xref: /illumos-gate/usr/src/cmd/lofiadm/main.c (revision 80c94ecd7a524eb933a4bb221a9618b9dc490e76)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2012 Joyent, Inc.  All rights reserved.
25  *
26  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
27  */
28 
29 /*
30  * lofiadm - administer lofi(7d). Very simple, add and remove file<->device
31  * associations, and display status. All the ioctls are private between
32  * lofi and lofiadm, and so are very simple - device information is
33  * communicated via a minor number.
34  */
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/lofi.h>
39 #include <sys/stat.h>
40 #include <sys/sysmacros.h>
41 #include <netinet/in.h>
42 #include <stdio.h>
43 #include <fcntl.h>
44 #include <locale.h>
45 #include <string.h>
46 #include <strings.h>
47 #include <errno.h>
48 #include <stdlib.h>
49 #include <unistd.h>
50 #include <stropts.h>
51 #include <libdevinfo.h>
52 #include <libgen.h>
53 #include <ctype.h>
54 #include <dlfcn.h>
55 #include <limits.h>
56 #include <security/cryptoki.h>
57 #include <cryptoutil.h>
58 #include <sys/crypto/ioctl.h>
59 #include <sys/crypto/ioctladmin.h>
60 #include "utils.h"
61 #include <LzmaEnc.h>
62 
63 /* Only need the IV len #defines out of these files, nothing else. */
64 #include <aes/aes_impl.h>
65 #include <des/des_impl.h>
66 #include <blowfish/blowfish_impl.h>
67 
68 static const char USAGE[] =
69 	"Usage: %s [-r] -a file [ device ] "
70 	" [-c aes-128-cbc|aes-192-cbc|aes-256-cbc|des3-cbc|blowfish-cbc]"
71 	" [-e] [-k keyfile] [-T [token]:[manuf]:[serial]:key]\n"
72 	"       %s -d file | device\n"
73 	"       %s -C [gzip|gzip-6|gzip-9|lzma] [-s segment_size] file\n"
74 	"       %s -U file\n"
75 	"       %s [ file | device ]\n";
76 
77 typedef struct token_spec {
78 	char	*name;
79 	char	*mfr;
80 	char	*serno;
81 	char	*key;
82 } token_spec_t;
83 
84 typedef struct mech_alias {
85 	char	*alias;
86 	CK_MECHANISM_TYPE type;
87 	char	*name;		/* for ioctl */
88 	char	*iv_name;	/* for ioctl */
89 	size_t	iv_len;		/* for ioctl */
90 	iv_method_t iv_type;	/* for ioctl */
91 	size_t	min_keysize;	/* in bytes */
92 	size_t	max_keysize;	/* in bytes */
93 	token_spec_t *token;
94 	CK_SLOT_ID slot;
95 } mech_alias_t;
96 
97 static mech_alias_t mech_aliases[] = {
98 	/* Preferred one should always be listed first. */
99 	{ "aes-256-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
100 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
101 	{ "aes-192-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
102 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
103 	{ "aes-128-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
104 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
105 	{ "des3-cbc", CKM_DES3_CBC, "CKM_DES3_CBC", "CKM_DES3_ECB", DES_IV_LEN,
106 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 },
107 	{ "blowfish-cbc", CKM_BLOWFISH_CBC, "CKM_BLOWFISH_CBC",
108 	    "CKM_BLOWFISH_ECB", BLOWFISH_IV_LEN, IVM_ENC_BLKNO, ULONG_MAX,
109 	    0L, NULL, (CK_SLOT_ID)-1 }
110 	/*
111 	 * A cipher without an iv requirement would look like this:
112 	 * { "aes-xex", CKM_AES_XEX, "CKM_AES_XEX", NULL, 0,
113 	 *    IVM_NONE, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 }
114 	 */
115 };
116 
117 int	mech_aliases_count = (sizeof (mech_aliases) / sizeof (mech_alias_t));
118 
119 /* Preferred cipher, if one isn't specified on command line. */
120 #define	DEFAULT_CIPHER	(&mech_aliases[0])
121 
122 #define	DEFAULT_CIPHER_NUM	64	/* guess # kernel ciphers available */
123 #define	DEFAULT_MECHINFO_NUM	16	/* guess # kernel mechs available */
124 #define	MIN_PASSLEN		8	/* min acceptable passphrase size */
125 
126 static int gzip_compress(void *src, size_t srclen, void *dst,
127 	size_t *destlen, int level);
128 static int lzma_compress(void *src, size_t srclen, void *dst,
129 	size_t *destlen, int level);
130 
131 lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = {
132 	{NULL,  		gzip_compress,  6,	"gzip"}, /* default */
133 	{NULL,			gzip_compress,	6,	"gzip-6"},
134 	{NULL,			gzip_compress,	9, 	"gzip-9"},
135 	{NULL,  		lzma_compress, 	0, 	"lzma"}
136 };
137 
138 /* For displaying lofi mappings */
139 #define	FORMAT 			"%-20s     %-30s	%s\n"
140 
141 #define	COMPRESS_ALGORITHM	"gzip"
142 #define	COMPRESS_THRESHOLD	2048
143 #define	SEGSIZE			131072
144 #define	BLOCK_SIZE		512
145 #define	KILOBYTE		1024
146 #define	MEGABYTE		(KILOBYTE * KILOBYTE)
147 #define	GIGABYTE		(KILOBYTE * MEGABYTE)
148 #define	LIBZ			"libz.so"
149 
150 static void
151 usage(const char *pname)
152 {
153 	(void) fprintf(stderr, gettext(USAGE), pname, pname, pname,
154 	    pname, pname);
155 	exit(E_USAGE);
156 }
157 
158 static int
159 gzip_compress(void *src, size_t srclen, void *dst, size_t *dstlen, int level)
160 {
161 	static int (*compress2p)(void *, ulong_t *, void *, size_t, int) = NULL;
162 	void *libz_hdl = NULL;
163 
164 	/*
165 	 * The first time we are called, attempt to dlopen()
166 	 * libz.so and get a pointer to the compress2() function
167 	 */
168 	if (compress2p == NULL) {
169 		if ((libz_hdl = openlib(LIBZ)) == NULL)
170 			die(gettext("could not find %s. "
171 			    "gzip compression unavailable\n"), LIBZ);
172 
173 		if ((compress2p =
174 		    (int (*)(void *, ulong_t *, void *, size_t, int))
175 		    dlsym(libz_hdl, "compress2")) == NULL) {
176 			closelib();
177 			die(gettext("could not find the correct %s. "
178 			    "gzip compression unavailable\n"), LIBZ);
179 		}
180 	}
181 
182 	if ((*compress2p)(dst, (ulong_t *)dstlen, src, srclen, level) != 0)
183 		return (-1);
184 	return (0);
185 }
186 
187 /*ARGSUSED*/
188 static void
189 *SzAlloc(void *p, size_t size)
190 {
191 	return (malloc(size));
192 }
193 
194 /*ARGSUSED*/
195 static void
196 SzFree(void *p, void *address, size_t size)
197 {
198 	free(address);
199 }
200 
201 static ISzAlloc g_Alloc = {
202 	SzAlloc,
203 	SzFree
204 };
205 
206 #define	LZMA_UNCOMPRESSED_SIZE	8
207 #define	LZMA_HEADER_SIZE (LZMA_PROPS_SIZE + LZMA_UNCOMPRESSED_SIZE)
208 
209 /*ARGSUSED*/
210 static int
211 lzma_compress(void *src, size_t srclen, void *dst,
212 	size_t *dstlen, int level)
213 {
214 	CLzmaEncProps props;
215 	size_t outsize2;
216 	size_t outsizeprocessed;
217 	size_t outpropssize = LZMA_PROPS_SIZE;
218 	uint64_t t = 0;
219 	SRes res;
220 	Byte *dstp;
221 	int i;
222 
223 	outsize2 = *dstlen;
224 
225 	LzmaEncProps_Init(&props);
226 
227 	/*
228 	 * The LZMA compressed file format is as follows -
229 	 *
230 	 * Offset Size(bytes) Description
231 	 * 0		1	LZMA properties (lc, lp, lp (encoded))
232 	 * 1		4	Dictionary size (little endian)
233 	 * 5		8	Uncompressed size (little endian)
234 	 * 13			Compressed data
235 	 */
236 
237 	/* set the dictionary size to be 8MB */
238 	props.dictSize = 1 << 23;
239 
240 	if (*dstlen < LZMA_HEADER_SIZE)
241 		return (SZ_ERROR_OUTPUT_EOF);
242 
243 	dstp = (Byte *)dst;
244 	t = srclen;
245 	/*
246 	 * Set the uncompressed size in the LZMA header
247 	 * The LZMA properties (specified in 'props')
248 	 * will be set by the call to LzmaEncode()
249 	 */
250 	for (i = 0; i < LZMA_UNCOMPRESSED_SIZE; i++, t >>= 8) {
251 		dstp[LZMA_PROPS_SIZE + i] = (Byte)t;
252 	}
253 
254 	outsizeprocessed = outsize2 - LZMA_HEADER_SIZE;
255 	res = LzmaEncode(dstp + LZMA_HEADER_SIZE, &outsizeprocessed,
256 	    src, srclen, &props, dstp, &outpropssize, 0, NULL,
257 	    &g_Alloc, &g_Alloc);
258 
259 	if (res != 0)
260 		return (-1);
261 
262 	*dstlen = outsizeprocessed + LZMA_HEADER_SIZE;
263 	return (0);
264 }
265 
266 /*
267  * Translate a lofi device name to a minor number. We might be asked
268  * to do this when there is no association (such as when the user specifies
269  * a particular device), so we can only look at the string.
