1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#pragma ident "%Z%%M% %I% %E% SMI" 27 28/* 29 * Functions for Verifying Signatures and MACS 30 * (as defined in PKCS#11 spec section 11.13) 31 */ 32 33#include "metaGlobal.h" 34 35 36/* 37 * meta_VerifyInit 38 * 39 */ 40CK_RV 41meta_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 42 CK_OBJECT_HANDLE hKey) 43{ 44 CK_RV rv; 45 meta_session_t *session; 46 meta_object_t *key; 47 48 if (pMechanism == NULL) 49 return (CKR_ARGUMENTS_BAD); 50 51 rv = meta_handle2session(hSession, &session); 52 if (rv != CKR_OK) 53 return (rv); 54 55 rv = meta_handle2object(hKey, &key); 56 if (rv != CKR_OK) { 57 REFRELEASE(session); 58 return (rv); 59 } 60 61 rv = meta_operation_init(CKF_VERIFY, session, pMechanism, key); 62 63 OBJRELEASE(key); 64 REFRELEASE(session); 65 66 return (rv); 67} 68 69 70/* 71 * meta_Verify 72 * 73 */ 74CK_RV 75meta_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, 76 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) 77{ 78 CK_RV rv; 79 meta_session_t *session; 80 81 rv = meta_handle2session(hSession, &session); 82 if (rv != CKR_OK) 83 return (rv); 84 85 /* Note: unlike other ops, both buffers are inputs, and required. */ 86 if (pData == NULL || pSignature == NULL) { 87 meta_operation_cleanup(session, CKF_VERIFY, FALSE); 88 REFRELEASE(session); 89 return (CKR_ARGUMENTS_BAD); 90 } 91 92 rv = meta_do_operation(CKF_VERIFY, MODE_SINGLE, session, NULL, 93 pData, ulDataLen, pSignature, &ulSignatureLen); 94 95 REFRELEASE(session); 96 97 return (rv); 98} 99 100 101/* 102 * meta_VerifyUpdate 103 * 104 */ 105CK_RV 106meta_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 107 CK_ULONG ulPartLen) 108{ 109 CK_RV rv; 110 meta_session_t *session; 111 112 rv = meta_handle2session(hSession, &session); 113 if (rv != CKR_OK) 114 return (rv); 115 116 if (pPart == NULL) { 117 meta_operation_cleanup(session, CKF_VERIFY, FALSE); 118 REFRELEASE(session); 119 return (CKR_ARGUMENTS_BAD); 120 } 121 122 rv = meta_do_operation(CKF_VERIFY, MODE_UPDATE, session, NULL, 123 pPart, ulPartLen, NULL, NULL); 124 125 REFRELEASE(session); 126 127 return (rv); 128} 129 130 131/* 132 * meta_VerifyFinal 133 * 134 */ 135CK_RV 136meta_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 137 CK_ULONG ulSignatureLen) 138{ 139 CK_RV rv; 140 meta_session_t *session; 141 142 rv = meta_handle2session(hSession, &session); 143 if (rv != CKR_OK) 144 return (rv); 145 146 /* 147 * Unlike other ops the buffer is an input. Allow NULL if there's 148 * no more input. 149 */ 150 if (pSignature == NULL && ulSignatureLen != 0) { 151 meta_operation_cleanup(session, CKF_VERIFY, FALSE); 152 REFRELEASE(session); 153 return (CKR_ARGUMENTS_BAD); 154 } 155 156 rv = meta_do_operation(CKF_VERIFY, MODE_FINAL, session, NULL, 157 pSignature, ulSignatureLen, NULL, NULL); 158 159 REFRELEASE(session); 160 161 return (rv); 162} 163 164 165/* 166 * meta_VerifyRecoverInit 167 * 168 */ 169CK_RV 170meta_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 171 CK_OBJECT_HANDLE hKey) 172{ 173 CK_RV rv; 174 meta_session_t *session; 175 meta_object_t *key; 176 177 if (pMechanism == NULL) 178 return (CKR_ARGUMENTS_BAD); 179 180 rv = meta_handle2session(hSession, &session); 181 if (rv != CKR_OK) 182 return (rv); 183 184 rv = meta_handle2object(hKey, &key); 185 if (rv != CKR_OK) { 186 REFRELEASE(session); 187 return (rv); 188 } 189 190 rv = meta_operation_init(CKF_VERIFY_RECOVER, session, pMechanism, key); 191 192 OBJRELEASE(key); 193 REFRELEASE(session); 194 195 return (rv); 196} 197 198 199/* 200 * meta_VerifyRecover 201 * 202 */ 203CK_RV 204meta_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 205 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) 206{ 207 CK_RV rv; 208 meta_session_t *session; 209 210 rv = meta_handle2session(hSession, &session); 211 if (rv != CKR_OK) 212 return (rv); 213 214 if (pSignature == NULL || pulDataLen == NULL) { 215 meta_operation_cleanup(session, CKF_VERIFY_RECOVER, FALSE); 216 REFRELEASE(session); 217 return (CKR_ARGUMENTS_BAD); 218 } 219 220 rv = meta_do_operation(CKF_VERIFY_RECOVER, MODE_SINGLE, session, NULL, 221 pSignature, ulSignatureLen, pData, pulDataLen); 222 223 REFRELEASE(session); 224 225 return (rv); 226} 227