corePKCS11  V3.0.0
PKCS #11 Cryptoki Library
C_Verify
CK_DECLARE_FUNCTION( CK_RV, C_Verify )( CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen )
{
P11Session_t * pxSessionObj;
int32_t lMbedTLSResult;
CK_RV xResult = CKR_OK;
pxSessionObj = prvSessionPointerFromHandle( hSession );
xResult = prvCheckValidSessionAndModule( pxSessionObj );
/* Check parameters. */
if( ( NULL == pData ) ||
( NULL == pSignature ) )
{
LogError( ( "Failed verify operation. Received a NULL pointer." ) );
xResult = CKR_ARGUMENTS_BAD;
}
/* Check that the signature and data are the expected length.
* These PKCS #11 mechanism expect data to be pre-hashed/formatted. */
if( xResult == CKR_OK )
{
if( pxSessionObj->xOperationVerifyMechanism == CKM_RSA_X_509 )
{
LogDebug( ( "CKM_RSA_X_509 verify mechanism." ) );
{
LogError( ( "Failed verify operation. Data Length was too "
"short for pkcs11RSA_2048_SIGNATURE_LENGTH." ) );
xResult = CKR_DATA_LEN_RANGE;
}
if( ulSignatureLen != pkcs11RSA_2048_SIGNATURE_LENGTH )
{
LogError( ( "Failed verify operation. Signature Length was too "
"short for pkcs11RSA_2048_SIGNATURE_LENGTH." ) );
xResult = CKR_SIGNATURE_LEN_RANGE;
}
}
else if( pxSessionObj->xOperationVerifyMechanism == CKM_ECDSA )
{
LogDebug( ( "CKM_ECDSA verify mechanism." ) );
if( ulDataLen != pkcs11SHA256_DIGEST_LENGTH )
{
LogError( ( "Failed verify operation. Data Length was too "
"short for pkcs11SHA256_DIGEST_LENGTH." ) );
xResult = CKR_DATA_LEN_RANGE;
}
if( ulSignatureLen != pkcs11ECDSA_P256_SIGNATURE_LENGTH )
{
LogError( ( "Failed verify operation. Data Length was too "
"short for pkcs11ECDSA_P256_SIGNATURE_LENGTH." ) );
xResult = CKR_SIGNATURE_LEN_RANGE;
}
}
else
{
LogError( ( "Failed verify operation. A C_Verify operation must be "
"initialized by a preceding call to C_VerifyInit. "
"This must happen before every call to C_Verify." ) );
xResult = CKR_OPERATION_NOT_INITIALIZED;
}
}
/* Verification step. */
if( xResult == CKR_OK )
{
/* Perform an RSA verification. */
if( pxSessionObj->xOperationVerifyMechanism == CKM_RSA_X_509 )
{
if( 0 == mbedtls_mutex_lock( &pxSessionObj->xVerifyMutex ) )
{
/* Verify the signature. If a public key is present, use it. */
if( NULL != pxSessionObj->xVerifyKey.pk_ctx )
{
lMbedTLSResult = mbedtls_pk_verify( &pxSessionObj->xVerifyKey,
MBEDTLS_MD_SHA256,
pData,
ulDataLen,
pSignature,
ulSignatureLen );
if( 0 != lMbedTLSResult )
{
LogError( ( "Failed verify operation. mbedtls_pk_verify "
"failed: mbed TLS error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
xResult = CKR_SIGNATURE_INVALID;
}
}
( void ) mbedtls_mutex_unlock( &pxSessionObj->xVerifyMutex );
}
else
{
LogError( ( "Failed verify operation. Could not take verify mutex." ) );
xResult = CKR_CANT_LOCK;
}
}
/* Perform an ECDSA verification. */
else if( pxSessionObj->xOperationVerifyMechanism == CKM_ECDSA )
{
/* An ECDSA signature is comprised of 2 components - R & S. C_Sign returns them one after another. */
mbedtls_ecdsa_context * pxEcdsaContext;
mbedtls_mpi xR;
mbedtls_mpi xS;
mbedtls_mpi_init( &xR );
mbedtls_mpi_init( &xS );
lMbedTLSResult = mbedtls_mpi_read_binary( &xR, &pSignature[ 0 ], 32 );
if( lMbedTLSResult != 0 )
{
xResult = CKR_SIGNATURE_INVALID;
LogError( ( "Failed verify operation. Failed to parse R in EC "
"signature: mbed TLS error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
}
else
{
lMbedTLSResult = mbedtls_mpi_read_binary( &xS, &pSignature[ 32 ], 32 );
if( lMbedTLSResult != 0 )
{
xResult = CKR_SIGNATURE_INVALID;
LogError( ( "Failed verify operation. Failed to parse S in "
"EC signature: mbed TLS error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
}
}
if( xResult == CKR_OK )
{
if( 0 == mbedtls_mutex_lock( &pxSessionObj->xVerifyMutex ) )
{
/* Verify the signature. If a public key is present, use it. */
if( NULL != pxSessionObj->xVerifyKey.pk_ctx )
{
pxEcdsaContext = pxSessionObj->xVerifyKey.pk_ctx;
lMbedTLSResult = mbedtls_ecdsa_verify( &pxEcdsaContext->grp, pData, ulDataLen, &pxEcdsaContext->Q, &xR, &xS );
}
( void ) mbedtls_mutex_unlock( &pxSessionObj->xVerifyMutex );
if( lMbedTLSResult != 0 )
{
xResult = CKR_SIGNATURE_INVALID;
LogError( ( "Failed verify operation. "
"mbedtls_ecdsa_verify failed: mbed TLS error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
}
}
else
{
LogError( ( "Failed verify operation. Could not take verify mutex." ) );
}
}
mbedtls_mpi_free( &xR );
mbedtls_mpi_free( &xS );
}
else
{
LogError( ( "Failed verify operation. Received an unexpected mechanism." ) );
}
}
if( xResult != CKR_SESSION_HANDLE_INVALID )
{
LogDebug( ( "Reset Verify mechanism to pkcs11NO_OPERATION." ) );
pxSessionObj->xOperationVerifyMechanism = pkcs11NO_OPERATION;
}
/* Return the signature verification result. */
return xResult;
}
pkcs11RSA_2048_SIGNATURE_LENGTH
#define pkcs11RSA_2048_SIGNATURE_LENGTH
Length of PKCS #11 signature for RSA 2048 key, in bytes.
Definition: core_pkcs11.h:125
pkcs11SHA256_DIGEST_LENGTH
#define pkcs11SHA256_DIGEST_LENGTH
Length of a SHA256 digest, in bytes.
Definition: core_pkcs11.h:92
pkcs11ECDSA_P256_SIGNATURE_LENGTH
#define pkcs11ECDSA_P256_SIGNATURE_LENGTH
Length of a curve P-256 ECDSA signature, in bytes. PKCS #11 EC signatures are represented as a 32-bit...
Definition: core_pkcs11.h:100
CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name)
Macro for defining a PKCS #11 functions.
Definition: core_pkcs11.h:72