usr/src/lib/pkcs11/libpkcs11/common/pkcs11Sign.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28
  29 #include <security/cryptoki.h>
  30 #include "pkcs11Global.h"
  31 #include "pkcs11Conf.h"
  32 #include "pkcs11Session.h"
  33 #include "pkcs11Slot.h"
  34
  35 /*
  36  * C_SignInit will verify that the session handle is valid within the
  37  * framework, that the mechanism is not disabled for the slot
  38  * associated with this session, and then redirect to the underlying
  39  * provider.  Policy is only checked for C_SignInit, since it is
  40  * required to be called before C_Sign and C_SignUpdate.
  41  */
  42 CK_RV
  43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
  44     CK_OBJECT_HANDLE hKey)
  45 {
  46
  47         CK_RV rv;
  48         pkcs11_session_t *sessp;
  49         CK_SLOT_ID slotid;
  50
  51         /* Check for a fastpath */
  52         if (purefastpath || policyfastpath) {
  53                 if (policyfastpath &&
  54                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
  55                         return (CKR_MECHANISM_INVALID);
  56                 }
  57                 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
  58         }
  59
  60         if (!pkcs11_initialized) {
  61                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
  62         }
  63
  64         /* Obtain the session pointer */
  65         HANDLE2SESSION(hSession, sessp, rv);
  66
  67         if (rv != CKR_OK) {
  68                 return (rv);
  69         }
  70
  71         slotid = sessp->se_slotid;
  72
  73         /* Make sure this is not a disabled mechanism */
  74         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
  75                 return (CKR_MECHANISM_INVALID);
  76         }
  77
  78         /* Initialize the digest with the underlying provider */
  79         rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
  80             pMechanism, hKey);
  81
  82         /* Present consistent interface to the application */
  83         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
  84                 return (CKR_FUNCTION_FAILED);
  85         }
  86
  87         return (rv);
  88 }
  89
  90 /*
  91  * C_Sign is a pure wrapper to the underlying provider.
  92  * The only argument checked is whether or not hSession is valid.
  93  */
  94 CK_RV
  95 C_Sign(CK_SESSION_HANDLE hSession,
  96     CK_BYTE_PTR pData,
  97     CK_ULONG ulDataLen,
  98     CK_BYTE_PTR pSignature,
  99     CK_ULONG_PTR pulSignatureLen)
 100 {
 101         CK_RV rv;
 102         pkcs11_session_t *sessp;
 103
 104         /* Check for a fastpath */
 105         if (purefastpath || policyfastpath) {
 106                 return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
 107                             pSignature, pulSignatureLen));
 108         }
 109
 110         if (!pkcs11_initialized) {
 111                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 112         }
 113
 114         /* Obtain the session pointer */
 115         HANDLE2SESSION(hSession, sessp, rv);
 116
 117         if (rv != CKR_OK) {
 118                 return (rv);
 119         }
 120
 121         /* Pass data to the provider */
 122         rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
 123             ulDataLen, pSignature, pulSignatureLen);
 124
 125         /* Present consistent interface to the application */
 126         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 127                 return (CKR_FUNCTION_FAILED);
 128         }
 129
 130         return (rv);
 131
 132 }
 133
 134 /*
 135  * C_SignUpdate is a pure wrapper to the underlying provider.
 136  * The only argument checked is whether or not hSession is valid.
 137  */
 138 CK_RV
 139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
 140 {
 141         CK_RV rv;
 142         pkcs11_session_t *sessp;
 143
 144         /* Check for a fastpath */
 145         if (purefastpath || policyfastpath) {
 146                 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
 147         }
 148
 149         if (!pkcs11_initialized) {
 150                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 151         }
 152
 153         /* Obtain the session pointer */
 154         HANDLE2SESSION(hSession, sessp, rv);
 155
 156         if (rv != CKR_OK) {
 157                 return (rv);
 158         }
 159
 160         /* Pass data to the provider */
 161         rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
 162             ulPartLen);
 163
 164         /* Present consistent interface to the application */
 165         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 166                 return (CKR_FUNCTION_FAILED);
 167         }
 168
 169         return (rv);
 170
 171 }
 172
 173 /*
 174  * C_SignFinal is a pure wrapper to the underlying provider.
