SignData(3)SignData(3)NAME
SignData, CSSM_SignData, CSP_SignData - Sign all buffer data (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_SignData (CSSM_CC_HANDLE CCHandle, const
CSSM_DATA *DataBufs, uint32 DataBufCount, CSSM_ALGORITHMS DigestAlgo‐
rithm, CSSM_DATA_PTR Signature) SPI: CSSM_RETURN CSSMCSPI CSP_SignData
(CSSM_CSP_HANDLE CSPHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CONTEXT
*Context, const CSSM_DATA *DataBufs, uint32 DataBufCount, CSSM_ALGO‐
RITHMS DigestAlgorithm, CSSM_DATA_PTR Signature)
LIBRARY
Common Security Services Manager library (libcssm.so)
API PARAMETERS
The handle that describes the context of this cryptographic operation
used to link to the CSP-managed information. A pointer to a vector of
CSSM_DATA structures that contain the data to be signed. The number of
DataBufs to be signed. If signing just a digest, specifies the type of
digest. In this case, the context should only specify the encryption
algorithm. If not signing just a digest, it must be CSSM_ALGID_NONE. In
this case, the context should specify the combination digest/encryption
algorithm. A pointer to the CSSM_DATA structure for the signature.
SPI PARAMETERS
The handle that describes the add-in cryptographic service provider
module used to perform up calls to CSSM for the memory functions man‐
aged by CSSM. Pointer to CSSM_CONTEXT structure that describes the
attributes with this context.
DESCRIPTION
This function signs all data contained in the set of input buffers
using the private key specified in the context. The CSP can require
that the cryptographic context include access credentials for authenti‐
cation and authorization checks when using a private key or a secret
key.
Signing can include digesting the data and encrypting the digest or
signing just the digest (already calculated by the application). If
digesting the data and encrypting the digest, then the context should
specify the combination digest/encryption algorithm (for example,
CSSM_ALGID_MD5WithRSA). In this case, the DigestAlgorithm parameter
must be set to CSSM_ALGID_NONE. If signing just the digest, then the
context should specify just the encryption algorithm and the DigestAl‐
gorithm parameter should specify the type of digest (for example,
CSSM_ALGID_MD5). Also, DataBufCount must be 1.
If the signing algorithm is not reversible or strictly limits the size
of the signed data, then the algorithm can specify signing without
digesting. In this case, the sign operation is performed on the input
data and the size of the input data is restricted by the service
provider.
NOTES ON API
The output is returned to the caller either by filling the caller-spec‐
ified buffer or by using the application's declared memory allocation
functions to allocate buffer space. To specify a specific, preallocated
output buffer, the caller must provide an array of one or more
CSSM_DATA structures each, containing a Length field value greater than
zero and a non-NULL data pointer field value. To specify automatic out‐
put buffer allocation by the CSP, the caller must provide an array of
one or more CSSM_DATA structures, each containing a Length field value
equal to zero and a NULL data pointer field value. The application is
always responsible for deallocating the memory when it is no longer
needed.
NOTES ON SPI
The output is returned to the caller as specifed in Buffer Management
for Cryptographic Services.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CSP_OUTPUT_LENGTH_ERROR CSS‐
MERR_CSP_INVALID_DIGEST_ALGORITHM
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_VerifyData(3), CSSM_SignDataInit(3), CSSM_SignDataUpdate(3),
CSSM_SignDataFinal(3)
Functions for the CSP SPI:
CSP_VerifyData(3), CSP_SignDataInit(3), CSP_SignDataUpdate(3),
CSP_SignDataFinal(3)SignData(3)