17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 54c21f043Sizick * Common Development and Distribution License (the "License"). 64c21f043Sizick * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*d288ba74SAnthony Scarpino * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #include <pthread.h> 277c478bd9Sstevel@tonic-gate #include <security/cryptoki.h> 287c478bd9Sstevel@tonic-gate #include "softGlobal.h" 297c478bd9Sstevel@tonic-gate #include "softObject.h" 307c478bd9Sstevel@tonic-gate #include "softOps.h" 317c478bd9Sstevel@tonic-gate #include "softSession.h" 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate CK_RV 357c478bd9Sstevel@tonic-gate C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 367c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey) 377c478bd9Sstevel@tonic-gate { 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate CK_RV rv; 407c478bd9Sstevel@tonic-gate soft_session_t *session_p; 417c478bd9Sstevel@tonic-gate soft_object_t *key_p; 427c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 457c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */ 487c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 497c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 507c478bd9Sstevel@tonic-gate return (rv); 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate if (pMechanism == NULL) { 537c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 547c478bd9Sstevel@tonic-gate goto clean_exit; 557c478bd9Sstevel@tonic-gate } 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 587c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv); 597c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 607c478bd9Sstevel@tonic-gate goto clean_exit; 617c478bd9Sstevel@tonic-gate } 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* Check to see if key object supports signature. */ 647c478bd9Sstevel@tonic-gate if (!(key_p->bool_attr_mask & SIGN_BOOL_ON)) { 65*d288ba74SAnthony Scarpino rv = CKR_KEY_FUNCTION_NOT_PERMITTED; 667c478bd9Sstevel@tonic-gate goto clean_exit1; 677c478bd9Sstevel@tonic-gate } 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 707c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate /* Check to see if sign operation is already active. */ 737c478bd9Sstevel@tonic-gate if (session_p->sign.flags & CRYPTO_OPERATION_ACTIVE) { 747c478bd9Sstevel@tonic-gate /* free the memory to avoid memory leak */ 757c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_TRUE, B_TRUE); 767c478bd9Sstevel@tonic-gate } 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate /* 797c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls either 807c478bd9Sstevel@tonic-gate * C_Sign or C_SignFinal to actually obtain the signature. 817c478bd9Sstevel@tonic-gate */ 827c478bd9Sstevel@tonic-gate session_p->sign.flags = CRYPTO_OPERATION_ACTIVE; 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 857c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate rv = soft_sign_init(session_p, pMechanism, key_p); 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 907c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 917c478bd9Sstevel@tonic-gate session_p->sign.flags &= ~CRYPTO_OPERATION_ACTIVE; 927c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 937c478bd9Sstevel@tonic-gate } 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate clean_exit1: 967c478bd9Sstevel@tonic-gate OBJ_REFRELE(key_p); 977c478bd9Sstevel@tonic-gate clean_exit: 987c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 997c478bd9Sstevel@tonic-gate return (rv); 1007c478bd9Sstevel@tonic-gate } 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate CK_RV 1047c478bd9Sstevel@tonic-gate C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, 1057c478bd9Sstevel@tonic-gate CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) 1067c478bd9Sstevel@tonic-gate { 1077c478bd9Sstevel@tonic-gate 1087c478bd9Sstevel@tonic-gate CK_RV rv; 1097c478bd9Sstevel@tonic-gate soft_session_t *session_p; 1107c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 1137c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate /* Obatin the session pointer */ 1167c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 1177c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 1187c478bd9Sstevel@tonic-gate return (rv); 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate if ((pData == NULL) || (pulSignatureLen == NULL)) { 1217c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 1227c478bd9Sstevel@tonic-gate goto clean_exit; 1237c478bd9Sstevel@tonic-gate } 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 1267c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate /* Application must call C_SignInit before calling C_Sign. */ 1297c478bd9Sstevel@tonic-gate if (!