usr/src/lib/pkcs11/libpkcs11/common/pkcs11Verify.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28
  29 #include <security/cryptoki.h>
  30 #include "pkcs11Global.h"
  31 #include "pkcs11Conf.h"
  32 #include "pkcs11Session.h"
  33 #include "pkcs11Slot.h"
  34
  35 /*
  36  * C_VerifyInit will verify that the session handle is valid within the
  37  * framework, that the mechanism is not disabled for the slot
  38  * associated with this session, and then redirect to the underlying
  39  * provider.  Policy is only checked for C_VerifyInit, since it is
  40  * required to be called before C_Verify and C_VerifyUpdate.
  41  */
  42 CK_RV
  43 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
  44     CK_OBJECT_HANDLE hKey)
  45 {
  46         CK_RV rv;
  47         pkcs11_session_t *sessp;
  48         CK_SLOT_ID slotid;
  49
  50         /* Check for a fastpath */
  51         if (purefastpath || policyfastpath) {
  52                 if (policyfastpath &&
  53                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
  54                         return (CKR_MECHANISM_INVALID);
  55                 }
  56                 return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
  57         }
  58
  59         if (!pkcs11_initialized) {
  60                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
  61         }
  62
  63         /* Obtain the session pointer */
  64         HANDLE2SESSION(hSession, sessp, rv);
  65
  66         if (rv != CKR_OK) {
  67                 return (rv);
  68         }
  69
  70         slotid = sessp->se_slotid;
  71
  72         /* Make sure this is not a disabled mechanism */
  73         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
  74                 return (CKR_MECHANISM_INVALID);
  75         }
  76
  77         /* Initialize the digest with the underlying provider */
  78         rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
  79             pMechanism, hKey);
  80
  81         /* Present consistent interface to the application */
  82         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
  83                 return (CKR_FUNCTION_FAILED);
  84         }
  85
  86         return (rv);
  87
  88 }
  89
  90 /*
  91  * C_Verify is a pure wrapper to the underlying provider.
  92  * The only argument checked is whether or not hSession is valid.
  93  */
  94 CK_RV
  95 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
  96     CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
  97 {
  98         CK_RV rv;
  99         pkcs11_session_t *sessp;
 100
 101         /* Check for a fastpath */
 102         if (purefastpath || policyfastpath) {
 103                 return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
 104                             pSignature, ulSignatureLen));
 105         }
 106
 107         if (!pkcs11_initialized) {
 108                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 109         }
 110
 111         /* Obtain the session pointer */
 112         HANDLE2SESSION(hSession, sessp, rv);
 113
 114         if (rv != CKR_OK) {
 115                 return (rv);
 116         }
 117
 118         /* Pass data to the provider */
 119         rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
 120             ulDataLen, pSignature, ulSignatureLen);
 121
 122         /* Present consistent interface to the application */
 123         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 124                 return (CKR_FUNCTION_FAILED);
 125         }
 126
 127         return (rv);
 128
 129 }
 130
 131 /*
 132  * C_VerifyUpdate is a pure wrapper to the underlying provider.
 133  * The only argument checked is whether or not hSession is valid.
 134  */
 135 CK_RV
 136 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
 137     CK_ULONG ulPartLen)
 138 {
 139         CK_RV rv;
 140         pkcs11_session_t *sessp;
 141
 142         /* Check for a fastpath */
 143         if (purefastpath || policyfastpath) {
 144                 return (fast_funcs->C_VerifyUpdate(hSession, pPart,
 145                             ulPartLen));
 146         }
 147
 148         if (!pkcs11_initialized) {
 149                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 150         }
 151
 152         /* Obtain the session pointer */
 153         HANDLE2SESSION(hSession, sessp, rv);
 154
 155         if (rv != CKR_OK) {
 156                 return (rv);
 157         }
 158
 159         /* Pass data to the provider */
 160         rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
 161             pPart, ulPartLen);
 162
 163         /* Present consistent interface to the application */
 164         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 165                 return (CKR_FUNCTION_FAILED);
 166         }
 167
 168         return (rv);
 169 }
 170
 171 /*
 172  * C_VerifyFinal is a pure wrapper to the underlying provider.
