xref: /illumos-gate/usr/src/cmd/lofiadm/main.c (revision 49b7860084dbba18bc00b29413d6182197f9fe93)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2012 Joyent, Inc.  All rights reserved.
25  *
26  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
27  * Copyright (c) 2014 Gary Mills
28  * Copyright (c) 2016 Andrey Sokolov
29  */
30 
31 /*
32  * lofiadm - administer lofi(7d). Very simple, add and remove file<->device
33  * associations, and display status. All the ioctls are private between
34  * lofi and lofiadm, and so are very simple - device information is
35  * communicated via a minor number.
36  */
37 
38 #include <sys/types.h>
39 #include <sys/param.h>
40 #include <sys/lofi.h>
41 #include <sys/stat.h>
42 #include <sys/sysmacros.h>
43 #include <netinet/in.h>
44 #include <stdio.h>
45 #include <fcntl.h>
46 #include <locale.h>
47 #include <string.h>
48 #include <strings.h>
49 #include <errno.h>
50 #include <stdlib.h>
51 #include <unistd.h>
52 #include <stropts.h>
53 #include <libdevinfo.h>
54 #include <libgen.h>
55 #include <ctype.h>
56 #include <dlfcn.h>
57 #include <limits.h>
58 #include <security/cryptoki.h>
59 #include <cryptoutil.h>
60 #include <sys/crypto/ioctl.h>
61 #include <sys/crypto/ioctladmin.h>
62 #include "utils.h"
63 #include <LzmaEnc.h>
64 
65 /* Only need the IV len #defines out of these files, nothing else. */
66 #include <aes/aes_impl.h>
67 #include <des/des_impl.h>
68 #include <blowfish/blowfish_impl.h>
69 
70 static const char USAGE[] =
71 	"Usage: %s [-r] -a file [ device ]\n"
72 	"       %s [-r] -c crypto_algorithm -a file [device]\n"
73 	"       %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
74 	"       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
75 	"-a file [device]\n"
76 	"       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
77 	"-k wrapped_key_file -a file [device]\n"
78 	"       %s [-r] -c crypto_algorithm -e -a file [device]\n"
79 	"       %s -d file | device\n"
80 	"       %s -C [gzip|gzip-6|gzip-9|lzma] [-s segment_size] file\n"
81 	"       %s -U file\n"
82 	"       %s [ file | device ]\n";
83 
84 typedef struct token_spec {
85 	char	*name;
86 	char	*mfr;
87 	char	*serno;
88 	char	*key;
89 } token_spec_t;
90 
91 typedef struct mech_alias {
92 	char	*alias;
93 	CK_MECHANISM_TYPE type;
94 	char	*name;		/* for ioctl */
95 	char	*iv_name;	/* for ioctl */
96 	size_t	iv_len;		/* for ioctl */
97 	iv_method_t iv_type;	/* for ioctl */
98 	size_t	min_keysize;	/* in bytes */
99 	size_t	max_keysize;	/* in bytes */
100 	token_spec_t *token;
101 	CK_SLOT_ID slot;
102 } mech_alias_t;
103 
104 static mech_alias_t mech_aliases[] = {
105 	/* Preferred one should always be listed first. */
106 	{ "aes-256-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
107 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
108 	{ "aes-192-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
109 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
110 	{ "aes-128-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
111 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
112 	{ "des3-cbc", CKM_DES3_CBC, "CKM_DES3_CBC", "CKM_DES3_ECB", DES_IV_LEN,
113 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 },
114 	{ "blowfish-cbc", CKM_BLOWFISH_CBC, "CKM_BLOWFISH_CBC",
115 	    "CKM_BLOWFISH_ECB", BLOWFISH_IV_LEN, IVM_ENC_BLKNO, ULONG_MAX,
116 	    0L, NULL, (CK_SLOT_ID)-1 }
117 	/*
118 	 * A cipher without an iv requirement would look like this:
119 	 * { "aes-xex", CKM_AES_XEX, "CKM_AES_XEX", NULL, 0,
120 	 *    IVM_NONE, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 }
121 	 */
122 };
123 
124 int	mech_aliases_count = (sizeof (mech_aliases) / sizeof (mech_alias_t));
125 
126 /* Preferred cipher, if one isn't specified on command line. */
127 #define	DEFAULT_CIPHER	(&mech_aliases[0])
128 
129 #define	DEFAULT_CIPHER_NUM	64	/* guess # kernel ciphers available */
130 #define	DEFAULT_MECHINFO_NUM	16	/* guess # kernel mechs available */
131 #define	MIN_PASSLEN		8	/* min acceptable passphrase size */
132 
133 static int gzip_compress(void *src, size_t srclen, void *dst,
134 	size_t *destlen, int level);
135 static int lzma_compress(void *src, size_t srclen, void *dst,
136 	size_t *destlen, int level);
137 
138 lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = {
139 	{NULL,  		gzip_compress,  6,	"gzip"}, /* default */
140 	{NULL,			gzip_compress,	6,	"gzip-6"},
141 	{NULL,			gzip_compress,	9, 	"gzip-9"},
142 	{NULL,  		lzma_compress, 	0, 	"lzma"}
143 };
144 
145 /* For displaying lofi mappings */
146 #define	FORMAT 			"%-20s     %-30s	%s\n"
147 
148 #define	COMPRESS_ALGORITHM	"gzip"
149 #define	COMPRESS_THRESHOLD	2048
150 #define	SEGSIZE			131072
151 #define	BLOCK_SIZE		512
152 #define	KILOBYTE		1024
153 #define	MEGABYTE		(KILOBYTE * KILOBYTE)
154 #define	GIGABYTE		(KILOBYTE * MEGABYTE)
155 #define	LIBZ			"libz.so.1"
156 
157 const char lofi_crypto_magic[6] = LOFI_CRYPTO_MAGIC;
158 
159 static void
160 usage(const char *pname)
161 {
162 	(void) fprintf(stderr, gettext(USAGE), pname, pname, pname,
163 	    pname, pname, pname, pname, pname, pname, pname);
164 	exit(E_USAGE);
165 }
166 
167 static int
168 gzip_compress(void *src, size_t srclen, void *dst, size_t *dstlen, int level)
169 {
170 	static int (*compress2p)(void *, ulong_t *, void *, size_t, int) = NULL;
171 	void *libz_hdl = NULL;
172 
173 	/*
174 	 * The first time we are called, attempt to dlopen()
175 	 * libz.so.1 and get a pointer to the compress2() function
176 	 */
177 	if (compress2p == NULL) {
178 		if ((libz_hdl = openlib(LIBZ)) == NULL)
179 			die(gettext("could not find %s. "
180 			    "gzip compression unavailable\n"), LIBZ);
181 
182 		if ((compress2p =
183 		    (int (*)(void *, ulong_t *, void *, size_t, int))
184 		    dlsym(libz_hdl, "compress2")) == NULL) {
185 			closelib();
186 			die(gettext("could not find the correct %s. "
187 			    "gzip compression unavailable\n"), LIBZ);
188 		}
189 	}
190 
191 	if ((*compress2p)(dst, (ulong_t *)dstlen, src, srclen, level) != 0)
192 		return (-1);
193 	return (0);
194 }
195 
196 /*ARGSUSED*/
197 static void
198 *SzAlloc(void *p, size_t size)
199 {
200 	return (malloc(size));
201 }
202 
203 /*ARGSUSED*/
204 static void
205 SzFree(void *p, void *address, size_t size)
206 {
207 	free(address);
208 }
209 
210 static ISzAlloc g_Alloc = {
211 	SzAlloc,
212 	SzFree
213 };
214 
215 #define	LZMA_UNCOMPRESSED_SIZE	8
216 #define	LZMA_HEADER_SIZE (LZMA_PROPS_SIZE + LZMA_UNCOMPRESSED_SIZE)
217 
218 /*ARGSUSED*/
219 static int
220 lzma_compress(void *src, size_t srclen, void *dst,
221 	size_t *dstlen, int level)
222 {
223 	CLzmaEncProps props;
224 	size_t outsize2;
225 	size_t outsizeprocessed;
226 	size_t outpropssize = LZMA_PROPS_SIZE;
227 	uint64_t t = 0;
228 	SRes res;
229 	Byte *dstp;
230 	int i;
231 
232 	outsize2 = *dstlen;
233 
234 	LzmaEncProps_Init(&props);
235 
236 	/*
237 	 * The LZMA compressed file format is as follows -
238 	 *
239 	 * Offset Size(bytes) Description
240 	 * 0		1	LZMA properties (lc, lp, lp (encoded))
241 	 * 1		4	Dictionary size (little endian)
242 	 * 5		8	Uncompressed size (little endian)
243 	 * 13			Compressed data
244 	 */
245 
246 	/* set the dictionary size to be 8MB */
247 	props.dictSize = 1 << 23;
248 
249 	if (*dstlen < LZMA_HEADER_SIZE)
250 		return (SZ_ERROR_OUTPUT_EOF);
251 
252 	dstp = (Byte *)dst;
253 	t = srclen;
254 	/*
255 	 * Set the uncompressed size in the LZMA header
256 	 * The LZMA properties (specified in 'props')
257 	 * will be set by the call to LzmaEncode()
258 	 */
259 	for (i = 0; i < LZMA_UNCOMPRESSED_SIZE; i++, t >>= 8) {
260 		dstp[LZMA_PROPS_SIZE + i] = (Byte)t;
261 	}
262 
263 	outsizeprocessed = outsize2 - LZMA_HEADER_SIZE;
264 	res = LzmaEncode(dstp + LZMA_HEADER_SIZE, &outsizeprocessed,
265 	    src, srclen, &props, dstp, &outpropssize, 0, NULL,
266 	    &g_Alloc, &g_Alloc);
267 
268 	if (res != 0)
269 		return (-1);
270 
271 	*dstlen = outsizeprocessed + LZMA_HEADER_SIZE;
272 	return (0);
273 }
274 
275 /*
276  * Translate a lofi device name to a minor number. We might be asked
277  * to do this when there is no association (such as when the user specifies
278  * a particular device), so we can only look at the string.
