xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Keys.c (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34 
35 /*
36  * C_GenerateKey will verify that the session handle is valid within
37  * the framework, that the mechanism is not disabled for the slot
38  * associated with this session, and then redirect to the underlying
39  * provider.
40  */
41 CK_RV
42 C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
43     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
44 {
45 	CK_RV rv;
46 	pkcs11_session_t *sessp;
47 	CK_SLOT_ID slotid;
48 
49 	/* Check for a fastpath */
50 	if (purefastpath || policyfastpath) {
51 		if (policyfastpath &&
52 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
53 			return (CKR_MECHANISM_INVALID);
54 		}
55 		return (fast_funcs->C_GenerateKey(hSession, pMechanism,
56 			    pTemplate, ulCount, phKey));
57 	}
58 
59 	if (!pkcs11_initialized) {
60 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
61 	}
62 
63 	/* Obtain the session pointer */
64 	HANDLE2SESSION(hSession, sessp, rv);
65 
66 	if (rv != CKR_OK) {
67 		return (rv);
68 	}
69 
70 	slotid = sessp->se_slotid;
71 
72 	/* Make sure this is not a disabled mechanism */
73 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74 		return (CKR_MECHANISM_INVALID);
75 	}
76 
77 	/* Initialize the digest with the underlying provider */
78 	rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle,
79 	    pMechanism, pTemplate, ulCount, phKey);
80 
81 	/* Present consistent interface to the application */
82 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83 		return (CKR_FUNCTION_FAILED);
84 	}
85 
86 	return (rv);
87 
88 }
89 
90 /*
91  * C_GenerateKeyPair will verify that the session handle is valid within
92  * the framework, that the mechanism is not disabled for the slot
93  * associated with this session, and then redirect to the underlying
94  * provider.
95  */
96 CK_RV
97 C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
98     CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
99     CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
100     CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
101 {
102 	CK_RV rv;
103 	pkcs11_session_t *sessp;
104 	CK_SLOT_ID slotid;
105 
106 
107 	/* Check for a fastpath */
108 	if (purefastpath || policyfastpath) {
109 		if (policyfastpath &&
110 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
111 			return (CKR_MECHANISM_INVALID);
112 		}
113 		return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism,
114 			    pPublicKeyTemplate, ulPublicKeyAttributeCount,
115 			    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
116 			    phPublicKey, phPrivateKey));
117 	}
118 
119 	if (!pkcs11_initialized) {
120 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
121 	}
122 
123 	/* Obtain the session pointer */
124 	HANDLE2SESSION(hSession, sessp, rv);
125 
126 	if (rv != CKR_OK) {
127 		return (rv);
128 	}
129 
130 	slotid = sessp->se_slotid;
131 
132 	/* Make sure this is not a disabled mechanism */
133 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
134 		return (CKR_MECHANISM_INVALID);
135 	}
136 
137 	/* Initialize the digest with the underlying provider */
138 	rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle,
139 	    pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
140 	    pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
141 	    phPublicKey, phPrivateKey);
142 
143 	/* Present consistent interface to the application */
144 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
145 		return (CKR_FUNCTION_FAILED);
146 	}
147 
148 	return (rv);
149 }
150 
151 /*
152  * C_WrapKey will verify that the session handle is valid within
153  * the framework, that the mechanism is not disabled for the slot
154  * associated with this session, and then redirect to the underlying
155  * provider.