270  */
271 static int
272 name_to_minor(const char *devicename)
273 {
274 	int	minor;
275 
276 	if (sscanf(devicename, "/dev/" LOFI_BLOCK_NAME "/%d", &minor) == 1) {
277 		return (minor);
278 	}
279 	if (sscanf(devicename, "/dev/" LOFI_CHAR_NAME "/%d", &minor) == 1) {
280 		return (minor);
281 	}
282 	return (0);
283 }
284 
285 /*
286  * This might be the first time we've used this minor number. If so,
287  * it might also be that the /dev links are in the process of being created
288  * by devfsadmd (or that they'll be created "soon"). We cannot return
289  * until they're there or the invoker of lofiadm might try to use them
290  * and not find them. This can happen if a shell script is running on
291  * an MP.
292  */
293 static int sleeptime = 2;	/* number of seconds to sleep between stat's */
294 static int maxsleep = 120;	/* maximum number of seconds to sleep */
295 
296 static void
297 wait_until_dev_complete(int minor)
298 {
299 	struct stat64 buf;
300 	int	cursleep;
301 	char	blkpath[MAXPATHLEN];
302 	char	charpath[MAXPATHLEN];
303 	di_devlink_handle_t hdl;
304 
305 	(void) snprintf(blkpath, sizeof (blkpath), "/dev/%s/%d",
306 	    LOFI_BLOCK_NAME, minor);
307 	(void) snprintf(charpath, sizeof (charpath), "/dev/%s/%d",
308 	    LOFI_CHAR_NAME, minor);
309 
310 	/* Check if links already present */
311 	if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
312 		return;
313 
314 	/* First use di_devlink_init() */
315 	if (hdl = di_devlink_init("lofi", DI_MAKE_LINK)) {
316 		(void) di_devlink_fini(&hdl);
317 		goto out;
318 	}
319 
320 	/*
321 	 * Under normal conditions, di_devlink_init(DI_MAKE_LINK) above will
322 	 * only fail if the caller is non-root. In that case, wait for
323 	 * link creation via sysevents.
324 	 */
325 	for (cursleep = 0; cursleep < maxsleep; cursleep += sleeptime) {
326 		if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
327 			return;
328 		(void) sleep(sleeptime);
329 	}
330 
331 	/* one last try */
332 out:
333 	if (stat64(blkpath, &buf) == -1) {
334 		die(gettext("%s was not created"), blkpath);
335 	}
336 	if (stat64(charpath, &buf) == -1) {
337 		die(gettext("%s was not created"), charpath);
338 	}
339 }
340 
341 /*
342  * Map the file and return the minor number the driver picked for the file
343  * DO NOT use this function if the filename is actually the device name.
344  */
345 static int
346 lofi_map_file(int lfd, struct lofi_ioctl li, const char *filename)
347 {
348 	int	minor;
349 
350 	li.li_minor = 0;
351 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
352 	minor = ioctl(lfd, LOFI_MAP_FILE, &li);
353 	if (minor == -1) {
354 		if (errno == ENOTSUP)
355 			warn(gettext("encrypting compressed files is "
356 			    "unsupported"));
357 		die(gettext("could not map file %s"), filename);
358 	}
359 	wait_until_dev_complete(minor);
360 	return (minor);
361 }
362 
363 /*
364  * Add a device association. If devicename is NULL, let the driver
365  * pick a device.
366  */
367 static void
368 add_mapping(int lfd, const char *devicename, const char *filename,
369     mech_alias_t *cipher, const char *rkey, size_t rksz, boolean_t rdonly)
370 {
371 	struct lofi_ioctl li;
372 
373 	li.li_readonly = rdonly;
374 
375 	li.li_crypto_enabled = B_FALSE;
376 	if (cipher != NULL) {
377 		/* set up encryption for mapped file */
378 		li.li_crypto_enabled = B_TRUE;
379 		(void) strlcpy(li.li_cipher, cipher->name,
380 		    sizeof (li.li_cipher));
381 		if (rksz > sizeof (li.li_key)) {
382 			die(gettext("key too large"));
383 		}
384 		bcopy(rkey, li.li_key, rksz);
385 		li.li_key_len = rksz << 3;	/* convert to bits */
386 
387 		li.li_iv_type = cipher->iv_type;
388 		li.li_iv_len = cipher->iv_len;	/* 0 when no iv needed */
389 		switch (cipher->iv_type) {
390 		case IVM_ENC_BLKNO:
391 			(void) strlcpy(li.li_iv_cipher, cipher->iv_name,
392 			    sizeof (li.li_iv_cipher));
393 			break;
394 		case IVM_NONE:
395 			/* FALLTHROUGH */
396 		default:
397 			break;
398 		}
399 	}
400 
401 	if (devicename == NULL) {
402 		int	minor;
403 
404 		/* pick one via the driver */
405 		minor = lofi_map_file(lfd, li, filename);
406 		/* if mapping succeeds, print the one picked */
407 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, minor);
408 		return;
409 	}
410 
411 	/* use device we were given */
412 	li.li_minor = name_to_minor(devicename);
413 	if (li.li_minor == 0) {
414 		die(gettext("malformed device name %s\n"), devicename);
415 	}
416 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
417 
418 	/* if device is already in use li.li_minor won't change */
419 	if (ioctl(lfd, LOFI_MAP_FILE_MINOR, &li) == -1) {
420 		if (errno == ENOTSUP)
421 			warn(gettext("encrypting compressed files is "
422 			    "unsupported"));
423 		die(gettext("could not map file %s to %s"), filename,
424 		    devicename);
425 	}
426 	wait_until_dev_complete(li.li_minor);
427 }
428 
429 /*
430  * Remove an association. Delete by device name if non-NULL, or by
431  * filename otherwise.
432  */
433 static void
434 delete_mapping(int lfd, const char *devicename, const char *filename,
435     boolean_t force)
436 {
437 	struct lofi_ioctl li;
438 
439 	li.li_force = force;
440 	li.li_cleanup = B_FALSE;
441 
442 	if (devicename == NULL) {
443 		/* delete by filename */
444 		(void) strlcpy(li.li_filename, filename,
445 		    sizeof (li.li_filename));
446 		li.li_minor = 0;
447 		if (ioctl(lfd, LOFI_UNMAP_FILE, &li) == -1) {
448 			die(gettext("could not unmap file %s"), filename);
449 		}
450 		return;
451 	}
452 
453 	/* delete by device */
454 	li.li_minor = name_to_minor(devicename);
455 	if (li.li_minor == 0) {
456 		die(gettext("malformed device name %s\n"), devicename);
457 	}
458 	if (ioctl(lfd, LOFI_UNMAP_FILE_MINOR, &li) == -1) {
459 		die(gettext("could not unmap device %s"), devicename);
460 	}
461 }
462 
463 /*
464  * Show filename given devicename, or devicename given filename.
465  */
466 static void
467 print_one_mapping(int lfd, const char *devicename, const char *filename)
468 {
469 	struct lofi_ioctl li;
470 
471 	if (devicename == NULL) {
472 		/* given filename, print devicename */
473 		li.li_minor = 0;
474 		(void) strlcpy(li.li_filename, filename,
475 		    sizeof (li.li_filename));
476 		if (ioctl(lfd, LOFI_GET_MINOR, &li) == -1) {
477 			die(gettext("could not find device for %s"), filename);
478 		}
479 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, li.li_minor);
480 		return;
481 	}
482 
483 	/* given devicename, print filename */
484 	li.li_minor = name_to_minor(devicename);
485 	if (li.li_minor == 0) {
486 		die(gettext("malformed device name %s\n"), devicename);
487 	}
488 	if (ioctl(lfd, LOFI_GET_FILENAME, &li) == -1) {
489 		die(gettext("could not find filename for %s"), devicename);
490 	}
491 	(void) printf("%s\n", li.li_filename);
492 }
493 
494 /*
495  * Print the list of all the mappings, including a header.
496  */
497 static void
498 print_mappings(int fd)
499 {
500 	struct lofi_ioctl li;
501 	int	minor;
502 	int	maxminor;
503 	char	path[MAXPATHLEN];
504 	char	options[MAXPATHLEN] = { 0 };
505 
506 	li.li_minor = 0;
507 	if (ioctl(fd, LOFI_GET_MAXMINOR, &li) == -1) {
508 		die("ioctl");
509 	}
510 	maxminor = li.li_minor;
511 
512 	(void) printf(FORMAT, gettext("Block Device"), gettext("File"),
513 	    gettext("Options"));
514 	for (minor = 1; minor <= maxminor; minor++) {
515 		li.li_minor = minor;
516 		if (ioctl(fd, LOFI_GET_FILENAME, &li) == -1) {
517 			if (errno == ENXIO)
518 				continue;
519 			warn("ioctl");
520 			break;
521 		}
522 		(void) snprintf(path, sizeof (path), "/dev/%s/%d",
523 		    LOFI_BLOCK_NAME, minor);
524 
525 		options[0] = '\0';
526 
527 		/*
528 		 * Encrypted lofi and compressed lofi are mutually exclusive.