279  */
280 static int
281 name_to_minor(const char *devicename)
282 {
283 	int	minor;
284 
285 	if (sscanf(devicename, "/dev/" LOFI_BLOCK_NAME "/%d", &minor) == 1) {
286 		return (minor);
287 	}
288 	if (sscanf(devicename, "/dev/" LOFI_CHAR_NAME "/%d", &minor) == 1) {
289 		return (minor);
290 	}
291 	return (0);
292 }
293 
294 /*
295  * This might be the first time we've used this minor number. If so,
296  * it might also be that the /dev links are in the process of being created
297  * by devfsadmd (or that they'll be created "soon"). We cannot return
298  * until they're there or the invoker of lofiadm might try to use them
299  * and not find them. This can happen if a shell script is running on
300  * an MP.
301  */
302 static int sleeptime = 2;	/* number of seconds to sleep between stat's */
303 static int maxsleep = 120;	/* maximum number of seconds to sleep */
304 
305 static void
306 wait_until_dev_complete(int minor)
307 {
308 	struct stat64 buf;
309 	int	cursleep;
310 	char	blkpath[MAXPATHLEN];
311 	char	charpath[MAXPATHLEN];
312 	di_devlink_handle_t hdl;
313 
314 	(void) snprintf(blkpath, sizeof (blkpath), "/dev/%s/%d",
315 	    LOFI_BLOCK_NAME, minor);
316 	(void) snprintf(charpath, sizeof (charpath), "/dev/%s/%d",
317 	    LOFI_CHAR_NAME, minor);
318 
319 	/* Check if links already present */
320 	if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
321 		return;
322 
323 	/* First use di_devlink_init() */
324 	if (hdl = di_devlink_init("lofi", DI_MAKE_LINK)) {
325 		(void) di_devlink_fini(&hdl);
326 		goto out;
327 	}
328 
329 	/*
330 	 * Under normal conditions, di_devlink_init(DI_MAKE_LINK) above will
331 	 * only fail if the caller is non-root. In that case, wait for
332 	 * link creation via sysevents.
333 	 */
334 	for (cursleep = 0; cursleep < maxsleep; cursleep += sleeptime) {
335 		if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
336 			return;
337 		(void) sleep(sleeptime);
338 	}
339 
340 	/* one last try */
341 out:
342 	if (stat64(blkpath, &buf) == -1) {
343 		die(gettext("%s was not created"), blkpath);
344 	}
345 	if (stat64(charpath, &buf) == -1) {
346 		die(gettext("%s was not created"), charpath);
347 	}
348 }
349 
350 /*
351  * Map the file and return the minor number the driver picked for the file
352  * DO NOT use this function if the filename is actually the device name.
353  */
354 static int
355 lofi_map_file(int lfd, struct lofi_ioctl li, const char *filename)
356 {
357 	int	minor;
358 
359 	li.li_minor = 0;
360 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
361 	minor = ioctl(lfd, LOFI_MAP_FILE, &li);
362 	if (minor == -1) {
363 		if (errno == ENOTSUP)
364 			warn(gettext("encrypting compressed files is "
365 			    "unsupported"));
366 		die(gettext("could not map file %s"), filename);
367 	}
368 	wait_until_dev_complete(minor);
369 	return (minor);
370 }
371 
372 /*
373  * Add a device association. If devicename is NULL, let the driver
374  * pick a device.
375  */
376 static void
377 add_mapping(int lfd, const char *devicename, const char *filename,
378     mech_alias_t *cipher, const char *rkey, size_t rksz, boolean_t rdonly)
379 {
380 	struct lofi_ioctl li;
381 
382 	li.li_readonly = rdonly;
383 
384 	li.li_crypto_enabled = B_FALSE;
385 	if (cipher != NULL) {
386 		/* set up encryption for mapped file */
387 		li.li_crypto_enabled = B_TRUE;
388 		(void) strlcpy(li.li_cipher, cipher->name,
389 		    sizeof (li.li_cipher));
390 		if (rksz > sizeof (li.li_key)) {
391 			die(gettext("key too large"));
392 		}
393 		bcopy(rkey, li.li_key, rksz);
394 		li.li_key_len = rksz << 3;	/* convert to bits */
395 
396 		li.li_iv_type = cipher->iv_type;
397 		li.li_iv_len = cipher->iv_len;	/* 0 when no iv needed */
398 		switch (cipher->iv_type) {
399 		case IVM_ENC_BLKNO:
400 			(void) strlcpy(li.li_iv_cipher, cipher->iv_name,
401 			    sizeof (li.li_iv_cipher));
402 			break;
403 		case IVM_NONE:
404 			/* FALLTHROUGH */
405 		default:
406 			break;
407 		}
408 	}
409 
410 	if (devicename == NULL) {
411 		int	minor;
412 
413 		/* pick one via the driver */
414 		minor = lofi_map_file(lfd, li, filename);
415 		/* if mapping succeeds, print the one picked */
416 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, minor);
417 		return;
418 	}
419 
420 	/* use device we were given */
421 	li.li_minor = name_to_minor(devicename);
422 	if (li.li_minor == 0) {
423 		die(gettext("malformed device name %s\n"), devicename);
424 	}
425 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
426 
427 	/* if device is already in use li.li_minor won't change */
428 	if (ioctl(lfd, LOFI_MAP_FILE_MINOR, &li) == -1) {
429 		if (errno == ENOTSUP)
430 			warn(gettext("encrypting compressed files is "
431 			    "unsupported"));
432 		die(gettext("could not map file %s to %s"), filename,
433 		    devicename);
434 	}
435 	wait_until_dev_complete(li.li_minor);
436 }
437 
438 /*
439  * Remove an association. Delete by device name if non-NULL, or by
440  * filename otherwise.
441  */
442 static void
443 delete_mapping(int lfd, const char *devicename, const char *filename,
444     boolean_t force)
445 {
446 	struct lofi_ioctl li;
447 
448 	li.li_force = force;
449 	li.li_cleanup = B_FALSE;
450 
451 	if (devicename == NULL) {
452 		/* delete by filename */
453 		(void) strlcpy(li.li_filename, filename,
454 		    sizeof (li.li_filename));
455 		li.li_minor = 0;
456 		if (ioctl(lfd, LOFI_UNMAP_FILE, &li) == -1) {
457 			die(gettext("could not unmap file %s"), filename);
458 		}
459 		return;
460 	}
461 
462 	/* delete by device */
463 	li.li_minor = name_to_minor(devicename);
464 	if (li.li_minor == 0) {
465 		die(gettext("malformed device name %s\n"), devicename);
466 	}
467 	if (ioctl(lfd, LOFI_UNMAP_FILE_MINOR, &li) == -1) {
468 		die(gettext("could not unmap device %s"), devicename);
469 	}
470 }
471 
472 /*
473  * Show filename given devicename, or devicename given filename.
474  */
475 static void
476 print_one_mapping(int lfd, const char *devicename, const char *filename)
477 {
478 	struct lofi_ioctl li;
479 
480 	if (devicename == NULL) {
481 		/* given filename, print devicename */
482 		li.li_minor = 0;
483 		(void) strlcpy(li.li_filename, filename,
484 		    sizeof (li.li_filename));
485 		if (ioctl(lfd, LOFI_GET_MINOR, &li) == -1) {
486 			die(gettext("could not find device for %s"), filename);
487 		}
488 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, li.li_minor);
489 		return;
490 	}
491 
492 	/* given devicename, print filename */
493 	li.li_minor = name_to_minor(devicename);
494 	if (li.li_minor == 0) {
495 		die(gettext("malformed device name %s\n"), devicename);
496 	}
497 	if (ioctl(lfd, LOFI_GET_FILENAME, &li) == -1) {
498 		die(gettext("could not find filename for %s"), devicename);
499 	}
500 	(void) printf("%s\n", li.li_filename);
501 }
502 
503 /*
504  * Print the list of all the mappings, including a header.
505  */
506 static void
507 print_mappings(int fd)
508 {
509 	struct lofi_ioctl li;
510 	int	minor;
511 	int	maxminor;
512 	char	path[MAXPATHLEN];
513 	char	options[MAXPATHLEN] = { 0 };
514 
515 	li.li_minor = 0;
516 	if (ioctl(fd, LOFI_GET_MAXMINOR, &li) == -1) {
517 		die("ioctl");
518 	}
519 	maxminor = li.li_minor;
520 
521 	(void) printf(FORMAT, gettext("Block Device"), gettext("File"),
522 	    gettext("Options"));
523 	for (minor = 1; minor <= maxminor; minor++) {
524 		li.li_minor = minor;
525 		if (ioctl(fd, LOFI_GET_FILENAME, &li) == -1) {
526 			if (errno == ENXIO)
527 				continue;
528 			warn("ioctl");
529 			break;
530 		}
531 		(void) snprintf(path, sizeof (path), "/dev/%s/%d",
532 		    LOFI_BLOCK_NAME, minor);
533 
534 		options[0] = '\0';
535 
536 		/*
537 		 * Encrypted lofi and compressed lofi are mutually exclusive.
538 		 */
539 		if (li.li_crypto_enabled)
540 			(void) snprintf(options, sizeof (options),
541 			    gettext("Encrypted"));
542 		else if (li.li_algorithm[0] != '\0')
543 			(void) snprintf(options, sizeof (options),
544 			    gettext("Compressed(%s)"), li.li_algorithm);
545 		if (li.li_readonly) {
546 			if (strlen(options) != 0) {
547 				(void) strlcat(options, ",", sizeof (options));
548 				(void) strlcat(options, "Readonly",
549 				    sizeof (options));
550 			} else {
551 				(void) snprintf(options, sizeof (options),
552 				    gettext("Readonly"));
553 			}
554 		}
555 		if (strlen(options) == 0)
556 			(void) snprintf(options, sizeof (options), "-");
557 
558 		(void) printf(FORMAT, path, li.li_filename, options);
559 	}
560 }
561 
562 /*
563  * Verify the cipher selected by user.
