common.c revision fa60c371cd00bdca17de2ff18fe3e64d051ae61b
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER START
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * The contents of this file are subject to the terms of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Common Development and Distribution License (the "License").
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * You may not use this file except in compliance with the License.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * or http://www.opensolaris.org/os/licensing.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * See the License for the specific language governing permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * and limitations under the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * When distributing Covered Code, include this CDDL HEADER in each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * If applicable, add the following below this CDDL HEADER, with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * fields enclosed by brackets "[]" replaced with your own identifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * information: Portions Copyright [yyyy] [name of copyright owner]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER END
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Use is subject to license terms.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#pragma ident "%Z%%M% %I% %E% SMI"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * This file contains the functions that are shared among
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * the various services this tool will ultimately provide.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * The functions in this file return PKCS#11 CK_RV errors.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Only one session and one login per token is supported
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * at this time.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <stdio.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <stdlib.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <string.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <ctype.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <sys/types.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <sys/stat.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <fcntl.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <tzfile.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <cryptoutil.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <security/cryptoki.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <kmfapi.h>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include "common.h"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* Local status variables. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic boolean_t initialized = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic boolean_t session_opened = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic boolean_t logged_in = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* Supporting structures and global variables for getopt_av(). */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintypedef struct av_opts_s {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int shortnm; /* short name character */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *longnm; /* long name string, NOT terminated */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int longnm_len; /* length of long name string */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin boolean_t has_arg; /* takes optional argument */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin} av_opts;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic av_opts *opts_av = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic const char *_save_optstr = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic int _save_numopts = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint optind_av = 1;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinchar *optarg_av = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void close_sess(CK_SESSION_HANDLE);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void logout_token(CK_SESSION_HANDLE);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Perform PKCS#11 setup here. Currently only C_Initialize is required,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * along with setting/resetting state variables.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinCK_RV
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chininit_pk11(void)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin CK_RV rv = CKR_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If C_Initialize() already called, nothing to do here. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (initialized == B_TRUE)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_OK);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Reset state variables because C_Initialize() not yet done. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin session_opened = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin logged_in = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Initialize PKCS#11 library. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((rv = C_Initialize(NULL_PTR)) != CKR_OK &&
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin initialized = B_TRUE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_OK);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Finalize PKCS#11 library and reset state variables. Open sessions,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * if any, are closed, and thereby any logins are logged out also.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinvoid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinfinal_pk11(CK_SESSION_HANDLE sess)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If the library wasn't initialized, nothing to do here. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (!initialized)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Make sure the sesion is closed first. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin close_sess(sess);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) C_Finalize(NULL);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin initialized = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Close PKCS#11 session and reset state variables. Any logins are
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * logged out.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinclose_sess(CK_SESSION_HANDLE sess)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (sess == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If session is already closed, nothing to do here. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (!session_opened)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Make sure user is logged out of token. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin logout_token(sess);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) C_CloseSession(sess);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin session_opened = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Log user out of token and reset status variable.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic void
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinlogout_token(CK_SESSION_HANDLE sess)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (sess == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If already logged out, nothing to do here. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (!logged_in)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) C_Logout(sess);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin logged_in = B_FALSE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Gets PIN from user. Caller needs to free the returned PIN when done.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * If two prompts are given, the PIN is confirmed with second prompt.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Note that getphassphrase() may return data in static memory area.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinCK_RV
