1*9430SRaymond.Chen@Sun.COM /*
2*9430SRaymond.Chen@Sun.COM * CDDL HEADER START
3*9430SRaymond.Chen@Sun.COM *
4*9430SRaymond.Chen@Sun.COM * The contents of this file are subject to the terms of the
5*9430SRaymond.Chen@Sun.COM * Common Development and Distribution License (the "License").
6*9430SRaymond.Chen@Sun.COM * You may not use this file except in compliance with the License.
7*9430SRaymond.Chen@Sun.COM *
8*9430SRaymond.Chen@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*9430SRaymond.Chen@Sun.COM * or http://www.opensolaris.org/os/licensing.
10*9430SRaymond.Chen@Sun.COM * See the License for the specific language governing permissions
11*9430SRaymond.Chen@Sun.COM * and limitations under the License.
12*9430SRaymond.Chen@Sun.COM *
13*9430SRaymond.Chen@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each
14*9430SRaymond.Chen@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*9430SRaymond.Chen@Sun.COM * If applicable, add the following below this CDDL HEADER, with the
16*9430SRaymond.Chen@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying
17*9430SRaymond.Chen@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner]
18*9430SRaymond.Chen@Sun.COM *
19*9430SRaymond.Chen@Sun.COM * CDDL HEADER END
20*9430SRaymond.Chen@Sun.COM */
21*9430SRaymond.Chen@Sun.COM /*
22*9430SRaymond.Chen@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23*9430SRaymond.Chen@Sun.COM * Use is subject to license terms.
24*9430SRaymond.Chen@Sun.COM */
25*9430SRaymond.Chen@Sun.COM
26*9430SRaymond.Chen@Sun.COM
27*9430SRaymond.Chen@Sun.COM #include <stdlib.h>
28*9430SRaymond.Chen@Sun.COM #include <stdio.h>
29*9430SRaymond.Chen@Sun.COM #include <string.h>
30*9430SRaymond.Chen@Sun.COM #include <strings.h>
31*9430SRaymond.Chen@Sun.COM #include <sys/param.h>
32*9430SRaymond.Chen@Sun.COM #include <pwd.h>
33*9430SRaymond.Chen@Sun.COM #include <nss_dbdefs.h>
34*9430SRaymond.Chen@Sun.COM #include <auth_attr.h>
35*9430SRaymond.Chen@Sun.COM #include "crypto_util.h"
36*9430SRaymond.Chen@Sun.COM
37*9430SRaymond.Chen@Sun.COM /* init kmf handle and pkcs11 handle, for cc creation */
38*9430SRaymond.Chen@Sun.COM int
wusb_crypto_init(KMF_HANDLE_T * kmfhandle,CK_SESSION_HANDLE * pkhandle,const char * pktoken,const char * tokendir)39*9430SRaymond.Chen@Sun.COM wusb_crypto_init(
40*9430SRaymond.Chen@Sun.COM KMF_HANDLE_T *kmfhandle,
41*9430SRaymond.Chen@Sun.COM CK_SESSION_HANDLE *pkhandle,
42*9430SRaymond.Chen@Sun.COM const char *pktoken,
43*9430SRaymond.Chen@Sun.COM const char *tokendir)
44*9430SRaymond.Chen@Sun.COM {
45*9430SRaymond.Chen@Sun.COM KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
46*9430SRaymond.Chen@Sun.COM boolean_t bfalse = FALSE;
47*9430SRaymond.Chen@Sun.COM KMF_ATTRIBUTE attrlist[20];
48*9430SRaymond.Chen@Sun.COM int numattr;
49*9430SRaymond.Chen@Sun.COM
50*9430SRaymond.Chen@Sun.COM /* change default softtoken directory */
51*9430SRaymond.Chen@Sun.COM if (setenv("SOFTTOKEN_DIR", tokendir, 1) != 0) {
52*9430SRaymond.Chen@Sun.COM
