10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 53812Shylee * Common Development and Distribution License (the "License"). 63812Shylee * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 226281Sda73024 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * digest.c 280Sstevel@tonic-gate * 290Sstevel@tonic-gate * Implements digest(1) and mac(1) commands 300Sstevel@tonic-gate * If command name is mac, performs mac operation 310Sstevel@tonic-gate * else perform digest operation 320Sstevel@tonic-gate * 330Sstevel@tonic-gate * See the man pages for digest and mac for details on 340Sstevel@tonic-gate * how these commands work. 350Sstevel@tonic-gate */ 360Sstevel@tonic-gate 370Sstevel@tonic-gate #include <stdio.h> 380Sstevel@tonic-gate #include <stdlib.h> 390Sstevel@tonic-gate #include <unistd.h> 400Sstevel@tonic-gate #include <fcntl.h> 410Sstevel@tonic-gate #include <ctype.h> 420Sstevel@tonic-gate #include <strings.h> 430Sstevel@tonic-gate #include <libintl.h> 440Sstevel@tonic-gate #include <libgen.h> 450Sstevel@tonic-gate #include <locale.h> 460Sstevel@tonic-gate #include <errno.h> 470Sstevel@tonic-gate #include <sys/types.h> 480Sstevel@tonic-gate #include <sys/stat.h> 490Sstevel@tonic-gate #include <security/cryptoki.h> 500Sstevel@tonic-gate #include <limits.h> 510Sstevel@tonic-gate #include <cryptoutil.h> 523812Shylee #include <kmfapi.h> 530Sstevel@tonic-gate 540Sstevel@tonic-gate #define BUFFERSIZE (4096) /* Buffer size for reading file */ 550Sstevel@tonic-gate 560Sstevel@tonic-gate /* 570Sstevel@tonic-gate * RESULTLEN - large enough size in bytes to hold result for 580Sstevel@tonic-gate * digest and mac results for all mechanisms 590Sstevel@tonic-gate */ 600Sstevel@tonic-gate #define RESULTLEN (512) 610Sstevel@tonic-gate 620Sstevel@tonic-gate /* 630Sstevel@tonic-gate * Exit Status codes 640Sstevel@tonic-gate */ 650Sstevel@tonic-gate #ifndef EXIT_SUCCESS 660Sstevel@tonic-gate #define EXIT_SUCCESS 0 /* No errors */ 670Sstevel@tonic-gate #define EXIT_FAILURE 1 /* All errors except usage */ 680Sstevel@tonic-gate #endif /* EXIT_SUCCESS */ 690Sstevel@tonic-gate 700Sstevel@tonic-gate #define EXIT_USAGE 2 /* usage/syntax error */ 710Sstevel@tonic-gate 720Sstevel@tonic-gate #define MAC_NAME "mac" /* name of mac command */ 733812Shylee #define MAC_OPTIONS "lva:k:T:K:" /* for getopt */ 740Sstevel@tonic-gate #define DIGEST_NAME "digest" /* name of mac command */ 750Sstevel@tonic-gate #define DIGEST_OPTIONS "lva:" /* for getopt */ 760Sstevel@tonic-gate 770Sstevel@tonic-gate static boolean_t vflag = B_FALSE; /* -v (verbose) flag, optional */ 780Sstevel@tonic-gate static boolean_t aflag = B_FALSE; /* -a <algorithm> flag, required */ 790Sstevel@tonic-gate static boolean_t lflag = B_FALSE; /* -l flag, for mac and digest */ 803812Shylee static boolean_t kflag = B_FALSE; 813812Shylee static boolean_t Tflag = B_FALSE; 823812Shylee static boolean_t Kflag = B_FALSE; 830Sstevel@tonic-gate 840Sstevel@tonic-gate static char *keyfile = NULL; /* name of keyfile */ 853812Shylee static char *token_label = NULL; 863812Shylee static char *key_label = NULL; 873812Shylee 880Sstevel@tonic-gate static CK_BYTE buf[BUFFERSIZE]; 890Sstevel@tonic-gate 900Sstevel@tonic-gate struct mech_alias { 910Sstevel@tonic-gate CK_MECHANISM_TYPE type; 920Sstevel@tonic-gate char *alias; 930Sstevel@tonic-gate CK_ULONG keysize_min; 940Sstevel@tonic-gate CK_ULONG keysize_max; 950Sstevel@tonic-gate int keysize_unit; 960Sstevel@tonic-gate boolean_t available; 970Sstevel@tonic-gate }; 980Sstevel@tonic-gate 99676Sizick #define MECH_ALIASES_COUNT 11 1000Sstevel@tonic-gate 1010Sstevel@tonic-gate static struct mech_alias mech_aliases[] = { 1020Sstevel@tonic-gate { CKM_SHA_1, "sha1", ULONG_MAX, 0L, 8, B_FALSE }, 1030Sstevel@tonic-gate { CKM_MD5, "md5", ULONG_MAX, 0L, 8, B_FALSE }, 1040Sstevel@tonic-gate { CKM_DES_MAC, "des_mac", ULONG_MAX, 0L, 8, B_FALSE }, 1050Sstevel@tonic-gate { CKM_SHA_1_HMAC, "sha1_hmac", ULONG_MAX, 0L, 8, B_FALSE }, 1060Sstevel@tonic-gate { CKM_MD5_HMAC, "md5_hmac", ULONG_MAX, 0L, 8, B_FALSE }, 107676Sizick { CKM_SHA256, "sha256", ULONG_MAX, 0L, 8, B_FALSE }, 108676Sizick { CKM_SHA384, "sha384", ULONG_MAX, 0L, 8, B_FALSE }, 109676Sizick { CKM_SHA512, "sha512", ULONG_MAX, 0L, 8, B_FALSE }, 110676Sizick { CKM_SHA256_HMAC, "sha256_hmac", ULONG_MAX, 0L, 8, B_FALSE }, 111676Sizick { CKM_SHA384_HMAC, "sha384_hmac", ULONG_MAX, 0L, 8, B_FALSE }, 112676Sizick { CKM_SHA512_HMAC, "sha512_hmac", ULONG_MAX, 0L, 8, B_FALSE } 1130Sstevel@tonic-gate }; 1140Sstevel@tonic-gate 1150Sstevel@tonic-gate static CK_BBOOL true = TRUE; 1160Sstevel@tonic-gate 1170Sstevel@tonic-gate static void usage(boolean_t mac_cmd); 1180Sstevel@tonic-gate static int execute_cmd(char *algo_str, int filecount, 1190Sstevel@tonic-gate char **filelist, boolean_t mac_cmd); 1200Sstevel@tonic-gate static CK_RV do_mac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech, 1210Sstevel@tonic-gate int fd, CK_OBJECT_HANDLE key, CK_BYTE_PTR *psignature, 