/*
* Initialize a verify context. When we get here, we know
* the key object is capable of verifying _something_
*/
CK_RV
sc_pkcs11_verif_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechanism,
struct sc_pkcs11_object *key, CK_MECHANISM_TYPE key_type)
{
struct sc_pkcs11_card *p11card;
sc_pkcs11_operation_t *operation;
sc_pkcs11_mechanism_type_t *mt;
int rv;
if (!session || !session->slot
|| !(p11card = session->slot->card))
return CKR_ARGUMENTS_BAD;
/* See if we support this mechanism type */
mt = sc_pkcs11_find_mechanism(p11card, pMechanism->mechanism, CKF_VERIFY);
if (mt == NULL)
return CKR_MECHANISM_INVALID;
/* See if compatible with key type */
if (mt->key_type != key_type)
return CKR_KEY_TYPE_INCONSISTENT;
rv = session_start_operation(session, SC_PKCS11_OPERATION_VERIFY, mt, &operation);
if (rv != CKR_OK)
return rv;
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
rv = mt->verif_init(operation, key);
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_VERIFY);
return rv;
}
CK_RV
sc_pkcs11_sign(struct sc_pkcs11_session *session,
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
sc_pkcs11_operation_t *op;
int rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
if (rv != CKR_OK)
return rv;
/* Bail out for signature mechanisms that don't do hashing */
if (op->type->sign == NULL) {
rv = CKR_KEY_TYPE_INCONSISTENT;
goto done;
}
rv = op->type->sign(op, pData, ulDataLen, pSignature, pulSignatureLen);
done:
if (rv != CKR_BUFFER_TOO_SMALL && pSignature != NULL)
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
return rv;
}
CK_RV
sc_pkcs11_md_init(struct sc_pkcs11_session *session,
CK_MECHANISM_PTR pMechanism)
{
struct sc_pkcs11_card *p11card;
sc_pkcs11_operation_t *operation;
sc_pkcs11_mechanism_type_t *mt;
int rv;
if (!session || !session->slot
|| !(p11card = session->slot->card))
return CKR_ARGUMENTS_BAD;
/* See if we support this mechanism type */
mt = sc_pkcs11_find_mechanism(p11card, pMechanism->mechanism, CKF_DIGEST);
if (mt == NULL)
return CKR_MECHANISM_INVALID;
rv = session_start_operation(session, SC_PKCS11_OPERATION_DIGEST, mt, &operation);
if (rv != CKR_OK)
return rv;
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
rv = mt->md_init(operation);
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
return rv;
}
CK_RV
sc_pkcs11_sign_final(struct sc_pkcs11_session *session,
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
{
sc_pkcs11_operation_t *op;
int rv;
LOG_FUNC_CALLED(context);
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
if (rv != CKR_OK)
LOG_FUNC_RETURN(context, rv);
/* Bail out for signature mechanisms that don't do hashing */
if (op->type->sign_final == NULL) {
rv = CKR_KEY_TYPE_INCONSISTENT;
goto done;
}
rv = op->type->sign_final(op, pSignature, pulSignatureLen);
done:
if (rv != CKR_BUFFER_TOO_SMALL && pSignature != NULL)
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
LOG_FUNC_RETURN(context, rv);
}
CK_RV
sc_pkcs11_sign_update(struct sc_pkcs11_session *session,
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
{
sc_pkcs11_operation_t *op;
int rv;
LOG_FUNC_CALLED(context);
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
if (rv != CKR_OK)
LOG_FUNC_RETURN(context, rv);
if (op->type->sign_update == NULL) {
rv = CKR_KEY_TYPE_INCONSISTENT;
goto done;
}
rv = op->type->sign_update(op, pData, ulDataLen);
done:
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
LOG_FUNC_RETURN(context, rv);
}
/*
* Initialize a signing context. When we get here, we know
* the key object is capable of signing _something_
*/
CK_RV
sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechanism,
struct sc_pkcs11_object *key, CK_MECHANISM_TYPE key_type)
{
