/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2003 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #include #include "pkcs11Global.h" #include "pkcs11Conf.h" #include "pkcs11Session.h" #include "pkcs11Slot.h" /* * C_GenerateKey will verify that the session handle is valid within * the framework, that the mechanism is not disabled for the slot * associated with this session, and then redirect to the underlying * provider. */ CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey) { CK_RV rv; pkcs11_session_t *sessp; CK_SLOT_ID slotid; /* Check for a fastpath */ if (purefastpath || policyfastpath) { if (policyfastpath && pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } return (fast_funcs->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey)); } if (!pkcs11_initialized) { return (CKR_CRYPTOKI_NOT_INITIALIZED); } /* Obtain the session pointer */ HANDLE2SESSION(hSession, sessp, rv); if (rv != CKR_OK) { return (rv); } slotid = sessp->se_slotid; /* Make sure this is not a disabled mechanism */ if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } /* Initialize the digest with the underlying provider */ rv = FUNCLIST(slotid)->C_GenerateKey(sessp->se_handle, pMechanism, pTemplate, ulCount, phKey); /* Present consistent interface to the application */ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { return (CKR_FUNCTION_FAILED); } return (rv); } /* * C_GenerateKeyPair will verify that the session handle is valid within * the framework, that the mechanism is not disabled for the slot * associated with this session, and then redirect to the underlying * provider. */ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey) { CK_RV rv; pkcs11_session_t *sessp; CK_SLOT_ID slotid; /* Check for a fastpath */ if (purefastpath || policyfastpath) { if (policyfastpath && pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } return (fast_funcs->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey)); } if (!pkcs11_initialized) { return (CKR_CRYPTOKI_NOT_INITIALIZED); } /* Obtain the session pointer */ HANDLE2SESSION(hSession, sessp, rv); if (rv != CKR_OK) { return (rv); } slotid = sessp->se_slotid; /* Make sure this is not a disabled mechanism */ if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } /* Initialize the digest with the underlying provider */ rv = FUNCLIST(slotid)->C_GenerateKeyPair(sessp->se_handle, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); /* Present consistent interface to the application */ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { return (CKR_FUNCTION_FAILED); } return (rv); } /* * C_WrapKey will verify that the session handle is valid within * the framework, that the mechanism is not disabled for the slot * associated with this session, and then redirect to the underlying * provider. */ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) { CK_RV rv; pkcs11_session_t *sessp; CK_SLOT_ID slotid; /* Check for a fastpath */ if (purefastpath || policyfastpath) { if (policyfastpath && pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } return (fast_funcs->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen)); } if (!pkcs11_initialized) { return (CKR_CRYPTOKI_NOT_INITIALIZED); } /* Obtain the session pointer */ HANDLE2SESSION(hSession, sessp, rv); if (rv != CKR_OK) { return (rv); } slotid = sessp->se_slotid; /* Make sure this is not a disabled mechanism */ if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } /* Initialize the digest with the underlying provider */ rv = FUNCLIST(slotid)->C_WrapKey(sessp->se_handle, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen); /* Present consistent interface to the application */ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { return (CKR_FUNCTION_FAILED); } return (rv); } /* * C_UnwrapKey will verify that the session handle is valid within * the framework, that the mechanism is not disabled for the slot * associated with this session, and then redirect to the underlying * provider. */ CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { CK_RV rv; pkcs11_session_t *sessp; CK_SLOT_ID slotid; /* Check for a fastpath */ if (purefastpath || policyfastpath) { if (policyfastpath && pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } return (fast_funcs->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey)); } if (!pkcs11_initialized) { return (CKR_CRYPTOKI_NOT_INITIALIZED); } /* Obtain the session pointer */ HANDLE2SESSION(hSession, sessp, rv); if (rv != CKR_OK) { return (rv); } slotid = sessp->se_slotid; /* Make sure this is not a disabled mechanism */ if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } /* Initialize the digest with the underlying provider */ rv = FUNCLIST(slotid)->C_UnwrapKey(sessp->se_handle, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey); /* Present consistent interface to the application */ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { return (CKR_FUNCTION_FAILED); } return (rv); } /* * C_DeriveKey will verify that the session handle is valid within * the framework, that the mechanism is not disabled for the slot * associated with this session, and then redirect to the underlying * provider. */ CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { CK_RV rv; pkcs11_session_t *sessp; CK_SLOT_ID slotid; /* Check for a fastpath */ if (purefastpath || policyfastpath) { if (policyfastpath && pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } return (fast_funcs->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey)); } if (!pkcs11_initialized) { return (CKR_CRYPTOKI_NOT_INITIALIZED); } /* Obtain the session pointer */ HANDLE2SESSION(hSession, sessp, rv); if (rv != CKR_OK) { return (rv); } slotid = sessp->se_slotid; /* Make sure this is not a disabled mechanism */ if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { return (CKR_MECHANISM_INVALID); } /* Initialize the digest with the underlying provider */ rv = FUNCLIST(slotid)->C_DeriveKey(sessp->se_handle, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey); /* Present consistent interface to the application */ if (rv == CKR_FUNCTION_NOT_SUPPORTED) { return (CKR_FUNCTION_FAILED); } return (rv); }