529 		 */
530 		if (li.li_crypto_enabled)
531 			(void) snprintf(options, sizeof (options),
532 			    gettext("Encrypted"));
533 		else if (li.li_algorithm[0] != '\0')
534 			(void) snprintf(options, sizeof (options),
535 			    gettext("Compressed(%s)"), li.li_algorithm);
536 		if (li.li_readonly) {
537 			if (strlen(options) != 0) {
538 				(void) strlcat(options, ",", sizeof (options));
539 				(void) strlcat(options, "Readonly",
540 				    sizeof (options));
541 			} else {
542 				(void) snprintf(options, sizeof (options),
543 				    gettext("Readonly"));
544 			}
545 		}
546 		if (strlen(options) == 0)
547 			(void) snprintf(options, sizeof (options), "-");
548 
549 		(void) printf(FORMAT, path, li.li_filename, options);
550 	}
551 }
552 
553 /*
554  * Verify the cipher selected by user.
555  */
556 static mech_alias_t *
557 ciph2mech(const char *alias)
558 {
559 	int	i;
560 
561 	for (i = 0; i < mech_aliases_count; i++) {
562 		if (strcasecmp(alias, mech_aliases[i].alias) == 0)
563 			return (&mech_aliases[i]);
564 	}
565 	return (NULL);
566 }
567 
568 /*
569  * Verify user selected cipher is also available in kernel.
570  *
571  * While traversing kernel list of mechs, if the cipher is supported in the
572  * kernel for both encryption and decryption, it also picks up the min/max
573  * key size.
574  */
575 static boolean_t
576 kernel_cipher_check(mech_alias_t *cipher)
577 {
578 	boolean_t ciph_ok = B_FALSE;
579 	boolean_t iv_ok = B_FALSE;
580 	int	i;
581 	int	count;
582 	crypto_get_mechanism_list_t *kciphers = NULL;
583 	crypto_get_all_mechanism_info_t *kinfo = NULL;
584 	int	fd = -1;
585 	size_t	keymin;
586 	size_t	keymax;
587 
588 	/* if cipher doesn't need iv generating mech, bypass that check now */
589 	if (cipher->iv_name == NULL)
590 		iv_ok = B_TRUE;
591 
592 	/* allocate some space for the list of kernel ciphers */
593 	count = DEFAULT_CIPHER_NUM;
594 	kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
595 	    sizeof (crypto_mech_name_t) * (count - 1));
596 	if (kciphers == NULL)
597 		die(gettext("failed to allocate memory for list of "
598 		    "kernel mechanisms"));
599 	kciphers->ml_count = count;
600 
601 	/* query crypto device to get list of kernel ciphers */
602 	if ((fd = open("/dev/crypto", O_RDWR)) == -1) {
603 		warn(gettext("failed to open %s"), "/dev/crypto");
604 		goto kcc_out;
605 	}
606 
607 	if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
608 		warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
609 		goto kcc_out;
610 	}
611 
612 	if (kciphers->ml_return_value == CRYPTO_BUFFER_TOO_SMALL) {
613 		count = kciphers->ml_count;
614 		free(kciphers);
615 		kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
616 		    sizeof (crypto_mech_name_t) * (count - 1));
617 		if (kciphers == NULL) {
618 			warn(gettext("failed to allocate memory for list of "
619 			    "kernel mechanisms"));
620 			goto kcc_out;
621 		}
622 		kciphers->ml_count = count;
623 
624 		if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
625 			warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
626 			goto kcc_out;
627 		}
628 	}
629 
630 	if (kciphers->ml_return_value != CRYPTO_SUCCESS) {
631 		warn(gettext(
632 		    "CRYPTO_GET_MECHANISM_LIST ioctl return value = %d\n"),
633 		    kciphers->ml_return_value);
634 		goto kcc_out;
635 	}
636 
637 	/*
638 	 * scan list of kernel ciphers looking for the selected one and if
639 	 * it needs an iv generated using another cipher, also look for that
640 	 * additional cipher to be used for generating the iv
641 	 */
642 	count = kciphers->ml_count;
643 	for (i = 0; i < count && !(ciph_ok && iv_ok); i++) {
644 		if (!ciph_ok &&
645 		    strcasecmp(cipher->name, kciphers->ml_list[i]) == 0)
646 			ciph_ok = B_TRUE;
647 		if (!iv_ok &&
648 		    strcasecmp(cipher->iv_name, kciphers->ml_list[i]) == 0)
649 			iv_ok = B_TRUE;
650 	}
651 	free(kciphers);
652 	kciphers = NULL;
653 
654 	if (!ciph_ok)
655 		warn(gettext("%s mechanism not supported in kernel\n"),
656 		    cipher->name);
657 	if (!iv_ok)
658 		warn(gettext("%s mechanism not supported in kernel\n"),
659 		    cipher->iv_name);
660 
661 	if (ciph_ok) {
662 		/* Get the details about the user selected cipher */
663 		count = DEFAULT_MECHINFO_NUM;
664 		kinfo = malloc(sizeof (crypto_get_all_mechanism_info_t) +
665 		    sizeof (crypto_mechanism_info_t) * (count - 1));
666 		if (kinfo == NULL) {
667 			warn(gettext("failed to allocate memory for "
668 			    "kernel mechanism info"));
669 			goto kcc_out;
670 		}
671 		kinfo->mi_count = count;
672 		(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
673 		    CRYPTO_MAX_MECH_NAME);
674 
675 		if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) == -1) {
676 			warn(gettext(
677 			    "CRYPTO_GET_ALL_MECHANISM_INFO ioctl failed"));
678 			goto kcc_out;
679 		}
680 
681 		if (kinfo->mi_return_value == CRYPTO_BUFFER_TOO_SMALL) {
682 			count = kinfo->mi_count;
683 			free(kinfo);
684 			kinfo = malloc(
685 			    sizeof (crypto_get_all_mechanism_info_t) +
686 			    sizeof (crypto_mechanism_info_t) * (count - 1));
687 			if (kinfo == NULL) {
688 				warn(gettext("failed to allocate memory for "
689 				    "kernel mechanism info"));
690 				goto kcc_out;
691 			}
692 			kinfo->mi_count = count;
693 			(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
694 			    CRYPTO_MAX_MECH_NAME);
695 
696 			if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) ==
697 			    -1) {
698 				warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO "
699 				    "ioctl failed"));
700 				goto kcc_out;
701 			}
702 		}
703 
704 		if (kinfo->mi_return_value != CRYPTO_SUCCESS) {
705 			warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO ioctl "
706 			    "return value = %d\n"), kinfo->mi_return_value);
707 			goto kcc_out;
708 		}
709 
710 		/* Set key min and max size */
711 		count = kinfo->mi_count;
712 		i = 0;
713 		if (i < count) {
714 			keymin = kinfo->mi_list[i].mi_min_key_size;
715 			keymax = kinfo->mi_list[i].mi_max_key_size;
716 			if (kinfo->mi_list[i].mi_keysize_unit &
717 			    CRYPTO_KEYSIZE_UNIT_IN_BITS) {
718 				keymin = CRYPTO_BITS2BYTES(keymin);
719 				keymax = CRYPTO_BITS2BYTES(keymax);
720 
721 			}
722 			cipher->min_keysize = keymin;
723 			cipher->max_keysize = keymax;
724 		}
725 		free(kinfo);
726 		kinfo = NULL;
727 
728 		if (i == count) {
729 			(void) close(fd);
730 			die(gettext(
731 			    "failed to find usable %s kernel mechanism, "
732 			    "use \"cryptoadm list -m\" to find available "
733 			    "mechanisms\n"),
734 			    cipher->name);
735 		}
736 	}
737 
738 	/* Note: key min/max, unit size, usage for iv cipher are not checked. */
739 
740 	return (ciph_ok && iv_ok);
741 
742 kcc_out:
743 	if (kinfo != NULL)
744 		free(kinfo);
745 	if (kciphers != NULL)
746 		free(kciphers);
747 	if (fd != -1)
748 		(void) close(fd);
749 	return (B_FALSE);
750 }
751 
752 /*
753  * Break up token spec into its components (non-destructive)
754  */
755 static token_spec_t *
756 parsetoken(char *spec)
757 {
758 #define	FLD_NAME	0
759 #define	FLD_MANUF	1
760 #define	FLD_SERIAL	2
761 #define	FLD_LABEL	3
762 #define	NFIELDS		4
763 #define	nullfield(i)	((field[(i)+1] - field[(i)]) <= 1)
764 #define	copyfield(fld, i)	\
765 		{							\
766 			int	n;					\
767 			(fld) = NULL;					\
768 			if ((n = (field[(i)+1] - field[(i)])) > 1) {	\
769 				if (((fld) = malloc(n)) != NULL) {	\
770 					(void) strncpy((fld), field[(i)], n); \
771 					((fld))[n - 1] = '\0';		\
772 				}					\
773 			}						\
774 		}
775 
776 	int	i;
777 	char	*field[NFIELDS + 1];	/* +1 to catch extra delimiters */
778 	token_spec_t *ti = NULL;
779 
780 	if (spec == NULL)
781 		return (NULL);
782 
783 	/*
784 	 * Correct format is "[name]:[manuf]:[serial]:key". Can't use
785 	 * strtok because it treats ":::key" and "key:::" and "key" all
786 	 * as the same thing, and we can't have the :s compressed away.
787 	 */
788 	field[0] = spec;
789 	for (i = 1; i < NFIELDS + 1; i++) {
790 		field[i] = strchr(field[i-1], ':');
791 		if (field[i] == NULL)
792 			break;
793 		field[i]++;
794 	}
795 	if (i < NFIELDS)		/* not enough fields */
796 		return (NULL);
797 	if (field[NFIELDS] != NULL)	/* too many fields */
798 		return (NULL);
799 	field[NFIELDS] = strchr(field[NFIELDS-1], '\0') + 1;
800 
801 	/* key label can't be empty */
802 	if (nullfield(FLD_LABEL))
803 		return (NULL);
804 
805 	ti = malloc(sizeof (token_spec_t));
806 	if (ti == NULL)
807 		return (NULL);
808 
809 	copyfield(ti->name, FLD_NAME);
810 	copyfield(ti->mfr, FLD_MANUF);
811 	copyfield(ti->serno, FLD_SERIAL);
812 	copyfield(ti->key, FLD_LABEL);
813 
814 	/*
815 	 * If token specified and it only contains a key label, then
816 	 * search all tokens for the key, otherwise only those with
817 	 * matching name, mfr, and serno are used.
