1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <security/cryptoki.h> 30 #include "pkcs11Global.h" 31 #include "pkcs11Conf.h" 32 #include "pkcs11Session.h" 33 #include "pkcs11Slot.h" 34 35 /* 36 * C_VerifyInit will verify that the session handle is valid within the 37 * framework, that the mechanism is not disabled for the slot 38 * associated with this session, and then redirect to the underlying 39 * provider. Policy is only checked for C_VerifyInit, since it is 40 * required to be called before C_Verify and C_VerifyUpdate. 41 */ 42 CK_RV 43 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 44 CK_OBJECT_HANDLE hKey) 45 { 46 CK_RV rv; 47 pkcs11_session_t *sessp; 48 CK_SLOT_ID slotid; 49 50 /* Check for a fastpath */ 51 if (purefastpath || policyfastpath) { 52 if (policyfastpath && 53 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 54 return (CKR_MECHANISM_INVALID); 55 } 56 return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey)); 57 } 58 59 if (!pkcs11_initialized) { 60 return (CKR_CRYPTOKI_NOT_INITIALIZED); 61 } 62 63 /* Obtain the session pointer */ 64 HANDLE2SESSION(hSession, sessp, rv); 65 66 if (rv != CKR_OK) { 67 return (rv); 68 } 69 70 slotid = sessp->se_slotid; 71 72 /* Make sure this is not a disabled mechanism */ 73 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 74 return (CKR_MECHANISM_INVALID); 75 } 76 77 /* Initialize the digest with the underlying provider */ 78 rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle, 79 pMechanism, hKey); 80 81 /* Present consistent interface to the application */ 82 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 83 return (CKR_FUNCTION_FAILED); 84 } 85 86 return (rv); 87 88 } 89 90 /* 91 * C_Verify is a pure wrapper to the underlying provider. 92 * The only argument checked is whether or not hSession is valid. 93 */ 94 CK_RV 95 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, 96 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) 97 { 98 CK_RV rv; 99 pkcs11_session_t *sessp; 100 101 /* Check for a fastpath */ 102 if (purefastpath || policyfastpath) { 103 return (fast_funcs->C_Verify(hSession, pData, ulDataLen, 104 pSignature, ulSignatureLen)); 105 } 106 107 if (!pkcs11_initialized) { 108 return (CKR_CRYPTOKI_NOT_INITIALIZED); 109 } 110 111 /* Obtain the session pointer */ 112 HANDLE2SESSION(hSession, sessp, rv); 113 114 if (rv != CKR_OK) { 115 return (rv); 116 } 117 118 /* Pass data to the provider */ 119 rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData, 120 ulDataLen, pSignature, ulSignatureLen); 121 122 /* Present consistent interface to the application */ 123 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 124 return (CKR_FUNCTION_FAILED); 125 } 126 127 return (rv); 128 129 } 130 131 /* 132 * C_VerifyUpdate is a pure wrapper to the underlying provider. 133 * The only argument checked is whether or not hSession is valid. 134 */ 135 CK_RV 136 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 137 CK_ULONG ulPartLen) 138 { 139 CK_RV rv; 140 pkcs11_session_t *sessp; 141 142 /* Check for a fastpath */ 143 if (purefastpath || policyfastpath) { 144 return (fast_funcs->C_VerifyUpdate(hSession, pPart, 145 ulPartLen)); 146 } 147 148 if (!pkcs11_initialized) { 149 return (CKR_CRYPTOKI_NOT_INITIALIZED); 150 } 151 152 /* Obtain the session pointer */ 153 HANDLE2SESSION(hSession, sessp, rv); 154 155 if (rv != CKR_OK) { 156 return (rv); 157 } 158 159 /* Pass data to the provider */ 160 rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle, 161 pPart, ulPartLen); 162 163 /* Present consistent interface to the application */ 164 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 165 return (CKR_FUNCTION_FAILED); 166 } 167 168 return (rv); 169 } 170 171 /* 172 * C_VerifyFinal is a pure wrapper to the underlying provider. 