53*9430SRaymond.Chen@Sun.COM return (-1);
54*9430SRaymond.Chen@Sun.COM }
55*9430SRaymond.Chen@Sun.COM
56*9430SRaymond.Chen@Sun.COM /* init kmf */
57*9430SRaymond.Chen@Sun.COM if (kmf_initialize(kmfhandle, NULL, NULL) != KMF_OK) {
58*9430SRaymond.Chen@Sun.COM
59*9430SRaymond.Chen@Sun.COM return (-1);
60*9430SRaymond.Chen@Sun.COM }
61*9430SRaymond.Chen@Sun.COM
62*9430SRaymond.Chen@Sun.COM numattr = 0;
63*9430SRaymond.Chen@Sun.COM kmf_set_attr_at_index(attrlist, numattr++,
64*9430SRaymond.Chen@Sun.COM KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
65*9430SRaymond.Chen@Sun.COM kmf_set_attr_at_index(attrlist, numattr++,
66*9430SRaymond.Chen@Sun.COM KMF_TOKEN_LABEL_ATTR, (void *)pktoken, strlen(pktoken) + 1);
67*9430SRaymond.Chen@Sun.COM kmf_set_attr_at_index(attrlist, numattr++,
68*9430SRaymond.Chen@Sun.COM KMF_READONLY_ATTR, &bfalse, sizeof (bfalse));
69*9430SRaymond.Chen@Sun.COM
70*9430SRaymond.Chen@Sun.COM if (kmf_configure_keystore(*kmfhandle, numattr, attrlist) != KMF_OK) {
71*9430SRaymond.Chen@Sun.COM
72*9430SRaymond.Chen@Sun.COM return (-1);
73*9430SRaymond.Chen@Sun.COM }
74*9430SRaymond.Chen@Sun.COM
75*9430SRaymond.Chen@Sun.COM /* get pkcs11 handle from kmf */
76*9430SRaymond.Chen@Sun.COM *pkhandle = kmf_get_pk11_handle(*kmfhandle);
77*9430SRaymond.Chen@Sun.COM if (*pkhandle == NULL) {
78*9430SRaymond.Chen@Sun.COM
79*9430SRaymond.Chen@Sun.COM return (-1);
80*9430SRaymond.Chen@Sun.COM }
81*9430SRaymond.Chen@Sun.COM
82*9430SRaymond.Chen@Sun.COM return (0);
83*9430SRaymond.Chen@Sun.COM }
84*9430SRaymond.Chen@Sun.COM
85*9430SRaymond.Chen@Sun.COM void
wusb_crypto_fini(KMF_HANDLE_T kmfhandle)86*9430SRaymond.Chen@Sun.COM wusb_crypto_fini(KMF_HANDLE_T kmfhandle)
87*9430SRaymond.Chen@Sun.COM {
88*9430SRaymond.Chen@Sun.COM (void) kmf_finalize(kmfhandle);
89*9430SRaymond.Chen@Sun.COM }
90*9430SRaymond.Chen@Sun.COM
91*9430SRaymond.Chen@Sun.COM /* random generation, for cc creation */
92*9430SRaymond.Chen@Sun.COM int
wusb_random(CK_SESSION_HANDLE hSession,CK_BYTE * seed,size_t slen,CK_BYTE * rand,size_t rlen)93*9430SRaymond.Chen@Sun.COM wusb_random(
94*9430SRaymond.Chen@Sun.COM CK_SESSION_HANDLE hSession,
95*9430SRaymond.Chen@Sun.COM CK_BYTE *seed, size_t slen,
96*9430SRaymond.Chen@Sun.COM CK_BYTE *rand, size_t rlen)
97*9430SRaymond.Chen@Sun.COM {
98*9430SRaymond.Chen@Sun.COM hrtime_t hrt;
99*9430SRaymond.Chen@Sun.COM
100*9430SRaymond.Chen@Sun.COM if (seed == NULL) {
101*9430SRaymond.Chen@Sun.COM hrt = gethrtime() + gethrvtime();
102*9430SRaymond.Chen@Sun.COM if (C_SeedRandom(hSession, (CK_BYTE *)&hrt,
103*9430SRaymond.Chen@Sun.COM sizeof (hrt)) != CKR_OK) {
104*9430SRaymond.Chen@Sun.COM
105*9430SRaymond.Chen@Sun.COM return (-1);
106*9430SRaymond.Chen@Sun.COM }
107*9430SRaymond.Chen@Sun.COM } else {
108*9430SRaymond.Chen@Sun.COM if (C_SeedRandom(hSession, seed, slen) != CKR_OK) {
109*9430SRaymond.Chen@Sun.COM
110*9430SRaymond.Chen@Sun.COM return (-1);
111*9430SRaymond.Chen@Sun.COM }
112*9430SRaymond.Chen@Sun.COM }
113*9430SRaymond.Chen@Sun.COM
