/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <strings.h>
#include <libgen.h>
#include <pthread.h>
#include <ctype.h>
#include <security/cryptoki.h>
#include <security/pkcs11.h>
#include <cryptoutil.h>
/* PKCS#11 URI prefix and attributes. */
#define PK11_URI_PREFIX "pkcs11:"
#define PK11_TOKEN "token"
#define PK11_MANUF "manufacturer"
#define PK11_SERIAL "serial"
#define PK11_MODEL "model"
#define PK11_OBJECT "object"
#define PK11_OBJECTTYPE "objecttype"
#define PK11_ID "id"
#define PK11_PINFILE "pinfile"
/*
* Gets a hexadecimal string of the xx:xx:xx-like format and fills the output
* buffer with bytes representing each of the hexadecimal numbers. Returns 0 on
* error (missing ':', not a hexadecimal character (eg. 'z'), output buffer
* overflow, etc.), or the number of hexadecimal numbers processed.
*
* Returns:
* 0
* on failure
* >0
* number of bytes returned via the output parameter
*/
static int
read_id(char *str, unsigned char *output, int out_len)
{
int i, len, n;
unsigned int x1, x2;
len = strlen(str);
(void) memset(output, 0, out_len);
/* Counter of the processed bytes. */
i = 0;
/* Counter for the used output bytes. */
n = 0;
while (i < len) {
/* We require at least one hexadecimal character. */
if (sscanf(str + i, "%1x", &x1) != 1)
return (0);
++i;
/* And we accept the 2nd one if it is there. */
if (sscanf(str + i, "%1x", &x2) == 1) {
x1 = x1 * 16 + x2;
++i;
}
/* Output buffer overflow? */
if ((n + 1) > out_len)
return (0);
output[n] = (unsigned char)x1;
/* Still some bytes to process? */
if (i < len) {
/* ':' is the only acceptable delimiter. */
if (str[i] != ':')
return (0);
/* Skip ':' */
++i;
}
++n;
}
return (n);
}
static char hex_table[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, 0, 10, 11,
12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
#define X2CHAR(x) (hex_table[x])
/*
* Performs inline percent-decoding of string str.
* String must be zero-terminated! Implies, that str must not be NULL either.
* Returns: length of the resulting string
*/
size_t
pct_decode(char *str)
{
char *p, *q;
p = q = str;
while (*p != '\0') {
/* cannot overflow - zero-termination constraint on str */
if ((*p == '%') && isxdigit(p[1]) && isxdigit(p[2])) {
*q = (X2CHAR(p[1]) << 4) + X2CHAR(p[2]);
p += 3;
} else {
/* not copying common unescaped prefix */
if (q != p) {
*q = *p;
}
p++;
}
q++;
}
*q = '\0';
return (q - str);
}
/*
* Process the PKCS#11 URI. The function expects an allocated URI structure. The
* caller is later expected to call pkcs11_free_uri() when the parsed URI is no
* longer needed.
*
* Note that the caller needs to call pkcs11_free_uri() on the 'uri' structure
* only if PK11_URI_OK is returned but it is always safe to do that since
* pkcs11_free_uri() checks for NULLs and the structure is zeroized here before
* it is used.
*
* Returns:
* PK11_URI_OK
* success
* PK11_URI_INVALID
* invalid PKCS#11 URI (one that has the "pkcs11:" prefix but is
* otherwise incorrectly specified)
* PK11_MALLOC_ERROR
* malloc(3C) failed when allocating one of the internal buffers.
* This error can be returned only after the correct "pkcs11:"
* prefix was found but it does not give any information about the
* syntax correctness of the URI body.
* PK11_URI_VALUE_OVERFLOW
* some attributes in the URI are of the fixed length according to
* the spec. If any of those attributes overflows we report an
* error
* PK11_NOT_PKCS11_URI
* the URI supplied is not the PKCS#11 URI at all (does not have
* the "pkcs11:" prefix)
*/
int
pkcs11_parse_uri(const char *str, pkcs11_uri_t *uri)
{
char *str2, *l1, *l2, *tok, *name;
size_t len;
/* Initialize the structure. */
(void) memset(uri, 0, sizeof (pkcs11_uri_t));
/* Be really safe. */
uri->objecttype_present = B_FALSE;
/* Check that we have the correct PKCS#11 URI prefix. */
if (strncmp(str, PK11_URI_PREFIX, strlen(PK11_URI_PREFIX)) != 0)
return (PK11_NOT_PKCS11_URI);
/* Dup the string and skip over the prefix then. */
if ((str2 = strdup(str + strlen(PK11_URI_PREFIX))) == NULL)
return (PK11_MALLOC_ERROR);
/*
* Using strtok_r() would silently skip over multiple semicolons. We
* must check such situation before moving on. We must also avoid ';' as
* the first and the last character of the URI.
*/
if (strstr(str2, ";;") != NULL || str2[0] == ';' ||
(strlen(str2) > 0 && str2[strlen(str2) - 1] == ';'))
goto bad_uri;
/* Now parse the URI. */
tok = strtok_r(str2, ";", &l1);
for (; tok != NULL; tok = strtok_r(NULL, ";", &l1)) {
/* "tok" is not empty so there will be something in "name". */
name = strtok_r(tok, "=", &l2);
/* Check whether there is '=' at all. */
if (l2 == NULL)
goto bad_uri;
/*
* Fill out the URI structure. We do not accept duplicate
* attributes.
