17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
54c21f043Sizick * Common Development and Distribution License (the "License").
64c21f043Sizick * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*d288ba74SAnthony Scarpino * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #include <pthread.h>
277c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
287c478bd9Sstevel@tonic-gate #include "softGlobal.h"
297c478bd9Sstevel@tonic-gate #include "softObject.h"
307c478bd9Sstevel@tonic-gate #include "softOps.h"
317c478bd9Sstevel@tonic-gate #include "softSession.h"
327c478bd9Sstevel@tonic-gate
337c478bd9Sstevel@tonic-gate
347c478bd9Sstevel@tonic-gate CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)357c478bd9Sstevel@tonic-gate C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
367c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey)
377c478bd9Sstevel@tonic-gate {
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate CK_RV rv;
407c478bd9Sstevel@tonic-gate soft_session_t *session_p;
417c478bd9Sstevel@tonic-gate soft_object_t *key_p;
427c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
437c478bd9Sstevel@tonic-gate
447c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
457c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
467c478bd9Sstevel@tonic-gate
477c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */
487c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
497c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
507c478bd9Sstevel@tonic-gate return (rv);
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate if (pMechanism == NULL) {
537c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
547c478bd9Sstevel@tonic-gate goto clean_exit;
557c478bd9Sstevel@tonic-gate }
567c478bd9Sstevel@tonic-gate
577c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
587c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv);
597c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
607c478bd9Sstevel@tonic-gate goto clean_exit;
617c478bd9Sstevel@tonic-gate }
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate /* Check to see if key object supports verification. */
647c478bd9Sstevel@tonic-gate if (!(key_p->bool_attr_mask & VERIFY_BOOL_ON)) {
65*d288ba74SAnthony Scarpino rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
667c478bd9Sstevel@tonic-gate goto clean_exit1;
677c478bd9Sstevel@tonic-gate }
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
707c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
717c478bd9Sstevel@tonic-gate
727c478bd9Sstevel@tonic-gate /* Check to see if verify operation is already active. */
737c478bd9Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_ACTIVE) {
747c478bd9Sstevel@tonic-gate /* free the memory to avoid memory leak */
757c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_TRUE);
767c478bd9Sstevel@tonic-gate }
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate /*
797c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls either
807c478bd9Sstevel@tonic-gate * C_Verify or C_VerifyFinal to verify a signature on data.
817c478bd9Sstevel@tonic-gate */
827c478bd9Sstevel@tonic-gate session_p->verify.flags = CRYPTO_OPERATION_ACTIVE;
837c478bd9Sstevel@tonic-gate
847c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
857c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
867c478bd9Sstevel@tonic-gate
877c478bd9Sstevel@tonic-gate rv = soft_verify_init(session_p, pMechanism, key_p);
887c478bd9Sstevel@tonic-gate
897c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
907c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
917c478bd9Sstevel@tonic-gate session_p->verify.flags &= ~CRYPTO_OPERATION_ACTIVE;
927c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
937c478bd9Sstevel@tonic-gate }
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate clean_exit1:
967c478bd9Sstevel@tonic-gate OBJ_REFRELE(key_p);
977c478bd9Sstevel@tonic-gate clean_exit:
987c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
997c478bd9Sstevel@tonic-gate return (rv);
1007c478bd9Sstevel@tonic-gate }
1017c478bd9Sstevel@tonic-gate
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate CK_RV
C_Verify(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)1047c478bd9Sstevel@tonic-gate C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1057c478bd9Sstevel@tonic-gate CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
1067c478bd9Sstevel@tonic-gate {
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate CK_RV rv;
1097c478bd9Sstevel@tonic-gate soft_session_t *session_p;
1107c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
1137c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1147c478bd9Sstevel@tonic-gate
1157c478bd9Sstevel@tonic-gate /* Obatin the session pointer */
1167c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1177c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
1187c478bd9Sstevel@tonic-gate return (rv);
1197c478bd9Sstevel@tonic-gate
1207c478bd9Sstevel@tonic-gate if (pData == NULL) {
1217c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1227c478bd9Sstevel@tonic-gate goto clean_exit;
1237c478bd9Sstevel@tonic-gate }
1247c478bd9Sstevel@tonic-gate
1257c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
1267c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate /* Application must call C_VerifyInit before calling C_Verify. */
1297c478bd9Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
1307c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1317c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
1327c478bd9Sstevel@tonic-gate }
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate /*
1357c478bd9Sstevel@tonic-gate * C_Verify must be called without intervening C_VerifyUpdate
1367c478bd9Sstevel@tonic-gate * calls.
