1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License").  You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22/*
23 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#pragma ident	"%Z%%M%	%I%	%E% SMI"
28
29#include <security/cryptoki.h>
30#include "pkcs11Global.h"
31#include "pkcs11Conf.h"
32#include "pkcs11Session.h"
33#include "pkcs11Slot.h"
34
35/*
36 * C_VerifyInit will verify that the session handle is valid within the
37 * framework, that the mechanism is not disabled for the slot
38 * associated with this session, and then redirect to the underlying
39 * provider.  Policy is only checked for C_VerifyInit, since it is
40 * required to be called before C_Verify and C_VerifyUpdate.
41 */
42CK_RV
43C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
44    CK_OBJECT_HANDLE hKey)
45{
46	CK_RV rv;
47	pkcs11_session_t *sessp;
48	CK_SLOT_ID slotid;
49
50	/* Check for a fastpath */
51	if (purefastpath || policyfastpath) {
52		if (policyfastpath &&
53		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
54			return (CKR_MECHANISM_INVALID);
55		}
56		return (fast_funcs->C_VerifyInit(hSession, pMechanism, hKey));
57	}
58
59	if (!pkcs11_initialized) {
60		return (CKR_CRYPTOKI_NOT_INITIALIZED);
61	}
62
63	/* Obtain the session pointer */
64	HANDLE2SESSION(hSession, sessp, rv);
65
66	if (rv != CKR_OK) {
67		return (rv);
68	}
69
70	slotid = sessp->se_slotid;
71
72	/* Make sure this is not a disabled mechanism */
73	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
74		return (CKR_MECHANISM_INVALID);
75	}
76
77	/* Initialize the digest with the underlying provider */
78	rv = FUNCLIST(slotid)->C_VerifyInit(sessp->se_handle,
79	    pMechanism, hKey);
80
81	/* Present consistent interface to the application */
82	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
83		return (CKR_FUNCTION_FAILED);
84	}
85
86	return (rv);
87
88}
89
90/*
91 * C_Verify is a pure wrapper to the underlying provider.
92 * The only argument checked is whether or not hSession is valid.
93 */
94CK_RV
95C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
96    CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
97{
98	CK_RV rv;
99	pkcs11_session_t *sessp;
100
101	/* Check for a fastpath */
102	if (purefastpath || policyfastpath) {
103		return (fast_funcs->C_Verify(hSession, pData, ulDataLen,
104			    pSignature, ulSignatureLen));
105	}
106
107	if (!pkcs11_initialized) {
108		return (CKR_CRYPTOKI_NOT_INITIALIZED);
109	}
110
111	/* Obtain the session pointer */
112	HANDLE2SESSION(hSession, sessp, rv);
113
114	if (rv != CKR_OK) {
115		return (rv);
116	}
117
118	/* Pass data to the provider */
119	rv = FUNCLIST(sessp->se_slotid)->C_Verify(sessp->se_handle, pData,
120	    ulDataLen, pSignature, ulSignatureLen);
121
122	/* Present consistent interface to the application */
123	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
124		return (CKR_FUNCTION_FAILED);
125	}
126
127	return (rv);
128
129}
130
131/*
132 * C_VerifyUpdate is a pure wrapper to the underlying provider.
133 * The only argument checked is whether or not hSession is valid.
134 */
135CK_RV
136C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
137    CK_ULONG ulPartLen)
138{
139	CK_RV rv;
140	pkcs11_session_t *sessp;
141
142	/* Check for a fastpath */
143	if (purefastpath || policyfastpath) {
144		return (fast_funcs->C_VerifyUpdate(hSession, pPart,
145			    ulPartLen));
146	}
147
148	if (!pkcs11_initialized) {
149		return (CKR_CRYPTOKI_NOT_INITIALIZED);
150	}
151
152	/* Obtain the session pointer */
153	HANDLE2SESSION(hSession, sessp, rv);
154
155	if (rv != CKR_OK) {
156		return (rv);
157	}
158
159	/* Pass data to the provider */
160	rv = FUNCLIST(sessp->se_slotid)->C_VerifyUpdate(sessp->se_handle,
161	    pPart, ulPartLen);
162
163	/* Present consistent interface to the application */
164	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
165		return (CKR_FUNCTION_FAILED);
166	}
167
168	return (rv);
169}
170
171/*
172 * C_VerifyFinal is a pure wrapper to the underlying provider.