818 	 */
819 	/*
820 	 * That's how we'd like it to be, however, if only the key label
821 	 * is specified, default to using softtoken.  It's easier.
822 	 */
823 	if (ti->name == NULL && ti->mfr == NULL && ti->serno == NULL)
824 		ti->name = strdup(pkcs11_default_token());
825 	return (ti);
826 }
827 
828 /*
829  * PBE the passphrase into a raw key
830  */
831 static void
832 getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
833 {
834 	CK_SESSION_HANDLE sess;
835 	CK_RV	rv;
836 	char	*pass = NULL;
837 	size_t	passlen = 0;
838 	void	*salt = NULL;	/* don't use NULL, see note on salt below */
839 	size_t	saltlen = 0;
840 	CK_KEY_TYPE ktype;
841 	void	*kvalue;
842 	size_t	klen;
843 
844 	/* did init_crypto find a slot that supports this cipher? */
845 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
846 		rv = CKR_MECHANISM_INVALID;
847 		goto cleanup;
848 	}
849 
850 	rv = pkcs11_mech2keytype(cipher->type, &ktype);
851 	if (rv != CKR_OK)
852 		goto cleanup;
853 
854 	/*
855 	 * use the passphrase to generate a PBE PKCS#5 secret key and
856 	 * retrieve the raw key data to eventually pass it to the kernel;
857 	 */
858 	rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
859 	if (rv != CKR_OK)
860 		goto cleanup;
861 
862 	/* get user passphrase with 8 byte minimum */
863 	if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
864 		die(gettext("passphrases do not match\n"));
865 	}
866 
867 	/*
868 	 * salt should not be NULL, or else pkcs11_PasswdToKey() will
869 	 * complain about CKR_MECHANISM_PARAM_INVALID; the following is
870 	 * to make up for not having a salt until a proper one is used
871 	 */
872 	salt = pass;
873 	saltlen = passlen;
874 
875 	klen = cipher->max_keysize;
876 	rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
877 	    cipher->max_keysize, &kvalue, &klen);
878 
879 	(void) C_CloseSession(sess);
880 
881 	if (rv != CKR_OK) {
882 		goto cleanup;
883 	}
884 
885 	/* assert(klen == cipher->max_keysize); */
886 	*raw_key_sz = klen;
887 	*raw_key = (char *)kvalue;
888 	return;
889 
890 cleanup:
891 	die(gettext("failed to generate %s key from passphrase: %s"),
892 	    cipher->alias, pkcs11_strerror(rv));
893 }
894 
895 /*
896  * Read raw key from file; also handles ephemeral keys.
897  */
898 void
899 getkeyfromfile(const char *pathname, mech_alias_t *cipher, char **key,
900     size_t *ksz)
901 {
902 	int	fd;
903 	struct stat sbuf;
904 	boolean_t notplain = B_FALSE;
905 	ssize_t	cursz;
906 	ssize_t	nread;
907 
908 	/* ephemeral keys are just random data */
909 	if (pathname == NULL) {
910 		*ksz = cipher->max_keysize;
911 		*key = malloc(*ksz);
912 		if (*key == NULL)
913 			die(gettext("failed to allocate memory for"
914 			    " ephemeral key"));
915 		if (pkcs11_get_urandom(*key, *ksz) < 0) {
916 			free(*key);
917 			die(gettext("failed to get enough random data"));
918 		}
919 		return;
920 	}
921 
922 	/*
923 	 * If the remaining section of code didn't also check for secure keyfile
924 	 * permissions and whether the key is within cipher min and max lengths,
925 	 * (or, if those things moved out of this block), we could have had:
926 	 *	if (pkcs11_read_data(pathname, key, ksz) < 0)
927 	 *		handle_error();
928 	 */
929 
930 	if ((fd = open(pathname, O_RDONLY, 0)) == -1)
931 		die(gettext("open of keyfile (%s) failed"), pathname);
932 
933 	if (fstat(fd, &sbuf) == -1)
934 		die(gettext("fstat of keyfile (%s) failed"), pathname);
935 
936 	if (S_ISREG(sbuf.st_mode)) {
937 		if ((sbuf.st_mode & (S_IWGRP | S_IWOTH)) != 0)
938 			die(gettext("insecure permissions on keyfile %s\n"),
939 			    pathname);
940 
941 		*ksz = sbuf.st_size;
942 		if (*ksz < cipher->min_keysize || cipher->max_keysize < *ksz) {
943 			warn(gettext("%s: invalid keysize: %d\n"),
944 			    pathname, (int)*ksz);
945 			die(gettext("\t%d <= keysize <= %d\n"),
946 			    cipher->min_keysize, cipher->max_keysize);
947 		}
948 	} else {
949 		*ksz = cipher->max_keysize;
950 		notplain = B_TRUE;
951 	}
952 
953 	*key = malloc(*ksz);
954 	if (*key == NULL)
955 		die(gettext("failed to allocate memory for key from file"));
956 
957 	for (cursz = 0, nread = 0; cursz < *ksz; cursz += nread) {
958 		nread = read(fd, *key, *ksz);
959 		if (nread > 0)
960 			continue;
961 		/*
962 		 * nread == 0.  If it's not a regular file we were trying to
963 		 * get the maximum keysize of data possible for this cipher.
964 		 * But if we've got at least the minimum keysize of data,
965 		 * round down to the nearest keysize unit and call it good.
966 		 * If we haven't met the minimum keysize, that's an error.
967 		 * If it's a regular file, nread = 0 is also an error.
968 		 */
969 		if (nread == 0 && notplain && cursz >= cipher->min_keysize) {
970 			*ksz = (cursz / cipher->min_keysize) *
971 			    cipher->min_keysize;
972 			break;
973 		}
974 		die(gettext("%s: can't read all keybytes"), pathname);
975 	}
976 	(void) close(fd);
977 }
978 
979 /*
980  * Read the raw key from token, or from a file that was wrapped with a
981  * key from token
982  */
983 void
984 getkeyfromtoken(CK_SESSION_HANDLE sess,
985     token_spec_t *token, const char *keyfile, mech_alias_t *cipher,
986     char **raw_key, size_t *raw_key_sz)
987 {
988 	CK_RV	rv = CKR_OK;
989 	CK_BBOOL trueval = B_TRUE;
990 	CK_OBJECT_CLASS kclass;		/* secret key or RSA private key */
991 	CK_KEY_TYPE ktype;		/* from selected cipher or CKK_RSA */
992 	CK_KEY_TYPE raw_ktype;		/* from selected cipher */
993 	CK_ATTRIBUTE	key_tmpl[] = {
994 		{ CKA_CLASS, NULL, 0 },	/* re-used for token key and unwrap */
995 		{ CKA_KEY_TYPE, NULL, 0 },	/* ditto */
996 		{ CKA_LABEL, NULL, 0 },
997 		{ CKA_TOKEN, NULL, 0 },
998 		{ CKA_PRIVATE, NULL, 0 }
999 	    };
1000 	CK_ULONG attrs = sizeof (key_tmpl) / sizeof (CK_ATTRIBUTE);
1001 	int	i;
1002 	char	*pass = NULL;
1003 	size_t	passlen = 0;
1004 	CK_OBJECT_HANDLE obj, rawobj;
1005 	CK_ULONG num_objs = 1;		/* just want to find 1 token key */
1006 	CK_MECHANISM unwrap = { CKM_RSA_PKCS, NULL, 0 };
1007 	char	*rkey;
1008 	size_t	rksz;
1009 
1010 	if (token == NULL || token->key == NULL)
1011 		return;
1012 
1013 	/* did init_crypto find a slot that supports this cipher? */
1014 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
1015 		die(gettext("failed to find any cryptographic provider, "
1016 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1017 		    pkcs11_strerror(CKR_MECHANISM_INVALID));
1018 	}
1019 
1020 	if (pkcs11_get_pass(token->name, &pass, &passlen, 0, B_FALSE) < 0)
1021 		die(gettext("unable to get passphrase"));
1022 
1023 	/* use passphrase to login to token */
1024 	if (pass != NULL && passlen > 0) {
1025 		rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)pass, passlen);
1026 		if (rv != CKR_OK) {
1027 			die(gettext("cannot login to the token %s: %s\n"),
1028 			    token->name, pkcs11_strerror(rv));
1029 		}
1030 	}
1031 
1032 	rv = pkcs11_mech2keytype(cipher->type, &raw_ktype);
1033 	if (rv != CKR_OK) {
1034 		die(gettext("failed to get key type for cipher %s: %s\n"),
1035 		    cipher->name, pkcs11_strerror(rv));
1036 	}
1037 
1038 	/*
1039 	 * If no keyfile was given, then the token key is secret key to
1040 	 * be used for encryption/decryption.  Otherwise, the keyfile
1041 	 * contains a wrapped secret key, and the token is actually the
1042 	 * unwrapping RSA private key.
