xref: /illumos-gate/usr/src/lib/libcryptoutil/common/util.c (revision cc543d0f9e35a75cc302a4cb152756d233299564) 
199ebb4caSwyllys /*
299ebb4caSwyllys  * CDDL HEADER START
399ebb4caSwyllys  *
499ebb4caSwyllys  * The contents of this file are subject to the terms of the
599ebb4caSwyllys  * Common Development and Distribution License (the "License").
699ebb4caSwyllys  * You may not use this file except in compliance with the License.
799ebb4caSwyllys  *
899ebb4caSwyllys  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
999ebb4caSwyllys  * or http://www.opensolaris.org/os/licensing.
1099ebb4caSwyllys  * See the License for the specific language governing permissions
1199ebb4caSwyllys  * and limitations under the License.
1299ebb4caSwyllys  *
1399ebb4caSwyllys  * When distributing Covered Code, include this CDDL HEADER in each
1499ebb4caSwyllys  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1599ebb4caSwyllys  * If applicable, add the following below this CDDL HEADER, with the
1699ebb4caSwyllys  * fields enclosed by brackets "[]" replaced with your own identifying
1799ebb4caSwyllys  * information: Portions Copyright [yyyy] [name of copyright owner]
1899ebb4caSwyllys  *
1999ebb4caSwyllys  * CDDL HEADER END
2099ebb4caSwyllys  */
2199ebb4caSwyllys /*
2299ebb4caSwyllys  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
2399ebb4caSwyllys  * Use is subject to license terms.
24*cc543d0fSJason King  * Copyright 2018, Joyent, Inc.
2599ebb4caSwyllys  */
2699ebb4caSwyllys 
2799ebb4caSwyllys #include <cryptoutil.h>
2899ebb4caSwyllys #include <strings.h>
2999ebb4caSwyllys #include <stdio.h>
3099ebb4caSwyllys #include <tzfile.h>
31*cc543d0fSJason King #include <sys/crypto/common.h>
32*cc543d0fSJason King 
33*cc543d0fSJason King /*
34*cc543d0fSJason King  * In order to fit everything on one line, the 'CRYPTO_' prefix
35*cc543d0fSJason King  * has been dropped from the KCF #defines, e.g.
36*cc543d0fSJason King  * CRYPTO_SUCCESS becomes SUCCESS.
37*cc543d0fSJason King  */
38*cc543d0fSJason King 
39*cc543d0fSJason King static CK_RV error_number_table[CRYPTO_LAST_ERROR + 1] = {
40*cc543d0fSJason King CKR_OK,					/* SUCCESS */
41*cc543d0fSJason King CKR_CANCEL,				/* CANCEL */
42*cc543d0fSJason King CKR_HOST_MEMORY,			/* HOST_MEMORY */
43*cc543d0fSJason King CKR_GENERAL_ERROR,			/* GENERAL_ERROR */
44*cc543d0fSJason King CKR_FUNCTION_FAILED,			/* FAILED */
45*cc543d0fSJason King CKR_ARGUMENTS_BAD,			/* ARGUMENTS_BAD */
46*cc543d0fSJason King CKR_ATTRIBUTE_READ_ONLY,		/* ATTRIBUTE_READ_ONLY */
47*cc543d0fSJason King CKR_ATTRIBUTE_SENSITIVE,		/* ATTRIBUTE_SENSITIVE */
48*cc543d0fSJason King CKR_ATTRIBUTE_TYPE_INVALID,		/* ATTRIBUTE_TYPE_INVALID */
49*cc543d0fSJason King CKR_ATTRIBUTE_VALUE_INVALID,		/* ATTRIBUTE_VALUE_INVALID */
50*cc543d0fSJason King CKR_FUNCTION_FAILED,			/* CANCELED */
51*cc543d0fSJason King CKR_DATA_INVALID,			/* DATA_INVALID */
52*cc543d0fSJason King CKR_DATA_LEN_RANGE,			/* DATA_LEN_RANGE */
53*cc543d0fSJason King CKR_DEVICE_ERROR,			/* DEVICE_ERROR */