564  */
565 static mech_alias_t *
566 ciph2mech(const char *alias)
567 {
568 	int	i;
569 
570 	for (i = 0; i < mech_aliases_count; i++) {
571 		if (strcasecmp(alias, mech_aliases[i].alias) == 0)
572 			return (&mech_aliases[i]);
573 	}
574 	return (NULL);
575 }
576 
577 /*
578  * Verify user selected cipher is also available in kernel.
579  *
580  * While traversing kernel list of mechs, if the cipher is supported in the
581  * kernel for both encryption and decryption, it also picks up the min/max
582  * key size.
583  */
584 static boolean_t
585 kernel_cipher_check(mech_alias_t *cipher)
586 {
587 	boolean_t ciph_ok = B_FALSE;
588 	boolean_t iv_ok = B_FALSE;
589 	int	i;
590 	int	count;
591 	crypto_get_mechanism_list_t *kciphers = NULL;
592 	crypto_get_all_mechanism_info_t *kinfo = NULL;
593 	int	fd = -1;
594 	size_t	keymin;
595 	size_t	keymax;
596 
597 	/* if cipher doesn't need iv generating mech, bypass that check now */
598 	if (cipher->iv_name == NULL)
599 		iv_ok = B_TRUE;
600 
601 	/* allocate some space for the list of kernel ciphers */
602 	count = DEFAULT_CIPHER_NUM;
603 	kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
604 	    sizeof (crypto_mech_name_t) * (count - 1));
605 	if (kciphers == NULL)
606 		die(gettext("failed to allocate memory for list of "
607 		    "kernel mechanisms"));
608 	kciphers->ml_count = count;
609 
610 	/* query crypto device to get list of kernel ciphers */
611 	if ((fd = open("/dev/crypto", O_RDWR)) == -1) {
612 		warn(gettext("failed to open %s"), "/dev/crypto");
613 		goto kcc_out;
614 	}
615 
616 	if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
617 		warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
618 		goto kcc_out;
619 	}
620 
621 	if (kciphers->ml_return_value == CRYPTO_BUFFER_TOO_SMALL) {
622 		count = kciphers->ml_count;
623 		free(kciphers);
624 		kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
625 		    sizeof (crypto_mech_name_t) * (count - 1));
626 		if (kciphers == NULL) {
627 			warn(gettext("failed to allocate memory for list of "
628 			    "kernel mechanisms"));
629 			goto kcc_out;
630 		}
631 		kciphers->ml_count = count;
632 
633 		if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
634 			warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
635 			goto kcc_out;
636 		}
637 	}
638 
639 	if (kciphers->ml_return_value != CRYPTO_SUCCESS) {
640 		warn(gettext(
641 		    "CRYPTO_GET_MECHANISM_LIST ioctl return value = %d\n"),
642 		    kciphers->ml_return_value);
643 		goto kcc_out;
644 	}
645 
646 	/*
647 	 * scan list of kernel ciphers looking for the selected one and if
648 	 * it needs an iv generated using another cipher, also look for that
649 	 * additional cipher to be used for generating the iv
650 	 */
651 	count = kciphers->ml_count;
652 	for (i = 0; i < count && !(ciph_ok && iv_ok); i++) {
653 		if (!ciph_ok &&
654 		    strcasecmp(cipher->name, kciphers->ml_list[i]) == 0)
655 			ciph_ok = B_TRUE;
656 		if (!iv_ok &&
657 		    strcasecmp(cipher->iv_name, kciphers->ml_list[i]) == 0)
658 			iv_ok = B_TRUE;
659 	}
660 	free(kciphers);
661 	kciphers = NULL;
662 
663 	if (!ciph_ok)
664 		warn(gettext("%s mechanism not supported in kernel\n"),
665 		    cipher->name);
666 	if (!iv_ok)
667 		warn(gettext("%s mechanism not supported in kernel\n"),
668 		    cipher->iv_name);
669 
670 	if (ciph_ok) {
671 		/* Get the details about the user selected cipher */
672 		count = DEFAULT_MECHINFO_NUM;
673 		kinfo = malloc(sizeof (crypto_get_all_mechanism_info_t) +
674 		    sizeof (crypto_mechanism_info_t) * (count - 1));
675 		if (kinfo == NULL) {
676 			warn(gettext("failed to allocate memory for "
677 			    "kernel mechanism info"));
678 			goto kcc_out;
679 		}
680 		kinfo->mi_count = count;
681 		(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
682 		    CRYPTO_MAX_MECH_NAME);
683 
684 		if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) == -1) {
685 			warn(gettext(
686 			    "CRYPTO_GET_ALL_MECHANISM_INFO ioctl failed"));
687 			goto kcc_out;
688 		}
689 
690 		if (kinfo->mi_return_value == CRYPTO_BUFFER_TOO_SMALL) {
691 			count = kinfo->mi_count;
692 			free(kinfo);
693 			kinfo = malloc(
694 			    sizeof (crypto_get_all_mechanism_info_t) +
695 			    sizeof (crypto_mechanism_info_t) * (count - 1));
696 			if (kinfo == NULL) {
697 				warn(gettext("failed to allocate memory for "
698 				    "kernel mechanism info"));
699 				goto kcc_out;
700 			}
701 			kinfo->mi_count = count;
702 			(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
703 			    CRYPTO_MAX_MECH_NAME);
704 
705 			if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) ==
706 			    -1) {
707 				warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO "
708 				    "ioctl failed"));
709 				goto kcc_out;
710 			}
711 		}
712 
713 		if (kinfo->mi_return_value != CRYPTO_SUCCESS) {
714 			warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO ioctl "
715 			    "return value = %d\n"), kinfo->mi_return_value);
716 			goto kcc_out;
717 		}
718 
719 		/* Set key min and max size */
720 		count = kinfo->mi_count;
721 		i = 0;
722 		if (i < count) {
723 			keymin = kinfo->mi_list[i].mi_min_key_size;
724 			keymax = kinfo->mi_list[i].mi_max_key_size;
725 			if (kinfo->mi_list[i].mi_keysize_unit &
726 			    CRYPTO_KEYSIZE_UNIT_IN_BITS) {
727 				keymin = CRYPTO_BITS2BYTES(keymin);
728 				keymax = CRYPTO_BITS2BYTES(keymax);
729 
730 			}
731 			cipher->min_keysize = keymin;
732 			cipher->max_keysize = keymax;
733 		}
734 		free(kinfo);
735 		kinfo = NULL;
736 
737 		if (i == count) {
738 			(void) close(fd);
739 			die(gettext(
740 			    "failed to find usable %s kernel mechanism, "
741 			    "use \"cryptoadm list -m\" to find available "
742 			    "mechanisms\n"),
743 			    cipher->name);
744 		}
745 	}
746 
747 	/* Note: key min/max, unit size, usage for iv cipher are not checked. */
748 
749 	return (ciph_ok && iv_ok);
750 
751 kcc_out:
752 	if (kinfo != NULL)
753 		free(kinfo);
754 	if (kciphers != NULL)
755 		free(kciphers);
756 	if (fd != -1)
757 		(void) close(fd);
758 	return (B_FALSE);
759 }
760 
761 /*
762  * Break up token spec into its components (non-destructive)
763  */
764 static token_spec_t *
765 parsetoken(char *spec)
766 {
767 #define	FLD_NAME	0
768 #define	FLD_MANUF	1
769 #define	FLD_SERIAL	2
770 #define	FLD_LABEL	3
771 #define	NFIELDS		4
772 #define	nullfield(i)	((field[(i)+1] - field[(i)]) <= 1)
773 #define	copyfield(fld, i)	\
774 		{							\
775 			int	n;					\
776 			(fld) = NULL;					\
777 			if ((n = (field[(i)+1] - field[(i)])) > 1) {	\
778 				if (((fld) = malloc(n)) != NULL) {	\
779 					(void) strncpy((fld), field[(i)], n); \
780 					((fld))[n - 1] = '\0';		\
781 				}					\
782 			}						\
783 		}
784 
785 	int	i;
786 	char	*field[NFIELDS + 1];	/* +1 to catch extra delimiters */
787 	token_spec_t *ti = NULL;
788 
789 	if (spec == NULL)
790 		return (NULL);
791 
792 	/*
793 	 * Correct format is "[name]:[manuf]:[serial]:key". Can't use
794 	 * strtok because it treats ":::key" and "key:::" and "key" all
795 	 * as the same thing, and we can't have the :s compressed away.
796 	 */
797 	field[0] = spec;
798 	for (i = 1; i < NFIELDS + 1; i++) {
799 		field[i] = strchr(field[i-1], ':');
800 		if (field[i] == NULL)
801 			break;
802 		field[i]++;
803 	}
804 	if (i < NFIELDS)		/* not enough fields */
805 		return (NULL);
806 	if (field[NFIELDS] != NULL)	/* too many fields */
807 		return (NULL);
808 	field[NFIELDS] = strchr(field[NFIELDS-1], '\0') + 1;
809 
810 	/* key label can't be empty */
811 	if (nullfield(FLD_LABEL))
812 		return (NULL);
813 
814 	ti = malloc(sizeof (token_spec_t));
815 	if (ti == NULL)
816 		return (NULL);
817 
818 	copyfield(ti->name, FLD_NAME);
819 	copyfield(ti->mfr, FLD_MANUF);
820 	copyfield(ti->serno, FLD_SERIAL);
821 	copyfield(ti->key, FLD_LABEL);
822 
823 	/*
824 	 * If token specified and it only contains a key label, then
825 	 * search all tokens for the key, otherwise only those with
826 	 * matching name, mfr, and serno are used.