1377c478bd9Sstevel@tonic-gate */
1387c478bd9Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_UPDATE) {
1397c478bd9Sstevel@tonic-gate /*
1407c478bd9Sstevel@tonic-gate * C_Verify can not be used to terminate a multi-part
1417c478bd9Sstevel@tonic-gate * operation, so we'll leave the active verify operation
1427c478bd9Sstevel@tonic-gate * flag on and let the application continue with the
1437c478bd9Sstevel@tonic-gate * verify update operation.
1447c478bd9Sstevel@tonic-gate */
1457c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1467c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_FAILED);
1477c478bd9Sstevel@tonic-gate }
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
1507c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
1517c478bd9Sstevel@tonic-gate
1527c478bd9Sstevel@tonic-gate rv = soft_verify(session_p, pData, ulDataLen, pSignature,
1537c478bd9Sstevel@tonic-gate ulSignatureLen);
1547c478bd9Sstevel@tonic-gate
1557c478bd9Sstevel@tonic-gate clean_exit:
1564c21f043Sizick /* Clear context, free key, and release session counter */
1577c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
1587c478bd9Sstevel@tonic-gate return (rv);
1597c478bd9Sstevel@tonic-gate }
1607c478bd9Sstevel@tonic-gate
1617c478bd9Sstevel@tonic-gate
1627c478bd9Sstevel@tonic-gate CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)1637c478bd9Sstevel@tonic-gate C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
1647c478bd9Sstevel@tonic-gate CK_ULONG ulPartLen)
1657c478bd9Sstevel@tonic-gate {
1667c478bd9Sstevel@tonic-gate
1677c478bd9Sstevel@tonic-gate CK_RV rv;
1687c478bd9Sstevel@tonic-gate soft_session_t *session_p;
1697c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
1707c478bd9Sstevel@tonic-gate
1717c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
1727c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
1737c478bd9Sstevel@tonic-gate
1747c478bd9Sstevel@tonic-gate /* Obtain the session pointer */
1757c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
1767c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
1777c478bd9Sstevel@tonic-gate return (rv);
1787c478bd9Sstevel@tonic-gate
1797c478bd9Sstevel@tonic-gate if (ulPartLen == 0) {
1807c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1817c478bd9Sstevel@tonic-gate return (CKR_OK);
1827c478bd9Sstevel@tonic-gate }
1837c478bd9Sstevel@tonic-gate
1847c478bd9Sstevel@tonic-gate if (pPart == NULL) {
1857c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
1867c478bd9Sstevel@tonic-gate goto clean_exit;
1877c478bd9Sstevel@tonic-gate }
1887c478bd9Sstevel@tonic-gate
1897c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
1907c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
1917c478bd9Sstevel@tonic-gate
1927c478bd9Sstevel@tonic-gate /*
1937c478bd9Sstevel@tonic-gate * Application must call C_VerifyInit before calling
1947c478bd9Sstevel@tonic-gate * C_VerifyUpdate.
1957c478bd9Sstevel@tonic-gate */
1967c478bd9Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
1977c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
1987c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
1997c478bd9Sstevel@tonic-gate }
2007c478bd9Sstevel@tonic-gate
2017c478bd9Sstevel@tonic-gate session_p->verify.flags |= CRYPTO_OPERATION_UPDATE;
2027c478bd9Sstevel@tonic-gate
2037c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
2047c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
2057c478bd9Sstevel@tonic-gate
2067c478bd9Sstevel@tonic-gate rv = soft_verify_update(session_p, pPart, ulPartLen);
2077c478bd9Sstevel@tonic-gate
2087c478bd9Sstevel@tonic-gate if (rv == CKR_OK) {
2097c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2107c478bd9Sstevel@tonic-gate return (rv);
2117c478bd9Sstevel@tonic-gate }
2127c478bd9Sstevel@tonic-gate
2137c478bd9Sstevel@tonic-gate clean_exit:
2144c21f043Sizick /* After error, clear context, free key, & release session counter */
2157c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
2167c478bd9Sstevel@tonic-gate
2177c478bd9Sstevel@tonic-gate return (rv);
2187c478bd9Sstevel@tonic-gate }
2197c478bd9Sstevel@tonic-gate
2207c478bd9Sstevel@tonic-gate
2217c478bd9Sstevel@tonic-gate CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)2227c478bd9Sstevel@tonic-gate C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
2237c478bd9Sstevel@tonic-gate CK_ULONG ulSignatureLen)
2247c478bd9Sstevel@tonic-gate {
2257c478bd9Sstevel@tonic-gate
2267c478bd9Sstevel@tonic-gate CK_RV rv;
2277c478bd9Sstevel@tonic-gate soft_session_t *session_p;
2287c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2297c478bd9Sstevel@tonic-gate
2307c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2317c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate /* Obtain the session pointer */
2347c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2357c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
2367c478bd9Sstevel@tonic-gate return (rv);
2377c478bd9Sstevel@tonic-gate
2387c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2397c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
2407c478bd9Sstevel@tonic-gate
2417c478bd9Sstevel@tonic-gate /*
2427c478bd9Sstevel@tonic-gate * Application must call C_VerifyInit before calling
2437c478bd9Sstevel@tonic-gate * C_VerifyFinal.
