/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
*/
#include <security/cryptoki.h>
#include "pkcs11Global.h"
#include "pkcs11Conf.h"
#include "pkcs11Session.h"
#include "pkcs11Slot.h"
#include "metaGlobal.h"
#define META_HANDLE2SESSION \
meta_session_t *tmp_session = \
(meta_session_t *)(hSession); \
\
/* \
* Check for bad args (eg CK_INVALID_HANDLE, \
* which is 0/NULL). \
*/ \
if (tmp_session == NULL || \
tmp_session->magic_marker != \
METASLOT_SESSION_MAGIC) { \
return (CKR_SESSION_HANDLE_INVALID); \
} \
\
/* \
* sessions can only be used by a single thread \
* at a time. So, we need to get a write-lock. \
*/ \
(void) pthread_rwlock_wrlock( \
&tmp_session->session_lock); \
\
/* \
* Make sure this session is not in the process \
* of being deleted \
*/ \
(void) pthread_mutex_lock( \
&tmp_session->isClosingSession_lock); \
if (tmp_session->isClosingSession) { \
(void) pthread_mutex_unlock( \
&tmp_session->isClosingSession_lock); \
(void) pthread_rwlock_unlock( \
&tmp_session->session_lock); \
return (CKR_SESSION_HANDLE_INVALID); \
} \
(void) pthread_mutex_unlock( \
&tmp_session->isClosingSession_lock); \
session = tmp_session;
/*
* C_EncryptInit will verify that the session handle is valid within
* the framework, that the mechanism is not disabled for the slot
* associated with this session, and then redirect to the underlying
* provider. Policy is checked for C_EncryptInit, and not C_Encrypt
* or C_EncryptUpdate, since C_EncryptInit is required to be called
* before C_Encrypt and C_EncryptUpdate.
*/
CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
pkcs11_session_t *sessp;
CK_SLOT_ID slotid;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
if (policyfastpath &&
pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
return (CKR_MECHANISM_INVALID);
}
return (fast_funcs->C_EncryptInit(hSession, pMechanism, hKey));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
slotid = sessp->se_slotid;
/* Make sure this is not a disabled mechanism */
if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
return (CKR_MECHANISM_INVALID);
}
/* Initialize the digest with the underlying provider */
rv = FUNCLIST(slotid)->C_EncryptInit(sessp->se_handle,
pMechanism, hKey);
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_Encrypt is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_Encrypt(hSession, pData, ulDataLen,
pEncryptedData, pulEncryptedDataLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
if (FUNCLIST(sessp->se_slotid) == &metaslot_functionList) {
meta_session_t *session;
CK_SESSION_HANDLE hSession = sessp->se_handle;
META_HANDLE2SESSION
if (pData == NULL || pulEncryptedDataLen == NULL) {
meta_operation_cleanup(session, CKF_ENCRYPT, FALSE);
REFRELEASE(session);
return (CKR_ARGUMENTS_BAD);
}
rv = meta_do_operation(CKF_ENCRYPT, MODE_SINGLE, session, NULL,
pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
REFRELEASE(session);
} else {
rv = FUNCLIST(sessp->se_slotid)->C_Encrypt(sessp->se_handle,
pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
}
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_EncryptUpdate is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_EncryptUpdate(hSession, pPart, ulPartLen,
pEncryptedPart, pulEncryptedPartLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
if (FUNCLIST(sessp->se_slotid) == &metaslot_functionList) {
meta_session_t *session;
CK_SESSION_HANDLE hSession = sessp->se_handle;
META_HANDLE2SESSION
if (pPart == NULL || pulEncryptedPartLen == NULL) {
meta_operation_cleanup(session, CKF_ENCRYPT, FALSE);
REFRELEASE(session);
return (CKR_ARGUMENTS_BAD);
}
rv = meta_do_operation(CKF_ENCRYPT, MODE_UPDATE, session, NULL,
pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
REFRELEASE(session);
} else {
rv = FUNCLIST(
sessp->se_slotid)->C_EncryptUpdate(sessp->se_handle,
pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
}
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_EncryptFinal is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_EncryptFinal(hSession,
pLastEncryptedPart, pulLastEncryptedPartLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
rv = FUNCLIST(sessp->se_slotid)->C_EncryptFinal(sessp->se_handle,
pLastEncryptedPart, pulLastEncryptedPartLen);
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_DecryptInit will verify that the session handle is valid within
* the framework, that the mechanism is not disabled for the slot
* associated with this session, and then redirect to the underlying
* provider. Policy is checked for C_DecryptInit, and not C_Decrypt
* or C_DecryptUpdate, since C_DecryptInit is required to be called
* before C_Decrypt and C_DecryptUpdate.
