessp;
 371
 372         /* Check for a fastpath */
 373         if (purefastpath || policyfastpath) {
 374                 return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
 375                     pulLastPartLen));
 376         }
 377
 378         if (!pkcs11_initialized) {
 379                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 380         }
 381
 382         /* Obtain the session pointer */
 383         HANDLE2SESSION(hSession, sessp, rv);
 384
 385         if (rv != CKR_OK) {
 386                 return (rv);
 387         }
 388
 389         /* Initialize the digest with the underlying provider */
 390         rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
 391             pLastPart, pulLastPartLen);
 392
 393         /* Present consistent interface to the application */
 394         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 395                 return (CKR_FUNCTION_FAILED);
 396         }
 397
 398         return (rv);
 399 }