1043 	 */
1044 	if (keyfile == NULL) {
1045 		kclass = CKO_SECRET_KEY;
1046 		ktype = raw_ktype;
1047 	} else {
1048 		kclass = CKO_PRIVATE_KEY;
1049 		ktype = CKK_RSA;
1050 	}
1051 
1052 	/* Find the key in the token first */
1053 	for (i = 0; i < attrs; i++) {
1054 		switch (key_tmpl[i].type) {
1055 		case CKA_CLASS:
1056 			key_tmpl[i].pValue = &kclass;
1057 			key_tmpl[i].ulValueLen = sizeof (kclass);
1058 			break;
1059 		case CKA_KEY_TYPE:
1060 			key_tmpl[i].pValue = &ktype;
1061 			key_tmpl[i].ulValueLen = sizeof (ktype);
1062 			break;
1063 		case CKA_LABEL:
1064 			key_tmpl[i].pValue = token->key;
1065 			key_tmpl[i].ulValueLen = strlen(token->key);
1066 			break;
1067 		case CKA_TOKEN:
1068 			key_tmpl[i].pValue = &trueval;
1069 			key_tmpl[i].ulValueLen = sizeof (trueval);
1070 			break;
1071 		case CKA_PRIVATE:
1072 			key_tmpl[i].pValue = &trueval;
1073 			key_tmpl[i].ulValueLen = sizeof (trueval);
1074 			break;
1075 		default:
1076 			break;
1077 		}
1078 	}
1079 	rv = C_FindObjectsInit(sess, key_tmpl, attrs);
1080 	if (rv != CKR_OK)
1081 		die(gettext("cannot find key %s: %s\n"), token->key,
1082 		    pkcs11_strerror(rv));
1083 	rv = C_FindObjects(sess, &obj, 1, &num_objs);
1084 	(void) C_FindObjectsFinal(sess);
1085 
1086 	if (num_objs == 0) {
1087 		die(gettext("cannot find key %s\n"), token->key);
1088 	} else if (rv != CKR_OK) {
1089 		die(gettext("cannot find key %s: %s\n"), token->key,
1090 		    pkcs11_strerror(rv));
1091 	}
1092 
1093 	/*
1094 	 * No keyfile means when token key is found, convert it to raw key,
1095 	 * and done.  Otherwise still need do an unwrap to create yet another
1096 	 * obj and that needs to be converted to raw key before we're done.
1097 	 */
1098 	if (keyfile == NULL) {
1099 		/* obj contains raw key, extract it */
1100 		rv = pkcs11_ObjectToKey(sess, obj, (void **)&rkey, &rksz,
1101 		    B_FALSE);
1102 		if (rv != CKR_OK) {
1103 			die(gettext("failed to get key value for %s"
1104 			    " from token %s, %s\n"), token->key,
1105 			    token->name, pkcs11_strerror(rv));
1106 		}
1107 	} else {
1108 		getkeyfromfile(keyfile, cipher, &rkey, &rksz);
1109 
1110 		/*
1111 		 * Got the wrapping RSA obj and the wrapped key from file.
1112 		 * Unwrap the key from file with RSA obj to get rawkey obj.
1113 		 */
1114 
1115 		/* re-use the first two attributes of key_tmpl */
1116 		kclass = CKO_SECRET_KEY;
1117 		ktype = raw_ktype;
1118 
1119 		rv = C_UnwrapKey(sess, &unwrap, obj, (CK_BYTE_PTR)rkey,
1120 		    rksz, key_tmpl, 2, &rawobj);
1121 		if (rv != CKR_OK) {
1122 			die(gettext("failed to unwrap key in keyfile %s,"
1123 			    " %s\n"), keyfile, pkcs11_strerror(rv));
1124 		}
1125 		/* rawobj contains raw key, extract it */
1126 		rv = pkcs11_ObjectToKey(sess, rawobj, (void **)&rkey, &rksz,
1127 		    B_TRUE);
1128 		if (rv != CKR_OK) {
1129 			die(gettext("failed to get unwrapped key value for"
1130 			    " key in keyfile %s, %s\n"), keyfile,
1131 			    pkcs11_strerror(rv));
1132 		}
1133 	}
1134 
1135 	/* validate raw key size */
1136 	if (rksz < cipher->min_keysize || cipher->max_keysize < rksz) {
1137 		warn(gettext("%s: invalid keysize: %d\n"), keyfile, (int)rksz);
1138 		die(gettext("\t%d <= keysize <= %d\n"), cipher->min_keysize,
1139 		    cipher->max_keysize);
1140 	}
1141 
1142 	*raw_key_sz = rksz;
1143 	*raw_key = (char *)rkey;
1144 }
1145 
1146 /*
1147  * Set up cipher key limits and verify PKCS#11 can be done
1148  * match_token_cipher is the function pointer used by
1149  * pkcs11_GetCriteriaSession() init_crypto.
1150  */
1151 boolean_t
1152 match_token_cipher(CK_SLOT_ID slot_id, void *args, CK_RV *rv)
1153 {
1154 	token_spec_t *token;
1155 	mech_alias_t *cipher;
1156 	CK_TOKEN_INFO tokinfo;
1157 	CK_MECHANISM_INFO mechinfo;
1158 	boolean_t token_match;
1159 
1160 	/*
1161 	 * While traversing slot list, pick up the following info per slot:
1162 	 * - if token specified, whether it matches this slot's token info
1163 	 * - if the slot supports the PKCS#5 PBKD2 cipher
1164 	 *
1165 	 * If the user said on the command line
1166 	 *	-T tok:mfr:ser:lab -k keyfile
1167 	 *	-c cipher -T tok:mfr:ser:lab -k keyfile
1168 	 * the given cipher or the default cipher apply to keyfile,
1169 	 * If the user said instead
1170 	 *	-T tok:mfr:ser:lab
1171 	 *	-c cipher -T tok:mfr:ser:lab
1172 	 * the key named "lab" may or may not agree with the given
1173 	 * cipher or the default cipher.  In those cases, cipher will
1174 	 * be overridden with the actual cipher type of the key "lab".
1175 	 */
1176 	*rv = CKR_FUNCTION_FAILED;
1177 
1178 	if (args == NULL) {
1179 		return (B_FALSE);
1180 	}
1181 
1182 	cipher = (mech_alias_t *)args;
1183 	token = cipher->token;
1184 
1185 	if (C_GetMechanismInfo(slot_id, cipher->type, &mechinfo) != CKR_OK) {
1186 		return (B_FALSE);
1187 	}
1188 
1189 	if (token == NULL) {
1190 		if (C_GetMechanismInfo(slot_id, CKM_PKCS5_PBKD2, &mechinfo) !=
1191 		    CKR_OK) {
1192 			return (B_FALSE);
1193 		}
1194 		goto foundit;
1195 	}
1196 
1197 	/* does the token match the token spec? */
1198 	if (token->key == NULL || (C_GetTokenInfo(slot_id, &tokinfo) != CKR_OK))
1199 		return (B_FALSE);
1200 
1201 	token_match = B_TRUE;
1202 
1203 	if (token->name != NULL && (token->name)[0] != '\0' &&
1204 	    strncmp((char *)token->name, (char *)tokinfo.label,
1205 	    TOKEN_LABEL_SIZE) != 0)
1206 		token_match = B_FALSE;
1207 	if (token->mfr != NULL && (token->mfr)[0] != '\0' &&
1208 	    strncmp((char *)token->mfr, (char *)tokinfo.manufacturerID,
1209 	    TOKEN_MANUFACTURER_SIZE) != 0)
1210 		token_match = B_FALSE;
1211 	if (token->serno != NULL && (token->serno)[0] != '\0' &&
1212 	    strncmp((char *)token->serno, (char *)tokinfo.serialNumber,
1213 	    TOKEN_SERIAL_SIZE) != 0)
1214 		token_match = B_FALSE;
1215 
1216 	if (!token_match)
1217 		return (B_FALSE);
1218 
1219 foundit:
1220 	cipher->slot = slot_id;
1221 	return (B_TRUE);
1222 }
1223 
1224 /*
1225  * Clean up crypto loose ends
1226  */
1227 static void
1228 end_crypto(CK_SESSION_HANDLE sess)
1229 {
1230 	(void) C_CloseSession(sess);
1231 	(void) C_Finalize(NULL);
1232 }
1233 
1234 /*
1235  * Set up crypto, opening session on slot that matches token and cipher
1236  */
1237 static void
1238 init_crypto(token_spec_t *token, mech_alias_t *cipher,
1239     CK_SESSION_HANDLE_PTR sess)
1240 {
1241 	CK_RV	rv;
1242 
1243 	cipher->token = token;
1244 
1245 	/* Turn off Metaslot so that we can see actual tokens */
1246 	if (setenv("METASLOT_ENABLED", "false", 1) < 0) {
1247 		die(gettext("could not disable Metaslot"));
1248 	}
1249 
1250 	rv = pkcs11_GetCriteriaSession(match_token_cipher, (void *)cipher,
1251 	    sess);
1252 	if (rv != CKR_OK) {
1253 		end_crypto(*sess);
1254 		if (rv == CKR_HOST_MEMORY) {
1255 			die("malloc");
1256 		}
1257 		die(gettext("failed to find any cryptographic provider, "
1258 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1259 		    pkcs11_strerror(rv));
1260 	}
1261 }
1262 
1263 /*
1264  * Uncompress a file.
1265  *
1266  * First map the file in to establish a device
1267  * association, then read from it. On-the-fly
1268  * decompression will automatically uncompress
1269  * the file if it's compressed
1270  *
1271  * If the file is mapped and a device association
1272  * has been established, disallow uncompressing
1273  * the file until it is unmapped.