827 	 */
828 	/*
829 	 * That's how we'd like it to be, however, if only the key label
830 	 * is specified, default to using softtoken.  It's easier.
831 	 */
832 	if (ti->name == NULL && ti->mfr == NULL && ti->serno == NULL)
833 		ti->name = strdup(pkcs11_default_token());
834 	return (ti);
835 }
836 
837 /*
838  * PBE the passphrase into a raw key
839  */
840 static void
841 getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz,
842     boolean_t with_confirmation)
843 {
844 	CK_SESSION_HANDLE sess;
845 	CK_RV	rv;
846 	char	*pass = NULL;
847 	size_t	passlen = 0;
848 	void	*salt = NULL;	/* don't use NULL, see note on salt below */
849 	size_t	saltlen = 0;
850 	CK_KEY_TYPE ktype;
851 	void	*kvalue;
852 	size_t	klen;
853 
854 	/* did init_crypto find a slot that supports this cipher? */
855 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
856 		rv = CKR_MECHANISM_INVALID;
857 		goto cleanup;
858 	}
859 
860 	rv = pkcs11_mech2keytype(cipher->type, &ktype);
861 	if (rv != CKR_OK)
862 		goto cleanup;
863 
864 	/*
865 	 * use the passphrase to generate a PBE PKCS#5 secret key and
866 	 * retrieve the raw key data to eventually pass it to the kernel;
867 	 */
868 	rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
869 	if (rv != CKR_OK)
870 		goto cleanup;
871 
872 	/* get user passphrase with 8 byte minimum */
873 	if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN,
874 	    with_confirmation) < 0) {
875 		die(gettext("passphrases do not match\n"));
876 	}
877 
878 	/*
879 	 * salt should not be NULL, or else pkcs11_PasswdToKey() will
880 	 * complain about CKR_MECHANISM_PARAM_INVALID; the following is
881 	 * to make up for not having a salt until a proper one is used
882 	 */
883 	salt = pass;
884 	saltlen = passlen;
885 
886 	klen = cipher->max_keysize;
887 	rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
888 	    cipher->max_keysize, &kvalue, &klen);
889 
890 	(void) C_CloseSession(sess);
891 
892 	if (rv != CKR_OK) {
893 		goto cleanup;
894 	}
895 
896 	/* assert(klen == cipher->max_keysize); */
897 	*raw_key_sz = klen;
898 	*raw_key = (char *)kvalue;
899 	return;
900 
901 cleanup:
902 	die(gettext("failed to generate %s key from passphrase: %s"),
903 	    cipher->alias, pkcs11_strerror(rv));
904 }
905 
906 /*
907  * Read raw key from file; also handles ephemeral keys.
908  */
909 void
910 getkeyfromfile(const char *pathname, mech_alias_t *cipher, char **key,
911     size_t *ksz)
912 {
913 	int	fd;
914 	struct stat sbuf;
915 	boolean_t notplain = B_FALSE;
916 	ssize_t	cursz;
917 	ssize_t	nread;
918 
919 	/* ephemeral keys are just random data */
920 	if (pathname == NULL) {
921 		*ksz = cipher->max_keysize;
922 		*key = malloc(*ksz);
923 		if (*key == NULL)
924 			die(gettext("failed to allocate memory for"
925 			    " ephemeral key"));
926 		if (pkcs11_get_urandom(*key, *ksz) < 0) {
927 			free(*key);
928 			die(gettext("failed to get enough random data"));
929 		}
930 		return;
931 	}
932 
933 	/*
934 	 * If the remaining section of code didn't also check for secure keyfile
935 	 * permissions and whether the key is within cipher min and max lengths,
936 	 * (or, if those things moved out of this block), we could have had:
937 	 *	if (pkcs11_read_data(pathname, key, ksz) < 0)
938 	 *		handle_error();
939 	 */
940 
941 	if ((fd = open(pathname, O_RDONLY, 0)) == -1)
942 		die(gettext("open of keyfile (%s) failed"), pathname);
943 
944 	if (fstat(fd, &sbuf) == -1)
945 		die(gettext("fstat of keyfile (%s) failed"), pathname);
946 
947 	if (S_ISREG(sbuf.st_mode)) {
948 		if ((sbuf.st_mode & (S_IWGRP | S_IWOTH)) != 0)
949 			die(gettext("insecure permissions on keyfile %s\n"),
950 			    pathname);
951 
952 		*ksz = sbuf.st_size;
953 		if (*ksz < cipher->min_keysize || cipher->max_keysize < *ksz) {
954 			warn(gettext("%s: invalid keysize: %d\n"),
955 			    pathname, (int)*ksz);
956 			die(gettext("\t%d <= keysize <= %d\n"),
957 			    cipher->min_keysize, cipher->max_keysize);
958 		}
959 	} else {
960 		*ksz = cipher->max_keysize;
961 		notplain = B_TRUE;
962 	}
963 
964 	*key = malloc(*ksz);
965 	if (*key == NULL)
966 		die(gettext("failed to allocate memory for key from file"));
967 
968 	for (cursz = 0, nread = 0; cursz < *ksz; cursz += nread) {
969 		nread = read(fd, *key, *ksz);
970 		if (nread > 0)
971 			continue;
972 		/*
973 		 * nread == 0.  If it's not a regular file we were trying to
974 		 * get the maximum keysize of data possible for this cipher.
975 		 * But if we've got at least the minimum keysize of data,
976 		 * round down to the nearest keysize unit and call it good.
977 		 * If we haven't met the minimum keysize, that's an error.
978 		 * If it's a regular file, nread = 0 is also an error.
979 		 */
980 		if (nread == 0 && notplain && cursz >= cipher->min_keysize) {
981 			*ksz = (cursz / cipher->min_keysize) *
982 			    cipher->min_keysize;
983 			break;
984 		}
985 		die(gettext("%s: can't read all keybytes"), pathname);
986 	}
987 	(void) close(fd);
988 }
989 
990 /*
991  * Read the raw key from token, or from a file that was wrapped with a
992  * key from token
993  */
994 void
995 getkeyfromtoken(CK_SESSION_HANDLE sess,
996     token_spec_t *token, const char *keyfile, mech_alias_t *cipher,
997     char **raw_key, size_t *raw_key_sz)
998 {
999 	CK_RV	rv = CKR_OK;
1000 	CK_BBOOL trueval = B_TRUE;
1001 	CK_OBJECT_CLASS kclass;		/* secret key or RSA private key */
1002 	CK_KEY_TYPE ktype;		/* from selected cipher or CKK_RSA */
1003 	CK_KEY_TYPE raw_ktype;		/* from selected cipher */
1004 	CK_ATTRIBUTE	key_tmpl[] = {
1005 		{ CKA_CLASS, NULL, 0 },	/* re-used for token key and unwrap */
1006 		{ CKA_KEY_TYPE, NULL, 0 },	/* ditto */
1007 		{ CKA_LABEL, NULL, 0 },
1008 		{ CKA_TOKEN, NULL, 0 },
1009 		{ CKA_PRIVATE, NULL, 0 }
1010 	    };
1011 	CK_ULONG attrs = sizeof (key_tmpl) / sizeof (CK_ATTRIBUTE);
1012 	int	i;
1013 	char	*pass = NULL;
1014 	size_t	passlen = 0;
1015 	CK_OBJECT_HANDLE obj, rawobj;
1016 	CK_ULONG num_objs = 1;		/* just want to find 1 token key */
1017 	CK_MECHANISM unwrap = { CKM_RSA_PKCS, NULL, 0 };
1018 	char	*rkey;
1019 	size_t	rksz;
1020 
1021 	if (token == NULL || token->key == NULL)
1022 		return;
1023 
1024 	/* did init_crypto find a slot that supports this cipher? */
1025 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
1026 		die(gettext("failed to find any cryptographic provider, "
1027 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1028 		    pkcs11_strerror(CKR_MECHANISM_INVALID));
1029 	}
1030 
1031 	if (pkcs11_get_pass(token->name, &pass, &passlen, 0, B_FALSE) < 0)
1032 		die(gettext("unable to get passphrase"));
1033 
1034 	/* use passphrase to login to token */
1035 	if (pass != NULL && passlen > 0) {
1036 		rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)pass, passlen);
1037 		if (rv != CKR_OK) {
1038 			die(gettext("cannot login to the token %s: %s\n"),
1039 			    token->name, pkcs11_strerror(rv));
1040 		}
1041 	}
1042 
1043 	rv = pkcs11_mech2keytype(cipher->type, &raw_ktype);
1044 	if (rv != CKR_OK) {
1045 		die(gettext("failed to get key type for cipher %s: %s\n"),
1046 		    cipher->name, pkcs11_strerror(rv));
1047 	}
1048 
1049 	/*
1050 	 * If no keyfile was given, then the token key is secret key to
1051 	 * be used for encryption/decryption.  Otherwise, the keyfile
1052 	 * contains a wrapped secret key, and the token is actually the
1053 	 * unwrapping RSA private key.