1220Sstevel@tonic-gate CK_ULONG_PTR psignaturelen); 1230Sstevel@tonic-gate static CK_RV do_digest(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech, 1240Sstevel@tonic-gate int fd, CK_BYTE_PTR *pdigest, CK_ULONG_PTR pdigestlen); 1250Sstevel@tonic-gate 1260Sstevel@tonic-gate int 1270Sstevel@tonic-gate main(int argc, char **argv) 1280Sstevel@tonic-gate { 1290Sstevel@tonic-gate 1300Sstevel@tonic-gate extern char *optarg; 1310Sstevel@tonic-gate extern int optind; 1320Sstevel@tonic-gate int errflag = 0; /* We had an optstr parse error */ 1330Sstevel@tonic-gate char c; /* current getopts flag */ 1340Sstevel@tonic-gate char *algo_str; /* mechanism/algorithm string */ 1350Sstevel@tonic-gate int filecount; 1360Sstevel@tonic-gate boolean_t mac_cmd; /* if TRUE, do mac, else do digest */ 1370Sstevel@tonic-gate char *optstr; 1380Sstevel@tonic-gate char **filelist; /* list of files */ 1390Sstevel@tonic-gate char *cmdname = NULL; /* name of command */ 1400Sstevel@tonic-gate 1410Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 1420Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defiend by cc -D */ 1430Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */ 1440Sstevel@tonic-gate #endif 1450Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate /* 1480Sstevel@tonic-gate * Based on command name, determine 1490Sstevel@tonic-gate * type of command. mac is mac 1500Sstevel@tonic-gate * everything else is digest. 1510Sstevel@tonic-gate */ 1520Sstevel@tonic-gate cmdname = basename(argv[0]); 1530Sstevel@tonic-gate 1540Sstevel@tonic-gate cryptodebug_init(cmdname); 1550Sstevel@tonic-gate 1560Sstevel@tonic-gate if (strcmp(cmdname, MAC_NAME) == 0) 1570Sstevel@tonic-gate mac_cmd = B_TRUE; 1580Sstevel@tonic-gate else if (strcmp(cmdname, DIGEST_NAME) == 0) 1590Sstevel@tonic-gate mac_cmd = B_FALSE; 1600Sstevel@tonic-gate else { 1610Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 1625051Swyllys "command name must be either digest or mac\n")); 1630Sstevel@tonic-gate exit(EXIT_USAGE); 1640Sstevel@tonic-gate } 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate if (mac_cmd) { 1670Sstevel@tonic-gate optstr = MAC_OPTIONS; 1680Sstevel@tonic-gate } else { 1690Sstevel@tonic-gate optstr = DIGEST_OPTIONS; 1700Sstevel@tonic-gate } 1710Sstevel@tonic-gate 1720Sstevel@tonic-gate /* Parse command line arguments */ 1730Sstevel@tonic-gate while (!errflag && (c = getopt(argc, argv, optstr)) != -1) { 1740Sstevel@tonic-gate 1750Sstevel@tonic-gate switch (c) { 1760Sstevel@tonic-gate case 'v': 1770Sstevel@tonic-gate vflag = B_TRUE; 1780Sstevel@tonic-gate break; 1790Sstevel@tonic-gate case 'a': 1800Sstevel@tonic-gate aflag = B_TRUE; 1810Sstevel@tonic-gate algo_str = optarg; 1820Sstevel@tonic-gate break; 1830Sstevel@tonic-gate case 'k': 1843812Shylee kflag = B_TRUE; 1850Sstevel@tonic-gate keyfile = optarg; 1860Sstevel@tonic-gate break; 1870Sstevel@tonic-gate case 'l': 1880Sstevel@tonic-gate lflag = B_TRUE; 1890Sstevel@tonic-gate break; 1903812Shylee case 'T': 1913812Shylee Tflag = B_TRUE; 1923812Shylee token_label = optarg; 1933812Shylee break; 1943812Shylee case 'K': 1953812Shylee Kflag = B_TRUE; 1963812Shylee key_label = optarg; 1973812Shylee break; 1980Sstevel@tonic-gate default: 1990Sstevel@tonic-gate errflag++; 2000Sstevel@tonic-gate } 2010Sstevel@tonic-gate } 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate filecount = argc - optind; 2040Sstevel@tonic-gate if (errflag || (!aflag && !lflag) || (lflag && argc > 2) || 2053812Shylee (kflag && Kflag) || (Tflag && !Kflag) || filecount < 0) { 2060Sstevel@tonic-gate usage(mac_cmd); 2070Sstevel@tonic-gate exit(EXIT_USAGE); 2080Sstevel@tonic-gate } 2090Sstevel@tonic-gate 2100Sstevel@tonic-gate if (filecount == 0) { 2110Sstevel@tonic-gate filelist = NULL; 2120Sstevel@tonic-gate } else { 2130Sstevel@tonic-gate filelist = &argv[optind]; 2140Sstevel@tonic-gate } 2150Sstevel@tonic-gate 2160Sstevel@tonic-gate return (execute_cmd(algo_str, filecount, filelist, mac_cmd)); 2170Sstevel@tonic-gate } 2180Sstevel@tonic-gate 2190Sstevel@tonic-gate /* 2200Sstevel@tonic-gate * usage message for digest/mac 2210Sstevel@tonic-gate */ 2220Sstevel@tonic-gate static void 2230Sstevel@tonic-gate usage(boolean_t mac_cmd) 2240Sstevel@tonic-gate { 2253812Shylee (void) fprintf(stderr, gettext("Usage:\n")); 2260Sstevel@tonic-gate if (mac_cmd) { 2273812Shylee (void) fprintf(stderr, gettext(" mac -l\n")); 2283812Shylee (void) fprintf(stderr, gettext(" mac [-v] -a <algorithm> " 2293812Shylee "[-k <keyfile> | -K <keylabel> [-T <tokenspec>]] " 2303812Shylee "[file...]\n")); 2310Sstevel@tonic-gate } else { 2323812Shylee (void) fprintf(stderr, gettext(" digest -l | [-v] " 2333812Shylee "-a <algorithm> [file...]\n")); 2340Sstevel@tonic-gate } 2350Sstevel@tonic-gate } 2360Sstevel@tonic-gate 2370Sstevel@tonic-gate /* 2380Sstevel@tonic-gate * Print out list of available algorithms. 