173 * The only argument checked is whether or not hSession is valid.
174 */
175CK_RV
176C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
177    CK_ULONG ulSignatureLen)
178{
179	CK_RV rv;
180	pkcs11_session_t *sessp;
181
182	/* Check for a fastpath */
183	if (purefastpath || policyfastpath) {
184		return (fast_funcs->C_VerifyFinal(hSession, pSignature,
185			    ulSignatureLen));
186	}
187	if (!pkcs11_initialized) {
188		return (CKR_CRYPTOKI_NOT_INITIALIZED);
189	}
190
191	/* Obtain the session pointer */
192	HANDLE2SESSION(hSession, sessp, rv);
193
194	if (rv != CKR_OK) {
195		return (rv);
196	}
197
198	/* Pass data to the provider */
199	rv = FUNCLIST(sessp->se_slotid)->C_VerifyFinal(sessp->se_handle,
200	    pSignature, ulSignatureLen);
201
202	/* Present consistent interface to the application */
203	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
204		return (CKR_FUNCTION_FAILED);
205	}
206
207	return (rv);
208
209}
210
211/*
212 * C_VerifyRecoverInit will verify that the session handle is valid within
213 * the framework, that the mechanism is not disabled for the slot
214 * associated with this session, and then redirect to the underlying
215 * provider.  Policy is only checked for C_VerifyRecoverInit, since it is
216 * required to be called before C_VerifyRecover.
217 */
218CK_RV
219C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
220    CK_OBJECT_HANDLE hKey)
221{
222	CK_RV rv;
223	pkcs11_session_t *sessp;
224	CK_SLOT_ID slotid;
225
226	/* Check for a fastpath */
227	if (purefastpath || policyfastpath) {
228		if (policyfastpath &&
229		    pkcs11_is_dismech(fast_slot, pMechanism->mechanism)) {
230			return (CKR_MECHANISM_INVALID);
231		}
232		return (fast_funcs->C_VerifyRecoverInit(hSession, pMechanism,
233			    hKey));
234	}
235
236	if (!pkcs11_initialized) {
237		return (CKR_CRYPTOKI_NOT_INITIALIZED);
238	}
239
240	/* Obtain the session pointer */
241	HANDLE2SESSION(hSession, sessp, rv);
242
243	if (rv != CKR_OK) {
244		return (rv);
245	}
246
247	slotid = sessp->se_slotid;
248
249	/* Make sure this is not a disabled mechanism */
250	if (pkcs11_is_dismech(slotid, pMechanism->mechanism)) {
251		return (CKR_MECHANISM_INVALID);
252	}
253
254	/* Initialize the digest with the underlying provider */
255	rv = FUNCLIST(slotid)->C_VerifyRecoverInit(sessp->se_handle,
256	    pMechanism, hKey);
257
258	/* Present consistent interface to the application */
259	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
260		return (CKR_FUNCTION_FAILED);
261	}
262
263	return (rv);
264
265
266}
267
268/*
269 * C_VerifyRecover is a pure wrapper to the underlying provider.
270 * The only argument checked is whether or not hSession is valid.
271 */
272CK_RV
273C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
274    CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
275{
276	CK_RV rv;
277	pkcs11_session_t *sessp;
278
279	/* Check for a fastpath */
280	if (purefastpath || policyfastpath) {
281		return (fast_funcs->C_VerifyRecover(hSession, pSignature,
282			    ulSignatureLen, pData, pulDataLen));
283	}
284
285	if (!pkcs11_initialized) {
286		return (CKR_CRYPTOKI_NOT_INITIALIZED);
287	}
288
289	/* Obtain the session pointer */
290	HANDLE2SESSION(hSession, sessp, rv);
291
292	if (rv != CKR_OK) {
293		return (rv);
294	}
295
296	/* Pass data to the provider */
297	rv = FUNCLIST(sessp->se_slotid)->C_VerifyRecover(sessp->se_handle,
298	    pSignature, ulSignatureLen, pData, pulDataLen);
299
300	/* Present consistent interface to the application */
301	if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
302		return (CKR_FUNCTION_FAILED);
303	}
304
305	return (rv);
306}
307