import less(1)
[unleashed/tickless.git] / usr / src / lib / pkcs11 / libpkcs11 / common / pkcs11Sign.c
blob95104bccd8a726524cbe031ef507d6ff24a96488
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
20 * CDDL HEADER END
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
36 * C_SignInit will verify that the session handle is valid within the
37 * framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider. Policy is only checked for C_SignInit, since it is
40 * required to be called before C_Sign and C_SignUpdate.
42 CK_RV
43 C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44 CK_OBJECT_HANDLE hKey)
47 CK_RV rv;
48 pkcs11_session_t *sessp;
49 CK_SLOT_ID slotid;
51 /* Check for a fastpath */
52 if (purefastpath || policyfastpath) {
53 if (policyfastpath &&
54 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
55 return (CKR_MECHANISM_INVALID);
57 return (fast_funcs->C_SignInit(hSession, pMechanism, hKey));
60 if (!pkcs11_initialized) {
61 return (CKR_CRYPTOKI_NOT_INITIALIZED);
64 /* Obtain the session pointer */
65 HANDLE2SESSION(hSession, sessp, rv);
67 if (rv != CKR_OK) {
68 return (rv);
71 slotid = sessp->se_slotid;
73 /* Make sure this is not a disabled mechanism */
74 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
75 return (CKR_MECHANISM_INVALID);
78 /* Initialize the digest with the underlying provider */
79 rv = FUNCLIST(slotid)->C_SignInit(sessp->se_handle,
80 pMechanism, hKey);
82 /* Present consistent interface to the application */
83 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
84 return (CKR_FUNCTION_FAILED);
87 return (rv);
91 * C_Sign is a pure wrapper to the underlying provider.
92 * The only argument checked is whether or not hSession is valid.
94 CK_RV
95 C_Sign(CK_SESSION_HANDLE hSession,
96 CK_BYTE_PTR pData,
97 CK_ULONG ulDataLen,
98 CK_BYTE_PTR pSignature,
99 CK_ULONG_PTR pulSignatureLen)
101 CK_RV rv;
102 pkcs11_session_t *sessp;
104 /* Check for a fastpath */
105 if (purefastpath || policyfastpath) {
106 return (fast_funcs->C_Sign(hSession, pData, ulDataLen,
107 pSignature, pulSignatureLen));
110 if (!pkcs11_initialized) {
111 return (CKR_CRYPTOKI_NOT_INITIALIZED);
114 /* Obtain the session pointer */
115 HANDLE2SESSION(hSession, sessp, rv);
117 if (rv != CKR_OK) {
118 return (rv);
121 /* Pass data to the provider */
122 rv = FUNCLIST(sessp->se_slotid)->C_Sign(sessp->se_handle, pData,
123 ulDataLen, pSignature, pulSignatureLen);
125 /* Present consistent interface to the application */
126 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
127 return (CKR_FUNCTION_FAILED);
130 return (rv);
135 * C_SignUpdate is a pure wrapper to the underlying provider.
136 * The only argument checked is whether or not hSession is valid.
138 CK_RV
139 C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
141 CK_RV rv;
142 pkcs11_session_t *sessp;
144 /* Check for a fastpath */
145 if (purefastpath || policyfastpath) {
146 return (fast_funcs->C_SignUpdate(hSession, pPart, ulPartLen));
149 if (!pkcs11_initialized) {
150 return (CKR_CRYPTOKI_NOT_INITIALIZED);
153 /* Obtain the session pointer */
154 HANDLE2SESSION(hSession, sessp, rv);
156 if (rv != CKR_OK) {
157 return (rv);
160 /* Pass data to the provider */
161 rv = FUNCLIST(sessp->se_slotid)->C_SignUpdate(sessp->se_handle, pPart,
162 ulPartLen);
164 /* Present consistent interface to the application */
165 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
166 return (CKR_FUNCTION_FAILED);
169 return (rv);
174 * C_SignFinal is a pure wrapper to the underlying provider.
175 * The only argument checked is whether or not hSession is valid.
177 CK_RV
178 C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
179 CK_ULONG_PTR pulSignatureLen)
181 CK_RV rv;
182 pkcs11_session_t *sessp;
184 /* Check for a fastpath */
185 if (purefastpath || policyfastpath) {
186 return (fast_funcs->C_SignFinal(hSession, pSignature,
187 pulSignatureLen));
190 if (!pkcs11_initialized) {
191 return (CKR_CRYPTOKI_NOT_INITIALIZED);
194 /* Obtain the session pointer */
195 HANDLE2SESSION(hSession, sessp, rv);
197 if (rv != CKR_OK) {
198 return (rv);
201 /* Pass data to the provider */
202 rv = FUNCLIST(sessp->se_slotid)->C_SignFinal(sessp->se_handle,
203 pSignature, pulSignatureLen);
205 /* Present consistent interface to the application */
206 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
207 return (CKR_FUNCTION_FAILED);
210 return (rv);
214 * C_SignRecoverInit will verify that the session handle is valid within
215 * the framework, that the mechanism is not disabled for the slot
216 * associated with this session, and then redirect to the underlying
217 * provider. Policy is only checked for C_SignRecoverInit, since it is
218 * required to be called before C_SignRecover.
220 CK_RV
221 C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
222 CK_OBJECT_HANDLE hKey)
224 CK_RV rv;
225 pkcs11_session_t *sessp;
226 CK_SLOT_ID slotid;
228 /* Check for a fastpath */
229 if (purefastpath || policyfastpath) {
230 if (policyfastpath &&
231 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
232 return (CKR_MECHANISM_INVALID);
234 return (fast_funcs->C_SignRecoverInit(hSession, pMechanism,
235 hKey));
238 if (!pkcs11_initialized) {
239 return (CKR_CRYPTOKI_NOT_INITIALIZED);
242 /* Obtain the session pointer */
243 HANDLE2SESSION(hSession, sessp, rv);
245 if (rv != CKR_OK) {
246 return (rv);
249 slotid = sessp->se_slotid;
251 /* Make sure this is not a disabled mechanism */
252 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
253 return (CKR_MECHANISM_INVALID);
256 /* Initialize the digest with the underlying provider */
257 rv = FUNCLIST(slotid)->C_SignRecoverInit(sessp->se_handle,
258 pMechanism, hKey);
260 /* Present consistent interface to the application */
261 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
262 return (CKR_FUNCTION_FAILED);
265 return (rv);
270 * C_SignRecover is a pure wrapper to the underlying provider.
271 * The only argument checked is whether or not hSession is valid.
273 CK_RV
274 C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
275 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
277 CK_RV rv;
278 pkcs11_session_t *sessp;
280 /* Check for a fastpath */
281 if (purefastpath || policyfastpath) {
282 return (fast_funcs->C_SignRecover(hSession, pData, ulDataLen,
283 pSignature, pulSignatureLen));
285 if (!pkcs11_initialized) {
286 return (CKR_CRYPTOKI_NOT_INITIALIZED);
289 /* Obtain the session pointer */
290 HANDLE2SESSION(hSession, sessp, rv);
292 if (rv != CKR_OK) {
293 return (rv);
296 /* Pass data to the provider */
297 rv = FUNCLIST(sessp->se_slotid)->C_SignRecover(sessp->se_handle, pData,
298 ulDataLen, pSignature, pulSignatureLen);
300 /* Present consistent interface to the application */
301 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302 return (CKR_FUNCTION_FAILED);
305 return (rv);