2390Sstevel@tonic-gate */ 2400Sstevel@tonic-gate static void 2410Sstevel@tonic-gate algorithm_list(boolean_t mac_cmd) 2420Sstevel@tonic-gate { 2430Sstevel@tonic-gate int mech; 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate if (mac_cmd) 2460Sstevel@tonic-gate (void) printf(gettext("Algorithm Keysize: Min " 2475051Swyllys "Max (bits)\n" 2480Sstevel@tonic-gate "------------------------------------------\n")); 2490Sstevel@tonic-gate 2500Sstevel@tonic-gate for (mech = 0; mech < MECH_ALIASES_COUNT; mech++) { 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate if (mech_aliases[mech].available == B_FALSE) 2530Sstevel@tonic-gate continue; 2540Sstevel@tonic-gate 2550Sstevel@tonic-gate if (mac_cmd) { 2560Sstevel@tonic-gate (void) printf("%-15s", mech_aliases[mech].alias); 2570Sstevel@tonic-gate 2580Sstevel@tonic-gate if (mech_aliases[mech].keysize_min != ULONG_MAX && 2590Sstevel@tonic-gate mech_aliases[mech].keysize_max != 0) 2600Sstevel@tonic-gate (void) printf(" %5lu %5lu\n", 2610Sstevel@tonic-gate (mech_aliases[mech].keysize_min * 2625051Swyllys mech_aliases[mech].keysize_unit), 2630Sstevel@tonic-gate (mech_aliases[mech].keysize_max * 2645051Swyllys mech_aliases[mech].keysize_unit)); 2650Sstevel@tonic-gate else 2660Sstevel@tonic-gate (void) printf("\n"); 2670Sstevel@tonic-gate 2680Sstevel@tonic-gate } else 2690Sstevel@tonic-gate (void) printf("%s\n", mech_aliases[mech].alias); 2700Sstevel@tonic-gate 2710Sstevel@tonic-gate } 2720Sstevel@tonic-gate } 2730Sstevel@tonic-gate 2743812Shylee static int 2753812Shylee get_token_key(CK_SESSION_HANDLE hSession, CK_KEY_TYPE keytype, 2763812Shylee char *keylabel, CK_BYTE *password, int password_len, 2773812Shylee CK_OBJECT_HANDLE *keyobj) 2783812Shylee { 2793812Shylee CK_RV rv; 2803812Shylee CK_ATTRIBUTE pTmpl[10]; 2813812Shylee CK_OBJECT_CLASS class = CKO_SECRET_KEY; 2823812Shylee CK_BBOOL true = 1; 2833812Shylee CK_BBOOL is_token = 1; 2843812Shylee CK_ULONG key_obj_count = 1; 2853812Shylee int i; 2863812Shylee CK_KEY_TYPE ckKeyType = keytype; 2873812Shylee 2883812Shylee 2893812Shylee rv = C_Login(hSession, CKU_USER, (CK_UTF8CHAR_PTR)password, 2903812Shylee password_len); 2913812Shylee if (rv != CKR_OK) { 2923812Shylee (void) fprintf(stderr, "Cannot login to the token." 2933812Shylee " error = %s\n", pkcs11_strerror(rv)); 2943812Shylee return (-1); 2953812Shylee } 2963812Shylee 2973812Shylee i = 0; 2983812Shylee pTmpl[i].type = CKA_TOKEN; 2993812Shylee pTmpl[i].pValue = &is_token; 3003812Shylee pTmpl[i].ulValueLen = sizeof (CK_BBOOL); 3013812Shylee i++; 3023812Shylee 3033812Shylee pTmpl[i].type = CKA_CLASS; 3043812Shylee pTmpl[i].pValue = &class; 3053812Shylee pTmpl[i].ulValueLen = sizeof (class); 3063812Shylee i++; 3073812Shylee 3083812Shylee pTmpl[i].type = CKA_LABEL; 3093812Shylee pTmpl[i].pValue = keylabel; 3103812Shylee pTmpl[i].ulValueLen = strlen(keylabel); 3113812Shylee i++; 3123812Shylee 3133812Shylee pTmpl[i].type = CKA_KEY_TYPE; 3143812Shylee pTmpl[i].pValue = &ckKeyType; 3153812Shylee pTmpl[i].ulValueLen = sizeof (ckKeyType); 3163812Shylee i++; 3173812Shylee 3183812Shylee pTmpl[i].type = CKA_PRIVATE; 3193812Shylee pTmpl[i].pValue = &true; 3203812Shylee pTmpl[i].ulValueLen = sizeof (true); 3213812Shylee i++; 3223812Shylee 3233812Shylee rv = C_FindObjectsInit(hSession, pTmpl, i); 3243812Shylee if (rv != CKR_OK) { 3253812Shylee goto out; 3263812Shylee } 3273812Shylee 3283812Shylee rv = C_FindObjects(hSession, keyobj, 1, &key_obj_count); 3293812Shylee (void) C_FindObjectsFinal(hSession); 3303812Shylee 3313812Shylee out: 3323812Shylee if (rv != CKR_OK) { 3333812Shylee (void) fprintf(stderr, 3343812Shylee "Cannot retrieve key object. error = %s\n", 3353812Shylee pkcs11_strerror(rv)); 3363812Shylee return (-1); 3373812Shylee } 3383812Shylee 3393812Shylee if (key_obj_count == 0) { 3403812Shylee (void) fprintf(stderr, "Cannot find the key object.\n"); 3413812Shylee return (-1); 3423812Shylee } 3433812Shylee 3443812Shylee return (0); 3453812Shylee } 3463812Shylee 3473812Shylee 3480Sstevel@tonic-gate /* 3490Sstevel@tonic-gate * Execute the command. 3500Sstevel@tonic-gate * algo_str - name of algorithm 3510Sstevel@tonic-gate * filecount - no. of files to process, if 0, use stdin 3520Sstevel@tonic-gate * filelist - list of files 3530Sstevel@tonic-gate * mac_cmd - if true do mac else do digest 3540Sstevel@tonic-gate */ 3550Sstevel@tonic-gate static int 3560Sstevel@tonic-gate execute_cmd(char *algo_str, int filecount, char **filelist, boolean_t mac_cmd) 3570Sstevel@tonic-gate { 3580Sstevel@tonic-gate int fd; 3590Sstevel@tonic-gate char *filename = NULL; 3600Sstevel@tonic-gate CK_RV rv; 3610Sstevel@tonic-gate CK_ULONG slotcount; 3620Sstevel@tonic-gate CK_SLOT_ID slotID; 3630Sstevel@tonic-gate CK_SLOT_ID_PTR pSlotList = NULL; 3640Sstevel@tonic-gate CK_MECHANISM_TYPE mech_type; 3650Sstevel@tonic-gate CK_MECHANISM_INFO info; 3660Sstevel@tonic-gate CK_MECHANISM mech; 3670Sstevel@tonic-gate CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; 3680Sstevel@tonic-gate CK_BYTE_PTR resultbuf = NULL; 3690Sstevel@tonic-gate CK_ULONG resultlen; 3700Sstevel@tonic-gate