199ebb4caSwyllys /*
299ebb4caSwyllys * CDDL HEADER START
399ebb4caSwyllys *
499ebb4caSwyllys * The contents of this file are subject to the terms of the
599ebb4caSwyllys * Common Development and Distribution License (the "License").
699ebb4caSwyllys * You may not use this file except in compliance with the License.
799ebb4caSwyllys *
899ebb4caSwyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
999ebb4caSwyllys * or http://www.opensolaris.org/os/licensing.
1099ebb4caSwyllys * See the License for the specific language governing permissions
1199ebb4caSwyllys * and limitations under the License.
1299ebb4caSwyllys *
1399ebb4caSwyllys * When distributing Covered Code, include this CDDL HEADER in each
1499ebb4caSwyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1599ebb4caSwyllys * If applicable, add the following below this CDDL HEADER, with the
1699ebb4caSwyllys * fields enclosed by brackets "[]" replaced with your own identifying
1799ebb4caSwyllys * information: Portions Copyright [yyyy] [name of copyright owner]
1899ebb4caSwyllys *
1999ebb4caSwyllys * CDDL HEADER END
2099ebb4caSwyllys */
2199ebb4caSwyllys /*
2299ebb4caSwyllys * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
2399ebb4caSwyllys * Use is subject to license terms.
24*cc543d0fSJason King * Copyright 2018, Joyent, Inc.
2599ebb4caSwyllys */
2699ebb4caSwyllys
2799ebb4caSwyllys #include <cryptoutil.h>
2899ebb4caSwyllys #include <strings.h>
2999ebb4caSwyllys #include <stdio.h>
3099ebb4caSwyllys #include <tzfile.h>
31*cc543d0fSJason King #include <sys/crypto/common.h>
32*cc543d0fSJason King
33*cc543d0fSJason King /*
34*cc543d0fSJason King * In order to fit everything on one line, the 'CRYPTO_' prefix
35*cc543d0fSJason King * has been dropped from the KCF #defines, e.g.
36*cc543d0fSJason King * CRYPTO_SUCCESS becomes SUCCESS.
37*cc543d0fSJason King */
38*cc543d0fSJason King
39*cc543d0fSJason King static CK_RV error_number_table[CRYPTO_LAST_ERROR + 1] = {
40*cc543d0fSJason King CKR_OK, /* SUCCESS */
41*cc543d0fSJason King CKR_CANCEL, /* CANCEL */
42*cc543d0fSJason King CKR_HOST_MEMORY, /* HOST_MEMORY */
43*cc543d0fSJason King CKR_GENERAL_ERROR, /* GENERAL_ERROR */
44*cc543d0fSJason King CKR_FUNCTION_FAILED, /* FAILED */
45*cc543d0fSJason King CKR_ARGUMENTS_BAD, /* ARGUMENTS_BAD */
46*cc543d0fSJason King CKR_ATTRIBUTE_READ_ONLY, /* ATTRIBUTE_READ_ONLY */
47*cc543d0fSJason King CKR_ATTRIBUTE_SENSITIVE, /* ATTRIBUTE_SENSITIVE */
48*cc543d0fSJason King CKR_ATTRIBUTE_TYPE_INVALID, /* ATTRIBUTE_TYPE_INVALID */
49*cc543d0fSJason King CKR_ATTRIBUTE_VALUE_INVALID, /* ATTRIBUTE_VALUE_INVALID */
50*cc543d0fSJason King CKR_FUNCTION_FAILED, /* CANCELED */
51*cc543d0fSJason King CKR_DATA_INVALID, /* DATA_INVALID */
52*cc543d0fSJason King CKR_DATA_LEN_RANGE, /* DATA_LEN_RANGE */
53*cc543d0fSJason King CKR_DEVICE_ERROR, /* DEVICE_ERROR */
54*cc543d0fSJason King CKR_DEVICE_MEMORY, /* DEVICE_MEMORY */
55*cc543d0fSJason King CKR_DEVICE_REMOVED, /* DEVICE_REMOVED */