1054 	 */
1055 	if (keyfile == NULL) {
1056 		kclass = CKO_SECRET_KEY;
1057 		ktype = raw_ktype;
1058 	} else {
1059 		kclass = CKO_PRIVATE_KEY;
1060 		ktype = CKK_RSA;
1061 	}
1062 
1063 	/* Find the key in the token first */
1064 	for (i = 0; i < attrs; i++) {
1065 		switch (key_tmpl[i].type) {
1066 		case CKA_CLASS:
1067 			key_tmpl[i].pValue = &kclass;
1068 			key_tmpl[i].ulValueLen = sizeof (kclass);
1069 			break;
1070 		case CKA_KEY_TYPE:
1071 			key_tmpl[i].pValue = &ktype;
1072 			key_tmpl[i].ulValueLen = sizeof (ktype);
1073 			break;
1074 		case CKA_LABEL:
1075 			key_tmpl[i].pValue = token->key;
1076 			key_tmpl[i].ulValueLen = strlen(token->key);
1077 			break;
1078 		case CKA_TOKEN:
1079 			key_tmpl[i].pValue = &trueval;
1080 			key_tmpl[i].ulValueLen = sizeof (trueval);
1081 			break;
1082 		case CKA_PRIVATE:
1083 			key_tmpl[i].pValue = &trueval;
1084 			key_tmpl[i].ulValueLen = sizeof (trueval);
1085 			break;
1086 		default:
1087 			break;
1088 		}
1089 	}
1090 	rv = C_FindObjectsInit(sess, key_tmpl, attrs);
1091 	if (rv != CKR_OK)
1092 		die(gettext("cannot find key %s: %s\n"), token->key,
1093 		    pkcs11_strerror(rv));
1094 	rv = C_FindObjects(sess, &obj, 1, &num_objs);
1095 	(void) C_FindObjectsFinal(sess);
1096 
1097 	if (num_objs == 0) {
1098 		die(gettext("cannot find key %s\n"), token->key);
1099 	} else if (rv != CKR_OK) {
1100 		die(gettext("cannot find key %s: %s\n"), token->key,
1101 		    pkcs11_strerror(rv));
1102 	}
1103 
1104 	/*
1105 	 * No keyfile means when token key is found, convert it to raw key,
1106 	 * and done.  Otherwise still need do an unwrap to create yet another
1107 	 * obj and that needs to be converted to raw key before we're done.
1108 	 */
1109 	if (keyfile == NULL) {
1110 		/* obj contains raw key, extract it */
1111 		rv = pkcs11_ObjectToKey(sess, obj, (void **)&rkey, &rksz,
1112 		    B_FALSE);
1113 		if (rv != CKR_OK) {
1114 			die(gettext("failed to get key value for %s"
1115 			    " from token %s, %s\n"), token->key,
1116 			    token->name, pkcs11_strerror(rv));
1117 		}
1118 	} else {
1119 		getkeyfromfile(keyfile, cipher, &rkey, &rksz);
1120 
1121 		/*
1122 		 * Got the wrapping RSA obj and the wrapped key from file.
1123 		 * Unwrap the key from file with RSA obj to get rawkey obj.
1124 		 */
1125 
1126 		/* re-use the first two attributes of key_tmpl */
1127 		kclass = CKO_SECRET_KEY;
1128 		ktype = raw_ktype;
1129 
1130 		rv = C_UnwrapKey(sess, &unwrap, obj, (CK_BYTE_PTR)rkey,
1131 		    rksz, key_tmpl, 2, &rawobj);
1132 		if (rv != CKR_OK) {
1133 			die(gettext("failed to unwrap key in keyfile %s,"
1134 			    " %s\n"), keyfile, pkcs11_strerror(rv));
1135 		}
1136 		/* rawobj contains raw key, extract it */
1137 		rv = pkcs11_ObjectToKey(sess, rawobj, (void **)&rkey, &rksz,
1138 		    B_TRUE);
1139 		if (rv != CKR_OK) {
1140 			die(gettext("failed to get unwrapped key value for"
1141 			    " key in keyfile %s, %s\n"), keyfile,
1142 			    pkcs11_strerror(rv));
1143 		}
1144 	}
1145 
1146 	/* validate raw key size */
1147 	if (rksz < cipher->min_keysize || cipher->max_keysize < rksz) {
1148 		warn(gettext("%s: invalid keysize: %d\n"), keyfile, (int)rksz);
1149 		die(gettext("\t%d <= keysize <= %d\n"), cipher->min_keysize,
1150 		    cipher->max_keysize);
1151 	}
1152 
1153 	*raw_key_sz = rksz;
1154 	*raw_key = (char *)rkey;
1155 }
1156 
1157 /*
1158  * Set up cipher key limits and verify PKCS#11 can be done
1159  * match_token_cipher is the function pointer used by
1160  * pkcs11_GetCriteriaSession() init_crypto.
1161  */
1162 boolean_t
1163 match_token_cipher(CK_SLOT_ID slot_id, void *args, CK_RV *rv)
1164 {
1165 	token_spec_t *token;
1166 	mech_alias_t *cipher;
1167 	CK_TOKEN_INFO tokinfo;
1168 	CK_MECHANISM_INFO mechinfo;
1169 	boolean_t token_match;
1170 
1171 	/*
1172 	 * While traversing slot list, pick up the following info per slot:
1173 	 * - if token specified, whether it matches this slot's token info
1174 	 * - if the slot supports the PKCS#5 PBKD2 cipher
1175 	 *
1176 	 * If the user said on the command line
1177 	 *	-T tok:mfr:ser:lab -k keyfile
1178 	 *	-c cipher -T tok:mfr:ser:lab -k keyfile
1179 	 * the given cipher or the default cipher apply to keyfile,
1180 	 * If the user said instead
1181 	 *	-T tok:mfr:ser:lab
1182 	 *	-c cipher -T tok:mfr:ser:lab
1183 	 * the key named "lab" may or may not agree with the given
1184 	 * cipher or the default cipher.  In those cases, cipher will
1185 	 * be overridden with the actual cipher type of the key "lab".
1186 	 */
1187 	*rv = CKR_FUNCTION_FAILED;
1188 
1189 	if (args == NULL) {
1190 		return (B_FALSE);
1191 	}
1192 
1193 	cipher = (mech_alias_t *)args;
1194 	token = cipher->token;
1195 
1196 	if (C_GetMechanismInfo(slot_id, cipher->type, &mechinfo) != CKR_OK) {
1197 		return (B_FALSE);
1198 	}
1199 
1200 	if (token == NULL) {
1201 		if (C_GetMechanismInfo(slot_id, CKM_PKCS5_PBKD2, &mechinfo) !=
1202 		    CKR_OK) {
1203 			return (B_FALSE);
1204 		}
1205 		goto foundit;
1206 	}
1207 
1208 	/* does the token match the token spec? */
1209 	if (token->key == NULL || (C_GetTokenInfo(slot_id, &tokinfo) != CKR_OK))
1210 		return (B_FALSE);
1211 
1212 	token_match = B_TRUE;
1213 
1214 	if (token->name != NULL && (token->name)[0] != '\0' &&
1215 	    strncmp((char *)token->name, (char *)tokinfo.label,
1216 	    TOKEN_LABEL_SIZE) != 0)
1217 		token_match = B_FALSE;
1218 	if (token->mfr != NULL && (token->mfr)[0] != '\0' &&
1219 	    strncmp((char *)token->mfr, (char *)tokinfo.manufacturerID,
1220 	    TOKEN_MANUFACTURER_SIZE) != 0)
1221 		token_match = B_FALSE;
1222 	if (token->serno != NULL && (token->serno)[0] != '\0' &&
1223 	    strncmp((char *)token->serno, (char *)tokinfo.serialNumber,
1224 	    TOKEN_SERIAL_SIZE) != 0)
1225 		token_match = B_FALSE;
1226 
1227 	if (!token_match)
1228 		return (B_FALSE);
1229 
1230 foundit:
1231 	cipher->slot = slot_id;
1232 	return (B_TRUE);
1233 }
1234 
1235 /*
1236  * Clean up crypto loose ends
1237  */
1238 static void
1239 end_crypto(CK_SESSION_HANDLE sess)
1240 {
1241 	(void) C_CloseSession(sess);
1242 	(void) C_Finalize(NULL);
1243 }
1244 
1245 /*
1246  * Set up crypto, opening session on slot that matches token and cipher
1247  */
1248 static void
1249 init_crypto(token_spec_t *token, mech_alias_t *cipher,
1250     CK_SESSION_HANDLE_PTR sess)
1251 {
1252 	CK_RV	rv;
1253 
1254 	cipher->token = token;
1255 
1256 	/* Turn off Metaslot so that we can see actual tokens */
1257 	if (setenv("METASLOT_ENABLED", "false", 1) < 0) {
1258 		die(gettext("could not disable Metaslot"));
1259 	}
1260 
1261 	rv = pkcs11_GetCriteriaSession(match_token_cipher, (void *)cipher,
1262 	    sess);
1263 	if (rv != CKR_OK) {
1264 		end_crypto(*sess);
1265 		if (rv == CKR_HOST_MEMORY) {
1266 			die("malloc");
1267 		}
1268 		die(gettext("failed to find any cryptographic provider, "
1269 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1270 		    pkcs11_strerror(rv));
1271 	}
1272 }
1273 
1274 /*
1275  * Uncompress a file.
1276  *
1277  * First map the file in to establish a device
1278  * association, then read from it. On-the-fly
1279  * decompression will automatically uncompress
1280  * the file if it's compressed
1281  *
1282  * If the file is mapped and a device association
1283  * has been established, disallow uncompressing
1284  * the file until it is unmapped.
1285  */
1286 static void
1287 lofi_uncompress(int lfd, const char *filename)
1288 {
1289 	struct lofi_ioctl li;
1290 	char buf[MAXBSIZE];
1291 	char devicename[32];
1292 	char tmpfilename[MAXPATHLEN];
1293 	char *x;
1294 	char *dir = NULL;
1295 	char *file = NULL;
1296 	int minor = 0;
1297 	struct stat64 statbuf;
1298 	int compfd = -1;
1299 	int uncompfd = -1;
1300 	ssize_t rbytes;
1301 
1302 	/*
1303 	 * Disallow uncompressing the file if it is
1304 	 * already mapped.