CK_BYTE_PTR pkeydata = NULL; 3710Sstevel@tonic-gate CK_OBJECT_HANDLE key = (CK_OBJECT_HANDLE) 0; 3726281Sda73024 size_t keylen = 0; /* key length */ 3730Sstevel@tonic-gate char *resultstr = NULL; /* result in hex string */ 3740Sstevel@tonic-gate int resultstrlen; /* result string length */ 3750Sstevel@tonic-gate int i; 3760Sstevel@tonic-gate int exitcode = EXIT_SUCCESS; /* return code */ 3770Sstevel@tonic-gate int slot, mek; /* index variables */ 3780Sstevel@tonic-gate int mech_match = 0; 3795252Sdinak CK_BYTE salt[CK_PKCS5_PBKD2_SALT_SIZE]; 3800Sstevel@tonic-gate CK_ULONG keysize; 3815252Sdinak CK_ULONG iterations = CK_PKCS5_PBKD2_ITERATIONS; 3823812Shylee CK_KEY_TYPE keytype; 3833812Shylee KMF_RETURN kmfrv; 3843812Shylee CK_SLOT_ID token_slot_id; 3850Sstevel@tonic-gate 3860Sstevel@tonic-gate if (aflag) { 3870Sstevel@tonic-gate /* 3880Sstevel@tonic-gate * Determine if algorithm/mechanism is valid 3890Sstevel@tonic-gate */ 3900Sstevel@tonic-gate for (mech_match = 0; mech_match < MECH_ALIASES_COUNT; 3915051Swyllys mech_match++) { 3920Sstevel@tonic-gate if (strcmp(algo_str, 3930Sstevel@tonic-gate mech_aliases[mech_match].alias) == 0) { 3940Sstevel@tonic-gate mech_type = mech_aliases[mech_match].type; 3950Sstevel@tonic-gate break; 3960Sstevel@tonic-gate } 3970Sstevel@tonic-gate 3980Sstevel@tonic-gate } 3990Sstevel@tonic-gate 4000Sstevel@tonic-gate if (mech_match == MECH_ALIASES_COUNT) { 4010Sstevel@tonic-gate cryptoerror(LOG_STDERR, 4020Sstevel@tonic-gate gettext("unknown algorithm -- %s"), algo_str); 4030Sstevel@tonic-gate return (EXIT_FAILURE); 4040Sstevel@tonic-gate } 4050Sstevel@tonic-gate 4060Sstevel@tonic-gate /* Get key to do a MAC operation */ 4070Sstevel@tonic-gate if (mac_cmd) { 4085252Sdinak int status; 4095252Sdinak 4103812Shylee if (Kflag) { 4115252Sdinak /* get the pin of the token */ 4123812Shylee if (token_label == NULL || 4133812Shylee !strlen(token_label)) { 4145252Sdinak token_label = pkcs11_default_token(); 4153812Shylee } 4163812Shylee 4175252Sdinak status = pkcs11_get_pass(token_label, 4186281Sda73024 (char **)&pkeydata, &keylen, 4195252Sdinak 0, B_FALSE); 4205252Sdinak } else if (keyfile != NULL) { 4215252Sdinak /* get the key file */ 4225252Sdinak status = pkcs11_read_data(keyfile, 4236281Sda73024 (void **)&pkeydata, &keylen); 4245252Sdinak } else { 4255252Sdinak /* get the key from input */ 4265252Sdinak status = pkcs11_get_pass(NULL, 4276281Sda73024 (char **)&pkeydata, &keylen, 4285252Sdinak 0, B_FALSE); 4295252Sdinak } 4303812Shylee 431*8309SAnthony.Scarpino@Sun.COM if (status != 0 || keylen == 0 || pkeydata == NULL) { 4325252Sdinak cryptoerror(LOG_STDERR, 4335252Sdinak Kflag ? gettext("invalid passphrase.") : 4345252Sdinak gettext("invalid key.")); 4355252Sdinak return (EXIT_FAILURE); 4360Sstevel@tonic-gate } 4370Sstevel@tonic-gate } 4380Sstevel@tonic-gate } 4390Sstevel@tonic-gate 4400Sstevel@tonic-gate /* Initialize, and get list of slots */ 4413812Shylee rv = C_Initialize(NULL); 4423812Shylee if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { 4430Sstevel@tonic-gate cryptoerror(LOG_STDERR, 4440Sstevel@tonic-gate gettext("failed to initialize PKCS #11 framework: %s"), 4450Sstevel@tonic-gate pkcs11_strerror(rv)); 4460Sstevel@tonic-gate return (EXIT_FAILURE); 4470Sstevel@tonic-gate } 4480Sstevel@tonic-gate 4490Sstevel@tonic-gate /* Get slot count */ 4500Sstevel@tonic-gate rv = C_GetSlotList(0, NULL_PTR, &slotcount); 4510Sstevel@tonic-gate if (rv != CKR_OK || slotcount == 0) { 4520Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 4530Sstevel@tonic-gate "failed to find any cryptographic provider," 4540Sstevel@tonic-gate "please check with your system administrator: %s"), 4550Sstevel@tonic-gate pkcs11_strerror(rv)); 4560Sstevel@tonic-gate exitcode = EXIT_FAILURE; 4570Sstevel@tonic-gate goto cleanup; 4580Sstevel@tonic-gate } 4590Sstevel@tonic-gate 4600Sstevel@tonic-gate /* Found at least one slot, allocate memory for slot list */ 4610Sstevel@tonic-gate pSlotList = malloc(slotcount * sizeof (CK_SLOT_ID)); 4620Sstevel@tonic-gate if (pSlotList == NULL_PTR) { 4630Sstevel@tonic-gate int err = errno; 4640Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("malloc: %s\n"), 4650Sstevel@tonic-gate strerror(err)); 4660Sstevel@tonic-gate exitcode = EXIT_FAILURE; 4670Sstevel@tonic-gate goto cleanup; 4680Sstevel@tonic-gate } 4690Sstevel@tonic-gate 4700Sstevel@tonic-gate /* Get the list of slots */ 4710Sstevel@tonic-gate if ((rv = C_GetSlotList(0, pSlotList, &slotcount)) != CKR_OK) { 4720Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 4730Sstevel@tonic-gate "failed to find any cryptographic provider," 4740Sstevel@tonic-gate "please check with your system administrator: %s"), 4750Sstevel@tonic-gate pkcs11_strerror(rv)); 4760Sstevel@tonic-gate exitcode = EXIT_FAILURE; 4770Sstevel@tonic-gate goto cleanup; 4780Sstevel@tonic-gate } 4790Sstevel@tonic-gate 4800Sstevel@tonic-gate /* 4810Sstevel@tonic-gate * Obtain list of algorithms if -l option was given 