1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <security/cryptoki.h>
28 #include "pkcs11Global.h"
29 #include "pkcs11Conf.h"
30 #include "pkcs11Session.h"
31 #include "pkcs11Slot.h"
32
33 /*
34 * C_VerifyInit will verify that the session handle is valid within the
35 * framework, that the mechanism is not disabled for the slot
36 * associated with this session, and then redirect to the underlying
37 * provider. Policy is only checked for C_VerifyInit, since it is
38 * required to be called before C_Verify and C_VerifyUpdate.
39 */
40 CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)41 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
42 CK_OBJECT_HANDLE hKey)
43 {
44 CK_RV rv;
45 pkcs11_session_t *sessp;
46 CK_SLOT_ID slotid;
47
48 /* Check for a fastpath */
49 if (purefastpath || policyfastpath) {
50 if (policyfastpath &&
51 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
52 return (CKR_MECHANISM_INVALID);
53 }
54 return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
55 }
56
57 if (!pkcs11_initialized) {
58 return (CKR_CRYPTOKI_NOT_INITIALIZED);
59 }
60
61 /* Obtain the session pointer */
62 HANDLE2SESSION(hSession, sessp, rv);
63
64 if (rv != CKR_OK) {
65 return (rv);
66 }
67
68 slotid = sessp->se_slotid;
69
70 /* Make sure this is not a disabled mechanism */
71 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
72 return (CKR_MECHANISM_INVALID);
73 }
74
75 /* Initialize the digest with the underlying provider */
76 rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
77 pMechanism, hKey);
78
79 /* Present consistent interface to the application */
80 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
81 return (CKR_FUNCTION_FAILED);
82 }
83
84 return (rv);
85
86 }
87
88 /*
89 * C_Verify is a pure wrapper to the underlying provider.
90 * The only argument checked is whether or not hSession is valid.
91 */
92 CK_RV
C_Verify(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)93 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
94 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
95 {
96 CK_RV rv;
97 pkcs11_session_t *sessp;
98
99 /* Check for a fastpath */
100 if (purefastpath || policyfastpath) {
101 return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
102 pSignature, ulSignatureLen));
103 }
104
105 if (!pkcs11_initialized) {
106 return (CKR_CRYPTOKI_NOT_INITIALIZED);
107 }
108
109 /* Obtain the session pointer */
110 HANDLE2SESSION(hSession, sessp, rv);
111
112 if (rv != CKR_OK) {
113 return (rv);
114 }
115
116 /* Pass data to the provider */
117 rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
118 ulDataLen, pSignature, ulSignatureLen);
119
120 /* Present consistent interface to the application */
121 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
122 return (CKR_FUNCTION_FAILED);
123 }
124
125 return (rv);
126
127 }
128
129 /*
130 * C_VerifyUpdate is a pure wrapper to the underlying provider.
131 * The only argument checked is whether or not hSession is valid.
132 */
133 CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)134 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
135 CK_ULONG ulPartLen)
136 {
137 CK_RV rv;
138 pkcs11_session_t *sessp;
139
140 /* Check for a fastpath */
141 if (purefastpath || policyfastpath) {
142 return (fast_funcs->C_VerifyUpdate(hSession, pPart,
143 ulPartLen));
144 }
145
146 if (!pkcs11_initialized) {
147 return (CKR_CRYPTOKI_NOT_INITIALIZED);
148 }
149
150 /* Obtain the session pointer */
151 HANDLE2SESSION(hSession, sessp, rv);
152
153 if (rv != CKR_OK) {
154 return (rv);
155 }
156
157 /* Pass data to the provider */
158 rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
159 pPart, ulPartLen);
160
161 /* Present consistent interface to the application */
162 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
163 return (CKR_FUNCTION_FAILED);
164 }
165
166 return (rv);
167 }
168
169 /*
170 * C_VerifyFinal is a pure wrapper to the underlying provider.
171 * The only argument checked is whether or not hSession is valid.
172 */
173 CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)174 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
175 CK_ULONG ulSignatureLen)
176 {
177 CK_RV rv;
178 pkcs11_session_t *sessp;
179
180 /* Check for a fastpath */
181 if (purefastpath || policyfastpath) {
182 return (fast_funcs->C_VerifyFinal(hSession, pSignature,
183 ulSignatureLen));
184 }
185 if (!pkcs11_initialized) {
186 return (CKR_CRYPTOKI_NOT_INITIALIZED);
187 }
188
189 /* Obtain the session pointer */
190 HANDLE2SESSION(hSession, sessp, rv);
191
192 if (rv != CKR_OK) {
193 return (rv);
194 }
195
196 /* Pass data to the provider */
197 rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
198 pSignature, ulSignatureLen);
199
200 /* Present consistent interface to the application */
201 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
202 return (CKR_FUNCTION_FAILED);
203 }
204
205 return (rv);
206
207 }
208
209 /*
210 * C_VerifyRecoverInit will verify that the session handle is valid within
211 * the framework, that the mechanism is not disabled for the slot
212 * associated with this session, and then redirect to the underlying
213 * provider. Policy is only checked for C_VerifyRecoverInit, since it is
214 * required to be called before C_VerifyRecover.
215 */
216 CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)217 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
218 CK_OBJECT_HANDLE hKey)
219 {
220 CK_RV rv;
221 pkcs11_session_t *sessp;
222 CK_SLOT_ID slotid;
223
224 /* Check for a fastpath */
225 if (purefastpath || policyfastpath) {
226 if (policyfastpath &&
227 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
228 return (CKR_MECHANISM_INVALID);
229 }
230 return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
231 hKey));
232 }
233
234 if (!pkcs11_initialized) {
235 return (CKR_CRYPTOKI_NOT_INITIALIZED);
236 }
237
238 /* Obtain the session pointer */
239 HANDLE2SESSION(hSession, sessp, rv);
240
241 if (rv != CKR_OK) {
242 return (rv);
243 }
244
245 slotid = sessp->se_slotid;
246
247 /* Make sure this is not a disabled mechanism */
248 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
249 return (CKR_MECHANISM_INVALID);
250 }
251
252 /* Initialize the digest with the underlying provider */
253 rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
254 pMechanism, hKey);
255
256 /* Present consistent interface to the application */
257 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
258 return (CKR_FUNCTION_FAILED);
259 }
260
261 return (rv);
262
263
264 }
265
266 /*
267 * C_VerifyRecover is a pure wrapper to the underlying provider.
268 * The only argument checked is whether or not hSession is valid.
269 */
270 CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)271 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
272 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
273 {
274 CK_RV rv;
275 pkcs11_session_t *sessp;
276
277 /* Check for a fastpath */
278 if (purefastpath || policyfastpath) {
279 return (fast_funcs->C_VerifyRecover(hSession, pSignature,
280 ulSignatureLen, pData, pulDataLen));
281 }
282
283 if (!pkcs11_initialized) {
284 return (CKR_CRYPTOKI_NOT_INITIALIZED);
285 }
286
287 /* Obtain the session pointer */
288 HANDLE2SESSION(hSession, sessp, rv);
289
290 if (rv != CKR_OK) {
291 return (rv);
292 }
293
294 /* Pass data to the provider */
295 rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
296 pSignature, ulSignatureLen, pData, pulDataLen);
297
298 /* Present consistent interface to the application */
299 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
300 return (CKR_FUNCTION_FAILED);
301 }
302
303 return (rv);
304 }
305