Home | History | Annotate | Download | only in common
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License, Version 1.0 only
      6  * (the "License").  You may not use this file except in compliance
      7  * with the License.
      8  *
      9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10  * or http://www.opensolaris.org/os/licensing.
     11  * See the License for the specific language governing permissions
     12  * and limitations under the License.
     13  *
     14  * When distributing Covered Code, include this CDDL HEADER in each
     15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16  * If applicable, add the following below this CDDL HEADER, with the
     17  * fields enclosed by brackets "[]" replaced with your own identifying
     18  * information: Portions Copyright [yyyy] [name of copyright owner]
     19  *
     20  * CDDL HEADER END
     21  */
     22 /*
     23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     28 
     29 #include <security/cryptoki.h>
     30 #include "pkcs11Global.h"
     31 #include "pkcs11Conf.h"
     32 #include "pkcs11Session.h"
     33 #include "pkcs11Slot.h"
     34 
     35 /*
     36  * C_VerifyInit will verify that the session handle is valid within the
     37  * framework, that the mechanism is not disabled for the slot
     38  * associated with this session, and then redirect to the underlying
     39  * provider.  Policy is only checked for C_VerifyInit, since it is
     40  * required to be called before C_Verify and C_VerifyUpdate.
     41  */
     42 CK_RV
     43 C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
     44     CK_OBJECT_HANDLE hKey)
     45 {
     46 	CK_RV rv;
     47 	pkcs11_session_t *sessp;
     48 	CK_SLOT_ID slotid;
     49 
     50 	/* Check for a fastpath */
     51 	if (purefastpath || policyfastpath) {
     52 		if (policyfastpath &&
     53 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
     54 			return (CKR_MECHANISM_INVALID);
     55 		}
     56 		return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
     57 	}
     58 
     59 	if (!pkcs11_initialized) {
     60 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
     61 	}
     62 
     63 	/* Obtain the session pointer */
     64 	HANDLE2SESSION(hSession, sessp, rv);
     65 
     66 	if (rv != CKR_OK) {
     67 		return (rv);
     68 	}
     69 
     70 	slotid = sessp->se_slotid;
     71 
     72 	/* Make sure this is not a disabled mechanism */
     73 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
     74 		return (CKR_MECHANISM_INVALID);
     75 	}
     76 
     77 	/* Initialize the digest with the underlying provider */
     78 	rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
     79 	    pMechanism, hKey);
     80 
     81 	/* Present consistent interface to the application */
     82 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
     83 		return (CKR_FUNCTION_FAILED);
     84 	}
     85 
     86 	return (rv);
     87 
     88 }
     89 
     90 /*
     91  * C_Verify is a pure wrapper to the underlying provider.
     92  * The only argument checked is whether or not hSession is valid.
     93  */
     94 CK_RV
     95 C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
     96     CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
     97 {
     98 	CK_RV rv;
     99 	pkcs11_session_t *sessp;
    100 
    101 	/* Check for a fastpath */
    102 	if (purefastpath || policyfastpath) {
    103 		return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
    104 			    pSignature, ulSignatureLen));
    105 	}
    106 
    107 	if (!pkcs11_initialized) {
    108 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    109 	}
    110 
    111 	/* Obtain the session pointer */
    112 	HANDLE2SESSION(hSession, sessp, rv);
    113 
    114 	if (rv != CKR_OK) {
    115 		return (rv);
    116 	}
    117 
    118 	/* Pass data to the provider */
    119 	rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
    120 	    ulDataLen, pSignature, ulSignatureLen);
    121 
    122 	/* Present consistent interface to the application */
    123 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    124 		return (CKR_FUNCTION_FAILED);
    125 	}
    126 
    127 	return (rv);
    128 
    129 }
    130 
    131 /*
    132  * C_VerifyUpdate is a pure wrapper to the underlying provider.
    133  * The only argument checked is whether or not hSession is valid.
    134  */
    135 CK_RV
    136 C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
    137     CK_ULONG ulPartLen)
    138 {
    139 	CK_RV rv;
    140 	pkcs11_session_t *sessp;
    141 
    142 	/* Check for a fastpath */
    143 	if (purefastpath || policyfastpath) {
    144 		return (fast_funcs->C_VerifyUpdate(hSession, pPart,
    145 			    ulPartLen));
    146 	}
    147 
    148 	if (!pkcs11_initialized) {
    149 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    150 	}
    151 
    152 	/* Obtain the session pointer */
    153 	HANDLE2SESSION(hSession, sessp, rv);
    154 
    155 	if (rv != CKR_OK) {
    156 		return (rv);
    157 	}
    158 
    159 	/* Pass data to the provider */
    160 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
    161 	    pPart, ulPartLen);
    162 
    163 	/* Present consistent interface to the application */
    164 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    165 		return (CKR_FUNCTION_FAILED);
    166 	}
    167 
    168 	return (rv);
    169 }
    170 
    171 /*
    172  * C_VerifyFinal is a pure wrapper to the underlying provider.