4820Sstevel@tonic-gate */ 4830Sstevel@tonic-gate if (lflag) { 4840Sstevel@tonic-gate 4850Sstevel@tonic-gate for (slot = 0; slot < slotcount; slot++) { 4860Sstevel@tonic-gate 4870Sstevel@tonic-gate /* Iterate through each mechanism */ 4880Sstevel@tonic-gate for (mek = 0; mek < MECH_ALIASES_COUNT; mek++) { 4890Sstevel@tonic-gate rv = C_GetMechanismInfo(pSlotList[slot], 4900Sstevel@tonic-gate mech_aliases[mek].type, &info); 4910Sstevel@tonic-gate 4920Sstevel@tonic-gate /* Only check algorithms that can be used */ 4930Sstevel@tonic-gate if ((rv != CKR_OK) || 4940Sstevel@tonic-gate (!mac_cmd && (info.flags & CKF_SIGN)) || 4950Sstevel@tonic-gate (mac_cmd && (info.flags & CKF_DIGEST))) 4960Sstevel@tonic-gate continue; 4970Sstevel@tonic-gate 4980Sstevel@tonic-gate /* 4990Sstevel@tonic-gate * Set to minimum/maximum key sizes assuming 5000Sstevel@tonic-gate * the values available are not 0. 5010Sstevel@tonic-gate */ 5020Sstevel@tonic-gate if (info.ulMinKeySize && (info.ulMinKeySize < 5030Sstevel@tonic-gate mech_aliases[mek].keysize_min)) 5040Sstevel@tonic-gate mech_aliases[mek].keysize_min = 5055051Swyllys info.ulMinKeySize; 5060Sstevel@tonic-gate 5070Sstevel@tonic-gate if (info.ulMaxKeySize && (info.ulMaxKeySize > 5080Sstevel@tonic-gate mech_aliases[mek].keysize_max)) 5090Sstevel@tonic-gate mech_aliases[mek].keysize_max = 5105051Swyllys info.ulMaxKeySize; 5110Sstevel@tonic-gate 5120Sstevel@tonic-gate mech_aliases[mek].available = B_TRUE; 5130Sstevel@tonic-gate } 5140Sstevel@tonic-gate 5150Sstevel@tonic-gate } 5160Sstevel@tonic-gate 5170Sstevel@tonic-gate algorithm_list(mac_cmd); 5180Sstevel@tonic-gate 5190Sstevel@tonic-gate goto cleanup; 5200Sstevel@tonic-gate } 5210Sstevel@tonic-gate 5223812Shylee /* 5233812Shylee * Find a slot with matching mechanism 5243812Shylee * 5253812Shylee * If -K is specified, we find the slot id for the token first, then 5263812Shylee * check if the slot supports the algorithm. 5273812Shylee */ 5283812Shylee i = 0; 5293812Shylee if (Kflag) { 5305051Swyllys kmfrv = kmf_pk11_token_lookup(NULL, token_label, 5315051Swyllys &token_slot_id); 5323812Shylee if (kmfrv != KMF_OK) { 5333812Shylee cryptoerror(LOG_STDERR, 5343812Shylee gettext("no matching PKCS#11 token")); 5353812Shylee exitcode = EXIT_FAILURE; 5363812Shylee goto cleanup; 5373812Shylee } 5383812Shylee rv = C_GetMechanismInfo(token_slot_id, mech_type, &info); 5393812Shylee if (rv == CKR_OK && (info.flags & CKF_SIGN)) 5403812Shylee slotID = token_slot_id; 5413812Shylee else 5423812Shylee i = slotcount; 5433812Shylee 5443812Shylee } else { 5453812Shylee for (i = 0; i < slotcount; i++) { 5463812Shylee slotID = pSlotList[i]; 5473812Shylee rv = C_GetMechanismInfo(slotID, mech_type, &info); 5483812Shylee if (rv != CKR_OK) { 5493812Shylee continue; /* to the next slot */ 5503812Shylee } else { 5513812Shylee if (mac_cmd) { 5523812Shylee /* 5533812Shylee * Make sure the slot supports 5543812Shylee * PKCS5 key generation if we 5553812Shylee * will be using it later. 5563812Shylee * We use it whenever the key 5573812Shylee * is entered at command line. 5583812Shylee */ 5593812Shylee if ((info.flags & CKF_SIGN) && 5603812Shylee (keyfile == NULL)) { 5613812Shylee CK_MECHANISM_INFO kg_info; 5623812Shylee rv = C_GetMechanismInfo(slotID, 5633812Shylee CKM_PKCS5_PBKD2, &kg_info); 5643812Shylee if (rv == CKR_OK) 5653812Shylee break; 5663812Shylee } else if (info.flags & CKF_SIGN) { 5673812Shylee break; 5683812Shylee } 5693812Shylee } else { 5703812Shylee if (info.flags & CKF_DIGEST) 5713812Shylee break; 5720Sstevel@tonic-gate } 5730Sstevel@tonic-gate } 5740Sstevel@tonic-gate } 5750Sstevel@tonic-gate } 5760Sstevel@tonic-gate 5770Sstevel@tonic-gate /* Show error if no matching mechanism found */ 5780Sstevel@tonic-gate if (i == slotcount) { 5790Sstevel@tonic-gate cryptoerror(LOG_STDERR, 5800Sstevel@tonic-gate gettext("no cryptographic provider was " 5810Sstevel@tonic-gate "found for this algorithm -- %s"), algo_str); 5820Sstevel@tonic-gate exitcode = EXIT_FAILURE; 5830Sstevel@tonic-gate goto cleanup; 5840Sstevel@tonic-gate } 5850Sstevel@tonic-gate 5860Sstevel@tonic-gate /* Mechanism is supported. Go ahead & open a session */ 5870Sstevel@tonic-gate rv = C_OpenSession(slotID, CKF_SERIAL_SESSION, 5885051Swyllys NULL_PTR, NULL, &hSession); 5890Sstevel@tonic-gate 5900Sstevel@tonic-gate if (rv != CKR_OK) { 5910Sstevel@tonic-gate cryptoerror(LOG_STDERR, 5920Sstevel@tonic-gate gettext("can not open PKCS#11 session: %s"), 5930Sstevel@tonic-gate pkcs11_strerror(rv)); 5940Sstevel@tonic-gate exitcode = EXIT_FAILURE; 5950Sstevel@tonic-gate goto cleanup; 5960Sstevel@tonic-gate } 5970Sstevel@tonic-gate 5980Sstevel@tonic-gate /* Create a key object for mac operation */ 5990Sstevel@tonic-gate if (mac_cmd) { 6000Sstevel@tonic-gate /* 6010Sstevel@tonic-gate * If we read keybytes from a file, 6020Sstevel@tonic-gate * do NOT process them with C_GenerateKey, 6030Sstevel@tonic-gate * treat them as raw keydata bytes and 6040Sstevel@tonic-gate * create a key object for them. 6050Sstevel@tonic-gate */ 6060Sstevel@tonic-gate if (keyfile) { 6075252Sdinak /* XXX : why wasn't SUNW_C_KeyToObject used here? */ 6080Sstevel@tonic-gate CK_OBJECT_CLASS class = CKO_SECRET_KEY; 6090Sstevel@tonic-gate CK_KEY_TYPE tmpl_keytype = CKK_GENERIC_SECRET; 6100Sstevel@tonic-gate CK_BBOOL false = FALSE; 6110Sstevel@tonic-gate int nattr = 0; 6120Sstevel@tonic-gate CK_ATTRIBUTE template[5]; 6130Sstevel@tonic-gate 6140Sstevel@tonic-gate if (mech_type == CKM_DES_MAC) { 6150Sstevel@tonic-gate tmpl_keytype = CKK_DES; 6160Sstevel@tonic-gate } 6170Sstevel@tonic-gate template[nattr].type = CKA_CLASS; 6180Sstevel@tonic-gate template[nattr].pValue = &class; 6190Sstevel@tonic-gate template[nattr].ulValueLen = sizeof (class); 6200Sstevel@tonic-gate nattr++; 6210Sstevel@tonic-gate 6220Sstevel@tonic-gate template[nattr].type = CKA_KEY_TYPE; 6230Sstevel@tonic-gate template[nattr].pValue = &tmpl_keytype; 6240Sstevel@tonic-gate template[nattr].ulValueLen = sizeof (tmpl_keytype); 6250Sstevel@tonic-gate nattr++; 6260Sstevel@tonic-gate 6270Sstevel@tonic-gate template[nattr].type = CKA_SIGN; 6280Sstevel@tonic-gate template[nattr].pValue = &true; 6290Sstevel@tonic-gate template[nattr].ulValueLen = sizeof (true); 6300Sstevel@tonic-gate nattr++; 6310Sstevel@tonic-gate 6320Sstevel@tonic-gate template[nattr].type = CKA_TOKEN; 6330Sstevel@tonic-gate template[nattr].pValue = &false; 6340Sstevel@tonic-gate template[nattr].ulValueLen = sizeof (false); 6350Sstevel@tonic-gate nattr++; 6360Sstevel@tonic-gate 6370Sstevel@tonic-gate template[nattr].type = CKA_VALUE; 6380Sstevel@tonic-gate template[nattr].pValue = pkeydata; 6390Sstevel@tonic-gate template[nattr].ulValueLen = keylen; 6400Sstevel@tonic-gate nattr++; 6410Sstevel@tonic-gate 6425051Swyllys rv = C_CreateObject(hSession, template, nattr, &key); 6433812Shylee 6443812Shylee } else if (Kflag) { 6453812Shylee 6463812Shylee if (mech_type == CKM_DES_MAC) { 6473812Shylee keytype = CKK_DES; 6483812Shylee } else { 6493812Shylee keytype = CKK_GENERIC_SECRET; 6503812Shylee } 6513812Shylee 6523812Shylee rv = get_token_key(hSession, keytype, key_label, 6533812Shylee pkeydata, keylen, &key); 6543812Shylee if (rv != CKR_OK) { 6553812Shylee exitcode = EXIT_FAILURE; 6563812Shylee goto cleanup; 6573812Shylee } 6580Sstevel@tonic-gate } else { 6590Sstevel@tonic-gate CK_KEY_TYPE keytype; 6600Sstevel@tonic-gate if (mech_type == CKM_DES_MAC) { 6610Sstevel@tonic-gate keytype = CKK_DES; 6620Sstevel@tonic-gate keysize = 0; 6630Sstevel@tonic-gate } else { 6640Sstevel@tonic-gate keytype = CKK_GENERIC_SECRET; 6650Sstevel@tonic-gate keysize = 16; /* 128 bits */ 6660Sstevel@tonic-gate } 6670Sstevel@tonic-gate /* 6680Sstevel@tonic-gate * We use a fixed salt (0x0a, 0x0a, 0x0a ...) 6690Sstevel@tonic-gate * for creating the key so that the end user 6700Sstevel@tonic-gate * will be able to generate the same 'mac' 6710Sstevel@tonic-gate * using the same passphrase. 6720Sstevel@tonic-gate */ 6730Sstevel@tonic-gate (void) memset(salt, 0x0a, sizeof (salt)); 6745252Sdinak rv = pkcs11_PasswdToPBKD2Object(hSession, 6755252Sdinak (char *)pkeydata, (size_t)keylen, (void *)salt, 6765252Sdinak sizeof (salt), iterations, keytype, keysize, 6775252Sdinak CKF_SIGN, &key); 6780Sstevel@tonic-gate } 6790Sstevel@tonic-gate 6800Sstevel@tonic-gate if (rv != CKR_OK) { 6810Sstevel@tonic-gate cryptoerror(LOG_STDERR, 6820Sstevel@tonic-gate gettext("unable to create key for crypto " 6830Sstevel@tonic-gate "operation: %s"), pkcs11_strerror(rv)); 6840Sstevel@tonic-gate exitcode = EXIT_FAILURE; 6850Sstevel@tonic-gate goto cleanup; 6860Sstevel@tonic-gate } 6870Sstevel@tonic-gate } 6880Sstevel@tonic-gate 6890Sstevel@tonic-gate /* Allocate a buffer to store result. */ 6900Sstevel@tonic-gate resultlen = RESULTLEN; 6910Sstevel@tonic-gate if ((resultbuf = malloc(resultlen)) == NULL) { 6920Sstevel@tonic-gate int err = errno; 6930Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("malloc: %s\n"), 6940Sstevel@tonic-gate strerror(err)); 6950Sstevel@tonic-gate exitcode = EXIT_FAILURE; 6960Sstevel@tonic-gate goto cleanup; 6970Sstevel@tonic-gate } 6980Sstevel@tonic-gate 6990Sstevel@tonic-gate /* Allocate a buffer to store result string */ 7000Sstevel@tonic-gate resultstrlen = RESULTLEN; 7010Sstevel@tonic-gate if ((resultstr = malloc(resultstrlen)) == NULL) { 7020Sstevel@tonic-gate int err = errno; 7030Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("malloc: %s\n"), 7040Sstevel@tonic-gate strerror(err)); 7050Sstevel@tonic-gate exitcode = EXIT_FAILURE; 7060Sstevel@tonic-gate goto cleanup; 7070Sstevel@tonic-gate } 7080Sstevel@tonic-gate 7090Sstevel@tonic-gate mech.mechanism = mech_type; 7100Sstevel@tonic-gate mech.pParameter = NULL_PTR; 7110Sstevel@tonic-gate mech.ulParameterLen = 0; 7120Sstevel@tonic-gate exitcode = EXIT_SUCCESS; 7130Sstevel@tonic-gate i = 0; 7140Sstevel@tonic-gate 7150Sstevel@tonic-gate do { 7160Sstevel@tonic-gate if (filecount > 0 && filelist != NULL) { 7170Sstevel@tonic-gate