import less(1)
[unleashed/tickless.git] / usr / src / lib / pkcs11 / libpkcs11 / common / pkcs11Verify.c
blob37bec9902338ea213d0ca177590ec6c6f5f02ac4
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
20 * CDDL HEADER END
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
29 #include <security/cryptoki.h>
30 #include "pkcs11Global.h"
31 #include "pkcs11Conf.h"
32 #include "pkcs11Session.h"
33 #include "pkcs11Slot.h"
36 * C_VerifyInit will verify that the session handle is valid within the
37 * framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider. Policy is only checked for C_VerifyInit, since it is
40 * required to be called before C_Verify and C_VerifyUpdate.
42 CK_RV
43 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44 CK_OBJECT_HANDLE hKey)
46 CK_RV rv;
47 pkcs11_session_t *sessp;
48 CK_SLOT_ID slotid;
50 /* Check for a fastpath */
51 if (purefastpath || policyfastpath) {
52 if (policyfastpath &&
53 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
54 return (CKR_MECHANISM_INVALID);
56 return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
59 if (!pkcs11_initialized) {
60 return (CKR_CRYPTOKI_NOT_INITIALIZED);
63 /* Obtain the session pointer */
64 HANDLE2SESSION(hSession, sessp, rv);
66 if (rv != CKR_OK) {
67 return (rv);
70 slotid = sessp->se_slotid;
72 /* Make sure this is not a disabled mechanism */
73 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74 return (CKR_MECHANISM_INVALID);
77 /* Initialize the digest with the underlying provider */
78 rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
79 pMechanism, hKey);
81 /* Present consistent interface to the application */
82 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83 return (CKR_FUNCTION_FAILED);
86 return (rv);
91 * C_Verify is a pure wrapper to the underlying provider.
92 * The only argument checked is whether or not hSession is valid.
94 CK_RV
95 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
96 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
98 CK_RV rv;
99 pkcs11_session_t *sessp;
101 /* Check for a fastpath */
102 if (purefastpath || policyfastpath) {
103 return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
104 pSignature, ulSignatureLen));
107 if (!pkcs11_initialized) {
108 return (CKR_CRYPTOKI_NOT_INITIALIZED);
111 /* Obtain the session pointer */
112 HANDLE2SESSION(hSession, sessp, rv);
114 if (rv != CKR_OK) {
115 return (rv);
118 /* Pass data to the provider */
119 rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
120 ulDataLen, pSignature, ulSignatureLen);
122 /* Present consistent interface to the application */
123 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
124 return (CKR_FUNCTION_FAILED);
127 return (rv);
132 * C_VerifyUpdate is a pure wrapper to the underlying provider.
133 * The only argument checked is whether or not hSession is valid.
135 CK_RV
136 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
137 CK_ULONG ulPartLen)
139 CK_RV rv;
140 pkcs11_session_t *sessp;
142 /* Check for a fastpath */
143 if (purefastpath || policyfastpath) {
144 return (fast_funcs->C_VerifyUpdate(hSession, pPart,
145 ulPartLen));
148 if (!pkcs11_initialized) {
149 return (CKR_CRYPTOKI_NOT_INITIALIZED);
152 /* Obtain the session pointer */
153 HANDLE2SESSION(hSession, sessp, rv);
155 if (rv != CKR_OK) {
156 return (rv);
159 /* Pass data to the provider */
160 rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
161 pPart, ulPartLen);
163 /* Present consistent interface to the application */
164 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
165 return (CKR_FUNCTION_FAILED);
168 return (rv);
172 * C_VerifyFinal is a pure wrapper to the underlying provider.
173 * The only argument checked is whether or not hSession is valid.
175 CK_RV
176 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
177 CK_ULONG ulSignatureLen)
179 CK_RV rv;
180 pkcs11_session_t *sessp;
182 /* Check for a fastpath */
183 if (purefastpath || policyfastpath) {
184 return (fast_funcs->C_VerifyFinal(hSession, pSignature,
185 ulSignatureLen));
187 if (!pkcs11_initialized) {
188 return (CKR_CRYPTOKI_NOT_INITIALIZED);
191 /* Obtain the session pointer */
192 HANDLE2SESSION(hSession, sessp, rv);
194 if (rv != CKR_OK) {
195 return (rv);
198 /* Pass data to the provider */
199 rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
200 pSignature, ulSignatureLen);
202 /* Present consistent interface to the application */
203 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
204 return (CKR_FUNCTION_FAILED);
207 return (rv);
212 * C_VerifyRecoverInit will verify that the session handle is valid within
213 * the framework, that the mechanism is not disabled for the slot
214 * associated with this session, and then redirect to the underlying
215 * provider. Policy is only checked for C_VerifyRecoverInit, since it is
216 * required to be called before C_VerifyRecover.
218 CK_RV
219 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
220 CK_OBJECT_HANDLE hKey)
222 CK_RV rv;
223 pkcs11_session_t *sessp;
224 CK_SLOT_ID slotid;
226 /* Check for a fastpath */
227 if (purefastpath || policyfastpath) {
228 if (policyfastpath &&
229 pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
230 return (CKR_MECHANISM_INVALID);
232 return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
233 hKey));
236 if (!pkcs11_initialized) {
237 return (CKR_CRYPTOKI_NOT_INITIALIZED);
240 /* Obtain the session pointer */
241 HANDLE2SESSION(hSession, sessp, rv);
243 if (rv != CKR_OK) {
244 return (rv);
247 slotid = sessp->se_slotid;
249 /* Make sure this is not a disabled mechanism */
250 if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
251 return (CKR_MECHANISM_INVALID);
254 /* Initialize the digest with the underlying provider */
255 rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
256 pMechanism, hKey);
258 /* Present consistent interface to the application */
259 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
260 return (CKR_FUNCTION_FAILED);
263 return (rv);
269 * C_VerifyRecover is a pure wrapper to the underlying provider.
270 * The only argument checked is whether or not hSession is valid.
272 CK_RV
273 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
274 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
276 CK_RV rv;
277 pkcs11_session_t *sessp;
279 /* Check for a fastpath */
280 if (purefastpath || policyfastpath) {
281 return (fast_funcs->C_VerifyRecover(hSession, pSignature,
282 ulSignatureLen, pData, pulDataLen));
285 if (!pkcs11_initialized) {
286 return (CKR_CRYPTOKI_NOT_INITIALIZED);
289 /* Obtain the session pointer */
290 HANDLE2SESSION(hSession, sessp, rv);
292 if (rv != CKR_OK) {
293 return (rv);
296 /* Pass data to the provider */
297 rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
298 pSignature, ulSignatureLen, pData, pulDataLen);
300 /* Present consistent interface to the application */
301 if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302 return (CKR_FUNCTION_FAILED);
305 return (rv);