    173  * The only argument checked is whether or not hSession is valid.
    174  */
    175 CK_RV
    176 C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
    177     CK_ULONG ulSignatureLen)
    178 {
    179 	CK_RV rv;
    180 	pkcs11_session_t *sessp;
    181 
    182 	/* Check for a fastpath */
    183 	if (purefastpath || policyfastpath) {
    184 		return (fast_funcs->C_VerifyFinal(hSession, pSignature,
    185 			    ulSignatureLen));
    186 	}
    187 	if (!pkcs11_initialized) {
    188 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    189 	}
    190 
    191 	/* Obtain the session pointer */
    192 	HANDLE2SESSION(hSession, sessp, rv);
    193 
    194 	if (rv != CKR_OK) {
    195 		return (rv);
    196 	}
    197 
    198 	/* Pass data to the provider */
    199 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
    200 	    pSignature, ulSignatureLen);
    201 
    202 	/* Present consistent interface to the application */
    203 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    204 		return (CKR_FUNCTION_FAILED);
    205 	}
    206 
    207 	return (rv);
    208 
    209 }
    210 
    211 /*
    212  * C_VerifyRecoverInit will verify that the session handle is valid within
    213  * the framework, that the mechanism is not disabled for the slot
    214  * associated with this session, and then redirect to the underlying
    215  * provider.  Policy is only checked for C_VerifyRecoverInit, since it is
    216  * required to be called before C_VerifyRecover.
    217  */
    218 CK_RV
    219 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
    220     CK_OBJECT_HANDLE hKey)
    221 {
    222 	CK_RV rv;
    223 	pkcs11_session_t *sessp;
    224 	CK_SLOT_ID slotid;
    225 
    226 	/* Check for a fastpath */
    227 	if (purefastpath || policyfastpath) {
    228 		if (policyfastpath &&
    229 		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
    230 			return (CKR_MECHANISM_INVALID);
    231 		}
    232 		return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
    233 			    hKey));
    234 	}
    235 
    236 	if (!pkcs11_initialized) {
    237 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    238 	}
    239 
    240 	/* Obtain the session pointer */
    241 	HANDLE2SESSION(hSession, sessp, rv);
    242 
    243 	if (rv != CKR_OK) {
    244 		return (rv);
    245 	}
    246 
    247 	slotid = sessp->se_slotid;
    248 
    249 	/* Make sure this is not a disabled mechanism */
    250 	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
    251 		return (CKR_MECHANISM_INVALID);
    252 	}
    253 
    254 	/* Initialize the digest with the underlying provider */
    255 	rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
    256 	    pMechanism, hKey);
    257 
    258 	/* Present consistent interface to the application */
    259 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    260 		return (CKR_FUNCTION_FAILED);
    261 	}
    262 
    263 	return (rv);
    264 
    265 
    266 }
    267 
    268 /*
    269  * C_VerifyRecover is a pure wrapper to the underlying provider.
    270  * The only argument checked is whether or not hSession is valid.
    271  */
    272 CK_RV
    273 C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
    274     CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
    275 {
    276 	CK_RV rv;
    277 	pkcs11_session_t *sessp;
    278 
    279 	/* Check for a fastpath */
    280 	if (purefastpath || policyfastpath) {
    281 		return (fast_funcs->C_VerifyRecover(hSession, pSignature,
    282 			    ulSignatureLen, pData, pulDataLen));
    283 	}
    284 
    285 	if (!pkcs11_initialized) {
    286 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
    287 	}
    288 
    289 	/* Obtain the session pointer */
    290 	HANDLE2SESSION(hSession, sessp, rv);
    291 
    292 	if (rv != CKR_OK) {
    293 		return (rv);
    294 	}
    295 
    296 	/* Pass data to the provider */
    297 	rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
    298 	    pSignature, ulSignatureLen, pData, pulDataLen);
    299 
    300 	/* Present consistent interface to the application */
    301 	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
    302 		return (CKR_FUNCTION_FAILED);
    303 	}
    304 
    305 	return (rv);
    306 }
    307