54*cc543d0fSJason King CKR_DEVICE_MEMORY,			/* DEVICE_MEMORY */
55*cc543d0fSJason King CKR_DEVICE_REMOVED,			/* DEVICE_REMOVED */
56*cc543d0fSJason King CKR_ENCRYPTED_DATA_INVALID,		/* ENCRYPTED_DATA_INVALID */
57*cc543d0fSJason King CKR_ENCRYPTED_DATA_LEN_RANGE,		/* ENCRYPTED_DATA_LEN_RANGE */
58*cc543d0fSJason King CKR_KEY_HANDLE_INVALID,			/* KEY_HANDLE_INVALID */
59*cc543d0fSJason King CKR_KEY_SIZE_RANGE,			/* KEY_SIZE_RANGE */
60*cc543d0fSJason King CKR_KEY_TYPE_INCONSISTENT,		/* KEY_TYPE_INCONSISTENT */
61*cc543d0fSJason King CKR_KEY_NOT_NEEDED,			/* KEY_NOT_NEEDED */
62*cc543d0fSJason King CKR_KEY_CHANGED,			/* KEY_CHANGED */
63*cc543d0fSJason King CKR_KEY_NEEDED,				/* KEY_NEEDED */
64*cc543d0fSJason King CKR_KEY_INDIGESTIBLE,			/* KEY_INDIGESTIBLE */
65*cc543d0fSJason King CKR_KEY_FUNCTION_NOT_PERMITTED,		/* KEY_FUNCTION_NOT_PERMITTED */
66*cc543d0fSJason King CKR_KEY_NOT_WRAPPABLE,			/* KEY_NOT_WRAPPABLE */
67*cc543d0fSJason King CKR_KEY_UNEXTRACTABLE,			/* KEY_UNEXTRACTABLE */
68*cc543d0fSJason King CKR_MECHANISM_INVALID,			/* MECHANISM_INVALID */
69*cc543d0fSJason King CKR_MECHANISM_PARAM_INVALID,		/* MECHANISM_PARAM_INVALID */
70*cc543d0fSJason King CKR_OBJECT_HANDLE_INVALID,		/* OBJECT_HANDLE_INVALID */
71*cc543d0fSJason King CKR_OPERATION_ACTIVE,			/* OPERATION_ACTIVE */
72*cc543d0fSJason King CKR_OPERATION_NOT_INITIALIZED,		/* OPERATION_NOT_INITIALIZED */
73*cc543d0fSJason King CKR_PIN_INCORRECT,			/* PIN_INCORRECT */
74*cc543d0fSJason King CKR_PIN_INVALID,			/* PIN_INVALID */
75*cc543d0fSJason King CKR_PIN_LEN_RANGE,			/* PIN_LEN_RANGE */
76*cc543d0fSJason King CKR_PIN_EXPIRED,			/* PIN_EXPIRED */
77*cc543d0fSJason King CKR_PIN_LOCKED,				/* PIN_LOCKED */
78*cc543d0fSJason King CKR_SESSION_CLOSED,			/* SESSION_CLOSED */
79*cc543d0fSJason King CKR_SESSION_COUNT,			/* SESSION_COUNT */
80*cc543d0fSJason King CKR_SESSION_HANDLE_INVALID,		/* SESSION_HANDLE_INVALID */
81*cc543d0fSJason King CKR_SESSION_READ_ONLY,			/* SESSION_READ_ONLY */
82*cc543d0fSJason King CKR_SESSION_EXISTS,			/* SESSION_EXISTS */
83*cc543d0fSJason King CKR_SESSION_READ_ONLY_EXISTS,		/* SESSION_READ_ONLY_EXISTS */
84*cc543d0fSJason King CKR_SESSION_READ_WRITE_SO_EXISTS,	/* SESSION_READ_WRITE_SO_EXISTS */
85*cc543d0fSJason King CKR_SIGNATURE_INVALID,			/* SIGNATURE_INVALID */
86*cc543d0fSJason King CKR_SIGNATURE_LEN_RANGE,		/* SIGNATURE_LEN_RANGE */
87*cc543d0fSJason King CKR_TEMPLATE_INCOMPLETE,		/* TEMPLATE_INCOMPLETE */
88*cc543d0fSJason King CKR_TEMPLATE_INCONSISTENT,		/* TEMPLATE_INCONSISTENT */
89*cc543d0fSJason King CKR_UNWRAPPING_KEY_HANDLE_INVALID,	/* UNWRAPPING_KEY_HANDLE_INVALID */
90*cc543d0fSJason King CKR_UNWRAPPING_KEY_SIZE_RANGE,		/* UNWRAPPING_KEY_SIZE_RANGE */
91*cc543d0fSJason King CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,	/* UNWRAPPING_KEY_TYPE_INCONSISTENT */
92*cc543d0fSJason King CKR_USER_ALREADY_LOGGED_IN,		/* USER_ALREADY_LOGGED_IN */
93*cc543d0fSJason King CKR_USER_NOT_LOGGED_IN,			/* USER_NOT_LOGGED_IN */
94*cc543d0fSJason King CKR_USER_PIN_NOT_INITIALIZED,		/* USER_PIN_NOT_INITIALIZED */