56*cc543d0fSJason King CKR_ENCRYPTED_DATA_INVALID, /* ENCRYPTED_DATA_INVALID */
57*cc543d0fSJason King CKR_ENCRYPTED_DATA_LEN_RANGE, /* ENCRYPTED_DATA_LEN_RANGE */
58*cc543d0fSJason King CKR_KEY_HANDLE_INVALID, /* KEY_HANDLE_INVALID */
59*cc543d0fSJason King CKR_KEY_SIZE_RANGE, /* KEY_SIZE_RANGE */
60*cc543d0fSJason King CKR_KEY_TYPE_INCONSISTENT, /* KEY_TYPE_INCONSISTENT */
61*cc543d0fSJason King CKR_KEY_NOT_NEEDED, /* KEY_NOT_NEEDED */
62*cc543d0fSJason King CKR_KEY_CHANGED, /* KEY_CHANGED */
63*cc543d0fSJason King CKR_KEY_NEEDED, /* KEY_NEEDED */
64*cc543d0fSJason King CKR_KEY_INDIGESTIBLE, /* KEY_INDIGESTIBLE */
65*cc543d0fSJason King CKR_KEY_FUNCTION_NOT_PERMITTED, /* KEY_FUNCTION_NOT_PERMITTED */
66*cc543d0fSJason King CKR_KEY_NOT_WRAPPABLE, /* KEY_NOT_WRAPPABLE */
67*cc543d0fSJason King CKR_KEY_UNEXTRACTABLE, /* KEY_UNEXTRACTABLE */
68*cc543d0fSJason King CKR_MECHANISM_INVALID, /* MECHANISM_INVALID */
69*cc543d0fSJason King CKR_MECHANISM_PARAM_INVALID, /* MECHANISM_PARAM_INVALID */
70*cc543d0fSJason King CKR_OBJECT_HANDLE_INVALID, /* OBJECT_HANDLE_INVALID */
71*cc543d0fSJason King CKR_OPERATION_ACTIVE, /* OPERATION_ACTIVE */
72*cc543d0fSJason King CKR_OPERATION_NOT_INITIALIZED, /* OPERATION_NOT_INITIALIZED */
73*cc543d0fSJason King CKR_PIN_INCORRECT, /* PIN_INCORRECT */
74*cc543d0fSJason King CKR_PIN_INVALID, /* PIN_INVALID */
75*cc543d0fSJason King CKR_PIN_LEN_RANGE, /* PIN_LEN_RANGE */
76*cc543d0fSJason King CKR_PIN_EXPIRED, /* PIN_EXPIRED */
77*cc543d0fSJason King CKR_PIN_LOCKED, /* PIN_LOCKED */
78*cc543d0fSJason King CKR_SESSION_CLOSED, /* SESSION_CLOSED */
79*cc543d0fSJason King CKR_SESSION_COUNT, /* SESSION_COUNT */
80*cc543d0fSJason King CKR_SESSION_HANDLE_INVALID, /* SESSION_HANDLE_INVALID */
81*cc543d0fSJason King CKR_SESSION_READ_ONLY, /* SESSION_READ_ONLY */
82*cc543d0fSJason King CKR_SESSION_EXISTS, /* SESSION_EXISTS */
83*cc543d0fSJason King CKR_SESSION_READ_ONLY_EXISTS, /* SESSION_READ_ONLY_EXISTS */
84*cc543d0fSJason King CKR_SESSION_READ_WRITE_SO_EXISTS, /* SESSION_READ_WRITE_SO_EXISTS */
85*cc543d0fSJason King CKR_SIGNATURE_INVALID, /* SIGNATURE_INVALID */
86*cc543d0fSJason King CKR_SIGNATURE_LEN_RANGE, /* SIGNATURE_LEN_RANGE */
87*cc543d0fSJason King CKR_TEMPLATE_INCOMPLETE, /* TEMPLATE_INCOMPLETE */
88*cc543d0fSJason King CKR_TEMPLATE_INCONSISTENT, /* TEMPLATE_INCONSISTENT */
89*cc543d0fSJason King CKR_UNWRAPPING_KEY_HANDLE_INVALID, /* UNWRAPPING_KEY_HANDLE_INVALID */
90*cc543d0fSJason King CKR_UNWRAPPING_KEY_SIZE_RANGE, /* UNWRAPPING_KEY_SIZE_RANGE */
91*cc543d0fSJason King CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, /* UNWRAPPING_KEY_TYPE_INCONSISTENT */
92*cc543d0fSJason King CKR_USER_ALREADY_LOGGED_IN, /* USER_ALREADY_LOGGED_IN */
93*cc543d0fSJason King CKR_USER_NOT_LOGGED_IN, /* USER_NOT_LOGGED_IN */
94*cc543d0fSJason King CKR_USER_PIN_NOT_INITIALIZED, /* USER_PIN_NOT_INITIALIZED */
