1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <security/cryptoki.h> 28 #include "pkcs11Global.h" 29 #include "pkcs11Conf.h" 30 #include "pkcs11Session.h" 31 #include "pkcs11Slot.h" 32 33 /* 34 * C_VerifyInit will verify that the session handle is valid within the 35 * framework, that the mechanism is not disabled for the slot 36 * associated with this session, and then redirect to the underlying 37 * provider. Policy is only checked for C_VerifyInit, since it is 38 * required to be called before C_Verify and C_VerifyUpdate. 39 */ 40 CK_RV 41 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 42 CK_OBJECT_HANDLE hKey) 43 { 44 CK_RV rv; 45 pkcs11_session_t *sessp; 46 CK_SLOT_ID slotid; 47 48 /* Check for a fastpath */ 49 if (purefastpath || policyfastpath) { 50 if (policyfastpath && 51 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 52 return (CKR_MECHANISM_INVALID); 53 } 54 return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey)); 55 } 56 57 if (!pkcs11_initialized) { 58 return (CKR_CRYPTOKI_NOT_INITIALIZED); 59 } 60 61 /* Obtain the session pointer */ 62 HANDLE2SESSION(hSession, sessp, rv); 63 64 if (rv != CKR_OK) { 65 return (rv); 66 } 67 68 slotid = sessp->se_slotid; 69 70 /* Make sure this is not a disabled mechanism */ 71 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 72 return (CKR_MECHANISM_INVALID); 73 } 74 75 /* Initialize the digest with the underlying provider */ 76 rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle, 77 pMechanism, hKey); 78 79 /* Present consistent interface to the application */ 80 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 81 return (CKR_FUNCTION_FAILED); 82 } 83 84 return (rv); 85 86 } 87 88 /* 89 * C_Verify is a pure wrapper to the underlying provider. 90 * The only argument checked is whether or not hSession is valid. 91 */ 92 CK_RV 93 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, 94 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) 95 { 96 CK_RV rv; 97 pkcs11_session_t *sessp; 98 99 /* Check for a fastpath */ 100 if (purefastpath || policyfastpath) { 101 return (fast_funcs->C_Verify(hSession, pData, ulDataLen, 102 pSignature, ulSignatureLen)); 103 } 104 105 if (!pkcs11_initialized) { 106 return (CKR_CRYPTOKI_NOT_INITIALIZED); 107 } 108 109 /* Obtain the session pointer */ 110 HANDLE2SESSION(hSession, sessp, rv); 111 112 if (rv != CKR_OK) { 113 return (rv); 114 } 115 116 /* Pass data to the provider */ 117 rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData, 118 ulDataLen, pSignature, ulSignatureLen); 119 120 /* Present consistent interface to the application */ 121 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 122 return (CKR_FUNCTION_FAILED); 123 } 124 125 return (rv); 126 127 } 128 129 /* 130 * C_VerifyUpdate is a pure wrapper to the underlying provider. 131 * The only argument checked is whether or not hSession is valid. 132 */ 133 CK_RV 134 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 135 CK_ULONG ulPartLen) 136 { 137 CK_RV rv; 138 pkcs11_session_t *sessp; 139 140 /* Check for a fastpath */ 141 if (purefastpath || policyfastpath) { 142 return (fast_funcs->C_VerifyUpdate(hSession, pPart, 143 ulPartLen)); 144 } 145 146 if (!pkcs11_initialized) { 147 return (CKR_CRYPTOKI_NOT_INITIALIZED); 148 } 149 150 /* Obtain the session pointer */ 151 HANDLE2SESSION(hSession, sessp, rv); 152 153 if (rv != CKR_OK) { 154 return (rv); 155 } 156 157 /* Pass data to the provider */ 158 rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle, 159 pPart, ulPartLen); 160 161 /* Present consistent interface to the application */ 162 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 163 return (CKR_FUNCTION_FAILED); 164 } 165 166 return (rv); 167 } 168 169 /* 170 * C_VerifyFinal is a pure wrapper to the underlying provider. 171 * The only argument checked is whether or not hSession is valid. 172 */ 173 CK_RV 174 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 175 CK_ULONG ulSignatureLen) 176 { 177 CK_RV rv; 178 pkcs11_session_t *sessp; 179 180 /* Check for a fastpath */ 181 if (purefastpath || policyfastpath) { 182 return (fast_funcs->C_VerifyFinal(hSession, pSignature, 183 ulSignatureLen)); 184 } 185 if (!pkcs11_initialized) { 186 return (CKR_CRYPTOKI_NOT_INITIALIZED); 187 } 188 189 /* Obtain the session pointer */ 190 HANDLE2SESSION(hSession, sessp, rv); 191 192 if (rv != CKR_OK) { 193 return (rv); 194 } 195 196 /* Pass data to the provider */ 197 rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle, 198 pSignature, ulSignatureLen); 199 200 /* Present consistent interface to the application */ 201 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 202 return (CKR_FUNCTION_FAILED); 203 } 204 205 return (rv); 206 207 } 208 209 /* 210 * C_VerifyRecoverInit will verify that the session handle is valid within 211 * the framework, that the mechanism is not disabled for the slot 212 * associated with this session, and then redirect to the underlying 213 * provider. Policy is only checked for C_VerifyRecoverInit, since it is 214 * required to be called before C_VerifyRecover. 215 */ 216 CK_RV 217 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 218 CK_OBJECT_HANDLE hKey) 219 { 220 CK_RV rv; 221 pkcs11_session_t *sessp; 222 CK_SLOT_ID slotid; 223 224 /* Check for a fastpath */ 225 if (purefastpath || policyfastpath) { 226 if (policyfastpath && 227 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 228 return (CKR_MECHANISM_INVALID); 229 } 230 return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism, 231 hKey)); 232 } 233 234 if (!pkcs11_initialized) { 235 return (CKR_CRYPTOKI_NOT_INITIALIZED); 236 } 237 238 /* Obtain the session pointer */ 239 HANDLE2SESSION(hSession, sessp, rv); 240 241 if (rv != CKR_OK) { 242 return (rv); 243 } 244 245 slotid = sessp->se_slotid; 246 247 /* Make sure this is not a disabled mechanism */ 248 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 249 return (CKR_MECHANISM_INVALID); 250 } 251 252 /* Initialize the digest with the underlying provider */ 253 rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle, 254 pMechanism, hKey); 255 256 /* Present consistent interface to the application */ 257 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 258 return (CKR_FUNCTION_FAILED); 259 } 260 261 return (rv); 262 263 264 } 265 266 /* 267 * C_VerifyRecover is a pure wrapper to the underlying provider. 268 * The only argument checked is whether or not hSession is valid. 269 */ 270 CK_RV 271 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 272 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) 273 { 274 CK_RV rv; 275 pkcs11_session_t *sessp; 276 277 /* Check for a fastpath */ 278 if (purefastpath || policyfastpath) { 279 return (fast_funcs->C_VerifyRecover(hSession, pSignature, 280 ulSignatureLen, pData, pulDataLen)); 281 } 282 283 if (!pkcs11_initialized) { 284 return (CKR_CRYPTOKI_NOT_INITIALIZED); 285 } 286 287 /* Obtain the session pointer */ 288 HANDLE2SESSION(hSession, sessp, rv); 289 290 if (rv != CKR_OK) { 291 return (rv); 292 } 293 294 /* Pass data to the provider */ 295 rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle, 296 pSignature, ulSignatureLen, pData, pulDataLen); 297 298 /* Present consistent interface to the application */ 299 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 300 return (CKR_FUNCTION_FAILED); 301 } 302 303 return (rv); 304 } 305