xref: /illumos-gate/usr/src/lib/libcryptoutil/common/passutils.c (revision c545f712400280e1f18c1488fde559c5b9a6b6ff)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <stdio.h>
27 #include <string.h>
28 #include <fcntl.h>
29 #include <locale.h>
30 #include <cryptoutil.h>
31 
32 #define	MAX_PASS_TRIES		5	/* maximum tries to get passphrase */
33 
34 #define	DEFAULT_TOKEN_PROMPT	gettext("Enter PIN for %s: ")
35 #define	DEFAULT_TOKEN_REPROMPT	gettext("Re-enter PIN for %s: ")
36 #define	DEFAULT_TOKEN_MINSIZE	gettext("PIN must be at least %d characters.\n")
37 
38 #define	DEFAULT_USER_PROMPT	gettext("Enter passphrase: ")
39 #define	DEFAULT_USER_REPROMPT	gettext("Re-enter passphrase: ")
40 #define	DEFAULT_USER_MINSIZE	\
41 			gettext("Passphrase must be at least %d characters.\n")
42 
43 #define	DEFAULT_PK11TOKEN	SOFT_TOKEN_LABEL
44 
45 /*
46  * Default token name
47  */
48 char *
pkcs11_default_token(void)49 pkcs11_default_token(void)
50 {
51 	return (DEFAULT_PK11TOKEN);
52 }
53 
54 /*
55  * Prompt user for a passphrase or the PIN for a token.
56  *
57  * An optional minimum length can be enforced.  Caller can optionally also
58  * reprompt for the passphrase/PIN to confirm it was entered correctly.
59  * The caller must free the buffer containing the passphrase/PIN with free().
60  * 0 returned for success, -1 for failure with the first passphrase/PIN,
61  * -2 for failure with the optional second passphrase/PIN used to confirm.
62  */
63 int
pkcs11_get_pass(char * token_name,char ** pdata,size_t * psize,size_t min_psize,boolean_t with_confirmation)64 pkcs11_get_pass(char *token_name, char **pdata, size_t *psize, size_t min_psize,
65     boolean_t with_confirmation)
66 {
67 	char	prompt[1024];
68 	char	*tmpbuf = NULL;
69 	char	*databuf = NULL;
70 	int	tries;
71 
72 	if (token_name != NULL)
73 		(void) snprintf(prompt, sizeof (prompt), DEFAULT_TOKEN_PROMPT,
74 		    token_name);
75 	else
76 		(void) snprintf(prompt, sizeof (prompt), DEFAULT_USER_PROMPT);
77 
78 	for (tries = MAX_PASS_TRIES; tries > 0; tries--) {
79 		tmpbuf = getpassphrase(prompt);
80 		if (tmpbuf == NULL)
81 			return (-1);
82 
83 		if (strnlen(tmpbuf, min_psize) >= min_psize)
84 			break;
85 
86 		if (token_name != NULL)
87 			(void) printf(DEFAULT_TOKEN_MINSIZE, min_psize);
88 		else
89 			(void) printf(DEFAULT_USER_MINSIZE, min_psize);
90 	}
91 	if (tries == 0) {
92 		(void) printf(gettext("Exceeded number of attempts.\n"));
93 		return (-1);
94 	}
95 
96 	databuf = strdup(tmpbuf);
97 	(void) memset(tmpbuf, 0, strlen(tmpbuf));	/* clean up */
98 	if (databuf == NULL)
99 		return (-1);
100 
101 	if (with_confirmation) {
102 		if (token_name != NULL)
103 			(void) snprintf(prompt, sizeof (prompt),
104 			    DEFAULT_TOKEN_REPROMPT, token_name);
105 		else
106 			(void) snprintf(prompt, sizeof (prompt),
107 			    DEFAULT_USER_REPROMPT);
108 		tmpbuf = getpassphrase(prompt);
109 		if (tmpbuf == NULL) {
110 			/* clean up */
111 			(void) memset(databuf, 0, strlen(databuf));
112 			free(databuf);
113 			return (-2);
114 		}
115 
116 		if (strcmp(databuf, tmpbuf) != 0) {
117 			/* clean up */
118 			(void) memset(tmpbuf, 0, strlen(tmpbuf));
119 			(void) memset(databuf, 0, strlen(databuf));
120 			free(databuf);
121 			return (-2);
122 		}
123 	}
124 
125 	*pdata = databuf;
126 	*psize = strlen(databuf);
127 
128 	return (0);
129 }
130