xref: /titanic_44/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Verify.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
34 
35 /*
36  * C_VerifyInit will verify that the session handle is valid within the
37  * framework, that the mechanism is not disabled for the slot
38  * associated with this session, and then redirect to the underlying
39  * provider.  Policy is only checked for C_VerifyInit, since it is
40  * required to be called before C_Verify and C_VerifyUpdate.
41  */
42 CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)43 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44     CK_OBJECT_HANDLE hKey)
45 {
46 	CK_RV rv;
47 	pkcs11_session_t *sessp;
48 	CK_SLOT_ID slotid;
49 
50 	/* Check for a fastpath */
51 	if (purefastpath || policyfastpath) {
52 		if (policyfastpath &&
53 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
54 			return (CKR_MECHANISM_INVALID);
55 		}
56 		return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
57 	}
58 
59 	if (!pkcs11_initialized) {
60 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
61 	}
62 
63 	/* Obtain the session pointer */
64 	HANDLE2SESSION(hSession, sessp, rv);
65 
66 	if (rv != CKR_OK) {
67 		return (rv);
68 	}
69 
70 	slotid = sessp->se_slotid;
71 
72 	/* Make sure this is not a disabled mechanism */
73 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74 		return (CKR_MECHANISM_INVALID);
75 	}
76 
77 	/* Initialize the digest with the underlying provider */
78 	rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
79 	    pMechanism, hKey);
80 
81 	/* Present consistent interface to the application */
82 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83 		return (CKR_FUNCTION_FAILED);
84 	}
85 
86 	return (rv);
87 
88 }
89 
90 /*
91  * C_Verify is a pure wrapper to the underlying provider.
92  * The only argument checked is whether or not hSession is valid.
93  */
94 CK_RV
C_Verify(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)95 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
96     CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
97 {
98 	CK_RV rv;
99 	pkcs11_session_t *sessp;
100 
101 	/* Check for a fastpath */
102 	if (purefastpath || policyfastpath) {
103 		return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
104 			    pSignature, ulSignatureLen));
105 	}
106 
107 	if (!pkcs11_initialized) {
108 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
109 	}
110 
111 	/* Obtain the session pointer */
112 	HANDLE2SESSION(hSession, sessp, rv);
113 
114 	if (rv != CKR_OK) {
115 		return (rv);
116 	}
117 
118 	/* Pass data to the provider */
119 	rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
120 	    ulDataLen, pSignature, ulSignatureLen);
121 
122 	/* Present consistent interface to the application */
123 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
124 		return (CKR_FUNCTION_FAILED);
125 	}
126 
127 	return (rv);
128 
129 }
130 
131 /*
132  * C_VerifyUpdate is a pure wrapper to the underlying provider.
133  * The only argument checked is whether or not hSession is valid.
134  */
135 CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)136 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
137     CK_ULONG ulPartLen)
138 {
139 	CK_RV rv;
140 	pkcs11_session_t *sessp;
141 
142 	/* Check for a fastpath */
143 	if (purefastpath || policyfastpath) {
144 		return (fast_funcs->C_VerifyUpdate(hSession, pPart,
145 			    ulPartLen));
146 	}
147 
148 	if (!pkcs11_initialized) {
149 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
150 	}
151 
152 	/* Obtain the session pointer */
153 	HANDLE2SESSION(hSession, sessp, rv);
154 
155 	if (rv != CKR_OK) {
156 		return (rv);
157 	}
158 
159 	/* Pass data to the provider */
160 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
161 	    pPart, ulPartLen);
162 
163 	/* Present consistent interface to the application */
164 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
165 		return (CKR_FUNCTION_FAILED);
166 	}
167 
168 	return (rv);
169 }
170 
171 /*
172  * C_VerifyFinal is a pure wrapper to the underlying provider.
173  * The only argument checked is whether or not hSession is valid.
174  */
175 CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)176 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
177     CK_ULONG ulSignatureLen)
178 {
179 	CK_RV rv;
180 	pkcs11_session_t *sessp;
181 
182 	/* Check for a fastpath */
183 	if (purefastpath || policyfastpath) {
184 		return (fast_funcs->C_VerifyFinal(hSession, pSignature,
185 			    ulSignatureLen));
186 	}
187 	if (!pkcs11_initialized) {
188 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
189 	}
190 
191 	/* Obtain the session pointer */
192 	HANDLE2SESSION(hSession, sessp, rv);
193 
194 	if (rv != CKR_OK) {
195 		return (rv);
196 	}
197 
198 	/* Pass data to the provider */
199 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
200 	    pSignature, ulSignatureLen);
201 
202 	/* Present consistent interface to the application */
203 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
204 		return (CKR_FUNCTION_FAILED);
205 	}
206 
207 	return (rv);
208 
209 }
210 
211 /*
212  * C_VerifyRecoverInit will verify that the session handle is valid within
213  * the framework, that the mechanism is not disabled for the slot
214  * associated with this session, and then redirect to the underlying
215  * provider.  Policy is only checked for C_VerifyRecoverInit, since it is
216  * required to be called before C_VerifyRecover.
217  */
218 CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)219 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
220     CK_OBJECT_HANDLE hKey)
221 {
222 	CK_RV rv;
223 	pkcs11_session_t *sessp;
224 	CK_SLOT_ID slotid;
225 
226 	/* Check for a fastpath */
227 	if (purefastpath || policyfastpath) {
228 		if (policyfastpath &&
229 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
230 			return (CKR_MECHANISM_INVALID);
231 		}
232 		return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
233 			    hKey));
234 	}
235 
236 	if (!pkcs11_initialized) {
237 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
238 	}
239 
240 	/* Obtain the session pointer */
241 	HANDLE2SESSION(hSession, sessp, rv);
242 
243 	if (rv != CKR_OK) {
244 		return (rv);
245 	}
246 
247 	slotid = sessp->se_slotid;
248 
249 	/* Make sure this is not a disabled mechanism */
250 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
251 		return (CKR_MECHANISM_INVALID);
252 	}
253 
254 	/* Initialize the digest with the underlying provider */
255 	rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
256 	    pMechanism, hKey);
257 
258 	/* Present consistent interface to the application */
259 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
260 		return (CKR_FUNCTION_FAILED);
261 	}
262 
263 	return (rv);
264 
265 
266 }
267 
268 /*
269  * C_VerifyRecover is a pure wrapper to the underlying provider.
270  * The only argument checked is whether or not hSession is valid.
271  */
272 CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)273 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
274     CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
275 {
276 	CK_RV rv;
277 	pkcs11_session_t *sessp;
278 
279 	/* Check for a fastpath */
280 	if (purefastpath || policyfastpath) {
281 		return (fast_funcs->C_VerifyRecover(hSession, pSignature,
282 			    ulSignatureLen, pData, pulDataLen));
283 	}
284 
285 	if (!pkcs11_initialized) {
286 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
287 	}
288 
289 	/* Obtain the session pointer */
290 	HANDLE2SESSION(hSession, sessp, rv);
291 
292 	if (rv != CKR_OK) {
293 		return (rv);
294 	}
295 
296 	/* Pass data to the provider */
297 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
298 	    pSignature, ulSignatureLen, pData, pulDataLen);
299 
300 	/* Present consistent interface to the application */
301 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302 		return (CKR_FUNCTION_FAILED);
303 	}
304 
305 	return (rv);
306 }
307