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_pin(char *prompt1, char *prompt2, CK_UTF8CHAR_PTR *pin, CK_ULONG *pinlen)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *save_phrase, *phrase1, *phrase2;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Prompt user for a PIN. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (prompt1 == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_ARGUMENTS_BAD);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((phrase1 = getpassphrase(prompt1)) == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_FUNCTION_FAILED);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Duplicate 1st PIN in separate chunk of memory. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((save_phrase = strdup(phrase1)) == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_HOST_MEMORY);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If second prompt given, PIN confirmation is requested. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (prompt2 != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((phrase2 = getpassphrase(prompt2)) == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(save_phrase);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_FUNCTION_FAILED);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcmp(save_phrase, phrase2) != 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(save_phrase);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_PIN_INCORRECT);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *pin = (CK_UTF8CHAR_PTR)save_phrase;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *pinlen = strlen(save_phrase);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_OK);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinyn_to_int(char *ynstr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *y = gettext("yes");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *n = gettext("no");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (ynstr == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strncasecmp(ynstr, y, 1) == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strncasecmp(ynstr, n, 1) == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Gets yes/no response from user. If either no prompt is supplied, a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * default prompt is used. If not message for invalid input is supplied,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * a default will not be provided. If the user provides no response,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * the input default B_TRUE == yes, B_FALSE == no is returned.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Otherwise, B_TRUE is returned for yes, and B_FALSE for no.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinboolean_t
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinyesno(char *prompt, char *invalid, boolean_t dflt)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *response, buf[1024];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int ans;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (prompt == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin prompt = gettext("Enter (y)es or (n)o? ");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (;;) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Prompt user. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) printf("%s", prompt);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) fflush(stdout);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Get the response. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((response = fgets(buf, sizeof (buf), stdin)) == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break; /* go to default response */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Skip any leading white space. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin while (isspace(*response))
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin response++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (*response == '\0')
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break; /* go to default response */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ans = yn_to_int(response);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (ans == 1)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (B_TRUE);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (ans == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (B_FALSE);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Indicate invalid input, and try again. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (invalid != NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) printf("%s", invalid);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (dflt);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Gets the list of slots which have tokens in them. Keeps adjusting
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * the size of the slot list buffer until the call is successful or an
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * irrecoverable error occurs.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinCK_RV
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_token_slots(CK_SLOT_ID_PTR *slot_list, CK_ULONG *slot_count)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin CK_ULONG tmp_count = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin CK_SLOT_ID_PTR tmp_list = NULL_PTR, tmp2_list = NULL_PTR;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int rv = CKR_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (!initialized)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((rv = init_pk11()) != CKR_OK)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Get the slot count first because we don't know how many
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * slots there are and how many of those slots even have tokens.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Don't specify an arbitrary buffer size for the slot list;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * it may be too small (see section 11.5 of PKCS#11 spec).
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Also select only those slots that have tokens in them,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * because this tool has no need to know about empty slots.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((rv = C_GetSlotList(1, NULL_PTR, &tmp_count)) != CKR_OK)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (tmp_count == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *slot_list = NULL_PTR;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *slot_count = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_OK);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Allocate initial space for the slot list. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((tmp_list = (CK_SLOT_ID_PTR) malloc(tmp_count *
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin sizeof (CK_SLOT_ID))) == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (CKR_HOST_MEMORY);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Then get the slot list itself. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (;;) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((rv = C_GetSlotList(1, tmp_list, &tmp_count)) == CKR_OK) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *slot_list = tmp_list;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *slot_count = tmp_count;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (rv != CKR_BUFFER_TOO_SMALL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(tmp_list);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* If the number of slots grew, try again. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((tmp2_list = (CK_SLOT_ID_PTR) realloc(tmp_list,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin tmp_count * sizeof (CK_SLOT_ID))) == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(tmp_list);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv = CKR_HOST_MEMORY;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin tmp_list = tmp2_list;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Breaks out the getopt-style option string into a structure that can be
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * traversed later for calls to getopt_av(). Option string is NOT altered,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * but the struct fields point to locations within option string.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic int
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinpopulate_opts(char *optstring)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int i;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin av_opts *temp;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *marker;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (optstring == NULL || *optstring == '\0')