*/
CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
pkcs11_session_t *sessp;
CK_SLOT_ID slotid;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
if (policyfastpath &&
pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
return (CKR_MECHANISM_INVALID);
}
return (fast_funcs->C_DecryptInit(hSession, pMechanism, hKey));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
slotid = sessp->se_slotid;
/* Make sure this is not a disabled mechanism */
if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
return (CKR_MECHANISM_INVALID);
}
/* Initialize the digest with the underlying provider */
rv = FUNCLIST(slotid)->C_DecryptInit(sessp->se_handle,
pMechanism, hKey);
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_Decrypt is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_Decrypt(hSession, pEncryptedData,
ulEncryptedDataLen, pData, pulDataLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
if (FUNCLIST(sessp->se_slotid) == &metaslot_functionList) {
meta_session_t *session;
CK_SESSION_HANDLE hSession = sessp->se_handle;
META_HANDLE2SESSION
if (pEncryptedData == NULL || pulDataLen == NULL) {
meta_operation_cleanup(session, CKF_DECRYPT, FALSE);
REFRELEASE(session);
return (CKR_ARGUMENTS_BAD);
}
rv = meta_do_operation(CKF_DECRYPT, MODE_SINGLE, session, NULL,
pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
REFRELEASE(session);
} else {
rv = FUNCLIST(sessp->se_slotid)->C_Decrypt(sessp->se_handle,
pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
}
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_DecryptUpdate is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_DecryptUpdate(hSession, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
if (FUNCLIST(sessp->se_slotid) == &metaslot_functionList) {
meta_session_t *session;
CK_SESSION_HANDLE hSession = sessp->se_handle;
META_HANDLE2SESSION
if (pEncryptedPart == NULL || pulPartLen == NULL) {
meta_operation_cleanup(session, CKF_DECRYPT, FALSE);
REFRELEASE(session);
return (CKR_ARGUMENTS_BAD);
}
rv = meta_do_operation(CKF_DECRYPT, MODE_UPDATE, session, NULL,
pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
REFRELEASE(session);
} else {
rv = FUNCLIST(sessp->se_slotid)->C_DecryptUpdate(
sessp->se_handle, pEncryptedPart, ulEncryptedPartLen,
pPart, pulPartLen);
}
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}
/*
* C_DecryptFinal is a pure wrapper to the underlying provider.
* The only argument checked is whether or not hSession is valid.
*/
CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen)
{
CK_RV rv;
pkcs11_session_t *sessp;
/* Check for a fastpath */
if (purefastpath || policyfastpath) {
return (fast_funcs->C_DecryptFinal(hSession, pLastPart,
pulLastPartLen));
}
if (!pkcs11_initialized) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Obtain the session pointer */
HANDLE2SESSION(hSession, sessp, rv);
if (rv != CKR_OK) {
return (rv);
}
/* Initialize the digest with the underlying provider */
rv = FUNCLIST(sessp->se_slotid)->C_DecryptFinal(sessp->se_handle,
pLastPart, pulLastPartLen);
/* Present consistent interface to the application */
if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
return (CKR_FUNCTION_FAILED);
}
return (rv);
}