1274  */
1275 static void
1276 lofi_uncompress(int lfd, const char *filename)
1277 {
1278 	struct lofi_ioctl li;
1279 	char buf[MAXBSIZE];
1280 	char devicename[32];
1281 	char tmpfilename[MAXPATHLEN];
1282 	char *x;
1283 	char *dir = NULL;
1284 	char *file = NULL;
1285 	int minor = 0;
1286 	struct stat64 statbuf;
1287 	int compfd = -1;
1288 	int uncompfd = -1;
1289 	ssize_t rbytes;
1290 
1291 	/*
1292 	 * Disallow uncompressing the file if it is
1293 	 * already mapped.
1294 	 */
1295 	li.li_crypto_enabled = B_FALSE;
1296 	li.li_minor = 0;
1297 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
1298 	if (ioctl(lfd, LOFI_GET_MINOR, &li) != -1)
1299 		die(gettext("%s must be unmapped before uncompressing"),
1300 		    filename);
1301 
1302 	/* Zero length files don't need to be uncompressed */
1303 	if (stat64(filename, &statbuf) == -1)
1304 		die(gettext("stat: %s"), filename);
1305 	if (statbuf.st_size == 0)
1306 		return;
1307 
1308 	minor = lofi_map_file(lfd, li, filename);
1309 	(void) snprintf(devicename, sizeof (devicename), "/dev/%s/%d",
1310 	    LOFI_BLOCK_NAME, minor);
1311 
1312 	/* If the file isn't compressed, we just return */
1313 	if ((ioctl(lfd, LOFI_CHECK_COMPRESSED, &li) == -1) ||
1314 	    (li.li_algorithm[0] == '\0')) {
1315 		delete_mapping(lfd, devicename, filename, B_TRUE);
1316 		die("%s is not compressed\n", filename);
1317 	}
1318 
1319 	if ((compfd = open64(devicename, O_RDONLY | O_NONBLOCK)) == -1) {
1320 		delete_mapping(lfd, devicename, filename, B_TRUE);
1321 		die(gettext("open: %s"), filename);
1322 	}
1323 	/* Create a temp file in the same directory */
1324 	x = strdup(filename);
1325 	dir = strdup(dirname(x));
1326 	free(x);
1327 	x = strdup(filename);
1328 	file = strdup(basename(x));
1329 	free(x);
1330 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1331 	    "%s/.%sXXXXXX", dir, file);
1332 	free(dir);
1333 	free(file);
1334 
1335 	if ((uncompfd = mkstemp64(tmpfilename)) == -1) {
1336 		(void) close(compfd);
1337 		delete_mapping(lfd, devicename, filename, B_TRUE);
1338 		die("%s could not be uncompressed\n", filename);
1339 	}
1340 
1341 	/*
1342 	 * Set the mode bits and the owner of this temporary
1343 	 * file to be that of the original uncompressed file
1344 	 */
1345 	(void) fchmod(uncompfd, statbuf.st_mode);
1346 
1347 	if (fchown(uncompfd, statbuf.st_uid, statbuf.st_gid) == -1) {
1348 		(void) close(compfd);
1349 		(void) close(uncompfd);
1350 		delete_mapping(lfd, devicename, filename, B_TRUE);
1351 		die("%s could not be uncompressed\n", filename);
1352 	}
1353 
1354 	/* Now read from the device in MAXBSIZE-sized chunks */
1355 	for (;;) {
1356 		rbytes = read(compfd, buf, sizeof (buf));
1357 
1358 		if (rbytes <= 0)
1359 			break;
1360 
1361 		if (write(uncompfd, buf, rbytes) != rbytes) {
1362 			rbytes = -1;
1363 			break;
1364 		}
1365 	}
1366 
1367 	(void) close(compfd);
1368 	(void) close(uncompfd);
1369 
1370 	/* Delete the mapping */
1371 	delete_mapping(lfd, devicename, filename, B_TRUE);
1372 
1373 	/*
1374 	 * If an error occured while reading or writing, rbytes will
1375 	 * be negative
1376 	 */
1377 	if (rbytes < 0) {
1378 		(void) unlink(tmpfilename);
1379 		die(gettext("could not read from %s"), filename);
1380 	}
1381 
1382 	/* Rename the temp file to the actual file */
1383 	if (rename(tmpfilename, filename) == -1)
1384 		(void) unlink(tmpfilename);
1385 }
1386 
1387 /*
1388  * Compress a file
1389  */
1390 static void
1391 lofi_compress(int *lfd, const char *filename, int compress_index,
1392     uint32_t segsize)
1393 {
1394 	struct lofi_ioctl lic;
1395 	lofi_compress_info_t *li;
1396 	struct flock lock;
1397 	char tmpfilename[MAXPATHLEN];
1398 	char comp_filename[MAXPATHLEN];
1399 	char algorithm[MAXALGLEN];
1400 	char *x;
1401 	char *dir = NULL, *file = NULL;
1402 	uchar_t *uncompressed_seg = NULL;
1403 	uchar_t *compressed_seg = NULL;
1404 	uint32_t compressed_segsize;
1405 	uint32_t len_compressed, count;
1406 	uint32_t index_entries, index_sz;
1407 	uint64_t *index = NULL;
1408 	uint64_t offset;
1409 	size_t real_segsize;
1410 	struct stat64 statbuf;
1411 	int compfd = -1, uncompfd = -1;
1412 	int tfd = -1;
1413 	ssize_t rbytes, wbytes, lastread;
1414 	int i, type;
1415 
1416 	/*
1417 	 * Disallow compressing the file if it is
1418 	 * already mapped
1419 	 */
1420 	lic.li_minor = 0;
1421 	(void) strlcpy(lic.li_filename, filename, sizeof (lic.li_filename));
1422 	if (ioctl(*lfd, LOFI_GET_MINOR, &lic) != -1)
1423 		die(gettext("%s must be unmapped before compressing"),
1424 		    filename);
1425 
1426 	/*
1427 	 * Close the control device so other operations
1428 	 * can use it
1429 	 */
1430 	(void) close(*lfd);
1431 	*lfd = -1;
1432 
1433 	li = &lofi_compress_table[compress_index];
1434 
1435 	/*
1436 	 * The size of the buffer to hold compressed data must
1437 	 * be slightly larger than the compressed segment size.
1438 	 *
1439 	 * The compress functions use part of the buffer as
1440 	 * scratch space to do calculations.
1441 	 * Ref: http://www.zlib.net/manual.html#compress2
1442 	 */
1443 	compressed_segsize = segsize + (segsize >> 6);
1444 	compressed_seg = (uchar_t *)malloc(compressed_segsize + SEGHDR);
1445 	uncompressed_seg = (uchar_t *)malloc(segsize);
1446 
1447 	if (compressed_seg == NULL || uncompressed_seg == NULL)
1448 		die(gettext("No memory"));
1449 
1450 	if ((uncompfd = open64(filename, O_RDWR|O_LARGEFILE, 0)) == -1)
1451 		die(gettext("open: %s"), filename);
1452 
1453 	lock.l_type = F_WRLCK;
1454 	lock.l_whence = SEEK_SET;
1455 	lock.l_start = 0;
1456 	lock.l_len = 0;
1457 
1458 	/*
1459 	 * Use an advisory lock to ensure that only a
1460 	 * single lofiadm process compresses a given
1461 	 * file at any given time
1462 	 *
1463 	 * A close on the file descriptor automatically
1464 	 * closes all lock state on the file
1465 	 */
1466 	if (fcntl(uncompfd, F_SETLKW, &lock) == -1)
1467 		die(gettext("fcntl: %s"), filename);
1468 
1469 	if (fstat64(uncompfd, &statbuf) == -1) {
1470 		(void) close(uncompfd);
1471 		die(gettext("fstat: %s"), filename);
1472 	}
1473 
1474 	/* Zero length files don't need to be compressed */
1475 	if (statbuf.st_size == 0) {
1476 		(void) close(uncompfd);
1477 		return;
1478 	}
1479 
1480 	/*
1481 	 * Create temporary files in the same directory that
1482 	 * will hold the intermediate data
1483 	 */
1484 	x = strdup(filename);
1485 	dir = strdup(dirname(x));
1486 	free(x);
1487 	x = strdup(filename);
1488 	file = strdup(basename(x));
1489 	free(x);
1490 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1491 	    "%s/.%sXXXXXX", dir, file);
1492 	(void) snprintf(comp_filename, sizeof (comp_filename),
1493 	    "%s/.%sXXXXXX", dir, file);
1494 	free(dir);
1495 	free(file);
1496 
1497 	if ((tfd = mkstemp64(tmpfilename)) == -1)
1498 		goto cleanup;
1499 
1500 	if ((compfd = mkstemp64(comp_filename)) == -1)
1501 		goto cleanup;
1502 
1503 	/*
1504 	 * Set the mode bits and owner of the compressed
1505 	 * file to be that of the original uncompressed file
1506 	 */
1507 	(void) fchmod(compfd, statbuf.st_mode);
1508 
1509 	if (fchown(compfd, statbuf.st_uid, statbuf.st_gid) == -1)
1510 		goto cleanup;
1511 
1512 	/*
1513 	 * Calculate the number of index entries required.