(session_p->sign.flags & CRYPTO_OPERATION_ACTIVE)) { 1307c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1317c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 1327c478bd9Sstevel@tonic-gate } 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate /* 1357c478bd9Sstevel@tonic-gate * C_Sign must be called without intervening C_SignUpdate 1367c478bd9Sstevel@tonic-gate * calls. 1377c478bd9Sstevel@tonic-gate */ 1387c478bd9Sstevel@tonic-gate if (session_p->sign.flags & CRYPTO_OPERATION_UPDATE) { 1397c478bd9Sstevel@tonic-gate /* 1407c478bd9Sstevel@tonic-gate * C_Sign can not be used to terminate a multi-part 1417c478bd9Sstevel@tonic-gate * operation, so we'll leave the active sign operation 1427c478bd9Sstevel@tonic-gate * flag on and let the application continue with the 1437c478bd9Sstevel@tonic-gate * sign update operation. 1447c478bd9Sstevel@tonic-gate */ 1457c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1467c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED); 1477c478bd9Sstevel@tonic-gate } 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 1507c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 1517c478bd9Sstevel@tonic-gate 1527c478bd9Sstevel@tonic-gate rv = soft_sign(session_p, pData, ulDataLen, pSignature, 1537c478bd9Sstevel@tonic-gate pulSignatureLen); 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) || 1567c478bd9Sstevel@tonic-gate (pSignature == NULL && rv == CKR_OK)) { 1577c478bd9Sstevel@tonic-gate /* 1587c478bd9Sstevel@tonic-gate * We will not terminate the active sign operation flag, 1597c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or 1607c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold 1617c478bd9Sstevel@tonic-gate * the signature. 1627c478bd9Sstevel@tonic-gate */ 1637c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1647c478bd9Sstevel@tonic-gate return (rv); 1657c478bd9Sstevel@tonic-gate } 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate clean_exit: 1684c21f043Sizick /* Clear contexts, free key, and release session counter */ 1697c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); 1707c478bd9Sstevel@tonic-gate return (rv); 1717c478bd9Sstevel@tonic-gate } 1727c478bd9Sstevel@tonic-gate 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate CK_RV 1757c478bd9Sstevel@tonic-gate C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 1767c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen) 1777c478bd9Sstevel@tonic-gate { 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate CK_RV rv; 1807c478bd9Sstevel@tonic-gate soft_session_t *session_p; 1817c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 1847c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 1877c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 1887c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 1897c478bd9Sstevel@tonic-gate return (rv); 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate if (ulPartLen == 0) { 1927c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 1937c478bd9Sstevel@tonic-gate return (CKR_OK); 1947c478bd9Sstevel@tonic-gate } 1957c478bd9Sstevel@tonic-gate 1967c478bd9Sstevel@tonic-gate if (pPart == NULL) { 1977c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 1987c478bd9Sstevel@tonic-gate goto clean_exit; 1997c478bd9Sstevel@tonic-gate } 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 2027c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate /* 2057c478bd9Sstevel@tonic-gate * Application must call C_SignInit before calling 2067c478bd9Sstevel@tonic-gate * C_SignUpdate. 2077c478bd9Sstevel@tonic-gate */ 2087c478bd9Sstevel@tonic-gate if (!(session_p->sign.flags & CRYPTO_OPERATION_ACTIVE)) { 2097c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2107c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 2117c478bd9Sstevel@tonic-gate } 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate session_p->sign.flags |= CRYPTO_OPERATION_UPDATE; 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 2167c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 2177c478bd9Sstevel@tonic-gate 2187c478bd9Sstevel@tonic-gate rv = soft_sign_update(session_p, pPart, ulPartLen); 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate if (rv == CKR_OK) { 2217c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2227c478bd9Sstevel@tonic-gate return (rv); 2237c478bd9Sstevel@tonic-gate } 