156  */
157 CK_RV
158 C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
159     CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
160     CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
161 {
162 	CK_RV rv;
163 	pkcs11_session_t *sessp;
164 	CK_SLOT_ID slotid;
165 
166 	/* Check for a fastpath */
167 	if (purefastpath || policyfastpath) {
168 		if (policyfastpath &&
169 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
170 			return (CKR_MECHANISM_INVALID);
171 		}
172 		return (fast_funcs->C_WrapKey(hSession, pMechanism,
173 			    hWrappingKey, hKey, pWrappedKey,
174 			    pulWrappedKeyLen));
175 	}
176 
177 	if (!pkcs11_initialized) {
178 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
179 	}
180 
181 	/* Obtain the session pointer */
182 	HANDLE2SESSION(hSession, sessp, rv);
183 
184 	if (rv != CKR_OK) {
185 		return (rv);
186 	}
187 
188 	slotid = sessp->se_slotid;
189 
190 	/* Make sure this is not a disabled mechanism */
191 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
192 		return (CKR_MECHANISM_INVALID);
193 	}
194 
195 	/* Initialize the digest with the underlying provider */
196 	rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle,
197 	    pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
198 
199 	/* Present consistent interface to the application */
200 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
201 		return (CKR_FUNCTION_FAILED);
202 	}
203 
204 	return (rv);
205 }
206 
207 /*
208  * C_UnwrapKey will verify that the session handle is valid within
209  * the framework, that the mechanism is not disabled for the slot
210  * associated with this session, and then redirect to the underlying
211  * provider.
212  */
213 CK_RV
214 C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
215     CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
216     CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
217     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
218 {
219 	CK_RV rv;
220 	pkcs11_session_t *sessp;
221 	CK_SLOT_ID slotid;
222 
223 	/* Check for a fastpath */
224 	if (purefastpath || policyfastpath) {
225 		if (policyfastpath &&
226 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
227 			return (CKR_MECHANISM_INVALID);
228 		}
229 		return (fast_funcs->C_UnwrapKey(hSession, pMechanism,
230 			    hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
231 			    pTemplate, ulAttributeCount, phKey));
232 	}
233 
234 	if (!pkcs11_initialized) {
235 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
236 	}
237 
238 	/* Obtain the session pointer */
239 	HANDLE2SESSION(hSession, sessp, rv);
240 
241 	if (rv != CKR_OK) {
242 		return (rv);
243 	}
244 
245 	slotid = sessp->se_slotid;
246 
247 	/* Make sure this is not a disabled mechanism */
248 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
249 		return (CKR_MECHANISM_INVALID);
250 	}
251 
252 	/* Initialize the digest with the underlying provider */
253 	rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle,
254 	    pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
255 	    pTemplate, ulAttributeCount, phKey);
256 
257 	/* Present consistent interface to the application */
258 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
259 		return (CKR_FUNCTION_FAILED);
260 	}
261 
262 	return (rv);
263 }
264 
265 /*
266  * C_DeriveKey will verify that the session handle is valid within
267  * the framework, that the mechanism is not disabled for the slot
268  * associated with this session, and then redirect to the underlying
269  * provider.
270  */
271 CK_RV
272 C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
273     CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
274     CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
275 {
276 	CK_RV rv;
277 	pkcs11_session_t *sessp;
278 	CK_SLOT_ID slotid;
279 
280 	/* Check for a fastpath */
281 	if (purefastpath || policyfastpath) {
282 		if (policyfastpath &&
283 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
284 			return (CKR_MECHANISM_INVALID);
285 		}
286 		return (fast_funcs->C_DeriveKey(hSession, pMechanism,
287 			    hBaseKey, pTemplate, ulAttributeCount, phKey));
288 	}
289 
290 	if (!pkcs11_initialized) {
291 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
292 	}
293 
294 	/* Obtain the session pointer */
295 	HANDLE2SESSION(hSession, sessp, rv);
296 
297 	if (rv != CKR_OK) {
298 		return (rv);
299 	}
300 
301 	slotid = sessp->se_slotid;
302 
303 	/* Make sure this is not a disabled mechanism */
304 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
305 		return (CKR_MECHANISM_INVALID);
306 	}
307 
308 	/* Initialize the digest with the underlying provider */
309 	rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle,
310 	    pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
311 
312 	/* Present consistent interface to the application */
313 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
314 		return (CKR_FUNCTION_FAILED);
315 	}
316 
317 	return (rv);
318 }
319