1514 	 * index entries are stored as an array. adding
1515 	 * a '2' here accounts for the fact that the last
1516 	 * segment may not be a multiple of the segment size
1517 	 */
1518 	index_sz = (statbuf.st_size / segsize) + 2;
1519 	index = malloc(sizeof (*index) * index_sz);
1520 
1521 	if (index == NULL)
1522 		goto cleanup;
1523 
1524 	offset = 0;
1525 	lastread = segsize;
1526 	count = 0;
1527 
1528 	/*
1529 	 * Now read from the uncompressed file in 'segsize'
1530 	 * sized chunks, compress what was read in and
1531 	 * write it out to a temporary file
1532 	 */
1533 	for (;;) {
1534 		rbytes = read(uncompfd, uncompressed_seg, segsize);
1535 
1536 		if (rbytes <= 0)
1537 			break;
1538 
1539 		if (lastread < segsize)
1540 			goto cleanup;
1541 
1542 		/*
1543 		 * Account for the first byte that
1544 		 * indicates whether a segment is
1545 		 * compressed or not
1546 		 */
1547 		real_segsize = segsize - 1;
1548 		(void) li->l_compress(uncompressed_seg, rbytes,
1549 		    compressed_seg + SEGHDR, &real_segsize, li->l_level);
1550 
1551 		/*
1552 		 * If the length of the compressed data is more
1553 		 * than a threshold then there isn't any benefit
1554 		 * to be had from compressing this segment - leave
1555 		 * it uncompressed.
1556 		 *
1557 		 * NB. In case an error occurs during compression (above)
1558 		 * the 'real_segsize' isn't changed. The logic below
1559 		 * ensures that that segment is left uncompressed.
1560 		 */
1561 		len_compressed = real_segsize;
1562 		if (segsize <= COMPRESS_THRESHOLD ||
1563 		    real_segsize > (segsize - COMPRESS_THRESHOLD)) {
1564 			(void) memcpy(compressed_seg + SEGHDR, uncompressed_seg,
1565 			    rbytes);
1566 			type = UNCOMPRESSED;
1567 			len_compressed = rbytes;
1568 		} else {
1569 			type = COMPRESSED;
1570 		}
1571 
1572 		/*
1573 		 * Set the first byte or the SEGHDR to
1574 		 * indicate if it's compressed or not
1575 		 */
1576 		*compressed_seg = type;
1577 		wbytes = write(tfd, compressed_seg, len_compressed + SEGHDR);
1578 		if (wbytes != (len_compressed + SEGHDR)) {
1579 			rbytes = -1;
1580 			break;
1581 		}
1582 
1583 		index[count] = BE_64(offset);
1584 		offset += wbytes;
1585 		lastread = rbytes;
1586 		count++;
1587 	}
1588 
1589 	(void) close(uncompfd);
1590 
1591 	if (rbytes < 0)
1592 		goto cleanup;
1593 	/*
1594 	 * The last index entry is a sentinel entry. It does not point to
1595 	 * an actual compressed segment but helps in computing the size of
1596 	 * the compressed segment. The size of each compressed segment is
1597 	 * computed by subtracting the current index value from the next
1598 	 * one (the compressed blocks are stored sequentially)
1599 	 */
1600 	index[count++] = BE_64(offset);
1601 
1602 	/*
1603 	 * Now write the compressed data along with the
1604 	 * header information to this file which will
1605 	 * later be renamed to the original uncompressed
1606 	 * file name
1607 	 *
1608 	 * The header is as follows -
1609 	 *
1610 	 * Signature (name of the compression algorithm)
1611 	 * Compression segment size (a multiple of 512)
1612 	 * Number of index entries
1613 	 * Size of the last block
1614 	 * The array containing the index entries
1615 	 *
1616 	 * the header is always stored in network byte
1617 	 * order
1618 	 */
1619 	(void) bzero(algorithm, sizeof (algorithm));
1620 	(void) strlcpy(algorithm, li->l_name, sizeof (algorithm));
1621 	if (write(compfd, algorithm, sizeof (algorithm))
1622 	    != sizeof (algorithm))
1623 		goto cleanup;
1624 
1625 	segsize = htonl(segsize);
1626 	if (write(compfd, &segsize, sizeof (segsize)) != sizeof (segsize))
1627 		goto cleanup;
1628 
1629 	index_entries = htonl(count);
1630 	if (write(compfd, &index_entries, sizeof (index_entries)) !=
1631 	    sizeof (index_entries))
1632 		goto cleanup;
1633 
1634 	lastread = htonl(lastread);
1635 	if (write(compfd, &lastread, sizeof (lastread)) != sizeof (lastread))
1636 		goto cleanup;
1637 
1638 	for (i = 0; i < count; i++) {
1639 		if (write(compfd, index + i, sizeof (*index)) !=
1640 		    sizeof (*index))
1641 			goto cleanup;
1642 	}
1643 
1644 	/* Header is written, now write the compressed data */
1645 	if (lseek(tfd, 0, SEEK_SET) != 0)
1646 		goto cleanup;
1647 
1648 	rbytes = wbytes = 0;
1649 
1650 	for (;;) {
1651 		rbytes = read(tfd, compressed_seg, compressed_segsize + SEGHDR);
1652 
1653 		if (rbytes <= 0)
1654 			break;
1655 
1656 		if (write(compfd, compressed_seg, rbytes) != rbytes)
1657 			goto cleanup;
1658 	}
1659 
1660 	if (fstat64(compfd, &statbuf) == -1)
1661 		goto cleanup;
1662 
1663 	/*
1664 	 * Round up the compressed file size to be a multiple of
1665 	 * DEV_BSIZE. lofi(7D) likes it that way.
1666 	 */
1667 	if ((offset = statbuf.st_size % DEV_BSIZE) > 0) {
1668 
1669 		offset = DEV_BSIZE - offset;
1670 
1671 		for (i = 0; i < offset; i++)
1672 			uncompressed_seg[i] = '\0';
1673 		if (write(compfd, uncompressed_seg, offset) != offset)
1674 			goto cleanup;
1675 	}
1676 	(void) close(compfd);
1677 	(void) close(tfd);
1678 	(void) unlink(tmpfilename);
1679 cleanup:
1680 	if (rbytes < 0) {
1681 		if (tfd != -1)
1682 			(void) unlink(tmpfilename);
1683 		if (compfd != -1)
1684 			(void) unlink(comp_filename);
1685 		die(gettext("error compressing file %s"), filename);
1686 	} else {
1687 		/* Rename the compressed file to the actual file */
1688 		if (rename(comp_filename, filename) == -1) {
1689 			(void) unlink(comp_filename);
1690 			die(gettext("error compressing file %s"), filename);
1691 		}
1692 	}
1693 	if (compressed_seg != NULL)
1694 		free(compressed_seg);
1695 	if (uncompressed_seg != NULL)
1696 		free(uncompressed_seg);
1697 	if (index != NULL)
1698 		free(index);
1699 	if (compfd != -1)
1700 		(void) close(compfd);
1701 	if (uncompfd != -1)
1702 		(void) close(uncompfd);
1703 	if (tfd != -1)
1704 		(void) close(tfd);
1705 }
1706 
1707 static int
1708 lofi_compress_select(const char *algname)
1709 {
1710 	int i;
1711 
1712 	for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
1713 		if (strcmp(lofi_compress_table[i].l_name, algname) == 0)
1714 			return (i);
1715 	}
1716 	return (-1);
1717 }
1718 
1719 static void
1720 check_algorithm_validity(const char *algname, int *compress_index)
1721 {
1722 	*compress_index = lofi_compress_select(algname);
1723 	if (*compress_index < 0)
1724 		die(gettext("invalid algorithm name: %s\n"), algname);
1725 }
1726 
1727 static void
1728 check_file_validity(const char *filename)
1729 {
1730 	struct stat64 buf;
1731 	int 	error;
1732 	int	fd;
1733 
1734 	fd = open64(filename, O_RDONLY);
1735 	if (fd == -1) {
1736 		die(gettext("open: %s"), filename);
1737 	}
1738 	error = fstat64(fd, &buf);
1739 	if (error == -1) {
1740 		die(gettext("fstat: %s"), filename);
1741 	} else if (!S_ISLOFIABLE(buf.st_mode)) {
1742 		die(gettext("%s is not a regular file, "
1743 		    "block, or character device\n"),
1744 		    filename);
1745 	} else if ((buf.st_size % DEV_BSIZE) != 0) {
1746 		die(gettext("size of %s is not a multiple of %d\n"),
1747 		    filename, DEV_BSIZE);
1748 	}
1749 	(void) close(fd);
1750 
1751 	if (name_to_minor(filename) != 0) {
1752 		die(gettext("cannot use %s on itself\n"), LOFI_DRIVER_NAME);
1753 	}
1754 }
1755 
1756 static uint32_t
1757 convert_to_num(const char *str)
1758 {
1759 	int len;
1760 	uint32_t segsize, mult = 1;
1761 
1762 	len = strlen(str);
1763 	if (len && isalpha(str[len - 1])) {
1764 		switch (str[len - 1]) {
1765 		case 'k':
1766 		case 'K':
1767 			mult = KILOBYTE;
1768 			break;
1769 		case 'b':
1770 		case 'B':
1771 			mult = BLOCK_SIZE;
1772 			break;
1773 		case 'm':
1774 		case 'M':
1775 			mult = MEGABYTE;
1776 			break;
1777 		case 'g':
1778 		case 'G':
1779 			mult = GIGABYTE;
1780 			break;
1781 		default:
1782 			die(gettext("invalid segment size %s\n"), str);
1783 		}
1784 	}
1785 
1786 	segsize = atol(str);
1787 	segsize *= mult;
1788 
1789 	return (segsize);
1790 }
1791 
1792 int
1793 main(int argc, char *argv[])
1794 {