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * This tries to imitate getopt(3c) Each option must conform to:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * <short name char> [ ':' ] [ '(' <long name string> ')' ]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * If long name is missing, the short name is used for long name.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (i = 0; *optstring != '\0'; i++) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((temp = (av_opts *)((i == 0) ? malloc(sizeof (av_opts)) :
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin realloc(opts_av, (i+1) * sizeof (av_opts)))) == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (opts_av != NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(opts_av);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av = (av_opts *)temp;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) memset(&opts_av[i], 0, sizeof (av_opts));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin marker = optstring; /* may need optstring later */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].shortnm = *marker++; /* set short name */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (*marker == ':') { /* check for opt arg */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin marker++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].has_arg = B_TRUE;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (*marker == '(') { /* check and set long name */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin marker++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].longnm = marker;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].longnm_len = strcspn(marker, ")");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optstring = marker + opts_av[i].longnm_len + 1;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* use short name option character */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].longnm = optstring;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].longnm_len = 1;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin optstring = marker;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (i);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * getopt_av() is very similar to getopt(3c) in that the takes an option
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * string, compares command line arguments for matches, and returns a single
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * letter option when a match is found. However, getopt_av() differs from
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * getopt(3c) by requiring that only longname options and values be found
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * on the command line and all leading dashes are omitted. In other words,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * it tries to enforce only longname "option=value" arguments on the command
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * line. Boolean options are not allowed either.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chingetopt_av(int argc, char * const *argv, const char *optstring)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int i;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int len;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *cur_option;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (optind_av >= argc)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (EOF);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* First time or when optstring changes from previous one */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (_save_optstr != optstring) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (opts_av != NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(opts_av);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin _save_optstr = optstring;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin _save_numopts = populate_opts((char *)optstring);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (i = 0; i < _save_numopts; i++) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin cur_option = argv[optind_av];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcmp(cur_option, "--") == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optind_av++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (cur_option[0] == '-' && strlen(cur_option) == 2) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin len = 1;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin cur_option++; /* remove "-" */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin len = strcspn(cur_option, "=");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (len == opts_av[i].longnm_len && strncmp(cur_option,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin opts_av[i].longnm, opts_av[i].longnm_len) == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* matched */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (!opts_av[i].has_arg) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optind_av++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (opts_av[i].shortnm);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* needs optarg */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (cur_option[len] == '=') {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optarg_av = &(cur_option[len+1]);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optind_av++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (opts_av[i].shortnm);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optarg_av = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin optind_av++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return ((int)'?');
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (EOF);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_KEYSTORE_TYPE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKS2Int(char *keystore_str)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (keystore_str == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(keystore_str, "pkcs11") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_KEYSTORE_PK11TOKEN);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin else if (strcasecmp(keystore_str, "nss") == 0)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (KMF_KEYSTORE_NSS);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(keystore_str, "file") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_KEYSTORE_OPENSSL);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinStr2KeyType(char *algm, KMF_KEY_ALG *ktype, KMF_ALGORITHM_INDEX *sigAlg)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (algm == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *sigAlg = KMF_ALGID_MD5WithRSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_RSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else if (strcasecmp(algm, "DSA") == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *sigAlg = KMF_ALGID_SHA1WithDSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_DSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else if (strcasecmp(algm, "RSA") == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *sigAlg = KMF_ALGID_MD5WithRSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_RSA;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinStr2SymKeyType(char *algm, KMF_KEY_ALG *ktype)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (algm == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_AES;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(algm, "aes") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_AES;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(algm, "arcfour") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_RC4;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(algm, "des") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_DES;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(algm, "3des") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_DES3;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(algm, "generic") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *ktype = KMF_GENERIC_SECRET;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinStr2Lifetime(char *ltimestr, uint32_t *ltime)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int num;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char timetok[6];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (ltimestr == NULL || strlen(ltimestr) == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin /* default to 1 year lifetime */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *ltime = SECSPERDAY * DAYSPERNYEAR;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (0);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin (void) memset(timetok, 0, sizeof (timetok));