173 * The only argument checked is whether or not hSession is valid. 174 */ 175 CK_RV 176 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 177 CK_ULONG ulSignatureLen) 178 { 179 CK_RV rv; 180 pkcs11_session_t *sessp; 181 182 /* Check for a fastpath */ 183 if (purefastpath || policyfastpath) { 184 return (fast_funcs->C_VerifyFinal(hSession, pSignature, 185 ulSignatureLen)); 186 } 187 if (!pkcs11_initialized) { 188 return (CKR_CRYPTOKI_NOT_INITIALIZED); 189 } 190 191 /* Obtain the session pointer */ 192 HANDLE2SESSION(hSession, sessp, rv); 193 194 if (rv != CKR_OK) { 195 return (rv); 196 } 197 198 /* Pass data to the provider */ 199 rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle, 200 pSignature, ulSignatureLen); 201 202 /* Present consistent interface to the application */ 203 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 204 return (CKR_FUNCTION_FAILED); 205 } 206 207 return (rv); 208 209 } 210 211 /* 212 * C_VerifyRecoverInit will verify that the session handle is valid within 213 * the framework, that the mechanism is not disabled for the slot 214 * associated with this session, and then redirect to the underlying 215 * provider. Policy is only checked for C_VerifyRecoverInit, since it is 216 * required to be called before C_VerifyRecover. 217 */ 218 CK_RV 219 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 220 CK_OBJECT_HANDLE hKey) 221 { 222 CK_RV rv; 223 pkcs11_session_t *sessp; 224 CK_SLOT_ID slotid; 225 226 /* Check for a fastpath */ 227 if (purefastpath || policyfastpath) { 228 if (policyfastpath && 229 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) { 230 return (CKR_MECHANISM_INVALID); 231 } 232 return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism, 233 hKey)); 234 } 235 236 if (!pkcs11_initialized) { 237 return (CKR_CRYPTOKI_NOT_INITIALIZED); 238 } 239 240 /* Obtain the session pointer */ 241 HANDLE2SESSION(hSession, sessp, rv); 242 243 if (rv != CKR_OK) { 244 return (rv); 245 } 246 247 slotid = sessp->se_slotid; 248 249 /* Make sure this is not a disabled mechanism */ 250 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) { 251 return (CKR_MECHANISM_INVALID); 252 } 253 254 /* Initialize the digest with the underlying provider */ 255 rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle, 256 pMechanism, hKey); 257 258 /* Present consistent interface to the application */ 259 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 260 return (CKR_FUNCTION_FAILED); 261 } 262 263 return (rv); 264 265 266 } 267 268 /* 269 * C_VerifyRecover is a pure wrapper to the underlying provider. 270 * The only argument checked is whether or not hSession is valid. 271 */ 272 CK_RV 273 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 274 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) 275 { 276 CK_RV rv; 277 pkcs11_session_t *sessp; 278 279 /* Check for a fastpath */ 280 if (purefastpath || policyfastpath) { 281 return (fast_funcs->C_VerifyRecover(hSession, pSignature, 282 ulSignatureLen, pData, pulDataLen)); 283 } 284 285 if (!pkcs11_initialized) { 286 return (CKR_CRYPTOKI_NOT_INITIALIZED); 287 } 288 289 /* Obtain the session pointer */ 290 HANDLE2SESSION(hSession, sessp, rv); 291 292 if (rv != CKR_OK) { 293 return (rv); 294 } 295 296 /* Pass data to the provider */ 297 rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle, 298 pSignature, ulSignatureLen, pData, pulDataLen); 299 300 /* Present consistent interface to the application */ 301 if (rv == CKR_FUNCTION_NOT_SUPPORTED) { 302 return (CKR_FUNCTION_FAILED); 303 } 304 305 return (rv); 306 } 307