1795 	int	lfd;
1796 	int	c;
1797 	const char *devicename = NULL;
1798 	const char *filename = NULL;
1799 	const char *algname = COMPRESS_ALGORITHM;
1800 	int	openflag;
1801 	int	minor;
1802 	int 	compress_index;
1803 	uint32_t segsize = SEGSIZE;
1804 	static char *lofictl = "/dev/" LOFI_CTL_NAME;
1805 	boolean_t force = B_FALSE;
1806 	const char *pname;
1807 	boolean_t errflag = B_FALSE;
1808 	boolean_t addflag = B_FALSE;
1809 	boolean_t rdflag = B_FALSE;
1810 	boolean_t deleteflag = B_FALSE;
1811 	boolean_t ephflag = B_FALSE;
1812 	boolean_t compressflag = B_FALSE;
1813 	boolean_t uncompressflag = B_FALSE;
1814 	/* the next two work together for -c, -k, -T, -e options only */
1815 	boolean_t need_crypto = B_FALSE;	/* if any -c, -k, -T, -e */
1816 	boolean_t cipher_only = B_TRUE;		/* if -c only */
1817 	const char *keyfile = NULL;
1818 	mech_alias_t *cipher = NULL;
1819 	token_spec_t *token = NULL;
1820 	char	*rkey = NULL;
1821 	size_t	rksz = 0;
1822 	char realfilename[MAXPATHLEN];
1823 
1824 	pname = getpname(argv[0]);
1825 
1826 	(void) setlocale(LC_ALL, "");
1827 	(void) textdomain(TEXT_DOMAIN);
1828 
1829 	while ((c = getopt(argc, argv, "a:c:Cd:efk:o:rs:T:U")) != EOF) {
1830 		switch (c) {
1831 		case 'a':
1832 			addflag = B_TRUE;
1833 			if ((filename = realpath(optarg, realfilename)) == NULL)
1834 				die("%s", optarg);
1835 			if (((argc - optind) > 0) && (*argv[optind] != '-')) {
1836 				/* optional device */
1837 				devicename = argv[optind];
1838 				optind++;
1839 			}
1840 			break;
1841 		case 'C':
1842 			compressflag = B_TRUE;
1843 			if (((argc - optind) > 1) && (*argv[optind] != '-')) {
1844 				/* optional algorithm */
1845 				algname = argv[optind];
1846 				optind++;
1847 			}
1848 			check_algorithm_validity(algname, &compress_index);
1849 			break;
1850 		case 'c':
1851 			/* is the chosen cipher allowed? */
1852 			if ((cipher = ciph2mech(optarg)) == NULL) {
1853 				errflag = B_TRUE;
1854 				warn(gettext("cipher %s not allowed\n"),
1855 				    optarg);
1856 			}
1857 			need_crypto = B_TRUE;
1858 			/* cipher_only is already set */
1859 			break;
1860 		case 'd':
1861 			deleteflag = B_TRUE;
1862 			minor = name_to_minor(optarg);
1863 			if (minor != 0)
1864 				devicename = optarg;
1865 			else {
1866 				if ((filename = realpath(optarg,
1867 				    realfilename)) == NULL)
1868 					die("%s", optarg);
1869 			}
1870 			break;
1871 		case 'e':
1872 			ephflag = B_TRUE;
1873 			need_crypto = B_TRUE;
1874 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1875 			break;
1876 		case 'f':
1877 			force = B_TRUE;
1878 			break;
1879 		case 'k':
1880 			keyfile = optarg;
1881 			need_crypto = B_TRUE;
1882 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1883 			break;
1884 		case 'r':
1885 			rdflag = B_TRUE;
1886 			break;
1887 		case 's':
1888 			segsize = convert_to_num(optarg);
1889 			if (segsize < DEV_BSIZE || !ISP2(segsize))
1890 				die(gettext("segment size %s is invalid "
1891 				    "or not a multiple of minimum block "
1892 				    "size %ld\n"), optarg, DEV_BSIZE);
1893 			break;
1894 		case 'T':
1895 			if ((token = parsetoken(optarg)) == NULL) {
1896 				errflag = B_TRUE;
1897 				warn(
1898 				    gettext("invalid token key specifier %s\n"),
1899 				    optarg);
1900 			}
1901 			need_crypto = B_TRUE;
1902 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1903 			break;
1904 		case 'U':
1905 			uncompressflag = B_TRUE;
1906 			break;
1907 		case '?':
1908 		default:
1909 			errflag = B_TRUE;
1910 			break;
1911 		}
1912 	}
1913 
1914 	/* Check for mutually exclusive combinations of options */
1915 	if (errflag ||
1916 	    (addflag && deleteflag) ||
1917 	    (rdflag && !addflag) ||
1918 	    (!addflag && need_crypto) ||
1919 	    ((compressflag || uncompressflag) && (addflag || deleteflag)))
1920 		usage(pname);
1921 
1922 	/* ephemeral key, and key from either file or token are incompatible */
1923 	if (ephflag && (keyfile != NULL || token != NULL)) {
1924 		die(gettext("ephemeral key cannot be used with keyfile"
1925 		    " or token key\n"));
1926 	}
1927 
1928 	/*
1929 	 * "-c" but no "-k", "-T", "-e", or "-T -k" means derive key from
1930 	 * command line passphrase
1931 	 */
1932 
1933 	switch (argc - optind) {
1934 	case 0: /* no more args */
1935 		if (compressflag || uncompressflag)	/* needs filename */
1936 			usage(pname);
1937 		break;
1938 	case 1:
1939 		if (addflag || deleteflag)
1940 			usage(pname);
1941 		/* one arg means compress/uncompress the file ... */
1942 		if (compressflag || uncompressflag) {
1943 			if ((filename = realpath(argv[optind],
1944 			    realfilename)) == NULL)
1945 				die("%s", argv[optind]);
1946 		/* ... or without options means print the association */
1947 		} else {
1948 			minor = name_to_minor(argv[optind]);
1949 			if (minor != 0)
1950 				devicename = argv[optind];
1951 			else {
1952 				if ((filename = realpath(argv[optind],
1953 				    realfilename)) == NULL)
1954 					die("%s", argv[optind]);
1955 			}
1956 		}
1957 		break;
1958 	default:
1959 		usage(pname);
1960 		break;
1961 	}
1962 
1963 	if (addflag || compressflag || uncompressflag)
1964 		check_file_validity(filename);
1965 
1966 	if (filename && !valid_abspath(filename))
1967 		exit(E_ERROR);
1968 
1969 	/*
1970 	 * Here, we know the arguments are correct, the filename is an
1971 	 * absolute path, it exists and is a regular file. We don't yet
1972 	 * know that the device name is ok or not.
1973 	 */
1974 
1975 	openflag = O_EXCL;
1976 	if (addflag || deleteflag || compressflag || uncompressflag)
1977 		openflag |= O_RDWR;
1978 	else
1979 		openflag |= O_RDONLY;
1980 	lfd = open(lofictl, openflag);
1981 	if (lfd == -1) {
1982 		if ((errno == EPERM) || (errno == EACCES)) {
1983 			die(gettext("you do not have permission to perform "
1984 			    "that operation.\n"));
1985 		} else {
1986 			die(gettext("open: %s"), lofictl);
1987 		}
1988 		/*NOTREACHED*/
1989 	}
1990 
1991 	/*
1992 	 * No passphrase is needed for ephemeral key, or when key is
1993 	 * in a file and not wrapped by another key from a token.
1994 	 * However, a passphrase is needed in these cases:
1995 	 * 1. cipher with no ephemeral key, key file, or token,
1996 	 *    in which case the passphrase is used to build the key
1997 	 * 2. token with an optional cipher or optional key file,
1998 	 *    in which case the passphrase unlocks the token
1999 	 * If only the cipher is specified, reconfirm the passphrase
2000 	 * to ensure the user hasn't mis-entered it.  Otherwise, the
2001 	 * token will enforce the token passphrase.
2002 	 */
2003 	if (need_crypto) {
2004 		CK_SESSION_HANDLE	sess;
2005 
2006 		/* pick a cipher if none specified */
2007 		if (cipher == NULL)
2008 			cipher = DEFAULT_CIPHER;
2009 
2010 		if (!kernel_cipher_check(cipher))
2011 			die(gettext(
2012 			    "use \"cryptoadm list -m\" to find available "
2013 			    "mechanisms\n"));
2014 
2015 		init_crypto(token, cipher, &sess);
2016 
2017 		if (cipher_only) {
2018 			getkeyfromuser(cipher, &rkey, &rksz);
2019 		} else if (token != NULL) {
2020 			getkeyfromtoken(sess, token, keyfile, cipher,
2021 			    &rkey, &rksz);
2022 		} else {
2023 			/* this also handles ephemeral keys */
2024 			getkeyfromfile(keyfile, cipher, &rkey, &rksz);
2025 		}
2026 
2027 		end_crypto(sess);
2028 	}
2029 
2030 	/*
2031 	 * Now to the real work.
2032 	 */
2033 	if (addflag)
2034 		add_mapping(lfd, devicename, filename, cipher, rkey, rksz,
2035 		    rdflag);
2036 	else if (compressflag)
2037 		lofi_compress(&lfd, filename, compress_index, segsize);
2038 	else if (uncompressflag)
2039 		lofi_uncompress(lfd, filename);
2040 	else if (deleteflag)
2041 		delete_mapping(lfd, devicename, filename, force);
2042 	else if (filename || devicename)
2043 		print_one_mapping(lfd, devicename, filename);
2044 	else
2045 		print_mappings(lfd);
2046 
2047 	if (lfd != -1)
2048 		(void) close(lfd);
2049 	closelib();
2050 	return (E_SUCCESS);
2051 }
2052