1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License").  You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22/*
23 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#pragma ident	"%Z%%M%	%I%	%E% SMI"
28
29#include <security/cryptoki.h>
30#include "pkcs11Global.h"
31#include "pkcs11Conf.h"
32#include "pkcs11Session.h"
33#include "pkcs11Slot.h"
34
35/*
36 * C_GenerateKey will verify that the session handle is valid within
37 * the framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider.
40 */
41CK_RV
42C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
43    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
44{
45	CK_RV rv;
46	pkcs11_session_t *sessp;
47	CK_SLOT_ID slotid;
48
49	/* Check for a fastpath */
50	if (purefastpath || policyfastpath) {
51		if (policyfastpath &&
52		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
53			return (CKR_MECHANISM_INVALID);
54		}
55		return (fast_funcs->C_GenerateKey(hSession, pMechanism,
56			    pTemplate, ulCount, phKey));
57	}
58
59	if (!pkcs11_initialized) {
60		return (CKR_CRYPTOKI_NOT_INITIALIZED);
61	}
62
63	/* Obtain the session pointer */
64	HANDLE2SESSION(hSession, sessp, rv);
65
66	if (rv != CKR_OK) {
67		return (rv);
68	}
69
70	slotid = sessp->se_slotid;
71
72	/* Make sure this is not a disabled mechanism */
73	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74		return (CKR_MECHANISM_INVALID);
75	}
76
77	/* Initialize the digest with the underlying provider */
78	rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle,
79	    pMechanism, pTemplate, ulCount, phKey);
80
81	/* Present consistent interface to the application */
82	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83		return (CKR_FUNCTION_FAILED);
84	}
85
86	return (rv);
87
88}
89
90/*
91 * C_GenerateKeyPair will verify that the session handle is valid within
92 * the framework, that the mechanism is not disabled for the slot
93 * associated with this session, and then redirect to the underlying
94 * provider.
95 */
96CK_RV
97C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
98    CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
99    CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
100    CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
101{
102	CK_RV rv;
103	pkcs11_session_t *sessp;
104	CK_SLOT_ID slotid;
105
106
107	/* Check for a fastpath */
108	if (purefastpath || policyfastpath) {
109		if (policyfastpath &&
110		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
111			return (CKR_MECHANISM_INVALID);
112		}
113		return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism,
114			    pPublicKeyTemplate, ulPublicKeyAttributeCount,
115			    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
116			    phPublicKey, phPrivateKey));
117	}
118
119	if (!pkcs11_initialized) {
120		return (CKR_CRYPTOKI_NOT_INITIALIZED);
121	}
122
123	/* Obtain the session pointer */
124	HANDLE2SESSION(hSession, sessp, rv);
125
126	if (rv != CKR_OK) {
127		return (rv);
128	}
129
130	slotid = sessp->se_slotid;
131
132	/* Make sure this is not a disabled mechanism */
133	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
134		return (CKR_MECHANISM_INVALID);
135	}
136
137	/* Initialize the digest with the underlying provider */
138	rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle,
139	    pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
140	    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
141	    phPublicKey, phPrivateKey);
142
143	/* Present consistent interface to the application */
144	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
145		return (CKR_FUNCTION_FAILED);
146	}
147
148	return (rv);
149}
150
151/*
152 * C_WrapKey will verify that the session handle is valid within
153 * the framework, that the mechanism is not disabled for the slot
154 * associated with this session, and then redirect to the underlying
155 * provider.
