1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <stdio.h>
27 #include <string.h>
28 #include <fcntl.h>
29 #include <locale.h>
30 #include <cryptoutil.h>
31
32 #define MAX_PASS_TRIES 5 /* maximum tries to get passphrase */
33
34 #define DEFAULT_TOKEN_PROMPT gettext("Enter PIN for %s: ")
35 #define DEFAULT_TOKEN_REPROMPT gettext("Re-enter PIN for %s: ")
36 #define DEFAULT_TOKEN_MINSIZE gettext("PIN must be at least %d characters.\n")
37
38 #define DEFAULT_USER_PROMPT gettext("Enter passphrase: ")
39 #define DEFAULT_USER_REPROMPT gettext("Re-enter passphrase: ")
40 #define DEFAULT_USER_MINSIZE \
41 gettext("Passphrase must be at least %d characters.\n")
42
43 #define DEFAULT_PK11TOKEN SOFT_TOKEN_LABEL
44
45 /*
46 * Default token name
47 */
48 char *
pkcs11_default_token(void)49 pkcs11_default_token(void)
50 {
51 return (DEFAULT_PK11TOKEN);
52 }
53
54 /*
55 * Prompt user for a passphrase or the PIN for a token.
56 *
57 * An optional minimum length can be enforced. Caller can optionally also
58 * reprompt for the passphrase/PIN to confirm it was entered correctly.
59 * The caller must free the buffer containing the passphrase/PIN with free().
60 * 0 returned for success, -1 for failure with the first passphrase/PIN,
61 * -2 for failure with the optional second passphrase/PIN used to confirm.
62 */
63 int
pkcs11_get_pass(char * token_name,char ** pdata,size_t * psize,size_t min_psize,boolean_t with_confirmation)64 pkcs11_get_pass(char *token_name, char **pdata, size_t *psize, size_t min_psize,
65 boolean_t with_confirmation)
66 {
67 char prompt[1024];
68 char *tmpbuf = NULL;
69 char *databuf = NULL;
70 int tries;
71
72 if (token_name != NULL)
73 (void) snprintf(prompt, sizeof (prompt), DEFAULT_TOKEN_PROMPT,
74 token_name);
75 else
76 (void) snprintf(prompt, sizeof (prompt), DEFAULT_USER_PROMPT);
77
78 for (tries = MAX_PASS_TRIES; tries > 0; tries--) {
79 tmpbuf = getpassphrase(prompt);
80 if (tmpbuf == NULL)
81 return (-1);
82
83 if (strnlen(tmpbuf, min_psize) >= min_psize)
84 break;
85
86 if (token_name != NULL)
87 (void) printf(DEFAULT_TOKEN_MINSIZE, min_psize);
88 else
89 (void) printf(DEFAULT_USER_MINSIZE, min_psize);
90 }
91 if (tries == 0) {
92 (void) printf(gettext("Exceeded number of attempts.\n"));
93 return (-1);
94 }
95
96 databuf = strdup(tmpbuf);
97 (void) memset(tmpbuf, 0, strlen(tmpbuf)); /* clean up */
98 if (databuf == NULL)
99 return (-1);
100
101 if (with_confirmation) {
102 if (token_name != NULL)
103 (void) snprintf(prompt, sizeof (prompt),
104 DEFAULT_TOKEN_REPROMPT, token_name);
105 else
106 (void) snprintf(prompt, sizeof (prompt),
107 DEFAULT_USER_REPROMPT);
108 tmpbuf = getpassphrase(prompt);
109 if (tmpbuf == NULL) {
110 /* clean up */
111 (void) memset(databuf, 0, strlen(databuf));
112 free(databuf);
113 return (-2);
114 }
115
116 if (strcmp(databuf, tmpbuf) != 0) {
117 /* clean up */
118 (void) memset(tmpbuf, 0, strlen(tmpbuf));
119 (void) memset(databuf, 0, strlen(databuf));
120 free(databuf);
121 return (-2);
122 }
123 }
124
125 *pdata = databuf;
126 *psize = strlen(databuf);
127
128 return (0);
129 }
130