xref: /titanic_50/usr/src/cmd/lofiadm/main.c (revision 136dc9cbe3ceda200434238d1015d39bca1d2d1a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2012 Joyent, Inc.  All rights reserved.
25  *
26  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
27  * Copyright (c) 2014 Gary Mills
28  */
29 
30 /*
31  * lofiadm - administer lofi(7d). Very simple, add and remove file<->device
32  * associations, and display status. All the ioctls are private between
33  * lofi and lofiadm, and so are very simple - device information is
34  * communicated via a minor number.
35  */
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/lofi.h>
40 #include <sys/stat.h>
41 #include <sys/sysmacros.h>
42 #include <netinet/in.h>
43 #include <stdio.h>
44 #include <fcntl.h>
45 #include <locale.h>
46 #include <string.h>
47 #include <strings.h>
48 #include <errno.h>
49 #include <stdlib.h>
50 #include <unistd.h>
51 #include <stropts.h>
52 #include <libdevinfo.h>
53 #include <libgen.h>
54 #include <ctype.h>
55 #include <dlfcn.h>
56 #include <limits.h>
57 #include <security/cryptoki.h>
58 #include <cryptoutil.h>
59 #include <sys/crypto/ioctl.h>
60 #include <sys/crypto/ioctladmin.h>
61 #include "utils.h"
62 #include <LzmaEnc.h>
63 
64 /* Only need the IV len #defines out of these files, nothing else. */
65 #include <aes/aes_impl.h>
66 #include <des/des_impl.h>
67 #include <blowfish/blowfish_impl.h>
68 
69 static const char USAGE[] =
70 	"Usage: %s [-r] -a file [ device ]\n"
71 	"       %s [-r] -c crypto_algorithm -a file [device]\n"
72 	"       %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
73 	"       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
74 	"-a file [device]\n"
75 	"       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
76 	"-k wrapped_key_file -a file [device]\n"
77 	"       %s [-r] -c crypto_algorithm -e -a file [device]\n"
78 	"       %s -d file | device\n"
79 	"       %s -C [gzip|gzip-6|gzip-9|lzma] [-s segment_size] file\n"
80 	"       %s -U file\n"
81 	"       %s [ file | device ]\n";
82 
83 typedef struct token_spec {
84 	char	*name;
85 	char	*mfr;
86 	char	*serno;
87 	char	*key;
88 } token_spec_t;
89 
90 typedef struct mech_alias {
91 	char	*alias;
92 	CK_MECHANISM_TYPE type;
93 	char	*name;		/* for ioctl */
94 	char	*iv_name;	/* for ioctl */
95 	size_t	iv_len;		/* for ioctl */
96 	iv_method_t iv_type;	/* for ioctl */
97 	size_t	min_keysize;	/* in bytes */
98 	size_t	max_keysize;	/* in bytes */
99 	token_spec_t *token;
100 	CK_SLOT_ID slot;
101 } mech_alias_t;
102 
103 static mech_alias_t mech_aliases[] = {
104 	/* Preferred one should always be listed first. */
105 	{ "aes-256-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
106 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
107 	{ "aes-192-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
108 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
109 	{ "aes-128-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
110 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
111 	{ "des3-cbc", CKM_DES3_CBC, "CKM_DES3_CBC", "CKM_DES3_ECB", DES_IV_LEN,
112 	    IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 },
113 	{ "blowfish-cbc", CKM_BLOWFISH_CBC, "CKM_BLOWFISH_CBC",
114 	    "CKM_BLOWFISH_ECB", BLOWFISH_IV_LEN, IVM_ENC_BLKNO, ULONG_MAX,
115 	    0L, NULL, (CK_SLOT_ID)-1 }
116 	/*
117 	 * A cipher without an iv requirement would look like this:
118 	 * { "aes-xex", CKM_AES_XEX, "CKM_AES_XEX", NULL, 0,
119 	 *    IVM_NONE, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 }
120 	 */
121 };
122 
123 int	mech_aliases_count = (sizeof (mech_aliases) / sizeof (mech_alias_t));
124 
125 /* Preferred cipher, if one isn't specified on command line. */
126 #define	DEFAULT_CIPHER	(&mech_aliases[0])
127 
128 #define	DEFAULT_CIPHER_NUM	64	/* guess # kernel ciphers available */
129 #define	DEFAULT_MECHINFO_NUM	16	/* guess # kernel mechs available */
130 #define	MIN_PASSLEN		8	/* min acceptable passphrase size */
131 
132 static int gzip_compress(void *src, size_t srclen, void *dst,