1305 	 */
1306 	li.li_crypto_enabled = B_FALSE;
1307 	li.li_minor = 0;
1308 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
1309 	if (ioctl(lfd, LOFI_GET_MINOR, &li) != -1)
1310 		die(gettext("%s must be unmapped before uncompressing"),
1311 		    filename);
1312 
1313 	/* Zero length files don't need to be uncompressed */
1314 	if (stat64(filename, &statbuf) == -1)
1315 		die(gettext("stat: %s"), filename);
1316 	if (statbuf.st_size == 0)
1317 		return;
1318 
1319 	minor = lofi_map_file(lfd, li, filename);
1320 	(void) snprintf(devicename, sizeof (devicename), "/dev/%s/%d",
1321 	    LOFI_BLOCK_NAME, minor);
1322 
1323 	/* If the file isn't compressed, we just return */
1324 	if ((ioctl(lfd, LOFI_CHECK_COMPRESSED, &li) == -1) ||
1325 	    (li.li_algorithm[0] == '\0')) {
1326 		delete_mapping(lfd, devicename, filename, B_TRUE);
1327 		die("%s is not compressed\n", filename);
1328 	}
1329 
1330 	if ((compfd = open64(devicename, O_RDONLY | O_NONBLOCK)) == -1) {
1331 		delete_mapping(lfd, devicename, filename, B_TRUE);
1332 		die(gettext("open: %s"), filename);
1333 	}
1334 	/* Create a temp file in the same directory */
1335 	x = strdup(filename);
1336 	dir = strdup(dirname(x));
1337 	free(x);
1338 	x = strdup(filename);
1339 	file = strdup(basename(x));
1340 	free(x);
1341 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1342 	    "%s/.%sXXXXXX", dir, file);
1343 	free(dir);
1344 	free(file);
1345 
1346 	if ((uncompfd = mkstemp64(tmpfilename)) == -1) {
1347 		(void) close(compfd);
1348 		delete_mapping(lfd, devicename, filename, B_TRUE);
1349 		die("%s could not be uncompressed\n", filename);
1350 	}
1351 
1352 	/*
1353 	 * Set the mode bits and the owner of this temporary
1354 	 * file to be that of the original uncompressed file
1355 	 */
1356 	(void) fchmod(uncompfd, statbuf.st_mode);
1357 
1358 	if (fchown(uncompfd, statbuf.st_uid, statbuf.st_gid) == -1) {
1359 		(void) close(compfd);
1360 		(void) close(uncompfd);
1361 		delete_mapping(lfd, devicename, filename, B_TRUE);
1362 		die("%s could not be uncompressed\n", filename);
1363 	}
1364 
1365 	/* Now read from the device in MAXBSIZE-sized chunks */
1366 	for (;;) {
1367 		rbytes = read(compfd, buf, sizeof (buf));
1368 
1369 		if (rbytes <= 0)
1370 			break;
1371 
1372 		if (write(uncompfd, buf, rbytes) != rbytes) {
1373 			rbytes = -1;
1374 			break;
1375 		}
1376 	}
1377 
1378 	(void) close(compfd);
1379 	(void) close(uncompfd);
1380 
1381 	/* Delete the mapping */
1382 	delete_mapping(lfd, devicename, filename, B_TRUE);
1383 
1384 	/*
1385 	 * If an error occured while reading or writing, rbytes will
1386 	 * be negative
1387 	 */
1388 	if (rbytes < 0) {
1389 		(void) unlink(tmpfilename);
1390 		die(gettext("could not read from %s"), filename);
1391 	}
1392 
1393 	/* Rename the temp file to the actual file */
1394 	if (rename(tmpfilename, filename) == -1)
1395 		(void) unlink(tmpfilename);
1396 }
1397 
1398 /*
1399  * Compress a file
1400  */
1401 static void
1402 lofi_compress(int *lfd, const char *filename, int compress_index,
1403     uint32_t segsize)
1404 {
1405 	struct lofi_ioctl lic;
1406 	lofi_compress_info_t *li;
1407 	struct flock lock;
1408 	char tmpfilename[MAXPATHLEN];
1409 	char comp_filename[MAXPATHLEN];
1410 	char algorithm[MAXALGLEN];
1411 	char *x;
1412 	char *dir = NULL, *file = NULL;
1413 	uchar_t *uncompressed_seg = NULL;
1414 	uchar_t *compressed_seg = NULL;
1415 	uint32_t compressed_segsize;
1416 	uint32_t len_compressed, count;
1417 	uint32_t index_entries, index_sz;
1418 	uint64_t *index = NULL;
1419 	uint64_t offset;
1420 	size_t real_segsize;
1421 	struct stat64 statbuf;
1422 	int compfd = -1, uncompfd = -1;
1423 	int tfd = -1;
1424 	ssize_t rbytes, wbytes, lastread;
1425 	int i, type;
1426 
1427 	/*
1428 	 * Disallow compressing the file if it is
1429 	 * already mapped
1430 	 */
1431 	lic.li_minor = 0;
1432 	(void) strlcpy(lic.li_filename, filename, sizeof (lic.li_filename));
1433 	if (ioctl(*lfd, LOFI_GET_MINOR, &lic) != -1)
1434 		die(gettext("%s must be unmapped before compressing"),
1435 		    filename);
1436 
1437 	/*
1438 	 * Close the control device so other operations
1439 	 * can use it
1440 	 */
1441 	(void) close(*lfd);
1442 	*lfd = -1;
1443 
1444 	li = &lofi_compress_table[compress_index];
1445 
1446 	/*
1447 	 * The size of the buffer to hold compressed data must
1448 	 * be slightly larger than the compressed segment size.
1449 	 *
1450 	 * The compress functions use part of the buffer as
1451 	 * scratch space to do calculations.
1452 	 * Ref: http://www.zlib.net/manual.html#compress2
1453 	 */
1454 	compressed_segsize = segsize + (segsize >> 6);
1455 	compressed_seg = (uchar_t *)malloc(compressed_segsize + SEGHDR);
1456 	uncompressed_seg = (uchar_t *)malloc(segsize);
1457 
1458 	if (compressed_seg == NULL || uncompressed_seg == NULL)
1459 		die(gettext("No memory"));
1460 
1461 	if ((uncompfd = open64(filename, O_RDWR|O_LARGEFILE, 0)) == -1)
1462 		die(gettext("open: %s"), filename);
1463 
1464 	lock.l_type = F_WRLCK;
1465 	lock.l_whence = SEEK_SET;
1466 	lock.l_start = 0;
1467 	lock.l_len = 0;
1468 
1469 	/*
1470 	 * Use an advisory lock to ensure that only a
1471 	 * single lofiadm process compresses a given
1472 	 * file at any given time
1473 	 *
1474 	 * A close on the file descriptor automatically
1475 	 * closes all lock state on the file
1476 	 */
1477 	if (fcntl(uncompfd, F_SETLKW, &lock) == -1)
1478 		die(gettext("fcntl: %s"), filename);
1479 
1480 	if (fstat64(uncompfd, &statbuf) == -1) {
1481 		(void) close(uncompfd);
1482 		die(gettext("fstat: %s"), filename);
1483 	}
1484 
1485 	/* Zero length files don't need to be compressed */
1486 	if (statbuf.st_size == 0) {
1487 		(void) close(uncompfd);
1488 		return;
1489 	}
1490 
1491 	/*
1492 	 * Create temporary files in the same directory that
1493 	 * will hold the intermediate data
1494 	 */
1495 	x = strdup(filename);
1496 	dir = strdup(dirname(x));
1497 	free(x);
1498 	x = strdup(filename);
1499 	file = strdup(basename(x));
1500 	free(x);
1501 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1502 	    "%s/.%sXXXXXX", dir, file);
1503 	(void) snprintf(comp_filename, sizeof (comp_filename),
1504 	    "%s/.%sXXXXXX", dir, file);
1505 	free(dir);
1506 	free(file);
1507 
1508 	if ((tfd = mkstemp64(tmpfilename)) == -1)
1509 		goto cleanup;
1510 
1511 	if ((compfd = mkstemp64(comp_filename)) == -1)
1512 		goto cleanup;
1513 
1514 	/*
1515 	 * Set the mode bits and owner of the compressed
1516 	 * file to be that of the original uncompressed file
1517 	 */
1518 	(void) fchmod(compfd, statbuf.st_mode);
1519 
1520 	if (fchown(compfd, statbuf.st_uid, statbuf.st_gid) == -1)
1521 		goto cleanup;
1522 
1523 	/*
1524 	 * Calculate the number of index entries required.
1525 	 * index entries are stored as an array. adding
1526 	 * a '2' here accounts for the fact that the last
1527 	 * segment may not be a multiple of the segment size
1528 	 */
1529 	index_sz = (statbuf.st_size / segsize) + 2;
1530 	index = malloc(sizeof (*index) * index_sz);
1531 
1532 	if (index == NULL)
1533 		goto cleanup;
1534 
1535 	offset = 0;
1536 	lastread = segsize;
1537 	count = 0;
1538 
1539 	/*
1540 	 * Now read from the uncompressed file in 'segsize'
1541 	 * sized chunks, compress what was read in and
1542 	 * write it out to a temporary file
1543 	 */
1544 	for (;;) {
1545 		rbytes = read(uncompfd, uncompressed_seg, segsize);
1546 
1547 		if (rbytes <= 0)
1548 			break;
1549 
1550 		if (lastread < segsize)
1551 			goto cleanup;
1552 
1553 		/*
1554 		 * Account for the first byte that
1555 		 * indicates whether a segment is
1556 		 * compressed or not
1557 		 */
1558 		real_segsize = segsize - 1;
1559 		(void) li->l_compress(uncompressed_seg, rbytes,
1560 		    compressed_seg + SEGHDR, &real_segsize, li->l_level);
1561 
1562 		/*
1563 		 * If the length of the compressed data is more
1564 		 * than a threshold then there isn't any benefit
1565 		 * to be had from compressing this segment - leave
1566 		 * it uncompressed.