95*cc543d0fSJason King CKR_USER_TYPE_INVALID, /* USER_TYPE_INVALID */
96*cc543d0fSJason King CKR_USER_ANOTHER_ALREADY_LOGGED_IN, /* USER_ANOTHER_ALREADY_LOGGED_IN */
97*cc543d0fSJason King CKR_USER_TOO_MANY_TYPES, /* USER_TOO_MANY_TYPES */
98*cc543d0fSJason King CKR_WRAPPED_KEY_INVALID, /* WRAPPED_KEY_INVALID */
99*cc543d0fSJason King CKR_WRAPPED_KEY_LEN_RANGE, /* WRAPPED_KEY_LEN_RANGE */
100*cc543d0fSJason King CKR_WRAPPING_KEY_HANDLE_INVALID, /* WRAPPING_KEY_HANDLE_INVALID */
101*cc543d0fSJason King CKR_WRAPPING_KEY_SIZE_RANGE, /* WRAPPING_KEY_SIZE_RANGE */
102*cc543d0fSJason King CKR_WRAPPING_KEY_TYPE_INCONSISTENT, /* WRAPPING_KEY_TYPE_INCONSISTENT */
103*cc543d0fSJason King CKR_RANDOM_SEED_NOT_SUPPORTED, /* RANDOM_SEED_NOT_SUPPORTED */
104*cc543d0fSJason King CKR_RANDOM_NO_RNG, /* RANDOM_NO_RNG */
105*cc543d0fSJason King CKR_DOMAIN_PARAMS_INVALID, /* DOMAIN_PARAMS_INVALID */
106*cc543d0fSJason King CKR_BUFFER_TOO_SMALL, /* BUFFER_TOO_SMALL */
107*cc543d0fSJason King CKR_INFORMATION_SENSITIVE, /* INFORMATION_SENSITIVE */
108*cc543d0fSJason King CKR_FUNCTION_NOT_SUPPORTED, /* NOT_SUPPORTED */
109*cc543d0fSJason King CKR_GENERAL_ERROR, /* QUEUED */
110*cc543d0fSJason King CKR_GENERAL_ERROR, /* BUFFER_TOO_BIG */
111*cc543d0fSJason King CKR_OPERATION_NOT_INITIALIZED, /* INVALID_CONTEXT */
112*cc543d0fSJason King CKR_GENERAL_ERROR, /* INVALID_MAC */
113*cc543d0fSJason King CKR_GENERAL_ERROR, /* MECH_NOT_SUPPORTED */
114*cc543d0fSJason King CKR_GENERAL_ERROR, /* INCONSISTENT_ATTRIBUTE */
115*cc543d0fSJason King CKR_GENERAL_ERROR, /* NO_PERMISSION */
116*cc543d0fSJason King CKR_SLOT_ID_INVALID, /* INVALID_PROVIDER_ID */
117*cc543d0fSJason King CKR_GENERAL_ERROR, /* VERSION_MISMATCH */
118*cc543d0fSJason King CKR_GENERAL_ERROR, /* BUSY */
119*cc543d0fSJason King CKR_GENERAL_ERROR, /* UNKNOWN_PROVIDER */
120*cc543d0fSJason King CKR_GENERAL_ERROR, /* MODVERIFICATION_FAILED */
121*cc543d0fSJason King CKR_GENERAL_ERROR, /* OLD_CTX_TEMPLATE */
122*cc543d0fSJason King CKR_GENERAL_ERROR, /* WEAK_KEY */
123*cc543d0fSJason King CKR_GENERAL_ERROR /* FIPS140_ERROR */
124*cc543d0fSJason King };
125*cc543d0fSJason King
126*cc543d0fSJason King #if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
127*cc543d0fSJason King #error "Crypto to PKCS11 error mapping table needs to be updated!"
128*cc543d0fSJason King #endif
12999ebb4caSwyllys
13099ebb4caSwyllys /*
13199ebb4caSwyllys * This function returns a fullpath based on the "dir" and "filepath" input
13299ebb4caSwyllys * arugments.
13399ebb4caSwyllys * - If the filepath specified does not start with a "/" and the directory
13499ebb4caSwyllys * is also given, prepend the directory to the filename.
13599ebb4caSwyllys * - If only dir or filepath is given, this function returns a copy of the
13699ebb4caSwyllys * given argument.
13799ebb4caSwyllys * - If the filepath is fully qualified already and the "dir" is also
13899ebb4caSwyllys * given, return NULL to indicate an error.