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (sscanf(ltimestr, "%d-%06s", &num, timetok) != 2)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (-1);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (strcasecmp(timetok, "day") == 0||
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin strcasecmp(timetok, "days") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *ltime = num * SECSPERDAY;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(timetok, "hour") == 0||
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin strcasecmp(timetok, "hours") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *ltime = num * SECSPERHOUR;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(timetok, "year") == 0 ||
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin strcasecmp(timetok, "years") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *ltime = num * SECSPERDAY * DAYSPERNYEAR;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *ltime = 0;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (-1);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinOT2Int(char *objclass)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *c = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int retval = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (objclass == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin c = strchr(objclass, ':');
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (c != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(c, ":private") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin retval = PK_PRIVATE_OBJ;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(c, ":public") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin retval = PK_PUBLIC_OBJ;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcasecmp(c, ":both") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin retval = PK_PRIVATE_OBJ | PK_PUBLIC_OBJ;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else /* unrecognized option */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *c = '\0';
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(objclass, "public") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (retval)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (-1);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (retval | PK_PUBLIC_OBJ | PK_CERT_OBJ | PK_PUBKEY_OBJ);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(objclass, "private") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (retval)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (-1);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (retval | PK_PRIKEY_OBJ | PK_PRIVATE_OBJ);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(objclass, "both") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (retval)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (-1);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (PK_KEY_OBJ | PK_PUBLIC_OBJ | PK_PRIVATE_OBJ);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(objclass, "cert") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (retval | PK_CERT_OBJ);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else if (strcasecmp(objclass, "key") == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (retval == 0) /* return all keys */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (retval | PK_KEY_OBJ);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin else if (retval == (PK_PRIVATE_OBJ | PK_PUBLIC_OBJ))
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin /* return all keys */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (retval | PK_KEY_OBJ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (retval & PK_PUBLIC_OBJ)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Only return public keys */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (retval | PK_PUBKEY_OBJ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (retval & PK_PRIVATE_OBJ)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Only return private keys */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (retval | PK_PRIKEY_OBJ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else if (strcasecmp(objclass, "crl") == 0) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (retval)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (retval | PK_CRL_OBJ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (retval == 0) /* No matches found */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin retval = -1;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (retval);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_ENCODE_FORMAT
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinStr2Format(char *formstr)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (formstr == NULL || strcasecmp(formstr, "der") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_FORMAT_ASN1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(formstr, "pem") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_FORMAT_PEM);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(formstr, "pkcs12") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_FORMAT_PKCS12);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (strcasecmp(formstr, "raw") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_FORMAT_RAWKEY);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_FORMAT_UNDEF);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_RETURN
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinselect_token(void *kmfhandle, char *token, int readonly)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_ATTRIBUTE attlist[10];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int i = 0;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_RETURN rv = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (token == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_ERR_BAD_PARAMETER);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_KEYSTORE_TYPE_ATTR, &kstype,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin sizeof (kstype));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (token) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_TOKEN_LABEL_ATTR, token,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin strlen(token));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_READONLY_ATTR, &readonly,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin sizeof (readonly));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv = kmf_configure_keystore(kmfhandle, i, attlist);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (rv == KMF_ERR_TOKEN_SELECTED)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_RETURN
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinconfigure_nss(void *kmfhandle, char *dir, char *prefix)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_ATTRIBUTE attlist[10];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int i = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_RETURN rv = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_KEYSTORE_TYPE_ATTR, &kstype,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin sizeof (kstype));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (dir) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_DIRPATH_ATTR, dir,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin strlen(dir));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (prefix) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_CERTPREFIX_ATTR, prefix,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin strlen(prefix));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin kmf_set_attr_at_index(attlist, i,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_KEYPREFIX_ATTR, prefix,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin strlen(prefix));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin i++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv = kmf_configure_keystore(kmfhandle, i, attlist);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (rv == KMF_KEYSTORE_ALREADY_INITIALIZED)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin rv = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_RETURN
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_pk12_password(KMF_CREDENTIAL *cred)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_RETURN rv = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char prompt[1024];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Get the password to use for the PK12 encryption.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcpy(prompt,