133 	size_t *destlen, int level);
134 static int lzma_compress(void *src, size_t srclen, void *dst,
135 	size_t *destlen, int level);
136 
137 lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = {
138 	{NULL,  		gzip_compress,  6,	"gzip"}, /* default */
139 	{NULL,			gzip_compress,	6,	"gzip-6"},
140 	{NULL,			gzip_compress,	9, 	"gzip-9"},
141 	{NULL,  		lzma_compress, 	0, 	"lzma"}
142 };
143 
144 /* For displaying lofi mappings */
145 #define	FORMAT 			"%-20s     %-30s	%s\n"
146 
147 #define	COMPRESS_ALGORITHM	"gzip"
148 #define	COMPRESS_THRESHOLD	2048
149 #define	SEGSIZE			131072
150 #define	BLOCK_SIZE		512
151 #define	KILOBYTE		1024
152 #define	MEGABYTE		(KILOBYTE * KILOBYTE)
153 #define	GIGABYTE		(KILOBYTE * MEGABYTE)
154 #define	LIBZ			"libz.so.1"
155 
156 static void
157 usage(const char *pname)
158 {
159 	(void) fprintf(stderr, gettext(USAGE), pname, pname, pname,
160 	    pname, pname, pname, pname, pname, pname, pname);
161 	exit(E_USAGE);
162 }
163 
164 static int
165 gzip_compress(void *src, size_t srclen, void *dst, size_t *dstlen, int level)
166 {
167 	static int (*compress2p)(void *, ulong_t *, void *, size_t, int) = NULL;
168 	void *libz_hdl = NULL;
169 
170 	/*
171 	 * The first time we are called, attempt to dlopen()
172 	 * libz.so.1 and get a pointer to the compress2() function
173 	 */
174 	if (compress2p == NULL) {
175 		if ((libz_hdl = openlib(LIBZ)) == NULL)
176 			die(gettext("could not find %s. "
177 			    "gzip compression unavailable\n"), LIBZ);
178 
179 		if ((compress2p =
180 		    (int (*)(void *, ulong_t *, void *, size_t, int))
181 		    dlsym(libz_hdl, "compress2")) == NULL) {
182 			closelib();
183 			die(gettext("could not find the correct %s. "
184 			    "gzip compression unavailable\n"), LIBZ);
185 		}
186 	}
187 
188 	if ((*compress2p)(dst, (ulong_t *)dstlen, src, srclen, level) != 0)
189 		return (-1);
190 	return (0);
191 }
192 
193 /*ARGSUSED*/
194 static void
195 *SzAlloc(void *p, size_t size)
196 {
197 	return (malloc(size));
198 }
199 
200 /*ARGSUSED*/
201 static void
202 SzFree(void *p, void *address, size_t size)
203 {
204 	free(address);
205 }
206 
207 static ISzAlloc g_Alloc = {
208 	SzAlloc,
209 	SzFree
210 };
211 
212 #define	LZMA_UNCOMPRESSED_SIZE	8
213 #define	LZMA_HEADER_SIZE (LZMA_PROPS_SIZE + LZMA_UNCOMPRESSED_SIZE)
214 
215 /*ARGSUSED*/
216 static int
217 lzma_compress(void *src, size_t srclen, void *dst,
218 	size_t *dstlen, int level)
219 {
220 	CLzmaEncProps props;
221 	size_t outsize2;
222 	size_t outsizeprocessed;
223 	size_t outpropssize = LZMA_PROPS_SIZE;
224 	uint64_t t = 0;
225 	SRes res;
226 	Byte *dstp;
227 	int i;
228 
229 	outsize2 = *dstlen;
230 
231 	LzmaEncProps_Init(&props);
232 
233 	/*
234 	 * The LZMA compressed file format is as follows -
235 	 *
236 	 * Offset Size(bytes) Description
237 	 * 0		1	LZMA properties (lc, lp, lp (encoded))
238 	 * 1		4	Dictionary size (little endian)
239 	 * 5		8	Uncompressed size (little endian)
240 	 * 13			Compressed data
241 	 */
242 
243 	/* set the dictionary size to be 8MB */
244 	props.dictSize = 1 << 23;
245 
246 	if (*dstlen < LZMA_HEADER_SIZE)
247 		return (SZ_ERROR_OUTPUT_EOF);
248 
249 	dstp = (Byte *)dst;
250 	t = srclen;
251 	/*
252 	 * Set the uncompressed size in the LZMA header
253 	 * The LZMA properties (specified in 'props')
254 	 * will be set by the call to LzmaEncode()
255 	 */
256 	for (i = 0; i < LZMA_UNCOMPRESSED_SIZE; i++, t >>= 8) {
257 		dstp[LZMA_PROPS_SIZE + i] = (Byte)t;
258 	}
259 
260 	outsizeprocessed = outsize2 - LZMA_HEADER_SIZE;
261 	res = LzmaEncode(dstp + LZMA_HEADER_SIZE, &outsizeprocessed,
262 	    src, srclen, &props, dstp, &outpropssize, 0, NULL,
263 	    &g_Alloc, &g_Alloc);
264 
265 	if (res != 0)
266 		return (-1);
267 
268 	*dstlen = outsizeprocessed + LZMA_HEADER_SIZE;
269 	return (0);
270 }
271 
272 /*
273  * Translate a lofi device name to a minor number. We might be asked
274  * to do this when there is no association (such as when the user specifies
275  * a particular device), so we can only look at the string.
