xref: /illumos-gate/usr/src/lib/pkcs11/libpkcs11/common/metaVerify.c (revision 1da57d551424de5a9d469760be7c4b4d4f10a755)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Functions for Verifying Signatures and MACS
28  * (as defined in PKCS#11 spec section 11.13)
29  */
30 
31 #include "metaGlobal.h"
32 
33 
34 /*
35  * meta_VerifyInit
36  *
37  */
38 CK_RV
meta_VerifyInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)39 meta_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
40     CK_OBJECT_HANDLE hKey)
41 {
42 	CK_RV rv;
43 	meta_session_t *session;
44 	meta_object_t *key;
45 
46 	if (pMechanism == NULL)
47 		return (CKR_ARGUMENTS_BAD);
48 
49 	rv = meta_handle2session(hSession, &session);
50 	if (rv != CKR_OK)
51 		return (rv);
52 
53 	rv = meta_handle2object(hKey, &key);
54 	if (rv != CKR_OK) {
55 		REFRELEASE(session);
56 		return (rv);
57 	}
58 
59 	rv = meta_operation_init(CKF_VERIFY, session, pMechanism, key);
60 
61 	OBJRELEASE(key);
62 	REFRELEASE(session);
63 
64 	return (rv);
65 }
66 
67 
68 /*
69  * meta_Verify
70  *
71  */
72 CK_RV
meta_Verify(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)73 meta_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
74     CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
75 {
76 	CK_RV rv;
77 	meta_session_t *session;
78 
79 	rv = meta_handle2session(hSession, &session);
80 	if (rv != CKR_OK)
81 		return (rv);
82 
83 	/* Note: unlike other ops, both buffers are inputs, and required. */
84 	if (pData == NULL || pSignature == NULL) {
85 		meta_operation_cleanup(session, CKF_VERIFY, FALSE);
86 		REFRELEASE(session);
87 		return (CKR_ARGUMENTS_BAD);
88 	}
89 
90 	rv = meta_do_operation(CKF_VERIFY, MODE_SINGLE, session, NULL,
91 	    pData, ulDataLen, pSignature, &ulSignatureLen);
92 
93 	REFRELEASE(session);
94 
95 	return (rv);
96 }
97 
98 
99 /*
100  * meta_VerifyUpdate
101  *
102  */
103 CK_RV
meta_VerifyUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)104 meta_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
105     CK_ULONG ulPartLen)
106 {
107 	CK_RV rv;
108 	meta_session_t *session;
109 
110 	rv = meta_handle2session(hSession, &session);
111 	if (rv != CKR_OK)
112 		return (rv);
113 
114 	if (pPart == NULL) {
115 		meta_operation_cleanup(session, CKF_VERIFY, FALSE);
116 		REFRELEASE(session);
117 		return (CKR_ARGUMENTS_BAD);
118 	}
119 
120 	rv = meta_do_operation(CKF_VERIFY, MODE_UPDATE, session, NULL,
121 	    pPart, ulPartLen, NULL, NULL);
122 
123 	REFRELEASE(session);
124 
125 	return (rv);
126 }
127 
128 
129 /*
130  * meta_VerifyFinal
131  *
132  */
133 CK_RV
meta_VerifyFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)134 meta_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
135     CK_ULONG ulSignatureLen)
136 {
137 	CK_RV rv;
138 	meta_session_t *session;
139 
140 	rv = meta_handle2session(hSession, &session);
141 	if (rv != CKR_OK)
142 		return (rv);
143 
144 	/*
145 	 * Unlike other ops the buffer is an input. Allow NULL if there's
146 	 * no more input.
147 	 */
148 	if (pSignature == NULL && ulSignatureLen != 0) {
149 		meta_operation_cleanup(session, CKF_VERIFY, FALSE);
150 		REFRELEASE(session);
151 		return (CKR_ARGUMENTS_BAD);
152 	}
153 
154 	rv = meta_do_operation(CKF_VERIFY, MODE_FINAL, session, NULL,
155 	    pSignature, ulSignatureLen, NULL, NULL);
156 
157 	REFRELEASE(session);
158 
159 	return (rv);
160 }
161 
162 
163 /*
164  * meta_VerifyRecoverInit
165  *
166  */
167 CK_RV
meta_VerifyRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)168 meta_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
169     CK_OBJECT_HANDLE hKey)
170 {
171 	CK_RV rv;
172 	meta_session_t *session;
173 	meta_object_t *key;
174 
175 	if (pMechanism == NULL)
176 		return (CKR_ARGUMENTS_BAD);
177 
178 	rv = meta_handle2session(hSession, &session);
179 	if (rv != CKR_OK)
180 		return (rv);
181 
182 	rv = meta_handle2object(hKey, &key);
183 	if (rv != CKR_OK) {
184 		REFRELEASE(session);
185 		return (rv);
186 	}
187 
188 	rv = meta_operation_init(CKF_VERIFY_RECOVER, session, pMechanism, key);
189 
190 	OBJRELEASE(key);
191 	REFRELEASE(session);
192 
193 	return (rv);
194 }
195 
196 
197 /*
198  * meta_VerifyRecover
199  *
200  */
201 CK_RV
meta_VerifyRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)202 meta_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
203     CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
204 {
205 	CK_RV rv;
206 	meta_session_t *session;
207 
208 	rv = meta_handle2session(hSession, &session);
209 	if (rv != CKR_OK)
210 		return (rv);
211 
212 	if (pSignature == NULL || pulDataLen == NULL) {
213 		meta_operation_cleanup(session, CKF_VERIFY_RECOVER, FALSE);
214 		REFRELEASE(session);
215 		return (CKR_ARGUMENTS_BAD);
216 	}
217 
218 	rv = meta_do_operation(CKF_VERIFY_RECOVER, MODE_SINGLE, session, NULL,
219 	    pSignature, ulSignatureLen, pData, pulDataLen);
220 
221 	REFRELEASE(session);
222 
223 	return (rv);
224 }
225