2447c478bd9Sstevel@tonic-gate */
2457c478bd9Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
2467c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
2477c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
2487c478bd9Sstevel@tonic-gate }
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
2517c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
2527c478bd9Sstevel@tonic-gate
2537c478bd9Sstevel@tonic-gate rv = soft_verify_final(session_p, pSignature, ulSignatureLen);
2547c478bd9Sstevel@tonic-gate
2557c478bd9Sstevel@tonic-gate clean_exit:
2564c21f043Sizick /* Clear contexts, free key, and release session counter */
2574c21f043Sizick soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
2587c478bd9Sstevel@tonic-gate return (rv);
2597c478bd9Sstevel@tonic-gate }
2607c478bd9Sstevel@tonic-gate
2617c478bd9Sstevel@tonic-gate
2627c478bd9Sstevel@tonic-gate CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2637c478bd9Sstevel@tonic-gate C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
2647c478bd9Sstevel@tonic-gate CK_OBJECT_HANDLE hKey)
2657c478bd9Sstevel@tonic-gate {
2667c478bd9Sstevel@tonic-gate
2677c478bd9Sstevel@tonic-gate CK_RV rv;
2687c478bd9Sstevel@tonic-gate soft_session_t *session_p;
2697c478bd9Sstevel@tonic-gate soft_object_t *key_p;
2707c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
2717c478bd9Sstevel@tonic-gate
2727c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2737c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2747c478bd9Sstevel@tonic-gate
2757c478bd9Sstevel@tonic-gate /* Obtain the session pointer. */
2767c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
2777c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
2787c478bd9Sstevel@tonic-gate return (rv);
2797c478bd9Sstevel@tonic-gate
2807c478bd9Sstevel@tonic-gate if (pMechanism == NULL) {
2817c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
2827c478bd9Sstevel@tonic-gate goto clean_exit;
2837c478bd9Sstevel@tonic-gate }
2847c478bd9Sstevel@tonic-gate
2857c478bd9Sstevel@tonic-gate /* Obtain the object pointer. */
2867c478bd9Sstevel@tonic-gate HANDLE2OBJECT(hKey, key_p, rv);
2877c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
2887c478bd9Sstevel@tonic-gate goto clean_exit;
2897c478bd9Sstevel@tonic-gate }
2907c478bd9Sstevel@tonic-gate
2917c478bd9Sstevel@tonic-gate /* Check to see if key object supports verify_recover. */
2927c478bd9Sstevel@tonic-gate if (!(key_p->bool_attr_mask & VERIFY_RECOVER_BOOL_ON)) {
293*d288ba74SAnthony Scarpino rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
2947c478bd9Sstevel@tonic-gate goto clean_exit1;
2957c478bd9Sstevel@tonic-gate }
2967c478bd9Sstevel@tonic-gate
2977c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
2987c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
2997c478bd9Sstevel@tonic-gate
3007c478bd9Sstevel@tonic-gate /* Check to see if verify operation is already active. */
3017c478bd9Sstevel@tonic-gate if (session_p->verify.flags & CRYPTO_OPERATION_ACTIVE) {
3027c478bd9Sstevel@tonic-gate /* free the memory to avoid memory leak */
3037c478bd9Sstevel@tonic-gate soft_sign_verify_cleanup(session_p, B_FALSE, B_TRUE);
3047c478bd9Sstevel@tonic-gate }
3057c478bd9Sstevel@tonic-gate
3067c478bd9Sstevel@tonic-gate /*
3077c478bd9Sstevel@tonic-gate * This active flag will remain ON until application calls either
3087c478bd9Sstevel@tonic-gate * C_VerifyRecover to actually obtain the recovered message.