1567 		 *
1568 		 * NB. In case an error occurs during compression (above)
1569 		 * the 'real_segsize' isn't changed. The logic below
1570 		 * ensures that that segment is left uncompressed.
1571 		 */
1572 		len_compressed = real_segsize;
1573 		if (segsize <= COMPRESS_THRESHOLD ||
1574 		    real_segsize > (segsize - COMPRESS_THRESHOLD)) {
1575 			(void) memcpy(compressed_seg + SEGHDR, uncompressed_seg,
1576 			    rbytes);
1577 			type = UNCOMPRESSED;
1578 			len_compressed = rbytes;
1579 		} else {
1580 			type = COMPRESSED;
1581 		}
1582 
1583 		/*
1584 		 * Set the first byte or the SEGHDR to
1585 		 * indicate if it's compressed or not
1586 		 */
1587 		*compressed_seg = type;
1588 		wbytes = write(tfd, compressed_seg, len_compressed + SEGHDR);
1589 		if (wbytes != (len_compressed + SEGHDR)) {
1590 			rbytes = -1;
1591 			break;
1592 		}
1593 
1594 		index[count] = BE_64(offset);
1595 		offset += wbytes;
1596 		lastread = rbytes;
1597 		count++;
1598 	}
1599 
1600 	(void) close(uncompfd);
1601 
1602 	if (rbytes < 0)
1603 		goto cleanup;
1604 	/*
1605 	 * The last index entry is a sentinel entry. It does not point to
1606 	 * an actual compressed segment but helps in computing the size of
1607 	 * the compressed segment. The size of each compressed segment is
1608 	 * computed by subtracting the current index value from the next
1609 	 * one (the compressed blocks are stored sequentially)
1610 	 */
1611 	index[count++] = BE_64(offset);
1612 
1613 	/*
1614 	 * Now write the compressed data along with the
1615 	 * header information to this file which will
1616 	 * later be renamed to the original uncompressed
1617 	 * file name
1618 	 *
1619 	 * The header is as follows -
1620 	 *
1621 	 * Signature (name of the compression algorithm)
1622 	 * Compression segment size (a multiple of 512)
1623 	 * Number of index entries
1624 	 * Size of the last block
1625 	 * The array containing the index entries
1626 	 *
1627 	 * the header is always stored in network byte
1628 	 * order
1629 	 */
1630 	(void) bzero(algorithm, sizeof (algorithm));
1631 	(void) strlcpy(algorithm, li->l_name, sizeof (algorithm));
1632 	if (write(compfd, algorithm, sizeof (algorithm))
1633 	    != sizeof (algorithm))
1634 		goto cleanup;
1635 
1636 	segsize = htonl(segsize);
1637 	if (write(compfd, &segsize, sizeof (segsize)) != sizeof (segsize))
1638 		goto cleanup;
1639 
1640 	index_entries = htonl(count);
1641 	if (write(compfd, &index_entries, sizeof (index_entries)) !=
1642 	    sizeof (index_entries))
1643 		goto cleanup;
1644 
1645 	lastread = htonl(lastread);
1646 	if (write(compfd, &lastread, sizeof (lastread)) != sizeof (lastread))
1647 		goto cleanup;
1648 
1649 	for (i = 0; i < count; i++) {
1650 		if (write(compfd, index + i, sizeof (*index)) !=
1651 		    sizeof (*index))
1652 			goto cleanup;
1653 	}
1654 
1655 	/* Header is written, now write the compressed data */
1656 	if (lseek(tfd, 0, SEEK_SET) != 0)
1657 		goto cleanup;
1658 
1659 	rbytes = wbytes = 0;
1660 
1661 	for (;;) {
1662 		rbytes = read(tfd, compressed_seg, compressed_segsize + SEGHDR);
1663 
1664 		if (rbytes <= 0)
1665 			break;
1666 
1667 		if (write(compfd, compressed_seg, rbytes) != rbytes)
1668 			goto cleanup;
1669 	}
1670 
1671 	if (fstat64(compfd, &statbuf) == -1)
1672 		goto cleanup;
1673 
1674 	/*
1675 	 * Round up the compressed file size to be a multiple of
1676 	 * DEV_BSIZE. lofi(7D) likes it that way.
1677 	 */
1678 	if ((offset = statbuf.st_size % DEV_BSIZE) > 0) {
1679 
1680 		offset = DEV_BSIZE - offset;
1681 
1682 		for (i = 0; i < offset; i++)
1683 			uncompressed_seg[i] = '\0';
1684 		if (write(compfd, uncompressed_seg, offset) != offset)
1685 			goto cleanup;
1686 	}
1687 	(void) close(compfd);
1688 	(void) close(tfd);
1689 	(void) unlink(tmpfilename);
1690 cleanup:
1691 	if (rbytes < 0) {
1692 		if (tfd != -1)
1693 			(void) unlink(tmpfilename);
1694 		if (compfd != -1)
1695 			(void) unlink(comp_filename);
1696 		die(gettext("error compressing file %s"), filename);
1697 	} else {
1698 		/* Rename the compressed file to the actual file */
1699 		if (rename(comp_filename, filename) == -1) {
1700 			(void) unlink(comp_filename);
1701 			die(gettext("error compressing file %s"), filename);
1702 		}
1703 	}
1704 	if (compressed_seg != NULL)
1705 		free(compressed_seg);
1706 	if (uncompressed_seg != NULL)
1707 		free(uncompressed_seg);
1708 	if (index != NULL)
1709 		free(index);
1710 	if (compfd != -1)
1711 		(void) close(compfd);
1712 	if (uncompfd != -1)
1713 		(void) close(uncompfd);
1714 	if (tfd != -1)
1715 		(void) close(tfd);
1716 }
1717 
1718 static int
1719 lofi_compress_select(const char *algname)
1720 {
1721 	int i;
1722 
1723 	for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
1724 		if (strcmp(lofi_compress_table[i].l_name, algname) == 0)
1725 			return (i);
1726 	}
1727 	return (-1);
1728 }
1729 
1730 static void
1731 check_algorithm_validity(const char *algname, int *compress_index)
1732 {
1733 	*compress_index = lofi_compress_select(algname);
1734 	if (*compress_index < 0)
1735 		die(gettext("invalid algorithm name: %s\n"), algname);
1736 }
1737 
1738 static void
1739 check_file_validity(const char *filename)
1740 {
1741 	struct stat64 buf;
1742 	int 	error;
1743 	int	fd;
1744 
1745 	fd = open64(filename, O_RDONLY);
1746 	if (fd == -1) {
1747 		die(gettext("open: %s"), filename);
1748 	}
1749 	error = fstat64(fd, &buf);
1750 	if (error == -1) {
1751 		die(gettext("fstat: %s"), filename);
1752 	} else if (!S_ISLOFIABLE(buf.st_mode)) {
1753 		die(gettext("%s is not a regular file, "
1754 		    "block, or character device\n"),
1755 		    filename);
1756 	} else if ((buf.st_size % DEV_BSIZE) != 0) {
1757 		die(gettext("size of %s is not a multiple of %d\n"),
1758 		    filename, DEV_BSIZE);
1759 	}
1760 	(void) close(fd);
1761 
1762 	if (name_to_minor(filename) != 0) {
1763 		die(gettext("cannot use %s on itself\n"), LOFI_DRIVER_NAME);
1764 	}
1765 }
1766 
1767 static boolean_t
1768 check_file_is_encrypted(const char *filename)
1769 {
1770 	int	fd;
1771 	char    buf[sizeof (lofi_crypto_magic)];
1772 	int	got;
1773 	int	rest = sizeof (lofi_crypto_magic);
1774 
1775 	fd = open64(filename, O_RDONLY);
1776 	if (fd == -1)
1777 		die(gettext("failed to open: %s"), filename);
1778 
1779 	if (lseek(fd, CRYOFF, SEEK_SET) != CRYOFF)
1780 		die(gettext("failed to seek to offset 0x%lx in file %s"),
1781 		    CRYOFF, filename);
1782 
1783 	do {
1784 		got = read(fd, buf + sizeof (lofi_crypto_magic) - rest, rest);
1785 		if ((got == 0) || ((got == -1) && (errno != EINTR)))
1786 			die(gettext("failed to read crypto header"
1787 			    " at offset 0x%lx in file %s"), CRYOFF, filename);
1788 
1789 		if (got > 0)
1790 			rest -= got;
1791 	} while (rest > 0);
1792 
1793 	while (close(fd) == -1) {
1794 		if (errno != EINTR)
1795 			die(gettext("failed to close file %s"), filename);
1796 	}
1797 
1798 	return (strncmp(buf, lofi_crypto_magic,
1799 	    sizeof (lofi_crypto_magic)) == 0);
1800 }
1801 
1802 static uint32_t
1803 convert_to_num(const char *str)
1804 {
1805 	int len;
1806 	uint32_t segsize, mult = 1;
1807 
1808 	len = strlen(str);
1809 	if (len && isalpha(str[len - 1])) {
1810 		switch (str[len - 1]) {
1811 		case 'k':
1812 		case 'K':
1813 			mult = KILOBYTE;
1814 			break;
1815 		case 'b':
1816 		case 'B':
1817 			mult = BLOCK_SIZE;
1818 			break;
1819 		case 'm':
1820 		case 'M':
1821 			mult = MEGABYTE;
1822 			break;
1823 		case 'g':
1824 		case 'G':
1825 			mult = GIGABYTE;
1826 			break;
1827 		default:
1828 			die(gettext("invalid segment size %s\n"), str);
1829 		}
1830 	}
1831 
1832 	segsize = atol(str);
1833 	segsize *= mult;
1834 
1835 	return (segsize);
1836 }
1837 
1838 int
1839 main(int argc, char *argv[])
1840 {
1841 	int	lfd;
1842 	int	c;
1843 	const char *devicename = NULL;
1844 	const char *filename = NULL;
1845 	const char *algname = COMPRESS_ALGORITHM;