95*cc543d0fSJason King CKR_USER_TYPE_INVALID,			/* USER_TYPE_INVALID */
96*cc543d0fSJason King CKR_USER_ANOTHER_ALREADY_LOGGED_IN,	/* USER_ANOTHER_ALREADY_LOGGED_IN */
97*cc543d0fSJason King CKR_USER_TOO_MANY_TYPES,		/* USER_TOO_MANY_TYPES */
98*cc543d0fSJason King CKR_WRAPPED_KEY_INVALID,		/* WRAPPED_KEY_INVALID */
99*cc543d0fSJason King CKR_WRAPPED_KEY_LEN_RANGE,		/* WRAPPED_KEY_LEN_RANGE */
100*cc543d0fSJason King CKR_WRAPPING_KEY_HANDLE_INVALID,	/* WRAPPING_KEY_HANDLE_INVALID */
101*cc543d0fSJason King CKR_WRAPPING_KEY_SIZE_RANGE,		/* WRAPPING_KEY_SIZE_RANGE */
102*cc543d0fSJason King CKR_WRAPPING_KEY_TYPE_INCONSISTENT,	/* WRAPPING_KEY_TYPE_INCONSISTENT */
103*cc543d0fSJason King CKR_RANDOM_SEED_NOT_SUPPORTED,		/* RANDOM_SEED_NOT_SUPPORTED */
104*cc543d0fSJason King CKR_RANDOM_NO_RNG,			/* RANDOM_NO_RNG */
105*cc543d0fSJason King CKR_DOMAIN_PARAMS_INVALID,		/* DOMAIN_PARAMS_INVALID */
106*cc543d0fSJason King CKR_BUFFER_TOO_SMALL,			/* BUFFER_TOO_SMALL */
107*cc543d0fSJason King CKR_INFORMATION_SENSITIVE,		/* INFORMATION_SENSITIVE */
108*cc543d0fSJason King CKR_FUNCTION_NOT_SUPPORTED,		/* NOT_SUPPORTED */
109*cc543d0fSJason King CKR_GENERAL_ERROR,			/* QUEUED */
110*cc543d0fSJason King CKR_GENERAL_ERROR,			/* BUFFER_TOO_BIG */
111*cc543d0fSJason King CKR_OPERATION_NOT_INITIALIZED,		/* INVALID_CONTEXT */
112*cc543d0fSJason King CKR_GENERAL_ERROR,			/* INVALID_MAC */
113*cc543d0fSJason King CKR_GENERAL_ERROR,			/* MECH_NOT_SUPPORTED */
114*cc543d0fSJason King CKR_GENERAL_ERROR,			/* INCONSISTENT_ATTRIBUTE */
115*cc543d0fSJason King CKR_GENERAL_ERROR,			/* NO_PERMISSION */
116*cc543d0fSJason King CKR_SLOT_ID_INVALID,			/* INVALID_PROVIDER_ID */
117*cc543d0fSJason King CKR_GENERAL_ERROR,			/* VERSION_MISMATCH */
118*cc543d0fSJason King CKR_GENERAL_ERROR,			/* BUSY */
119*cc543d0fSJason King CKR_GENERAL_ERROR,			/* UNKNOWN_PROVIDER */
120*cc543d0fSJason King CKR_GENERAL_ERROR,			/* MODVERIFICATION_FAILED */
121*cc543d0fSJason King CKR_GENERAL_ERROR,			/* OLD_CTX_TEMPLATE */
122*cc543d0fSJason King CKR_GENERAL_ERROR,			/* WEAK_KEY */
123*cc543d0fSJason King CKR_GENERAL_ERROR			/* FIPS140_ERROR */
124*cc543d0fSJason King };
125*cc543d0fSJason King 
126*cc543d0fSJason King #if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
127*cc543d0fSJason King #error "Crypto to PKCS11 error mapping table needs to be updated!"
128*cc543d0fSJason King #endif
12999ebb4caSwyllys 
13099ebb4caSwyllys /*
13199ebb4caSwyllys  * This function returns a fullpath based on the "dir" and "filepath" input
13299ebb4caSwyllys  * arugments.
13399ebb4caSwyllys  * - If the filepath specified does not start with a "/" and the directory
13499ebb4caSwyllys  *   is also given, prepend the directory to the filename.
13599ebb4caSwyllys  * - If only dir or filepath is given, this function returns a copy of the
13699ebb4caSwyllys  *   given argument.
13799ebb4caSwyllys  * - If the filepath is fully qualified already and the "dir" is also
13899ebb4caSwyllys  *   given, return NULL to indicate an error.