3097c478bd9Sstevel@tonic-gate */
3107c478bd9Sstevel@tonic-gate session_p->verify.flags = CRYPTO_OPERATION_ACTIVE;
3117c478bd9Sstevel@tonic-gate
3127c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
3137c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
3147c478bd9Sstevel@tonic-gate
3157c478bd9Sstevel@tonic-gate rv = soft_verify_recover_init(session_p, pMechanism, key_p);
3167c478bd9Sstevel@tonic-gate
3177c478bd9Sstevel@tonic-gate if (rv != CKR_OK) {
3187c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
3197c478bd9Sstevel@tonic-gate session_p->verify.flags &= ~CRYPTO_OPERATION_ACTIVE;
3207c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
3217c478bd9Sstevel@tonic-gate }
3227c478bd9Sstevel@tonic-gate
3237c478bd9Sstevel@tonic-gate clean_exit1:
3247c478bd9Sstevel@tonic-gate OBJ_REFRELE(key_p);
3257c478bd9Sstevel@tonic-gate clean_exit:
3267c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3277c478bd9Sstevel@tonic-gate return (rv);
3287c478bd9Sstevel@tonic-gate }
3297c478bd9Sstevel@tonic-gate
3307c478bd9Sstevel@tonic-gate
3317c478bd9Sstevel@tonic-gate CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)3327c478bd9Sstevel@tonic-gate C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
3337c478bd9Sstevel@tonic-gate CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
3347c478bd9Sstevel@tonic-gate {
3357c478bd9Sstevel@tonic-gate
3367c478bd9Sstevel@tonic-gate CK_RV rv;
3377c478bd9Sstevel@tonic-gate soft_session_t *session_p;
3387c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
3397c478bd9Sstevel@tonic-gate
3407c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
3417c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3427c478bd9Sstevel@tonic-gate
3437c478bd9Sstevel@tonic-gate /* Obatin the session pointer */
3447c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
3457c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
3467c478bd9Sstevel@tonic-gate return (rv);
3477c478bd9Sstevel@tonic-gate
3487c478bd9Sstevel@tonic-gate if ((pSignature == NULL) || (pulDataLen == NULL)) {
3497c478bd9Sstevel@tonic-gate rv = CKR_ARGUMENTS_BAD;
3507c478bd9Sstevel@tonic-gate goto clean_exit;
3517c478bd9Sstevel@tonic-gate }
3527c478bd9Sstevel@tonic-gate
3537c478bd9Sstevel@tonic-gate (void) pthread_mutex_lock(&session_p->session_mutex);
3547c478bd9Sstevel@tonic-gate lock_held = B_TRUE;
3557c478bd9Sstevel@tonic-gate
3567c478bd9Sstevel@tonic-gate if (!(session_p->verify.flags & CRYPTO_OPERATION_ACTIVE)) {
3577c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3587c478bd9Sstevel@tonic-gate return (CKR_OPERATION_NOT_INITIALIZED);
3597c478bd9Sstevel@tonic-gate }
3607c478bd9Sstevel@tonic-gate
3617c478bd9Sstevel@tonic-gate (void) pthread_mutex_unlock(&session_p->session_mutex);
3627c478bd9Sstevel@tonic-gate lock_held = B_FALSE;
3637c478bd9Sstevel@tonic-gate
3647c478bd9Sstevel@tonic-gate rv = soft_verify_recover(session_p, pSignature,
3657c478bd9Sstevel@tonic-gate ulSignatureLen, pData, pulDataLen);
3667c478bd9Sstevel@tonic-gate
3677c478bd9Sstevel@tonic-gate if ((rv == CKR_BUFFER_TOO_SMALL) ||
3687c478bd9Sstevel@tonic-gate (pData == NULL && rv == CKR_OK)) {
3697c478bd9Sstevel@tonic-gate /*
3707c478bd9Sstevel@tonic-gate * We will not terminate the active verify operation flag,
3717c478bd9Sstevel@tonic-gate * when the application-supplied buffer is too small, or
3727c478bd9Sstevel@tonic-gate * the application asks for the length of buffer to hold
3737c478bd9Sstevel@tonic-gate * the signature.
3747c478bd9Sstevel@tonic-gate */
3757c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
3767c478bd9Sstevel@tonic-gate return (rv);
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate
3797c478bd9Sstevel@tonic-gate clean_exit:
3804c21f043Sizick /* Clear context, free key, and release session counter */
3814c21f043Sizick soft_sign_verify_cleanup(session_p, B_FALSE, B_FALSE);
3827c478bd9Sstevel@tonic-gate return (rv);
3837c478bd9Sstevel@tonic-gate }
384