1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License").  You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22/*
23 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#pragma ident	"%Z%%M%	%I%	%E% SMI"
28
29#include <security/cryptoki.h>
30#include "pkcs11Global.h"
31#include "pkcs11Conf.h"
32#include "pkcs11Session.h"
33#include "pkcs11Slot.h"
34
35/*
36 * C_SignInit will verify that the session handle is valid within the
37 * framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider.  Policy is only checked for C_SignInit, since it is
40 * required to be called before C_Sign and C_SignUpdate.
41 */
42CK_RV
43C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44    CK_OBJECT_HANDLE hKey)
45{
46
47	CK_RV rv;
48	pkcs11_session_t *sessp;
49	CK_SLOT_ID slotid;
50
51	/* Check for a fastpath */
52	if (purefastpath || policyfastpath) {
53		if (policyfastpath &&
54		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
55			return (CKR_MECHANISM_INVALID);
56		}
57		return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
58	}
59
60	if (!pkcs11_initialized) {
61		return (CKR_CRYPTOKI_NOT_INITIALIZED);
62	}
63
64	/* Obtain the session pointer */
65	HANDLE2SESSION(hSession, sessp, rv);
66
67	if (rv != CKR_OK) {
68		return (rv);
69	}
70
71	slotid = sessp->se_slotid;
72
73	/* Make sure this is not a disabled mechanism */
74	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
75		return (CKR_MECHANISM_INVALID);
76	}
77
78	/* Initialize the digest with the underlying provider */
79	rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
80	    pMechanism, hKey);
81
82	/* Present consistent interface to the application */
83	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
84		return (CKR_FUNCTION_FAILED);
85	}
86
87	return (rv);
88}
89
90/*
91 * C_Sign is a pure wrapper to the underlying provider.
92 * The only argument checked is whether or not hSession is valid.
93 */
94CK_RV
95C_Sign(CK_SESSION_HANDLE hSession,
96    CK_BYTE_PTR pData,
97    CK_ULONG ulDataLen,
98    CK_BYTE_PTR pSignature,
99    CK_ULONG_PTR pulSignatureLen)
100{
101	CK_RV rv;
102	pkcs11_session_t *sessp;
103
104	/* Check for a fastpath */
105	if (purefastpath || policyfastpath) {
106		return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
107			    pSignature, pulSignatureLen));
108	}
109
110	if (!pkcs11_initialized) {
111		return (CKR_CRYPTOKI_NOT_INITIALIZED);
112	}
113
114	/* Obtain the session pointer */
115	HANDLE2SESSION(hSession, sessp, rv);
116
117	if (rv != CKR_OK) {
118		return (rv);
119	}
120
121	/* Pass data to the provider */
122	rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
123	    ulDataLen, pSignature, pulSignatureLen);
124
125	/* Present consistent interface to the application */
126	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
127		return (CKR_FUNCTION_FAILED);
128	}
129
130	return (rv);
131
132}
133
134/*
135 * C_SignUpdate is a pure wrapper to the underlying provider.
136 * The only argument checked is whether or not hSession is valid.
137 */
138CK_RV
139C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
140{
141	CK_RV rv;
142	pkcs11_session_t *sessp;
143
144	/* Check for a fastpath */
145	if (purefastpath || policyfastpath) {
146		return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
147	}
148
149	if (!pkcs11_initialized) {
150		return (CKR_CRYPTOKI_NOT_INITIALIZED);
151	}
152
153	/* Obtain the session pointer */
154	HANDLE2SESSION(hSession, sessp, rv);
155
156	if (rv != CKR_OK) {
157		return (rv);
158	}
159
160	/* Pass data to the provider */
161	rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
162	    ulPartLen);
163
164	/* Present consistent interface to the application */
165	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
166		return (CKR_FUNCTION_FAILED);
167	}
168
169	return (rv);
170
171}
172
173/*
174 * C_SignFinal is a pure wrapper to the underlying provider.
175 * The only argument checked is whether or not hSession is valid.
176 */
177CK_RV
178C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
179    CK_ULONG_PTR pulSignatureLen)
180{
181	CK_RV rv;
182	pkcs11_session_t *sessp;
183
184	/* Check for a fastpath */
185	if (purefastpath || policyfastpath) {
186		return (fast_funcs->C_SignFinal(hSession, pSignature,
187			    pulSignatureLen));
188	}
189
190	if (!pkcs11_initialized) {
191		return (CKR_CRYPTOKI_NOT_INITIALIZED);
192	}
193
194	/* Obtain the session pointer */
195	HANDLE2SESSION(hSession, sessp, rv);
196
197	if (rv != CKR_OK) {
198		return (rv);
199	}
200
201	/* Pass data to the provider */
202	rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
203	    pSignature, pulSignatureLen);
204
205	/* Present consistent interface to the application */
206	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
207		return (CKR_FUNCTION_FAILED);
208	}
209
210	return (rv);
211}
212
213/*
214 * C_SignRecoverInit will verify that the session handle is valid within
215 * the framework, that the mechanism is not disabled for the slot
216 * associated with this session, and then redirect to the underlying
217 * provider.  Policy is only checked for C_SignRecoverInit, since it is
218 * required to be called before C_SignRecover.
219 */
220CK_RV
221C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
222    CK_OBJECT_HANDLE hKey)
223{
224	CK_RV rv;
225	pkcs11_session_t *sessp;
226	CK_SLOT_ID slotid;
227
228	/* Check for a fastpath */
229	if (purefastpath || policyfastpath) {
230		if (policyfastpath &&
231		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
232			return (CKR_MECHANISM_INVALID);
233		}
234		return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
235			    hKey));
236	}
237
238	if (!pkcs11_initialized) {
239		return (CKR_CRYPTOKI_NOT_INITIALIZED);
240	}
241
242	/* Obtain the session pointer */
243	HANDLE2SESSION(hSession, sessp, rv);
244
245	if (rv != CKR_OK) {
246		return (rv);
247	}
248
249	slotid = sessp->se_slotid;
250
251	/* Make sure this is not a disabled mechanism */
252	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
253		return (CKR_MECHANISM_INVALID);
254	}
255
256	/* Initialize the digest with the underlying provider */
257	rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
258	    pMechanism, hKey);
259
260	/* Present consistent interface to the application */
261	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
262		return (CKR_FUNCTION_FAILED);
263	}
264
265	return (rv);
266
267}
268
269/*
270 * C_SignRecover is a pure wrapper to the underlying provider.
271 * The only argument checked is whether or not hSession is valid.
272 */
273CK_RV
274C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
275    CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
276{
277	CK_RV rv;
278	pkcs11_session_t *sessp;
279
280	/* Check for a fastpath */
281	if (purefastpath || policyfastpath) {
282		return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
283			    pSignature, pulSignatureLen));
284	}
285	if (!pkcs11_initialized) {
286		return (CKR_CRYPTOKI_NOT_INITIALIZED);
287	}
288
289	/* Obtain the session pointer */
290	HANDLE2SESSION(hSession, sessp, rv);
291
292	if (rv != CKR_OK) {
293		return (rv);
294	}
295
296	/* Pass data to the provider */
297	rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
298	    ulDataLen, pSignature, pulSignatureLen);
299
300	/* Present consistent interface to the application */
301	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302		return (CKR_FUNCTION_FAILED);
303	}
304
305	return (rv);
306}
307