corePKCS11  V3.0.0
PKCS #11 Cryptoki Library
C_VerifyInit
CK_DECLARE_FUNCTION( CK_RV, C_VerifyInit )( CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey )
{
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
CK_BBOOL xIsPrivate = ( CK_BBOOL ) CK_TRUE;
P11Session_t * pxSession;
CK_BYTE_PTR pucKeyData = NULL;
CK_ULONG ulKeyDataLength = 0;
mbedtls_pk_type_t xKeyType;
CK_OBJECT_HANDLE xPalHandle = CK_INVALID_HANDLE;
CK_BYTE_PTR pxLabel = NULL;
CK_ULONG xLabelLength = 0;
int32_t lMbedTLSResult = 0;
CK_RV xResult = CKR_OK;
pxSession = prvSessionPointerFromHandle( hSession );
xResult = prvCheckValidSessionAndModule( pxSession );
if( NULL == pMechanism )
{
LogError( ( "Failed to initialize verify operation. Null verification "
"mechanism provided." ) );
xResult = CKR_ARGUMENTS_BAD;
}
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( ( xResult == CKR_OK ) && ( prvOperationActive( pxSession ) == ( CK_BBOOL ) CK_TRUE ) )
{
LogError( ( "Failed to initialize verify operation. An operation was "
"already active." ) );
xResult = CKR_OPERATION_ACTIVE;
}
/* Retrieve key value from storage. */
if( xResult == CKR_OK )
{
prvFindObjectInListByHandle( hKey,
&xPalHandle,
&pxLabel,
&xLabelLength );
if( xPalHandle != CK_INVALID_HANDLE )
{
xResult = PKCS11_PAL_GetObjectValue( xPalHandle, &pucKeyData, &ulKeyDataLength, &xIsPrivate );
if( xResult != CKR_OK )
{
LogError( ( "Failed to initialize verify operation. Unable to "
"retrieve value of private key for signing 0x%0lX.",
( unsigned long int ) xResult ) );
xResult = CKR_KEY_HANDLE_INVALID;
}
}
else
{
LogError( ( "Failed to initialize verify operation. Couldn't find "
"a valid PKCS #11 PAL Handle." ) );
xResult = CKR_KEY_HANDLE_INVALID;
}
}
/* Check that a public key was retrieved. */
if( xResult == CKR_OK )
{
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( xIsPrivate != ( CK_BBOOL ) CK_FALSE )
{
LogError( ( "Failed to initialize verify operation. Verify "
"operation attempted with private key." ) );
xResult = CKR_KEY_TYPE_INCONSISTENT;
}
}
if( xResult == CKR_OK )
{
if( 0 == mbedtls_mutex_lock( &pxSession->xVerifyMutex ) )
{
if( ( pxSession->xVerifyKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xVerifyKeyHandle != hKey ) )
{
pxSession->xVerifyKeyHandle = CK_INVALID_HANDLE;
mbedtls_pk_free( &pxSession->xVerifyKey );
mbedtls_pk_init( &pxSession->xVerifyKey );
lMbedTLSResult = mbedtls_pk_parse_public_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength );
if( 0 != lMbedTLSResult )
{
lMbedTLSResult = mbedtls_pk_parse_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength, NULL, 0 );
if( 0 != lMbedTLSResult )
{
LogError( ( "Failed to initialize verify operation. "
"mbedtls_pk_parse_key failed: mbed TLS "
"error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
xResult = CKR_KEY_HANDLE_INVALID;
}
else
{
LogDebug( ( "Found verify key handle." ) );
pxSession->xVerifyKeyHandle = hKey;
}
}
else
{
LogDebug( ( "Found verify key handle." ) );
pxSession->xVerifyKeyHandle = hKey;
}
}
( void ) mbedtls_mutex_unlock( &pxSession->xVerifyMutex );
PKCS11_PAL_GetObjectValueCleanup( pucKeyData, ulKeyDataLength );
}
else
{
LogError( ( "Failed to initialize verify operation. Could not "
"take xVerifyMutex." ) );
xResult = CKR_CANT_LOCK;
}
}
/* Check that the mechanism and key type are compatible, supported. */
if( xResult == CKR_OK )
{
xKeyType = mbedtls_pk_get_type( &pxSession->xVerifyKey );
if( pMechanism->mechanism == CKM_RSA_X_509 )
{
if( xKeyType != MBEDTLS_PK_RSA )
{
LogError( ( "Failed to initialize verify operation. "
"Verification key type (0x%0lX) does not match "
"RSA mechanism.",
( unsigned long int ) xKeyType ) );
xResult = CKR_KEY_TYPE_INCONSISTENT;
}
}
else if( pMechanism->mechanism == CKM_ECDSA )
{
if( ( xKeyType != MBEDTLS_PK_ECDSA ) && ( xKeyType != MBEDTLS_PK_ECKEY ) )
{
LogError( ( "Failed to initialize verify operation. "
"Verification key type (0x%0lX) does not match "
"ECDSA mechanism.",
( unsigned long int ) xKeyType ) );
xResult = CKR_KEY_TYPE_INCONSISTENT;
}
}
else
{
LogError( ( "Failed to initialize verify operation. Unsupported "
"mechanism type 0x%0lX",
( unsigned long int ) pMechanism->mechanism ) );
xResult = CKR_MECHANISM_INVALID;
}
}
if( xResult == CKR_OK )
{
LogDebug( ( "Verify mechanism set to 0x%0lX.", ( unsigned long int ) pMechanism->mechanism ) );
pxSession->xOperationVerifyMechanism = pMechanism->mechanism;
}
return xResult;
}
PKCS11_PAL_GetObjectValueCleanup
void PKCS11_PAL_GetObjectValueCleanup(CK_BYTE_PTR pucData, CK_ULONG ulDataSize)
Cleanup after PKCS11_GetObjectValue().
PKCS11_PAL_GetObjectValue
CK_RV PKCS11_PAL_GetObjectValue(CK_OBJECT_HANDLE xHandle, CK_BYTE_PTR *ppucData, CK_ULONG_PTR pulDataSize, CK_BBOOL *pIsPrivate)
Gets the value of an object in storage, by handle.
CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name)
Macro for defining a PKCS #11 functions.
Definition: core_pkcs11.h:72