 173  * The only argument checked is whether or not hSession is valid.
 174  */
 175 CK_RV
 176 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
 177     CK_ULONG ulSignatureLen)
 178 {
 179         CK_RV rv;
 180         pkcs11_session_t *sessp;
 181
 182         /* Check for a fastpath */
 183         if (purefastpath || policyfastpath) {
 184                 return (fast_funcs->C_VerifyFinal(hSession, pSignature,
 185                             ulSignatureLen));
 186         }
 187         if (!pkcs11_initialized) {
 188                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 189         }
 190
 191         /* Obtain the session pointer */
 192         HANDLE2SESSION(hSession, sessp, rv);
 193
 194         if (rv != CKR_OK) {
 195                 return (rv);
 196         }
 197
 198         /* Pass data to the provider */
 199         rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
 200             pSignature, ulSignatureLen);
 201
 202         /* Present consistent interface to the application */
 203         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 204                 return (CKR_FUNCTION_FAILED);
 205         }
 206
 207         return (rv);
 208
 209 }
 210
 211 /*
 212  * C_VerifyRecoverInit will verify that the session handle is valid within
 213  * the framework, that the mechanism is not disabled for the slot
 214  * associated with this session, and then redirect to the underlying
 215  * provider.  Policy is only checked for C_VerifyRecoverInit, since it is
 216  * required to be called before C_VerifyRecover.
 217  */
 218 CK_RV
 219 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 220     CK_OBJECT_HANDLE hKey)
 221 {
 222         CK_RV rv;
 223         pkcs11_session_t *sessp;
 224         CK_SLOT_ID slotid;
 225
 226         /* Check for a fastpath */
 227         if (purefastpath || policyfastpath) {
 228                 if (policyfastpath &&
 229                     pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
 230                         return (CKR_MECHANISM_INVALID);
 231                 }
 232                 return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
 233                             hKey));
 234         }
 235
 236         if (!pkcs11_initialized) {
 237                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 238         }
 239
 240         /* Obtain the session pointer */
 241         HANDLE2SESSION(hSession, sessp, rv);
 242
 243         if (rv != CKR_OK) {
 244                 return (rv);
 245         }
 246
 247         slotid = sessp->se_slotid;
 248
 249         /* Make sure this is not a disabled mechanism */
 250         if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
 251                 return (CKR_MECHANISM_INVALID);
 252         }
 253
 254         /* Initialize the digest with the underlying provider */
 255         rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
 256             pMechanism, hKey);
 257
 258         /* Present consistent interface to the application */
 259         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 260                 return (CKR_FUNCTION_FAILED);
 261         }
 262
 263         return (rv);
 264
 265
 266 }
 267
 268 /*
 269  * C_VerifyRecover is a pure wrapper to the underlying provider.
 270  * The only argument checked is whether or not hSession is valid.
 271  */
 272 CK_RV
 273 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
 274     CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
 275 {
 276         CK_RV rv;
 277         pkcs11_session_t *sessp;
 278
 279         /* Check for a fastpath */
 280         if (purefastpath || policyfastpath) {
 281                 return (fast_funcs->C_VerifyRecover(hSession, pSignature,
 282                             ulSignatureLen, pData, pulDataLen));
 283         }
 284
 285         if (!pkcs11_initialized) {
 286                 return (CKR_CRYPTOKI_NOT_INITIALIZED);
 287         }
 288
 289         /* Obtain the session pointer */
 290         HANDLE2SESSION(hSession, sessp, rv);
 291
 292         if (rv != CKR_OK) {
 293                 return (rv);
 294         }
 295
 296         /* Pass data to the provider */
 297         rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
 298             pSignature, ulSignatureLen, pData, pulDataLen);
 299
 300         /* Present consistent interface to the application */
 301         if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
 302                 return (CKR_FUNCTION_FAILED);
 303         }
 304
 305         return (rv);
 306 }