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin gettext("Enter password to use for "
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin "accessing the PKCS12 file: "), sizeof (prompt));
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (get_pin(prompt, NULL, (uchar_t **)&cred->cred,
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin (ulong_t *)&cred->credlen) != CKR_OK) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin cred->cred = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin cred->credlen = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (rv);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define FILENAME_PROMPT gettext("Filename:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define FILENAME_MINLEN 1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define FILENAME_MAXLEN MAXPATHLEN
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define COUNTRY_PROMPT gettext("Country Name (2 letter code) [US]:")
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define STATE_PROMPT gettext("State or Province Name (full name) " \
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin "[Some-State]:")
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define LOCALITY_PROMPT gettext("Locality Name (eg, city) []:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define ORG_PROMPT gettext("Organization Name (eg, company) []:")
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define UNIT_PROMPT gettext("Organizational Unit Name (eg, section) []:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define NAME_PROMPT gettext("Common Name (eg, YOUR name) []:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define EMAIL_PROMPT gettext("Email Address []:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define SERNO_PROMPT gettext("Serial Number (hex value, example: " \
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin "0x01020304):")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define SERNO_MINLEN 3
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define SERNO_MAXLEN 42
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define LABEL_PROMPT gettext("Enter a label for the certificate:")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define LABEL_MINLEN 1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define LABEL_MAXLEN 1024
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define COUNTRY_DEFAULT "US"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define STATE_DEFAULT NULL
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define INVALID_INPUT gettext("Invalid input; please re-enter ...")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define SUBNAMESIZ 1024
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define RDN_MIN 1
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin#define RDN_MAX 64
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define COUNTRYNAME_MIN 2
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define COUNTRYNAME_MAX 2
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstatic char *
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chinget_input_string(char *prompt, char *default_str, int min_len, int max_len)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char buf[1024];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *response = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *ret = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int len;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for (;;) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) printf("\t%s", prompt);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) fflush(stdout);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin response = fgets(buf, sizeof (buf), stdin);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (response == NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (default_str != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ret = strdup(default_str);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Skip any leading white space. */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin while (isspace(*response))
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin response++;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (*response == '\0') {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (default_str != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ret = strdup(default_str);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin len = strlen(response);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin response[len-1] = '\0'; /* get rid of "LF" */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin len--;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (len >= min_len && len <= max_len) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ret = strdup(response);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin break;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) printf("%s\n", INVALID_INPUT);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (ret);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_filename(char *txt, char **result)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char prompt[1024];
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *fname = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) snprintf(prompt, sizeof (prompt),
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin gettext("Enter filename for the %s: "),
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin txt);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin fname = get_input_string(prompt, NULL,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin FILENAME_MINLEN, FILENAME_MAXLEN);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *result = fname;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_certlabel(char **result)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *label = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin label = get_input_string(LABEL_PROMPT, NULL,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin LABEL_MINLEN, LABEL_MAXLEN);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *result = label;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_serial(char **result)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *serial = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin serial = get_input_string(SERNO_PROMPT, NULL, SERNO_MINLEN,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin SERNO_MAXLEN);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *result = serial;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinget_subname(char **result)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *country = NULL;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin char *state = NULL;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin char *locality = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *org = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *unit = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *name = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *email = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin char *subname = NULL;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) printf("Entering following fields for subject (a DN) ...\n");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin country = get_input_string(COUNTRY_PROMPT, COUNTRY_DEFAULT,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin COUNTRYNAME_MIN, COUNTRYNAME_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (country == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin state = get_input_string(STATE_PROMPT, STATE_DEFAULT,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin locality = get_input_string(LOCALITY_PROMPT, NULL, RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin org = get_input_string(ORG_PROMPT, NULL, RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin unit = get_input_string(UNIT_PROMPT, NULL, RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin name = get_input_string(NAME_PROMPT, NULL, RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin email = get_input_string(EMAIL_PROMPT, NULL, RDN_MIN, RDN_MAX);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Now create a subject name from the input strings */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if ((subname = malloc(SUBNAMESIZ)) == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin goto out;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin (void) memset(subname, 0, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcpy(subname, "C=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, country, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (state != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", ST=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, state, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (locality != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", L=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, locality, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (org != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", O=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, org, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (unit != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", OU=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, unit, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (name != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", CN=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, name, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (email != NULL) {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, ", E=", SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (void) strlcat(subname, email, SUBNAMESIZ);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinout:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (country)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(country);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (state)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(state);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (locality)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(locality);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (org)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(org);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (unit)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(unit);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (name)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(name);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (email)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin free(email);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (subname == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (-1);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *result = subname;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (0);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/*
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Parse a string of KeyUsage values and convert
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * them to the correct KU Bits.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * The field may be marked "critical" by prepending
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * "critical:" to the list.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * EX: critical:digitialSignature,keyEncipherment
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinKMF_RETURN
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinverify_keyusage(char *kustr, uint16_t *kubits, int *critical)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin KMF_RETURN ret = KMF_OK;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin uint16_t kuval;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin char *k;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *kubits = 0;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (kustr == NULL || strlen(kustr) == 0)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (KMF_ERR_BAD_PARAMETER);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Check to see if this is critical */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (strncasecmp(kustr, "critical:", strlen("critical:")) == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *critical = TRUE;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin kustr += strlen("critical:");
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *critical = FALSE;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin k = strtok(kustr, ",");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin while (k != NULL) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin kuval = kmf_string_to_ku(k);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (kuval == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *kubits = 0;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (KMF_ERR_BAD_PARAMETER);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *kubits |= kuval;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin k = strtok(NULL, ",");
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin return (ret);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin}
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin/*
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * Verify the alternate subject label is real or invalid.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * The field may be marked "critical" by prepending
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * "critical:" to the list.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * EX: "critical:IP=1.2.3.4"
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin */
7c2fbfb345896881c631598ee3852ce9ce33fb07April ChinKMF_RETURN
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chinverify_altname(char *arg, KMF_GENERALNAMECHOICES *type, int *critical)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin{
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin char *p;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin KMF_RETURN rv = KMF_OK;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin /* Check to see if this is critical */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (strncasecmp(arg, "critical:", strlen("critical:")) == 0) {
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *critical = TRUE;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin arg += strlen("critical:");
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin } else {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *critical = FALSE;
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin }
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin /* Make sure there is an "=" sign */
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin p = strchr(arg, '=');
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin if (p == NULL)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin return (KMF_ERR_BAD_PARAMETER);
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin p[0] = '\0';
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin if (strcmp(arg, "IP") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_IPADDRESS;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "DNS") == 0)
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin *type = GENNAME_DNSNAME;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "EMAIL") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_RFC822NAME;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "URI") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_URI;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "DN") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_DIRECTORYNAME;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "RID") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_REGISTEREDID;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "KRB") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_KRB5PRINC;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else if (strcmp(arg, "UPN") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin *type = GENNAME_SCLOGON_UPN;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin else
rv = KMF_ERR_BAD_PARAMETER;
p[0] = '=';
return (rv);
}
int
get_token_password(KMF_KEYSTORE_TYPE kstype,
char *token_spec, KMF_CREDENTIAL *cred)
{
char prompt[1024];
char *p = NULL;
if (kstype == KMF_KEYSTORE_PK11TOKEN) {
p = strchr(token_spec, ':');
if (p != NULL)
*p = 0;
}
/*
* Login to the token first.
*/
(void) snprintf(prompt, sizeof (prompt),
gettext(DEFAULT_TOKEN_PROMPT), token_spec);
if (get_pin(prompt, NULL, (uchar_t **)&cred->cred,
(ulong_t *)&cred->credlen) != CKR_OK) {
cred->cred = NULL;
cred->credlen = 0;
}
if (kstype == KMF_KEYSTORE_PK11TOKEN && p != NULL)
*p = ':';
return (KMF_OK);
}
KMF_RETURN
verify_file(char *filename)
{
KMF_RETURN ret = KMF_OK;
int fd;
/*
* Attempt to open with the EXCL flag so that if
* it already exists, the open will fail. It will
* also fail if the file cannot be created due to
* permissions on the parent directory, or if the
* parent directory itself does not exist.