13999ebb4caSwyllys  */
14099ebb4caSwyllys char *
get_fullpath(char * dir,char * filepath)14199ebb4caSwyllys get_fullpath(char *dir, char *filepath)
14299ebb4caSwyllys {
14399ebb4caSwyllys 	char *fullpath = NULL;
14499ebb4caSwyllys 	int pathlen = 0;
14599ebb4caSwyllys 	int dirlen = 0;
14699ebb4caSwyllys 
14799ebb4caSwyllys 	if (filepath != NULL)
14899ebb4caSwyllys 		pathlen = strlen(filepath);
14999ebb4caSwyllys 
15099ebb4caSwyllys 	if (dir != NULL)
15199ebb4caSwyllys 		dirlen = strlen(dir);
15299ebb4caSwyllys 
15399ebb4caSwyllys 	if (pathlen > 0 && dirlen > 0) {
15499ebb4caSwyllys 		if (filepath[0] != '/') {
15599ebb4caSwyllys 			int len = pathlen + dirlen + 2;
15699ebb4caSwyllys 			fullpath = (char *)malloc(len);
15799ebb4caSwyllys 			if (fullpath != NULL)
15899ebb4caSwyllys 				(void) snprintf(fullpath, len, "%s/%s",
15999ebb4caSwyllys 				    dir, filepath);
16099ebb4caSwyllys 		} else {
16199ebb4caSwyllys 			return (NULL);
16299ebb4caSwyllys 		}
16399ebb4caSwyllys 	} else if (pathlen > 0) {
16499ebb4caSwyllys 		fullpath = (char *)strdup(filepath);
16599ebb4caSwyllys 	} else if (dirlen > 0) {
16699ebb4caSwyllys 		fullpath = (char *)strdup(dir);
16799ebb4caSwyllys 	}
16899ebb4caSwyllys 
16999ebb4caSwyllys 	return (fullpath);
17099ebb4caSwyllys }
17199ebb4caSwyllys 
17299ebb4caSwyllys /*
17399ebb4caSwyllys  * This function converts the input string to the value of time
17499ebb4caSwyllys  * in seconds.
17599ebb4caSwyllys  * - If the input string is NULL, return zero second.
17699ebb4caSwyllys  * - The input string needs to be in the form of:
17799ebb4caSwyllys  *   number-second(s), number-minute(s), number-hour(s) or
17899ebb4caSwyllys  *   number-day(s).
17999ebb4caSwyllys  */
18099ebb4caSwyllys int
str2lifetime(char * ltimestr,uint32_t * ltime)18199ebb4caSwyllys str2lifetime(char *ltimestr, uint32_t *ltime)
18299ebb4caSwyllys {
18399ebb4caSwyllys 	int num;
18499ebb4caSwyllys 	char timetok[10];
18599ebb4caSwyllys 
18699ebb4caSwyllys 	if (ltimestr == NULL || !strlen(ltimestr)) {
18799ebb4caSwyllys 		*ltime = 0;
18899ebb4caSwyllys 		return (0);
18999ebb4caSwyllys 	}
19099ebb4caSwyllys 
19199ebb4caSwyllys 	(void) memset(timetok, 0, sizeof (timetok));
19299ebb4caSwyllys 	if (sscanf(ltimestr, "%d-%08s", &num, timetok) != 2)
19399ebb4caSwyllys 		return (-1);
19499ebb4caSwyllys 
19599ebb4caSwyllys 	if (!strcasecmp(timetok, "second") ||
19699ebb4caSwyllys 	    !strcasecmp(timetok, "seconds")) {
19799ebb4caSwyllys 		*ltime = num;
19899ebb4caSwyllys 	} else if (!strcasecmp(timetok, "minute") ||
19999ebb4caSwyllys 	    !strcasecmp(timetok, "minutes")) {
20099ebb4caSwyllys 		*ltime = num * SECSPERMIN;
20199ebb4caSwyllys 	} else if (!strcasecmp(timetok, "day") ||
20299ebb4caSwyllys 	    !strcasecmp(timetok, "days")) {
20399ebb4caSwyllys 		*ltime = num * SECSPERDAY;
20499ebb4caSwyllys 	} else if (!strcasecmp(timetok, "hour") ||
20599ebb4caSwyllys 	    !strcasecmp(timetok, "hours")) {
20699ebb4caSwyllys 		*ltime = num * SECSPERHOUR;
20799ebb4caSwyllys 	} else {
20899ebb4caSwyllys 		*ltime = 0;
20999ebb4caSwyllys 		return (-1);
21099ebb4caSwyllys 	}
21199ebb4caSwyllys 
21299ebb4caSwyllys 	return (0);
21399ebb4caSwyllys }
214*cc543d0fSJason King 
215*cc543d0fSJason King /*
216*cc543d0fSJason King  * Map KCF error codes into PKCS11 error codes.
217*cc543d0fSJason King  */
218*cc543d0fSJason King CK_RV
crypto2pkcs11_error_number(uint_t n)219*cc543d0fSJason King crypto2pkcs11_error_number(uint_t n)
220*cc543d0fSJason King {
221*cc543d0fSJason King 	if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
222*cc543d0fSJason King 		return (CKR_GENERAL_ERROR);
223*cc543d0fSJason King 
224*cc543d0fSJason King 	return (error_number_table[n]);
225*cc543d0fSJason King }
226