 175  * The only argument checked is whether or not hSession is valid.
 176  */
 177 CK_RV
 178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
 179     CK_ULONG_PTR pulSignatureLen)
 180 {
 181         CK_RV rv;
 182         pkcs11_session_t *sessp;
 183
 184         /* Check for a fastpath */
 185         if (purefastpath || policyfastpath) {
 186                 return (fast_funcs->C_SignFinal(hSession, pSignature,
 187                             pulSignatureLen));
 188         }
 189
 190         if (!pkcs11_initialized) {
 191                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 192         }
 193
 194         /* Obtain the session pointer */
 195         HANDLE2SESSION(hSession, sessp, rv);
 196
 197         if (rv != CKR_OK) {
 198                 return (rv);
 199         }
 200
 201         /* Pass data to the provider */
 202         rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
 203             pSignature, pulSignatureLen);
 204
 205         /* Present consistent interface to the application */
 206         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 207                 return (CKR_FUNCTION_FAILED);
 208         }
 209
 210         return (rv);
 211 }
 212
 213 /*
 214  * C_SignRecoverInit will verify that the session handle is valid within
 215  * the framework, that the mechanism is not disabled for the slot
 216  * associated with this session, and then redirect to the underlying
 217  * provider.  Policy is only checked for C_SignRecoverInit, since it is
 218  * required to be called before C_SignRecover.
 219  */
 220 CK_RV
 221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 222     CK_OBJECT_HANDLE hKey)
 223 {
 224         CK_RV rv;
 225         pkcs11_session_t *sessp;
 226         CK_SLOT_ID slotid;
 227
 228         /* Check for a fastpath */
 229         if (purefastpath || policyfastpath) {
 230                 if (policyfastpath &&
 231                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
 232                         return (CKR_MECHANISM_INVALID);
 233                 }
 234                 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
 235                             hKey));
 236         }
 237
 238         if (!pkcs11_initialized) {
 239                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 240         }
 241
 242         /* Obtain the session pointer */
 243         HANDLE2SESSION(hSession, sessp, rv);
 244
 245         if (rv != CKR_OK) {
 246                 return (rv);
 247         }
 248
 249         slotid = sessp->se_slotid;
 250
 251         /* Make sure this is not a disabled mechanism */
 252         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
 253                 return (CKR_MECHANISM_INVALID);
 254         }
 255
 256         /* Initialize the digest with the underlying provider */
 257         rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
 258             pMechanism, hKey);
 259
 260         /* Present consistent interface to the application */
 261         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 262                 return (CKR_FUNCTION_FAILED);
 263         }
 264
 265         return (rv);
 266
 267 }
 268
 269 /*
 270  * C_SignRecover is a pure wrapper to the underlying provider.
 271  * The only argument checked is whether or not hSession is valid.
 272  */
 273 CK_RV
 274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
 275     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
 276 {
 277         CK_RV rv;
 278         pkcs11_session_t *sessp;
 279
 280         /* Check for a fastpath */
 281         if (purefastpath || policyfastpath) {
 282                 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
 283                             pSignature, pulSignatureLen));
 284         }
 285         if (!pkcs11_initialized) {
 286                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 287         }
 288
 289         /* Obtain the session pointer */
 290         HANDLE2SESSION(hSession, sessp, rv);
 291
 292         if (rv != CKR_OK) {
 293                 return (rv);
 294         }
 295
 296         /* Pass data to the provider */
 297         rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
 298             ulDataLen, pSignature, pulSignatureLen);
 299
 300         /* Present consistent interface to the application */
 301         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 302                 return (CKR_FUNCTION_FAILED);
 303         }
 304
 305         return (rv);
 306 }