276  */
277 static int
278 name_to_minor(const char *devicename)
279 {
280 	int	minor;
281 
282 	if (sscanf(devicename, "/dev/" LOFI_BLOCK_NAME "/%d", &minor) == 1) {
283 		return (minor);
284 	}
285 	if (sscanf(devicename, "/dev/" LOFI_CHAR_NAME "/%d", &minor) == 1) {
286 		return (minor);
287 	}
288 	return (0);
289 }
290 
291 /*
292  * This might be the first time we've used this minor number. If so,
293  * it might also be that the /dev links are in the process of being created
294  * by devfsadmd (or that they'll be created "soon"). We cannot return
295  * until they're there or the invoker of lofiadm might try to use them
296  * and not find them. This can happen if a shell script is running on
297  * an MP.
298  */
299 static int sleeptime = 2;	/* number of seconds to sleep between stat's */
300 static int maxsleep = 120;	/* maximum number of seconds to sleep */
301 
302 static void
303 wait_until_dev_complete(int minor)
304 {
305 	struct stat64 buf;
306 	int	cursleep;
307 	char	blkpath[MAXPATHLEN];
308 	char	charpath[MAXPATHLEN];
309 	di_devlink_handle_t hdl;
310 
311 	(void) snprintf(blkpath, sizeof (blkpath), "/dev/%s/%d",
312 	    LOFI_BLOCK_NAME, minor);
313 	(void) snprintf(charpath, sizeof (charpath), "/dev/%s/%d",
314 	    LOFI_CHAR_NAME, minor);
315 
316 	/* Check if links already present */
317 	if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
318 		return;
319 
320 	/* First use di_devlink_init() */
321 	if (hdl = di_devlink_init("lofi", DI_MAKE_LINK)) {
322 		(void) di_devlink_fini(&hdl);
323 		goto out;
324 	}
325 
326 	/*
327 	 * Under normal conditions, di_devlink_init(DI_MAKE_LINK) above will
328 	 * only fail if the caller is non-root. In that case, wait for
329 	 * link creation via sysevents.
330 	 */
331 	for (cursleep = 0; cursleep < maxsleep; cursleep += sleeptime) {
332 		if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
333 			return;
334 		(void) sleep(sleeptime);
335 	}
336 
337 	/* one last try */
338 out:
339 	if (stat64(blkpath, &buf) == -1) {
340 		die(gettext("%s was not created"), blkpath);
341 	}
342 	if (stat64(charpath, &buf) == -1) {
343 		die(gettext("%s was not created"), charpath);
344 	}
345 }
346 
347 /*
348  * Map the file and return the minor number the driver picked for the file
349  * DO NOT use this function if the filename is actually the device name.
350  */
351 static int
352 lofi_map_file(int lfd, struct lofi_ioctl li, const char *filename)
353 {
354 	int	minor;
355 
356 	li.li_minor = 0;
357 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
358 	minor = ioctl(lfd, LOFI_MAP_FILE, &li);
359 	if (minor == -1) {
360 		if (errno == ENOTSUP)
361 			warn(gettext("encrypting compressed files is "
362 			    "unsupported"));
363 		die(gettext("could not map file %s"), filename);
364 	}
365 	wait_until_dev_complete(minor);
366 	return (minor);
367 }
368 
369 /*
370  * Add a device association. If devicename is NULL, let the driver
371  * pick a device.