1846 	int	openflag;
1847 	int	minor;
1848 	int 	compress_index;
1849 	uint32_t segsize = SEGSIZE;
1850 	static char *lofictl = "/dev/" LOFI_CTL_NAME;
1851 	boolean_t force = B_FALSE;
1852 	const char *pname;
1853 	boolean_t errflag = B_FALSE;
1854 	boolean_t addflag = B_FALSE;
1855 	boolean_t rdflag = B_FALSE;
1856 	boolean_t deleteflag = B_FALSE;
1857 	boolean_t ephflag = B_FALSE;
1858 	boolean_t compressflag = B_FALSE;
1859 	boolean_t uncompressflag = B_FALSE;
1860 	/* the next two work together for -c, -k, -T, -e options only */
1861 	boolean_t need_crypto = B_FALSE;	/* if any -c, -k, -T, -e */
1862 	boolean_t cipher_only = B_TRUE;		/* if -c only */
1863 	const char *keyfile = NULL;
1864 	mech_alias_t *cipher = NULL;
1865 	token_spec_t *token = NULL;
1866 	char	*rkey = NULL;
1867 	size_t	rksz = 0;
1868 	char realfilename[MAXPATHLEN];
1869 
1870 	pname = getpname(argv[0]);
1871 
1872 	(void) setlocale(LC_ALL, "");
1873 	(void) textdomain(TEXT_DOMAIN);
1874 
1875 	while ((c = getopt(argc, argv, "a:c:Cd:efk:rs:T:U")) != EOF) {
1876 		switch (c) {
1877 		case 'a':
1878 			addflag = B_TRUE;
1879 			if ((filename = realpath(optarg, realfilename)) == NULL)
1880 				die("%s", optarg);
1881 			if (((argc - optind) > 0) && (*argv[optind] != '-')) {
1882 				/* optional device */
1883 				devicename = argv[optind];
1884 				optind++;
1885 			}
1886 			break;
1887 		case 'C':
1888 			compressflag = B_TRUE;
1889 			if (((argc - optind) > 1) && (*argv[optind] != '-')) {
1890 				/* optional algorithm */
1891 				algname = argv[optind];
1892 				optind++;
1893 			}
1894 			check_algorithm_validity(algname, &compress_index);
1895 			break;
1896 		case 'c':
1897 			/* is the chosen cipher allowed? */
1898 			if ((cipher = ciph2mech(optarg)) == NULL) {
1899 				errflag = B_TRUE;
1900 				warn(gettext("cipher %s not allowed\n"),
1901 				    optarg);
1902 			}
1903 			need_crypto = B_TRUE;
1904 			/* cipher_only is already set */
1905 			break;
1906 		case 'd':
1907 			deleteflag = B_TRUE;
1908 			minor = name_to_minor(optarg);
1909 			if (minor != 0)
1910 				devicename = optarg;
1911 			else {
1912 				if ((filename = realpath(optarg,
1913 				    realfilename)) == NULL)
1914 					die("%s", optarg);
1915 			}
1916 			break;
1917 		case 'e':
1918 			ephflag = B_TRUE;
1919 			need_crypto = B_TRUE;
1920 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1921 			break;
1922 		case 'f':
1923 			force = B_TRUE;
1924 			break;
1925 		case 'k':
1926 			keyfile = optarg;
1927 			need_crypto = B_TRUE;
1928 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1929 			break;
1930 		case 'r':
1931 			rdflag = B_TRUE;
1932 			break;
1933 		case 's':
1934 			segsize = convert_to_num(optarg);
1935 			if (segsize < DEV_BSIZE || !ISP2(segsize))
1936 				die(gettext("segment size %s is invalid "
1937 				    "or not a multiple of minimum block "
1938 				    "size %ld\n"), optarg, DEV_BSIZE);
1939 			break;
1940 		case 'T':
1941 			if ((token = parsetoken(optarg)) == NULL) {
1942 				errflag = B_TRUE;
1943 				warn(
1944 				    gettext("invalid token key specifier %s\n"),
1945 				    optarg);
1946 			}
1947 			need_crypto = B_TRUE;
1948 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1949 			break;
1950 		case 'U':
1951 			uncompressflag = B_TRUE;
1952 			break;
1953 		case '?':
1954 		default:
1955 			errflag = B_TRUE;
1956 			break;
1957 		}
1958 	}
1959 
1960 	/* Check for mutually exclusive combinations of options */
1961 	if (errflag ||
1962 	    (addflag && deleteflag) ||
1963 	    (rdflag && !addflag) ||
1964 	    (!addflag && need_crypto) ||
1965 	    ((compressflag || uncompressflag) && (addflag || deleteflag)))
1966 		usage(pname);
1967 
1968 	/* ephemeral key, and key from either file or token are incompatible */
1969 	if (ephflag && (keyfile != NULL || token != NULL)) {
1970 		die(gettext("ephemeral key cannot be used with keyfile"
1971 		    " or token key\n"));
1972 	}
1973 
1974 	/*
1975 	 * "-c" but no "-k", "-T", "-e", or "-T -k" means derive key from
1976 	 * command line passphrase
1977 	 */
1978 
1979 	switch (argc - optind) {
1980 	case 0: /* no more args */
1981 		if (compressflag || uncompressflag)	/* needs filename */
1982 			usage(pname);
1983 		break;
1984 	case 1:
1985 		if (addflag || deleteflag)
1986 			usage(pname);
1987 		/* one arg means compress/uncompress the file ... */
1988 		if (compressflag || uncompressflag) {
1989 			if ((filename = realpath(argv[optind],
1990 			    realfilename)) == NULL)
1991 				die("%s", argv[optind]);
1992 		/* ... or without options means print the association */
1993 		} else {
1994 			minor = name_to_minor(argv[optind]);
1995 			if (minor != 0)
1996 				devicename = argv[optind];
1997 			else {
1998 				if ((filename = realpath(argv[optind],
1999 				    realfilename)) == NULL)
2000 					die("%s", argv[optind]);
2001 			}
2002 		}
2003 		break;
2004 	default:
2005 		usage(pname);
2006 		break;
2007 	}
2008 
2009 	if (addflag || compressflag || uncompressflag)
2010 		check_file_validity(filename);
2011 
2012 	if (filename && !valid_abspath(filename))
2013 		exit(E_ERROR);
2014 
2015 	/*
2016 	 * Here, we know the arguments are correct, the filename is an
2017 	 * absolute path, it exists and is a regular file. We don't yet
2018 	 * know that the device name is ok or not.
2019 	 */
2020 
2021 	openflag = O_EXCL;
2022 	if (addflag || deleteflag || compressflag || uncompressflag)
2023 		openflag |= O_RDWR;
2024 	else
2025 		openflag |= O_RDONLY;
2026 	lfd = open(lofictl, openflag);
2027 	if (lfd == -1) {
2028 		if ((errno == EPERM) || (errno == EACCES)) {
2029 			die(gettext("you do not have permission to perform "
2030 			    "that operation.\n"));
2031 		} else {
2032 			die(gettext("open: %s"), lofictl);
2033 		}
2034 		/*NOTREACHED*/
2035 	}
2036 
2037 	/*
2038 	 * No passphrase is needed for ephemeral key, or when key is
2039 	 * in a file and not wrapped by another key from a token.
2040 	 * However, a passphrase is needed in these cases:
2041 	 * 1. cipher with no ephemeral key, key file, or token,
2042 	 *    in which case the passphrase is used to build the key
2043 	 * 2. token with an optional cipher or optional key file,
2044 	 *    in which case the passphrase unlocks the token
2045 	 * If only the cipher is specified, reconfirm the passphrase
2046 	 * to ensure the user hasn't mis-entered it.  Otherwise, the
2047 	 * token will enforce the token passphrase.
2048 	 */
2049 	if (need_crypto) {
2050 		CK_SESSION_HANDLE	sess;
2051 
2052 		/* pick a cipher if none specified */
2053 		if (cipher == NULL)
2054 			cipher = DEFAULT_CIPHER;
2055 
2056 		if (!kernel_cipher_check(cipher))
2057 			die(gettext(
2058 			    "use \"cryptoadm list -m\" to find available "
2059 			    "mechanisms\n"));
2060 
2061 		init_crypto(token, cipher, &sess);
2062 
2063 		if (cipher_only) {
2064 			getkeyfromuser(cipher, &rkey, &rksz,
2065 			    !check_file_is_encrypted(filename));
2066 		} else if (token != NULL) {
2067 			getkeyfromtoken(sess, token, keyfile, cipher,
2068 			    &rkey, &rksz);
2069 		} else {
2070 			/* this also handles ephemeral keys */
2071 			getkeyfromfile(keyfile, cipher, &rkey, &rksz);
2072 		}
2073 
2074 		end_crypto(sess);
2075 	}
2076 
2077 	/*
2078 	 * Now to the real work.
2079 	 */
2080 	if (addflag)
2081 		add_mapping(lfd, devicename, filename, cipher, rkey, rksz,
2082 		    rdflag);
2083 	else if (compressflag)
2084 		lofi_compress(&lfd, filename, compress_index, segsize);
2085 	else if (uncompressflag)
2086 		lofi_uncompress(lfd, filename);
2087 	else if (deleteflag)
2088 		delete_mapping(lfd, devicename, filename, force);
2089 	else if (filename || devicename)
2090 		print_one_mapping(lfd, devicename, filename);
2091 	else
2092 		print_mappings(lfd);
2093 
2094 	if (lfd != -1)
2095 		(void) close(lfd);
2096 	closelib();
2097 	return (E_SUCCESS);
2098 }
2099