C_SignInit

Initializes a signature operation.

CK_DECLARE_FUNCTION( CK_RV, C_SignInit )( CK_SESSION_HANDLE hSession,
                                          CK_MECHANISM_PTR pMechanism,
                                          CK_OBJECT_HANDLE hKey )
{
    /* See explanation in prvCheckValidSessionAndModule for this exception. */
    /* coverity[misra_c_2012_rule_10_5_violation] */
    CK_BBOOL xIsPrivate = ( CK_BBOOL ) CK_TRUE;
    CK_OBJECT_HANDLE xPalHandle;
    CK_BYTE_PTR pxLabel = NULL;
    CK_ULONG xLabelLength = 0;
 
    CK_BYTE_PTR pucKeyData = NULL;
    CK_ULONG ulKeyDataLength = 0;
 
    P11Session_t * pxSession = prvSessionPointerFromHandle( hSession );
    CK_RV xResult = prvCheckValidSessionAndModule( pxSession );
 
    if( NULL == pMechanism )
    {
        LogError( ( "Failed to initialize sign operation. NULL pointer to "
                    "signing mechanism provided." ) );
        xResult = CKR_ARGUMENTS_BAD;
    }
 
    /* See explanation in prvCheckValidSessionAndModule for this exception. */
    /* coverity[misra_c_2012_rule_10_5_violation] */
    if( ( xResult == CKR_OK ) && ( prvOperationActive( pxSession ) == ( CK_BBOOL ) CK_TRUE ) )
    {
        LogError( ( "Failed to initialize sign operation. Operation already active." ) );
        xResult = CKR_OPERATION_ACTIVE;
    }
 
    /* Retrieve key value from storage. */
    if( xResult == CKR_OK )
    {
        prvFindObjectInListByHandle( hKey,
                                     &xPalHandle,
                                     &pxLabel,
                                     &xLabelLength );
 
        if( xPalHandle != CK_INVALID_HANDLE )
        {
            xResult = PKCS11_PAL_GetObjectValue( xPalHandle, &pucKeyData, &ulKeyDataLength, &xIsPrivate );
 
            if( xResult != CKR_OK )
            {
                LogError( ( "Failed to initialize sign operation. Unable to "
                            "retrieve value of private key for signing 0x%0lX.", ( unsigned long int ) xResult ) );
                xResult = CKR_KEY_HANDLE_INVALID;
            }
        }
        else
        {
            LogDebug( ( "Could not find PKCS #11 PAL Handle." ) );
            xResult = CKR_KEY_HANDLE_INVALID;
        }
    }
 
    /* Check that a private key was retrieved. */
    if( xResult == CKR_OK )
    {
        /* See explanation in prvCheckValidSessionAndModule for this exception. */
        /* coverity[misra_c_2012_rule_10_5_violation] */
        if( xIsPrivate != ( CK_BBOOL ) CK_TRUE )
        {
            LogError( ( "Failed to initialize sign operation. Sign operation "
                        "attempted with public key." ) );
            xResult = CKR_KEY_TYPE_INCONSISTENT;
        }
    }
 
    /* Convert the private key from storage format to mbedTLS usable format. */
    if( xResult == CKR_OK )
    {
        if( 0 == mbedtls_mutex_lock( &pxSession->xSignMutex ) )
        {
            switch( pMechanism->mechanism )
            {
                case CKM_RSA_PKCS:
                case CKM_ECDSA:
 
                    if( ( pxSession->xSignKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xSignKeyHandle != hKey ) )
                    {
                        xResult = prvSignInitEC_RSAKeys( pxSession, pMechanism, hKey, pucKeyData, ulKeyDataLength );
                    }
                    else
                    {
                        /* The correct credentials are already initialized. */
                    }
 
                    break;
 
                case CKM_SHA256_HMAC:
 
                    if( ( pxSession->xHMACKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xHMACKeyHandle != hKey ) )
                    {
                        xResult = prvSignInitSHA256HMAC( pxSession, hKey, pucKeyData, ulKeyDataLength );
                    }
                    else
                    {
                        /* The correct credentials are already initialized. */
                    }
 
                    break;
 
                case CKM_AES_CMAC:
 
                    if( ( pxSession->xCMACKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xCMACKeyHandle != hKey ) )
                    {
                        xResult = prvSignInitAESCMAC( pxSession, hKey, pucKeyData, ulKeyDataLength );
                    }
                    else
                    {
                        /* The correct credentials are already initialized. */
                    }
 
                    break;
 
                default:
                    LogError( ( "Failed to initialize sign operation. Received "
                                "an unknown or invalid mechanism." ) );
                    xResult = CKR_MECHANISM_INVALID;
                    break;
            }
 
            ( void ) mbedtls_mutex_unlock( &pxSession->xSignMutex );
        }
        else
        {
            LogError( ( "Failed sign operation. Could not take sign mutex." ) );
            xResult = CKR_CANT_LOCK;
        }
    }
 
    if( xPalHandle != CK_INVALID_HANDLE )
    {
        PKCS11_PAL_GetObjectValueCleanup( pucKeyData, ulKeyDataLength );
    }
 
    if( xResult == CKR_OK )
    {
        LogDebug( ( "Sign mechanism set to 0x%0lX.", ( unsigned long int ) pMechanism->mechanism ) );
        pxSession->xOperationSignMechanism = pMechanism->mechanism;
    }
 
    return xResult;
}

See also

C_Sign() completes signatures initiated by C_SignInit().

Note

C_Sign() parameters are shared by a session. Calling C_SignInit() & C_Sign() with the same session across different tasks may lead to unexpected results.

Parameters

[in]	hSession	Handle of a valid PKCS #11 session.
[in]	pMechanism	Mechanism used to sign. This port supports the following mechanisms: CKM_RSA_PKCS for RSA signatures CKM_ECDSA for elliptic curve signatures Note that neither of these mechanisms perform hash operations.
[in]	hKey	The handle of the private key to be used for signature. Key must be compatible with the mechanism chosen by pMechanism.

Returns

CKR_OK if successful.