372  */
373 static void
374 add_mapping(int lfd, const char *devicename, const char *filename,
375     mech_alias_t *cipher, const char *rkey, size_t rksz, boolean_t rdonly)
376 {
377 	struct lofi_ioctl li;
378 
379 	li.li_readonly = rdonly;
380 
381 	li.li_crypto_enabled = B_FALSE;
382 	if (cipher != NULL) {
383 		/* set up encryption for mapped file */
384 		li.li_crypto_enabled = B_TRUE;
385 		(void) strlcpy(li.li_cipher, cipher->name,
386 		    sizeof (li.li_cipher));
387 		if (rksz > sizeof (li.li_key)) {
388 			die(gettext("key too large"));
389 		}
390 		bcopy(rkey, li.li_key, rksz);
391 		li.li_key_len = rksz << 3;	/* convert to bits */
392 
393 		li.li_iv_type = cipher->iv_type;
394 		li.li_iv_len = cipher->iv_len;	/* 0 when no iv needed */
395 		switch (cipher->iv_type) {
396 		case IVM_ENC_BLKNO:
397 			(void) strlcpy(li.li_iv_cipher, cipher->iv_name,
398 			    sizeof (li.li_iv_cipher));
399 			break;
400 		case IVM_NONE:
401 			/* FALLTHROUGH */
402 		default:
403 			break;
404 		}
405 	}
406 
407 	if (devicename == NULL) {
408 		int	minor;
409 
410 		/* pick one via the driver */
411 		minor = lofi_map_file(lfd, li, filename);
412 		/* if mapping succeeds, print the one picked */
413 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, minor);
414 		return;
415 	}
416 
417 	/* use device we were given */
418 	li.li_minor = name_to_minor(devicename);
419 	if (li.li_minor == 0) {
420 		die(gettext("malformed device name %s\n"), devicename);
421 	}
422 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
423 
424 	/* if device is already in use li.li_minor won't change */
425 	if (ioctl(lfd, LOFI_MAP_FILE_MINOR, &li) == -1) {
426 		if (errno == ENOTSUP)
427 			warn(gettext("encrypting compressed files is "
428 			    "unsupported"));
429 		die(gettext("could not map file %s to %s"), filename,
430 		    devicename);
431 	}
432 	wait_until_dev_complete(li.li_minor);
433 }
434 
435 /*
436  * Remove an association. Delete by device name if non-NULL, or by
437  * filename otherwise.
438  */
439 static void
440 delete_mapping(int lfd, const char *devicename, const char *filename,
441     boolean_t force)
442 {
443 	struct lofi_ioctl li;
444 
445 	li.li_force = force;
446 	li.li_cleanup = B_FALSE;
447 
448 	if (devicename == NULL) {
449 		/* delete by filename */
450 		(void) strlcpy(li.li_filename, filename,
451 		    sizeof (li.li_filename));
452 		li.li_minor = 0;
453 		if (ioctl(lfd, LOFI_UNMAP_FILE, &li) == -1) {
454 			die(gettext("could not unmap file %s"), filename);
455 		}
456 		return;
457 	}
458 
459 	/* delete by device */
460 	li.li_minor = name_to_minor(devicename);
461 	if (li.li_minor == 0) {
462 		die(gettext("malformed device name %s\n"), devicename);
463 	}
464 	if (ioctl(lfd, LOFI_UNMAP_FILE_MINOR, &li) == -1) {
465 		die(gettext("could not unmap device %s"), devicename);
466 	}
467 }
468 
469 /*
470  * Show filename given devicename, or devicename given filename.
471  */
472 static void
473 print_one_mapping(int lfd, const char *devicename, const char *filename)
474 {
475 	struct lofi_ioctl li;
476 
477 	if (devicename == NULL) {
478 		/* given filename, print devicename */
479 		li.li_minor = 0;
480 		(void) strlcpy(li.li_filename, filename,
481 		    sizeof (li.li_filename));
482 		if (ioctl(lfd, LOFI_GET_MINOR, &li) == -1) {
483 			die(gettext("could not find device for %s"), filename);
484 		}
485 		(void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, li.li_minor);
486 		return;
487 	}
488 
489 	/* given devicename, print filename */
490 	li.li_minor = name_to_minor(devicename);
491 	if (li.li_minor == 0) {
492 		die(gettext("malformed device name %s\n"), devicename);
493 	}
494 	if (ioctl(lfd, LOFI_GET_FILENAME, &li) == -1) {
495 		die(gettext("could not find filename for %s"), devicename);
496 	}
497 	(void) printf("%s\n", li.li_filename);
498 }
499 
500 /*
501  * Print the list of all the mappings, including a header.