156 */
157CK_RV
158C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
159    CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
160    CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
161{
162	CK_RV rv;
163	pkcs11_session_t *sessp;
164	CK_SLOT_ID slotid;
165
166	/* Check for a fastpath */
167	if (purefastpath || policyfastpath) {
168		if (policyfastpath &&
169		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
170			return (CKR_MECHANISM_INVALID);
171		}
172		return (fast_funcs->C_WrapKey(hSession, pMechanism,
173			    hWrappingKey, hKey, pWrappedKey,
174			    pulWrappedKeyLen));
175	}
176
177	if (!pkcs11_initialized) {
178		return (CKR_CRYPTOKI_NOT_INITIALIZED);
179	}
180
181	/* Obtain the session pointer */
182	HANDLE2SESSION(hSession, sessp, rv);
183
184	if (rv != CKR_OK) {
185		return (rv);
186	}
187
188	slotid = sessp->se_slotid;
189
190	/* Make sure this is not a disabled mechanism */
191	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
192		return (CKR_MECHANISM_INVALID);
193	}
194
195	/* Initialize the digest with the underlying provider */
196	rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle,
197	    pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
198
199	/* Present consistent interface to the application */
200	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
201		return (CKR_FUNCTION_FAILED);
202	}
203
204	return (rv);
205}
206
207/*
208 * C_UnwrapKey will verify that the session handle is valid within
209 * the framework, that the mechanism is not disabled for the slot
210 * associated with this session, and then redirect to the underlying
211 * provider.
212 */
213CK_RV
214C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
215    CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
216    CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
217    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
218{
219	CK_RV rv;
220	pkcs11_session_t *sessp;
221	CK_SLOT_ID slotid;
222
223	/* Check for a fastpath */
224	if (purefastpath || policyfastpath) {
225		if (policyfastpath &&
226		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
227			return (CKR_MECHANISM_INVALID);
228		}
229		return (fast_funcs->C_UnwrapKey(hSession, pMechanism,
230			    hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
231			    pTemplate, ulAttributeCount, phKey));
232	}
233
234	if (!pkcs11_initialized) {
235		return (CKR_CRYPTOKI_NOT_INITIALIZED);
236	}
237
238	/* Obtain the session pointer */
239	HANDLE2SESSION(hSession, sessp, rv);
240
241	if (rv != CKR_OK) {
242		return (rv);
243	}
244
245	slotid = sessp->se_slotid;
246
247	/* Make sure this is not a disabled mechanism */
248	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
249		return (CKR_MECHANISM_INVALID);
250	}
251
252	/* Initialize the digest with the underlying provider */
253	rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle,
254	    pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
255	    pTemplate, ulAttributeCount, phKey);
256
257	/* Present consistent interface to the application */
258	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
259		return (CKR_FUNCTION_FAILED);
260	}
261
262	return (rv);
263}
264
265/*
266 * C_DeriveKey will verify that the session handle is valid within
267 * the framework, that the mechanism is not disabled for the slot
268 * associated with this session, and then redirect to the underlying
269 * provider.
270 */
271CK_RV
272C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
273    CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
274    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
275{
276	CK_RV rv;
277	pkcs11_session_t *sessp;
278	CK_SLOT_ID slotid;
279
280	/* Check for a fastpath */
281	if (purefastpath || policyfastpath) {
282		if (policyfastpath &&
283		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
284			return (CKR_MECHANISM_INVALID);
285		}
286		return (fast_funcs->C_DeriveKey(hSession, pMechanism,
287			    hBaseKey, pTemplate, ulAttributeCount, phKey));
288	}
289
290	if (!pkcs11_initialized) {
291		return (CKR_CRYPTOKI_NOT_INITIALIZED);
292	}
293
294	/* Obtain the session pointer */
295	HANDLE2SESSION(hSession, sessp, rv);
296
297	if (rv != CKR_OK) {
298		return (rv);
299	}
300
301	slotid = sessp->se_slotid;
302
303	/* Make sure this is not a disabled mechanism */
304	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
305		return (CKR_MECHANISM_INVALID);
306	}
307
308	/* Initialize the digest with the underlying provider */
309	rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle,
310	    pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
311
312	/* Present consistent interface to the application */
313	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
314		return (CKR_FUNCTION_FAILED);
315	}
316
317	return (rv);
318}
319