*/
if (strcmp(name, PK11_TOKEN) == 0) {
/* Check for duplicity. */
if (uri->token != NULL)
goto bad_uri;
len = pct_decode(l2);
if (len > 32)
goto value_overflow;
if ((uri->token = (unsigned char *)strdup(l2)) == NULL)
goto malloc_failed;
} else if (strcmp(name, PK11_MANUF) == 0) {
/* Check for duplicity. */
if (uri->manuf != NULL)
goto bad_uri;
len = pct_decode(l2);
if (len > 32)
goto value_overflow;
if ((uri->manuf = (unsigned char *)strdup(l2)) == NULL)
goto malloc_failed;
} else if (strcmp(name, PK11_SERIAL) == 0) {
/* Check for duplicity. */
if (uri->serial != NULL)
goto bad_uri;
len = pct_decode(l2);
if (len > 16)
goto value_overflow;
if ((uri->serial = (unsigned char *)strdup(l2)) == NULL)
goto malloc_failed;
} else if (strcmp(name, PK11_MODEL) == 0) {
/* Check for duplicity. */
if (uri->model != NULL)
goto bad_uri;
len = pct_decode(l2);
if (len > 16)
goto value_overflow;
if ((uri->model = (unsigned char *)strdup(l2)) == NULL)
goto malloc_failed;
} else if (strcmp(name, PK11_ID) == 0) {
/* Check for duplicity. */
if (uri->id_len != 0)
goto bad_uri;
/*
* We can have maximum of PK11_MAX_ID_LEN 2-byte
* numbers separated by ':'s, like
* 01:02:0A:FF:...
*/
if (strlen(l2) > PK11_MAX_ID_LEN * 2 +
PK11_MAX_ID_LEN - 1) {
goto value_overflow;
}
if ((uri->id = malloc(PK11_MAX_ID_LEN)) == NULL)
goto malloc_failed;
uri->id_len = read_id(l2, uri->id,
PK11_MAX_ID_LEN);
if (uri->id_len == 0)
goto bad_uri;
} else if (strcmp(name, PK11_OBJECT) == 0) {
/* Check for duplicity. */
if (uri->object != NULL)
goto bad_uri;
len = pct_decode(l2);
if (len > PK11_MAX_OBJECT_LEN)
goto value_overflow;
if ((uri->object = (unsigned char *)strdup(l2)) == NULL)
goto malloc_failed;
} else if (strcmp(name, PK11_OBJECTTYPE) == 0) {
/*
* Check for duplicity. objecttype can not be empty, it
* would not make sense.
*/
if (uri->objecttype_present == CK_TRUE)
goto bad_uri;
if (strcmp(l2, "public") == 0)
uri->objecttype = CKO_PUBLIC_KEY;
else if (strcmp(l2, "private") == 0)
uri->objecttype = CKO_PRIVATE_KEY;
else if (strcmp(l2, "cert") == 0)
uri->objecttype = CKO_CERTIFICATE;
else if (strcmp(l2, "secretkey") == 0)
uri->objecttype = CKO_SECRET_KEY;
else if (strcmp(l2, "data") == 0)
uri->objecttype = CKO_DATA;
else
goto bad_uri;
uri->objecttype_present = CK_TRUE;
} else if (strcmp(name, PK11_PINFILE) == 0)
/* Check for duplicity. */
if (uri->pinfile == NULL) {
len = pct_decode(l2);
if (len > MAXPATHLEN)
goto value_overflow;
if ((uri->pinfile = strdup(l2)) == NULL)
goto malloc_failed;
/* Empty pinfile makes no sense. */
if (uri->pinfile[0] == '\0')
goto bad_uri;
} else
goto bad_uri;
else
/* Unknown attribute name. */
goto bad_uri;
}
free(str2);
return (PK11_URI_OK);
malloc_failed:
free(str2);
pkcs11_free_uri(uri);
return (PK11_MALLOC_ERROR);
bad_uri:
free(str2);
pkcs11_free_uri(uri);
return (PK11_URI_INVALID);
value_overflow:
free(str2);
pkcs11_free_uri(uri);
return (PK11_URI_VALUE_OVERFLOW);
}
/*
* Free the PKCS#11 URI structure attributes but do not free the structure
* itself. The caller needs to call this function only if pkcs11_parse_uri()
* returned PK11_URI_OK. However, it is always safe to do that for other return
* codes as well since the structure is zeroized at the beginning of
* pkcs11_parse_uri() and we check for NULLs here.
*/
void
pkcs11_free_uri(pkcs11_uri_t *uri)
{
if (uri->object != NULL)
free(uri->object);
if (uri->token != NULL)
free(uri->token);
if (uri->manuf != NULL)
free(uri->manuf);
if (uri->serial != NULL)
free(uri->serial);
if (uri->model != NULL)
free(uri->model);
if (uri->id != NULL)
free(uri->id);
if (uri->pinfile != NULL)
free(uri->pinfile);
}