114*9430SRaymond.Chen@Sun.COM if (C_GenerateRandom(hSession, rand, rlen) != CKR_OK) {
115*9430SRaymond.Chen@Sun.COM
116*9430SRaymond.Chen@Sun.COM return (-1);
117*9430SRaymond.Chen@Sun.COM }
118*9430SRaymond.Chen@Sun.COM
119*9430SRaymond.Chen@Sun.COM return (0);
120*9430SRaymond.Chen@Sun.COM }
121*9430SRaymond.Chen@Sun.COM
122*9430SRaymond.Chen@Sun.COM
123*9430SRaymond.Chen@Sun.COM /* conver mac address to label string */
124*9430SRaymond.Chen@Sun.COM void
mac_to_label(uint8_t * mac,char * label)125*9430SRaymond.Chen@Sun.COM mac_to_label(uint8_t *mac, char *label)
126*9430SRaymond.Chen@Sun.COM {
127*9430SRaymond.Chen@Sun.COM int i;
128*9430SRaymond.Chen@Sun.COM
129*9430SRaymond.Chen@Sun.COM bzero(label, WUSB_CC_LABEL_LENGTH);
130*9430SRaymond.Chen@Sun.COM for (i = 0; i < WUSB_DEV_MAC_LENGTH; i++) {
131*9430SRaymond.Chen@Sun.COM (void) snprintf(label, WUSB_CC_LABEL_LENGTH,
132*9430SRaymond.Chen@Sun.COM "%s%02x", label, mac[i]);
133*9430SRaymond.Chen@Sun.COM }
134*9430SRaymond.Chen@Sun.COM }
135*9430SRaymond.Chen@Sun.COM
136*9430SRaymond.Chen@Sun.COM /* ARGSUSED */
137*9430SRaymond.Chen@Sun.COM /* For debug only, print an array of byte */
138*9430SRaymond.Chen@Sun.COM void
print_array(const char * label,CK_BYTE * array,size_t len)139*9430SRaymond.Chen@Sun.COM print_array(const char *label, CK_BYTE *array, size_t len)
140*9430SRaymond.Chen@Sun.COM {
141*9430SRaymond.Chen@Sun.COM #ifdef DEBUG
142*9430SRaymond.Chen@Sun.COM int i;
143*9430SRaymond.Chen@Sun.COM
144*9430SRaymond.Chen@Sun.COM fprintf(stdout, "%s :\n", label);
145*9430SRaymond.Chen@Sun.COM for (i = 0; i < len; i++) {
146*9430SRaymond.Chen@Sun.COM fprintf(stdout, "%02x ", array[i]);
147*9430SRaymond.Chen@Sun.COM if ((i & 15) == 15) fprintf(stdout, "\n");
148*9430SRaymond.Chen@Sun.COM }
149*9430SRaymond.Chen@Sun.COM #endif
150*9430SRaymond.Chen@Sun.COM }
151*9430SRaymond.Chen@Sun.COM
152*9430SRaymond.Chen@Sun.COM /* Check if a uid has auths */
153*9430SRaymond.Chen@Sun.COM int
chk_auths(uid_t uid,const char * auths)154*9430SRaymond.Chen@Sun.COM chk_auths(uid_t uid, const char *auths)
155*9430SRaymond.Chen@Sun.COM {
156*9430SRaymond.Chen@Sun.COM struct passwd pwd;
157*9430SRaymond.Chen@Sun.COM char buf[NSS_LINELEN_PASSWD];
158*9430SRaymond.Chen@Sun.COM
159*9430SRaymond.Chen@Sun.COM
160*9430SRaymond.Chen@Sun.COM if (uid == (uid_t)-1) {
161*9430SRaymond.Chen@Sun.COM return (-1);
162*9430SRaymond.Chen@Sun.COM }
163*9430SRaymond.Chen@Sun.COM
164*9430SRaymond.Chen@Sun.COM /* get user name */
165*9430SRaymond.Chen@Sun.COM if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) {
166*9430SRaymond.Chen@Sun.COM return (-1);
167*9430SRaymond.Chen@Sun.COM }
168*9430SRaymond.Chen@Sun.COM
169*9430SRaymond.Chen@Sun.COM /* check the auths */
170*9430SRaymond.Chen@Sun.COM if (chkauthattr(auths, pwd.pw_name) != 1) {
171*9430SRaymond.Chen@Sun.COM return (-1);
172*9430SRaymond.Chen@Sun.COM }
173*9430SRaymond.Chen@Sun.COM return (0);
174*9430SRaymond.Chen@Sun.COM
175*9430SRaymond.Chen@Sun.COM }
176