filename = filelist[i]; 7185051Swyllys if ((fd = open(filename, O_RDONLY | O_NONBLOCK)) == 7195051Swyllys -1) { 7200Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 7210Sstevel@tonic-gate "can not open input file %s\n"), filename); 7220Sstevel@tonic-gate exitcode = EXIT_USAGE; 7230Sstevel@tonic-gate continue; 7240Sstevel@tonic-gate } 7250Sstevel@tonic-gate } else { 7260Sstevel@tonic-gate fd = 0; /* use stdin */ 7270Sstevel@tonic-gate } 7280Sstevel@tonic-gate 7290Sstevel@tonic-gate /* 7300Sstevel@tonic-gate * Perform the operation 7310Sstevel@tonic-gate */ 7320Sstevel@tonic-gate if (mac_cmd) { 7330Sstevel@tonic-gate rv = do_mac(hSession, &mech, fd, key, &resultbuf, 7345051Swyllys &resultlen); 7350Sstevel@tonic-gate } else { 7360Sstevel@tonic-gate rv = do_digest(hSession, &mech, fd, &resultbuf, 7375051Swyllys &resultlen); 7380Sstevel@tonic-gate } 7390Sstevel@tonic-gate 7400Sstevel@tonic-gate if (rv != CKR_OK) { 7410Sstevel@tonic-gate cryptoerror(LOG_STDERR, 7420Sstevel@tonic-gate gettext("crypto operation failed for " 7435051Swyllys "file %s: %s\n"), 7440Sstevel@tonic-gate filename ? filename : "STDIN", 7450Sstevel@tonic-gate pkcs11_strerror(rv)); 7460Sstevel@tonic-gate exitcode = EXIT_FAILURE; 7470Sstevel@tonic-gate continue; 7480Sstevel@tonic-gate } 7490Sstevel@tonic-gate 7500Sstevel@tonic-gate /* if result size has changed, allocate a bigger resulstr buf */ 7510Sstevel@tonic-gate if (resultlen != RESULTLEN) { 7520Sstevel@tonic-gate resultstrlen = 2 * resultlen + 1; 7530Sstevel@tonic-gate resultstr = realloc(resultstr, resultstrlen); 7540Sstevel@tonic-gate 7550Sstevel@tonic-gate if (resultstr == NULL) { 7560Sstevel@tonic-gate int err = errno; 7570Sstevel@tonic-gate cryptoerror(LOG_STDERR, 7580Sstevel@tonic-gate gettext("realloc: %s\n"), strerror(err)); 7590Sstevel@tonic-gate exitcode = EXIT_FAILURE; 7600Sstevel@tonic-gate goto cleanup; 7610Sstevel@tonic-gate } 7620Sstevel@tonic-gate } 7630Sstevel@tonic-gate 7640Sstevel@tonic-gate /* Output the result */ 7650Sstevel@tonic-gate tohexstr(resultbuf, resultlen, resultstr, resultstrlen); 7660Sstevel@tonic-gate 7670Sstevel@tonic-gate /* Include mechanism name for verbose */ 7680Sstevel@tonic-gate if (vflag) 7690Sstevel@tonic-gate (void) fprintf(stdout, "%s ", algo_str); 7700Sstevel@tonic-gate 7710Sstevel@tonic-gate /* Include file name for multiple files, or if verbose */ 7720Sstevel@tonic-gate if (filecount > 1 || (vflag && filecount > 0)) { 7730Sstevel@tonic-gate (void) fprintf(stdout, "(%s) = ", filename); 7740Sstevel@tonic-gate } 7750Sstevel@tonic-gate 7760Sstevel@tonic-gate (void) fprintf(stdout, "%s\n", resultstr); 7770Sstevel@tonic-gate (void) close(fd); 7780Sstevel@tonic-gate 7790Sstevel@tonic-gate 7800Sstevel@tonic-gate } while (++i < filecount); 7810Sstevel@tonic-gate 7820Sstevel@tonic-gate 7830Sstevel@tonic-gate /* clear and free the key */ 7840Sstevel@tonic-gate if (mac_cmd) { 7850Sstevel@tonic-gate (void) memset(pkeydata, 0, keylen); 7860Sstevel@tonic-gate free(pkeydata); 7870Sstevel@tonic-gate pkeydata = NULL; 7880Sstevel@tonic-gate } 7890Sstevel@tonic-gate 7900Sstevel@tonic-gate cleanup: 7910Sstevel@tonic-gate if (resultbuf != NULL) { 7920Sstevel@tonic-gate free(resultbuf); 7930Sstevel@tonic-gate } 7940Sstevel@tonic-gate 7950Sstevel@tonic-gate if (resultstr != NULL) { 7960Sstevel@tonic-gate free(resultstr); 7970Sstevel@tonic-gate } 7980Sstevel@tonic-gate 7990Sstevel@tonic-gate if (pSlotList != NULL) { 8000Sstevel@tonic-gate free(pSlotList); 8010Sstevel@tonic-gate } 8020Sstevel@tonic-gate 8033812Shylee if (!Kflag && key != (CK_OBJECT_HANDLE) 0) { 8040Sstevel@tonic-gate (void) C_DestroyObject(hSession, key); 8050Sstevel@tonic-gate } 8060Sstevel@tonic-gate 8070Sstevel@tonic-gate if (hSession != CK_INVALID_HANDLE) 8080Sstevel@tonic-gate (void) C_CloseSession(hSession); 8090Sstevel@tonic-gate 8100Sstevel@tonic-gate (void) C_Finalize(NULL_PTR); 8110Sstevel@tonic-gate 8120Sstevel@tonic-gate return (exitcode); 8130Sstevel@tonic-gate } 8140Sstevel@tonic-gate 8150Sstevel@tonic-gate /* 8160Sstevel@tonic-gate * do_digest - Compute digest of a file 8170Sstevel@tonic-gate * 8180Sstevel@tonic-gate * hSession - session 8190Sstevel@tonic-gate * pmech - ptr to mechanism to be used for digest 8200Sstevel@tonic-gate * fd - file descriptor 8210Sstevel@tonic-gate * pdigest - buffer where digest result is returned 8220Sstevel@tonic-gate * pdigestlen - length of digest buffer on input, 8230Sstevel@tonic-gate * length of result on output 8240Sstevel@tonic-gate */ 8250Sstevel@tonic-gate static CK_RV 8260Sstevel@tonic-gate do_digest(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech, 8270Sstevel@tonic-gate int fd, CK_BYTE_PTR *pdigest, CK_ULONG_PTR pdigestlen) 8280Sstevel@tonic-gate { 8290Sstevel@tonic-gate CK_RV rv; 8300Sstevel@tonic-gate ssize_t nread; 8310Sstevel@tonic-gate int saved_errno; 8320Sstevel@tonic-gate 8330Sstevel@tonic-gate if ((rv = C_DigestInit(hSession, pmech)) != CKR_OK) { 8340Sstevel@tonic-gate return (rv); 8350Sstevel@tonic-gate } 8360Sstevel@tonic-gate 8370Sstevel@tonic-gate while ((nread = read(fd, buf, sizeof (buf))) > 0) { 8380Sstevel@tonic-gate /* Get the digest */ 8390Sstevel@tonic-gate rv = C_DigestUpdate(hSession, buf, (CK_ULONG)nread); 8400Sstevel@tonic-gate if (rv != CKR_OK) 8410Sstevel@tonic-gate return (rv); 8420Sstevel@tonic-gate } 8430Sstevel@tonic-gate 8440Sstevel@tonic-gate saved_errno = errno; /* for later use */ 8450Sstevel@tonic-gate 8460Sstevel@tonic-gate /* 8470Sstevel@tonic-gate * Perform the C_DigestFinal, even if there is a read error. 