*/
fd = open(filename, O_CREAT | O_EXCL, 0600);
if (fd == -1)
return (KMF_ERR_OPEN_FILE);
/* If we were able to create it, delete it. */
(void) close(fd);
(void) unlink(filename);
return (ret);
}
void
display_error(void *handle, KMF_RETURN errcode, char *prefix)
{
KMF_RETURN rv1, rv2;
char *plugin_errmsg = NULL;
char *kmf_errmsg = NULL;
rv1 = kmf_get_plugin_error_str(handle, &plugin_errmsg);
rv2 = kmf_get_kmf_error_str(errcode, &kmf_errmsg);
cryptoerror(LOG_STDERR, "%s:", prefix);
if (rv1 == KMF_OK && plugin_errmsg) {
cryptoerror(LOG_STDERR, gettext("keystore error: %s"),
plugin_errmsg);
kmf_free_str(plugin_errmsg);
}
if (rv2 == KMF_OK && kmf_errmsg) {
cryptoerror(LOG_STDERR, gettext("libkmf error: %s"),
kmf_errmsg);
kmf_free_str(kmf_errmsg);
}
if (rv1 != KMF_OK && rv2 != KMF_OK)
cryptoerror(LOG_STDERR, gettext("<unknown error>\n"));
}
static KMF_RETURN
addToEKUList(EKU_LIST *ekus, int critical, KMF_OID *newoid)
{
if (newoid != NULL && ekus != NULL) {
ekus->eku_count++;
ekus->critlist = realloc(ekus->critlist,
ekus->eku_count * sizeof (int));
if (ekus->critlist != NULL)
ekus->critlist[ekus->eku_count-1] = critical;
else
return (KMF_ERR_MEMORY);
ekus->ekulist = realloc(
ekus->ekulist, ekus->eku_count * sizeof (KMF_OID));
if (ekus->ekulist != NULL)
ekus->ekulist[ekus->eku_count-1] = *newoid;
else
return (KMF_ERR_MEMORY);
}
return (KMF_OK);
}
void
free_eku_list(EKU_LIST *ekus)
{
if (ekus != NULL && ekus->eku_count > 0) {
int i;
for (i = 0; i < ekus->eku_count; i++) {
kmf_free_data(&ekus->ekulist[i]);
}
free(ekus->ekulist);
free(ekus->critlist);
}
}
static KMF_RETURN
parse_ekus(char *ekustr, EKU_LIST *ekus)
{
KMF_RETURN rv = KMF_OK;
KMF_OID *newoid;
int critical;
if (strncasecmp(ekustr, "critical:",
strlen("critical:")) == 0) {
critical = TRUE;
ekustr += strlen("critical:");
} else {
critical = FALSE;
}
newoid = kmf_ekuname_to_oid(ekustr);
if (newoid != NULL) {
rv = addToEKUList(ekus, critical, newoid);
free(newoid);
} else {
rv = PK_ERR_USAGE;
}
return (rv);
}
KMF_RETURN
verify_ekunames(char *ekuliststr, EKU_LIST **ekulist)
{
KMF_RETURN rv = KMF_OK;
char *p;
EKU_LIST *ekus = NULL;
if (ekuliststr == NULL || strlen(ekuliststr) == 0)
return (0);
/*
* The list should be comma separated list of EKU Names.
*/
p = strtok(ekuliststr, ",");
/* If no tokens found, then maybe it's just a single EKU value */
if (p == NULL) {
rv = parse_ekus(ekuliststr, ekus);
}
while (p != NULL) {
rv = parse_ekus(p, ekus);
if (rv != KMF_OK)
break;
p = strtok(NULL, ",");
}
if (rv != KMF_OK)
free_eku_list(ekus);
else
*ekulist = ekus;
return (rv);
}
KMF_RETURN
token_auth_needed(KMF_HANDLE_T handle, char *tokenlabel, int *auth)
{
CK_TOKEN_INFO info;
CK_SLOT_ID slot;
CK_RV ckrv;
KMF_RETURN rv;
*auth = 0;
rv = kmf_pk11_token_lookup(handle, tokenlabel, &slot);
if (rv != KMF_OK)
return (rv);
ckrv = C_GetTokenInfo(slot, &info);
if (ckrv != KMF_OK)
return (KMF_ERR_INTERNAL);
*auth = (info.flags & CKF_LOGIN_REQUIRED);
return (KMF_OK);
}