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate clean_exit: 2264c21f043Sizick /* After error, clear context, free key, & release session counter */ 2277c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); 2287c478bd9Sstevel@tonic-gate return (rv); 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate } 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate CK_RV 2347c478bd9Sstevel@tonic-gate C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 2357c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulSignatureLen) 2367c478bd9Sstevel@tonic-gate { 2377c478bd9Sstevel@tonic-gate 2387c478bd9Sstevel@tonic-gate CK_RV rv; 2397c478bd9Sstevel@tonic-gate soft_session_t *session_p; 2407c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 2437c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 2447c478bd9Sstevel@tonic-gate 2457c478bd9Sstevel@tonic-gate /* Obtain the session pointer */ 2467c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 2477c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 2487c478bd9Sstevel@tonic-gate return (rv); 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate if (pulSignatureLen == NULL) { 2517c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 2527c478bd9Sstevel@tonic-gate goto clean_exit; 2537c478bd9Sstevel@tonic-gate } 2547c478bd9Sstevel@tonic-gate 2557c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 2567c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 2577c478bd9Sstevel@tonic-gate 2587c478bd9Sstevel@tonic-gate /* 2597c478bd9Sstevel@tonic-gate * Application must call C_SignInit before calling 2607c478bd9Sstevel@tonic-gate * C_SignFinal. 2617c478bd9Sstevel@tonic-gate */ 2627c478bd9Sstevel@tonic-gate if (!(session_p->sign.flags & CRYPTO_OPERATION_ACTIVE)) { 2637c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2647c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 2657c478bd9Sstevel@tonic-gate } 2667c478bd9Sstevel@tonic-gate 2677c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 2687c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate rv = soft_sign_final(session_p, pSignature, pulSignatureLen); 2717c478bd9Sstevel@tonic-gate 2727c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) || 2737c478bd9Sstevel@tonic-gate (pSignature == NULL && rv == CKR_OK)) { 2747c478bd9Sstevel@tonic-gate /* 2757c478bd9Sstevel@tonic-gate * We will not terminate the active sign operation flag, 2767c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or 2777c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold 2787c478bd9Sstevel@tonic-gate * the signature. 2797c478bd9Sstevel@tonic-gate */ 2807c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 2817c478bd9Sstevel@tonic-gate return (rv); 2827c478bd9Sstevel@tonic-gate } 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate clean_exit: 2854c21f043Sizick /* Clear contexts, free key, and release session counter */ 2867c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); 2877c478bd9Sstevel@tonic-gate return (rv); 2887c478bd9Sstevel@tonic-gate } 2897c478bd9Sstevel@tonic-gate 2907c478bd9Sstevel@tonic-gate 2917c478bd9Sstevel@tonic-gate CK_RV 2927c478bd9Sstevel@tonic-gate C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 2937c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey) 2947c478bd9Sstevel@tonic-gate { 2957c478bd9Sstevel@tonic-gate 2967c478bd9Sstevel@tonic-gate CK_RV rv; 2977c478bd9Sstevel@tonic-gate soft_session_t *session_p; 2987c478bd9Sstevel@tonic-gate soft_object_t *key_p; 2997c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 3007c478bd9Sstevel@tonic-gate 3017c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 3027c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 3037c478bd9Sstevel@tonic-gate 3047c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */ 3057c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 3067c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 3077c478bd9Sstevel@tonic-gate return (rv); 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate if (pMechanism == NULL) { 3107c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 3117c478bd9Sstevel@tonic-gate goto clean_exit; 3127c478bd9Sstevel@tonic-gate } 3137c478bd9Sstevel@tonic-gate 3147c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */ 3157c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv); 3167c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 3177c478bd9Sstevel@tonic-gate goto clean_exit; 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate /* Check to see if key object supports sign_recover. */ 3217c478bd9Sstevel@tonic-gate if (!