struct sc_pkcs11_card *p11card;
sc_pkcs11_operation_t *operation;
sc_pkcs11_mechanism_type_t *mt;
int rv;
LOG_FUNC_CALLED(context);
if (!session || !session->slot || !(p11card = session->slot->card))
LOG_FUNC_RETURN(context, CKR_ARGUMENTS_BAD);
/* See if we support this mechanism type */
sc_log(context, "mechanism 0x%X, key-type 0x%X", pMechanism->mechanism, key_type);
mt = sc_pkcs11_find_mechanism(p11card, pMechanism->mechanism, CKF_SIGN);
if (mt == NULL)
LOG_FUNC_RETURN(context, CKR_MECHANISM_INVALID);
/* See if compatible with key type */
if (mt->key_type != key_type)
LOG_FUNC_RETURN(context, CKR_KEY_TYPE_INCONSISTENT);
rv = session_start_operation(session, SC_PKCS11_OPERATION_SIGN, mt, &operation);
if (rv != CKR_OK)
LOG_FUNC_RETURN(context, rv);
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
rv = mt->sign_init(operation, key);
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
LOG_FUNC_RETURN(context, rv);
}
CK_RV
sc_pkcs11_md_update(struct sc_pkcs11_session *session,
CK_BYTE_PTR pData, CK_ULONG ulDataLen)
{
sc_pkcs11_operation_t *op;
int rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
if (rv != CKR_OK)
goto done;
rv = op->type->md_update(op, pData, ulDataLen);
done:
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
return rv;
}
CK_RV
sc_pkcs11_decr(struct sc_pkcs11_session *session,
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
sc_pkcs11_operation_t *op;
int rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_DECRYPT, &op);
if (rv != CKR_OK)
return rv;
rv = op->type->decrypt(op, pEncryptedData, ulEncryptedDataLen,
pData, pulDataLen);
if (rv != CKR_BUFFER_TOO_SMALL && pData != NULL)
session_stop_operation(session, SC_PKCS11_OPERATION_DECRYPT);
return rv;
}
CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) /* the session's handle */
{
int rv;
struct sc_pkcs11_session *session;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
rv = pool_find(&session_pool, hSession, (void**) &session);
if (rv != CKR_OK)
goto out;
rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, NULL);
if (rv == CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_FIND);
out: sc_pkcs11_unlock();
return rv;
}
CK_RV
sc_pkcs11_verif_final(struct sc_pkcs11_session *session,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
{
sc_pkcs11_operation_t *op;
int rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op);
if (rv != CKR_OK)
return rv;
if (op->type->verif_final == NULL) {
rv = CKR_KEY_TYPE_INCONSISTENT;
goto done;
}
rv = op->type->verif_final(op, pSignature, ulSignatureLen);
done:
session_stop_operation(session, SC_PKCS11_OPERATION_VERIFY);
return rv;
}
CK_RV
sc_pkcs11_md_final(struct sc_pkcs11_session *session,
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
sc_pkcs11_operation_t *op;
CK_RV rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op);
if (rv != CKR_OK)
LOG_FUNC_RETURN(context, rv);
/* This is a request for the digest length */
if (pData == NULL)
*pulDataLen = 0;
rv = op->type->md_final(op, pData, pulDataLen);
if (rv == CKR_BUFFER_TOO_SMALL)
LOG_FUNC_RETURN(context, pData == NULL ? CKR_OK : CKR_BUFFER_TOO_SMALL);
session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST);
LOG_FUNC_RETURN(context, rv);
}
CK_RV
sc_pkcs11_sign_size(struct sc_pkcs11_session *session, CK_ULONG_PTR pLength)
{
sc_pkcs11_operation_t *op;
int rv;
rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op);
if (rv != CKR_OK)
return rv;
/* Bail out for signature mechanisms that don't do hashing */
if (op->type->sign_size == NULL) {
rv = CKR_KEY_TYPE_INCONSISTENT;
goto done;
}
rv = op->type->sign_size(op, pLength);
done:
if (rv != CKR_OK)
session_stop_operation(session, SC_PKCS11_OPERATION_SIGN);
return rv;
}