libpkcs11/common/pkcs11Keys.c

	pkcs11Keys.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident   "%Z%%M% %I% %E% SMI"

#include <security/cryptoki.h>
#include "pkcs11Global.h"
#include "pkcs11Conf.h"
#include "pkcs11Session.h"
#include "pkcs11Slot.h"

/*
 * C_GenerateKey will verify that the session handle is valid within
 * the framework, that the mechanism is not disabled for the slot
 * associated with this session, and then redirect to the underlying
 * provider.
 */
CK_RV
C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
{
    CK_RV rv;
    pkcs11_session_t *sessp;
    CK_SLOT_ID slotid;

    /* Check for a fastpath */
    if (purefastpath || policyfastpath) {
        if (policyfastpath &&
            pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
            return (CKR_MECHANISM_INVALID);
        }
        return (fast_funcs->C_GenerateKey(hSession, pMechanism,
                pTemplate, ulCount, phKey));
    }

    if (!pkcs11_initialized) {
        return (CKR_CRYPTOKI_NOT_INITIALIZED);
    }

    /* Obtain the session pointer */
    HANDLE2SESSION(hSession, sessp, rv);

    if (rv != CKR_OK) {
        return (rv);
    }

    slotid = sessp->se_slotid;

    /* Make sure this is not a disabled mechanism */
    if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
        return (CKR_MECHANISM_INVALID);
    }

    /* Initialize the digest with the underlying provider */
    rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle,
        pMechanism, pTemplate, ulCount, phKey);

    /* Present consistent interface to the application */
    if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
        return (CKR_FUNCTION_FAILED);
    }

    return (rv);

}

/*
 * C_GenerateKeyPair will verify that the session handle is valid within
 * the framework, that the mechanism is not disabled for the slot
 * associated with this session, and then redirect to the underlying
 * provider.
 */
CK_RV
C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount,
    CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount,
    CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
{
    CK_RV rv;
    pkcs11_session_t *sessp;
    CK_SLOT_ID slotid;


    /* Check for a fastpath */
    if (purefastpath || policyfastpath) {
        if (policyfastpath &&
            pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
            return (CKR_MECHANISM_INVALID);
        }
        return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism,
                pPublicKeyTemplate, ulPublicKeyAttributeCount,
                pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                phPublicKey, phPrivateKey));
    }

    if (!pkcs11_initialized) {
        return (CKR_CRYPTOKI_NOT_INITIALIZED);
    }

    /* Obtain the session pointer */
    HANDLE2SESSION(hSession, sessp, rv);

    if (rv != CKR_OK) {
        return (rv);
    }

    slotid = sessp->se_slotid;

    /* Make sure this is not a disabled mechanism */
    if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
        return (CKR_MECHANISM_INVALID);
    }

    /* Initialize the digest with the underlying provider */
    rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle,
        pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
        pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
        phPublicKey, phPrivateKey);

    /* Present consistent interface to the application */
    if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
        return (CKR_FUNCTION_FAILED);
    }

    return (rv);
}

/*
 * C_WrapKey will verify that the session handle is valid within
 * the framework, that the mechanism is not disabled for the slot
 * associated with this session, and then redirect to the underlying
 * provider.
 */
CK_RV
C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
    CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
{
    CK_RV rv;
    pkcs11_session_t *sessp;
    CK_SLOT_ID slotid;

    /* Check for a fastpath */
    if (purefastpath || policyfastpath) {
        if (policyfastpath &&
            pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
            return (CKR_MECHANISM_INVALID);
        }
        return (fast_funcs->C_WrapKey(hSession, pMechanism,
                hWrappingKey, hKey, pWrappedKey,
                pulWrappedKeyLen));
    }

    if (!pkcs11_initialized) {
        return (CKR_CRYPTOKI_NOT_INITIALIZED);
    }

    /* Obtain the session pointer */
    HANDLE2SESSION(hSession, sessp, rv);

    if (rv != CKR_OK) {
        return (rv);
    }

    slotid = sessp->se_slotid;

    /* Make sure this is not a disabled mechanism */
    if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
        return (CKR_MECHANISM_INVALID);
    }

    /* Initialize the digest with the underlying provider */
    rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle,
        pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);

    /* Present consistent interface to the application */
    if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
        return (CKR_FUNCTION_FAILED);
    }

    return (rv);
}

/*
 * C_UnwrapKey will verify that the session handle is valid within
 * the framework, that the mechanism is not disabled for the slot
 * associated with this session, and then redirect to the underlying
 * provider.
 */
CK_RV
C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
    CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
{
    CK_RV rv;
    pkcs11_session_t *sessp;
    CK_SLOT_ID slotid;

    /* Check for a fastpath */
    if (purefastpath || policyfastpath) {
        if (policyfastpath &&
            pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
            return (CKR_MECHANISM_INVALID);
        }
        return (fast_funcs->C_UnwrapKey(hSession, pMechanism,
                hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
                pTemplate, ulAttributeCount, phKey));
    }

    if (!pkcs11_initialized) {
        return (CKR_CRYPTOKI_NOT_INITIALIZED);
    }

    /* Obtain the session pointer */
    HANDLE2SESSION(hSession, sessp, rv);

    if (rv != CKR_OK) {
        return (rv);
    }

    slotid = sessp->se_slotid;

    /* Make sure this is not a disabled mechanism */
    if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
        return (CKR_MECHANISM_INVALID);
    }

    /* Initialize the digest with the underlying provider */
    rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle,
        pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
        pTemplate, ulAttributeCount, phKey);

    /* Present consistent interface to the application */
    if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
        return (CKR_FUNCTION_FAILED);
    }

    return (rv);
}

/*
 * C_DeriveKey will verify that the session handle is valid within
 * the framework, that the mechanism is not disabled for the slot
 * associated with this session, and then redirect to the underlying
 * provider.
 */
CK_RV
C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
    CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
{
    CK_RV rv;
    pkcs11_session_t *sessp;
    CK_SLOT_ID slotid;

    /* Check for a fastpath */
    if (purefastpath || policyfastpath) {
        if (policyfastpath &&
            pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
            return (CKR_MECHANISM_INVALID);
        }
        return (fast_funcs->C_DeriveKey(hSession, pMechanism,
                hBaseKey, pTemplate, ulAttributeCount, phKey));
    }

    if (!pkcs11_initialized) {
        return (CKR_CRYPTOKI_NOT_INITIALIZED);
    }

    /* Obtain the session pointer */
    HANDLE2SESSION(hSession, sessp, rv);

    if (rv != CKR_OK) {
        return (rv);
    }

    slotid = sessp->se_slotid;

    /* Make sure this is not a disabled mechanism */
    if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
        return (CKR_MECHANISM_INVALID);
    }

    /* Initialize the digest with the underlying provider */
    rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle,
        pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);

    /* Present consistent interface to the application */
    if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
        return (CKR_FUNCTION_FAILED);
    }

    return (rv);
}