13999ebb4caSwyllys */
14099ebb4caSwyllys char *
get_fullpath(char * dir,char * filepath)14199ebb4caSwyllys get_fullpath(char *dir, char *filepath)
14299ebb4caSwyllys {
14399ebb4caSwyllys char *fullpath = NULL;
14499ebb4caSwyllys int pathlen = 0;
14599ebb4caSwyllys int dirlen = 0;
14699ebb4caSwyllys
14799ebb4caSwyllys if (filepath != NULL)
14899ebb4caSwyllys pathlen = strlen(filepath);
14999ebb4caSwyllys
15099ebb4caSwyllys if (dir != NULL)
15199ebb4caSwyllys dirlen = strlen(dir);
15299ebb4caSwyllys
15399ebb4caSwyllys if (pathlen > 0 && dirlen > 0) {
15499ebb4caSwyllys if (filepath[0] != '/') {
15599ebb4caSwyllys int len = pathlen + dirlen + 2;
15699ebb4caSwyllys fullpath = (char *)malloc(len);
15799ebb4caSwyllys if (fullpath != NULL)
15899ebb4caSwyllys (void) snprintf(fullpath, len, "%s/%s",
15999ebb4caSwyllys dir, filepath);
16099ebb4caSwyllys } else {
16199ebb4caSwyllys return (NULL);
16299ebb4caSwyllys }
16399ebb4caSwyllys } else if (pathlen > 0) {
16499ebb4caSwyllys fullpath = (char *)strdup(filepath);
16599ebb4caSwyllys } else if (dirlen > 0) {
16699ebb4caSwyllys fullpath = (char *)strdup(dir);
16799ebb4caSwyllys }
16899ebb4caSwyllys
16999ebb4caSwyllys return (fullpath);
17099ebb4caSwyllys }
17199ebb4caSwyllys
17299ebb4caSwyllys /*
17399ebb4caSwyllys * This function converts the input string to the value of time
17499ebb4caSwyllys * in seconds.
17599ebb4caSwyllys * - If the input string is NULL, return zero second.
17699ebb4caSwyllys * - The input string needs to be in the form of:
17799ebb4caSwyllys * number-second(s), number-minute(s), number-hour(s) or
17899ebb4caSwyllys * number-day(s).
17999ebb4caSwyllys */
18099ebb4caSwyllys int
str2lifetime(char * ltimestr,uint32_t * ltime)18199ebb4caSwyllys str2lifetime(char *ltimestr, uint32_t *ltime)
18299ebb4caSwyllys {
18399ebb4caSwyllys int num;
18499ebb4caSwyllys char timetok[10];
18599ebb4caSwyllys
18699ebb4caSwyllys if (ltimestr == NULL || !strlen(ltimestr)) {
18799ebb4caSwyllys *ltime = 0;
18899ebb4caSwyllys return (0);
18999ebb4caSwyllys }
19099ebb4caSwyllys
19199ebb4caSwyllys (void) memset(timetok, 0, sizeof (timetok));
19299ebb4caSwyllys if (sscanf(ltimestr, "%d-%08s", &num, timetok) != 2)
19399ebb4caSwyllys return (-1);
19499ebb4caSwyllys
19599ebb4caSwyllys if (!strcasecmp(timetok, "second") ||
19699ebb4caSwyllys !strcasecmp(timetok, "seconds")) {
19799ebb4caSwyllys *ltime = num;
19899ebb4caSwyllys } else if (!strcasecmp(timetok, "minute") ||
19999ebb4caSwyllys !strcasecmp(timetok, "minutes")) {
20099ebb4caSwyllys *ltime = num * SECSPERMIN;
20199ebb4caSwyllys } else if (!strcasecmp(timetok, "day") ||
20299ebb4caSwyllys !strcasecmp(timetok, "days")) {
20399ebb4caSwyllys *ltime = num * SECSPERDAY;
20499ebb4caSwyllys } else if (!strcasecmp(timetok, "hour") ||
20599ebb4caSwyllys !strcasecmp(timetok, "hours")) {
20699ebb4caSwyllys *ltime = num * SECSPERHOUR;
20799ebb4caSwyllys } else {
20899ebb4caSwyllys *ltime = 0;
20999ebb4caSwyllys return (-1);
21099ebb4caSwyllys }
21199ebb4caSwyllys
21299ebb4caSwyllys return (0);
21399ebb4caSwyllys }
214*cc543d0fSJason King
215*cc543d0fSJason King /*
216*cc543d0fSJason King * Map KCF error codes into PKCS11 error codes.
217*cc543d0fSJason King */
218*cc543d0fSJason King CK_RV
crypto2pkcs11_error_number(uint_t n)219*cc543d0fSJason King crypto2pkcs11_error_number(uint_t n)
220*cc543d0fSJason King {
221*cc543d0fSJason King if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
222*cc543d0fSJason King return (CKR_GENERAL_ERROR);
223*cc543d0fSJason King
224*cc543d0fSJason King return (error_number_table[n]);
225*cc543d0fSJason King }
226