(key_p->bool_attr_mask & SIGN_RECOVER_BOOL_ON)) { 322*d288ba74SAnthony Scarpino rv = CKR_KEY_FUNCTION_NOT_PERMITTED; 3237c478bd9Sstevel@tonic-gate goto clean_exit1; 3247c478bd9Sstevel@tonic-gate } 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 3277c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate /* Check to see if sign operation is already active. */ 3307c478bd9Sstevel@tonic-gate if (session_p->sign.flags & CRYPTO_OPERATION_ACTIVE) { 3317c478bd9Sstevel@tonic-gate /* free the memory to avoid memory leak */ 3327c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_TRUE, B_TRUE); 3337c478bd9Sstevel@tonic-gate } 3347c478bd9Sstevel@tonic-gate 3357c478bd9Sstevel@tonic-gate /* 3367c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls either 3377c478bd9Sstevel@tonic-gate * C_SignRecover to actually obtain the signature. 3387c478bd9Sstevel@tonic-gate */ 3397c478bd9Sstevel@tonic-gate session_p->sign.flags = CRYPTO_OPERATION_ACTIVE; 3407c478bd9Sstevel@tonic-gate 3417c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 3427c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 3437c478bd9Sstevel@tonic-gate 3447c478bd9Sstevel@tonic-gate rv = soft_sign_recover_init(session_p, pMechanism, key_p); 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate if (rv != CKR_OK) { 3477c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 3487c478bd9Sstevel@tonic-gate session_p->sign.flags &= ~CRYPTO_OPERATION_ACTIVE; 3497c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate clean_exit1: 3537c478bd9Sstevel@tonic-gate OBJ_REFRELE(key_p); 3547c478bd9Sstevel@tonic-gate clean_exit: 3557c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3567c478bd9Sstevel@tonic-gate return (rv); 3577c478bd9Sstevel@tonic-gate } 3587c478bd9Sstevel@tonic-gate 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate CK_RV 3617c478bd9Sstevel@tonic-gate C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 3627c478bd9Sstevel@tonic-gate CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) 3637c478bd9Sstevel@tonic-gate { 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gate CK_RV rv; 3667c478bd9Sstevel@tonic-gate soft_session_t *session_p; 3677c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE; 3687c478bd9Sstevel@tonic-gate 3697c478bd9Sstevel@tonic-gate if (!softtoken_initialized) 3707c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED); 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gate /* Obatin the session pointer */ 3737c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p); 3747c478bd9Sstevel@tonic-gate if (rv != CKR_OK) 3757c478bd9Sstevel@tonic-gate return (rv); 3767c478bd9Sstevel@tonic-gate 3777c478bd9Sstevel@tonic-gate if ((pData == NULL) || (pulSignatureLen == NULL)) { 3787c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD; 3797c478bd9Sstevel@tonic-gate goto clean_exit; 3807c478bd9Sstevel@tonic-gate } 3817c478bd9Sstevel@tonic-gate 3827c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex); 3837c478bd9Sstevel@tonic-gate lock_held = B_TRUE; 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate /* Application must call C_SignRecoverInit before C_SignRecover. */ 3867c478bd9Sstevel@tonic-gate if (!(session_p->sign.flags & CRYPTO_OPERATION_ACTIVE)) { 3877c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 3887c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED); 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex); 3927c478bd9Sstevel@tonic-gate lock_held = B_FALSE; 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate rv = soft_sign_recover(session_p, pData, ulDataLen, pSignature, 3957c478bd9Sstevel@tonic-gate pulSignatureLen); 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) || 3987c478bd9Sstevel@tonic-gate (pSignature == NULL && rv == CKR_OK)) { 3997c478bd9Sstevel@tonic-gate /* 4007c478bd9Sstevel@tonic-gate * We will not terminate the active sign operation flag, 4017c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or 4027c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold 4037c478bd9Sstevel@tonic-gate * the signature. 4047c478bd9Sstevel@tonic-gate */ 4057c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held); 4067c478bd9Sstevel@tonic-gate return (rv); 4077c478bd9Sstevel@tonic-gate } 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate clean_exit: 4104c21f043Sizick /* Clear contexts, free key, and release session counter */ 4114c21f043Sizick soft_sign_verify_cleanup(session_p, B_TRUE, B_FALSE); 4127c478bd9Sstevel@tonic-gate return (rv); 4137c478bd9Sstevel@tonic-gate } 414