8480Sstevel@tonic-gate * Otherwise C_DigestInit will return CKR_OPERATION_ACTIVE 8490Sstevel@tonic-gate * next time it is called (for another file) 8500Sstevel@tonic-gate */ 8510Sstevel@tonic-gate 8520Sstevel@tonic-gate rv = C_DigestFinal(hSession, *pdigest, pdigestlen); 8530Sstevel@tonic-gate 8540Sstevel@tonic-gate /* result too big to fit? Allocate a bigger buffer */ 8550Sstevel@tonic-gate if (rv == CKR_BUFFER_TOO_SMALL) { 8560Sstevel@tonic-gate *pdigest = realloc(*pdigest, *pdigestlen); 8570Sstevel@tonic-gate 8580Sstevel@tonic-gate if (*pdigest == NULL_PTR) { 8590Sstevel@tonic-gate int err = errno; 8600Sstevel@tonic-gate cryptoerror(LOG_STDERR, 8610Sstevel@tonic-gate gettext("realloc: %s\n"), strerror(err)); 8620Sstevel@tonic-gate return (CKR_HOST_MEMORY); 8630Sstevel@tonic-gate } 8640Sstevel@tonic-gate 8650Sstevel@tonic-gate rv = C_DigestFinal(hSession, *pdigest, pdigestlen); 8660Sstevel@tonic-gate } 8670Sstevel@tonic-gate 8680Sstevel@tonic-gate 8690Sstevel@tonic-gate /* There was a read error */ 8700Sstevel@tonic-gate if (nread == -1) { 8710Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext( 8725051Swyllys "error reading file: %s"), strerror(saved_errno)); 8730Sstevel@tonic-gate return (CKR_GENERAL_ERROR); 8740Sstevel@tonic-gate } else { 8750Sstevel@tonic-gate return (rv); 8760Sstevel@tonic-gate } 8770Sstevel@tonic-gate } 8780Sstevel@tonic-gate 8790Sstevel@tonic-gate /* 8800Sstevel@tonic-gate * do_mac - Compute mac of a file 8810Sstevel@tonic-gate * 8820Sstevel@tonic-gate * hSession - session 8830Sstevel@tonic-gate * pmech - ptr to mechanism to be used 8840Sstevel@tonic-gate * fd - file descriptor 8850Sstevel@tonic-gate * key - key to be used 8860Sstevel@tonic-gate * psignature - ptr buffer where mac result is returned 8870Sstevel@tonic-gate * returns new buf if current buf is small 8880Sstevel@tonic-gate * psignaturelen - length of mac buffer on input, 8890Sstevel@tonic-gate * length of result on output 8900Sstevel@tonic-gate */ 8910Sstevel@tonic-gate static CK_RV 8920Sstevel@tonic-gate do_mac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech, 8930Sstevel@tonic-gate int fd, CK_OBJECT_HANDLE key, CK_BYTE_PTR *psignature, 8940Sstevel@tonic-gate CK_ULONG_PTR psignaturelen) 8950Sstevel@tonic-gate { 8960Sstevel@tonic-gate CK_RV rv; 8970Sstevel@tonic-gate ssize_t nread; 8980Sstevel@tonic-gate int saved_errno; 8990Sstevel@tonic-gate 9000Sstevel@tonic-gate if ((rv = C_SignInit(hSession, pmech, key)) != CKR_OK) { 9010Sstevel@tonic-gate return (rv); 9020Sstevel@tonic-gate } 9030Sstevel@tonic-gate 9040Sstevel@tonic-gate while ((nread = read(fd, buf, sizeof (buf))) > 0) { 9050Sstevel@tonic-gate /* Get the MAC */ 9060Sstevel@tonic-gate rv = C_SignUpdate(hSession, buf, (CK_ULONG)nread); 9070Sstevel@tonic-gate if (rv != CKR_OK) 9080Sstevel@tonic-gate return (rv); 9090Sstevel@tonic-gate } 9100Sstevel@tonic-gate 9110Sstevel@tonic-gate saved_errno = errno; /* for later use */ 9120Sstevel@tonic-gate 9130Sstevel@tonic-gate /* 9140Sstevel@tonic-gate * Perform the C_SignFinal, even if there is a read error. 9150Sstevel@tonic-gate * Otherwise C_SignInit will return CKR_OPERATION_ACTIVE 9160Sstevel@tonic-gate * next time it is called (for another file) 9170Sstevel@tonic-gate */ 9180Sstevel@tonic-gate 9190Sstevel@tonic-gate rv = C_SignFinal(hSession, *psignature, psignaturelen); 9200Sstevel@tonic-gate 9210Sstevel@tonic-gate /* result too big to fit? Allocate a bigger buffer */ 9220Sstevel@tonic-gate if (rv == CKR_BUFFER_TOO_SMALL) { 9230Sstevel@tonic-gate *psignature = realloc(*psignature, *psignaturelen); 9240Sstevel@tonic-gate 9250Sstevel@tonic-gate if (*psignature == NULL_PTR) { 9260Sstevel@tonic-gate int err = errno; 9270Sstevel@tonic-gate cryptoerror(LOG_STDERR, 9280Sstevel@tonic-gate gettext("realloc: %s\n"), strerror(err)); 9290Sstevel@tonic-gate return (CKR_HOST_MEMORY); 9300Sstevel@tonic-gate } 9310Sstevel@tonic-gate 9320Sstevel@tonic-gate rv = C_SignFinal(hSession, *psignature, psignaturelen); 9330Sstevel@tonic-gate } 9340Sstevel@tonic-gate 9350Sstevel@tonic-gate /* There was a read error */ 9360Sstevel@tonic-gate if (nread == -1) { 9370Sstevel@tonic-gate cryptoerror(LOG_STDERR, gettext("error reading file: %s"), 9385051Swyllys strerror(saved_errno)); 9390Sstevel@tonic-gate return (CKR_GENERAL_ERROR); 9400Sstevel@tonic-gate } else { 9410Sstevel@tonic-gate return (rv); 9420Sstevel@tonic-gate } 9430Sstevel@tonic-gate } 944