502  */
503 static void
504 print_mappings(int fd)
505 {
506 	struct lofi_ioctl li;
507 	int	minor;
508 	int	maxminor;
509 	char	path[MAXPATHLEN];
510 	char	options[MAXPATHLEN] = { 0 };
511 
512 	li.li_minor = 0;
513 	if (ioctl(fd, LOFI_GET_MAXMINOR, &li) == -1) {
514 		die("ioctl");
515 	}
516 	maxminor = li.li_minor;
517 
518 	(void) printf(FORMAT, gettext("Block Device"), gettext("File"),
519 	    gettext("Options"));
520 	for (minor = 1; minor <= maxminor; minor++) {
521 		li.li_minor = minor;
522 		if (ioctl(fd, LOFI_GET_FILENAME, &li) == -1) {
523 			if (errno == ENXIO)
524 				continue;
525 			warn("ioctl");
526 			break;
527 		}
528 		(void) snprintf(path, sizeof (path), "/dev/%s/%d",
529 		    LOFI_BLOCK_NAME, minor);
530 
531 		options[0] = '\0';
532 
533 		/*
534 		 * Encrypted lofi and compressed lofi are mutually exclusive.
535 		 */
536 		if (li.li_crypto_enabled)
537 			(void) snprintf(options, sizeof (options),
538 			    gettext("Encrypted"));
539 		else if (li.li_algorithm[0] != '\0')
540 			(void) snprintf(options, sizeof (options),
541 			    gettext("Compressed(%s)"), li.li_algorithm);
542 		if (li.li_readonly) {
543 			if (strlen(options) != 0) {
544 				(void) strlcat(options, ",", sizeof (options));
545 				(void) strlcat(options, "Readonly",
546 				    sizeof (options));
547 			} else {
548 				(void) snprintf(options, sizeof (options),
549 				    gettext("Readonly"));
550 			}
551 		}
552 		if (strlen(options) == 0)
553 			(void) snprintf(options, sizeof (options), "-");
554 
555 		(void) printf(FORMAT, path, li.li_filename, options);
556 	}
557 }
558 
559 /*
560  * Verify the cipher selected by user.
561  */
562 static mech_alias_t *
563 ciph2mech(const char *alias)
564 {
565 	int	i;
566 
567 	for (i = 0; i < mech_aliases_count; i++) {
568 		if (strcasecmp(alias, mech_aliases[i].alias) == 0)
569 			return (&mech_aliases[i]);
570 	}
571 	return (NULL);
572 }
573 
574 /*
575  * Verify user selected cipher is also available in kernel.
576  *
577  * While traversing kernel list of mechs, if the cipher is supported in the
578  * kernel for both encryption and decryption, it also picks up the min/max
579  * key size.
580  */
581 static boolean_t
582 kernel_cipher_check(mech_alias_t *cipher)
583 {
584 	boolean_t ciph_ok = B_FALSE;
585 	boolean_t iv_ok = B_FALSE;
586 	int	i;
587 	int	count;
588 	crypto_get_mechanism_list_t *kciphers = NULL;
589 	crypto_get_all_mechanism_info_t *kinfo = NULL;
590 	int	fd = -1;
591 	size_t	keymin;
592 	size_t	keymax;
593 
594 	/* if cipher doesn't need iv generating mech, bypass that check now */
595 	if (cipher->iv_name == NULL)
596 		iv_ok = B_TRUE;
597 
598 	/* allocate some space for the list of kernel ciphers */
599 	count = DEFAULT_CIPHER_NUM;
600 	kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
601 	    sizeof (crypto_mech_name_t) * (count - 1));
602 	if (kciphers == NULL)
603 		die(gettext("failed to allocate memory for list of "
604 		    "kernel mechanisms"));
605 	kciphers->ml_count = count;
606 
607 	/* query crypto device to get list of kernel ciphers */
608 	if ((fd = open("/dev/crypto", O_RDWR)) == -1) {
609 		warn(gettext("failed to open %s"), "/dev/crypto");
610 		goto kcc_out;
611 	}
612 
613 	if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
614 		warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
615 		goto kcc_out;
616 	}
617 
618 	if (kciphers->ml_return_value == CRYPTO_BUFFER_TOO_SMALL) {
619 		count = kciphers->ml_count;
620 		free(kciphers);
621 		kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
622 		    sizeof (crypto_mech_name_t) * (count - 1));
623 		if (kciphers == NULL) {
624 			warn(gettext("failed to allocate memory for list of "
625 			    "kernel mechanisms"));
626 			goto kcc_out;
627 		}
628 		kciphers->ml_count = count;
629 
630 		if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
631 			warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
632 			goto kcc_out;
633 		}
634 	}
635 
636 	if (kciphers->ml_return_value != CRYPTO_SUCCESS) {
637 		warn(gettext(
638 		    "CRYPTO_GET_MECHANISM_LIST ioctl return value = %d\n"),
639 		    kciphers->ml_return_value);
640 		goto kcc_out;
641 	}
642 
643 	/*
644 	 * scan list of kernel ciphers looking for the selected one and if
645 	 * it needs an iv generated using another cipher, also look for that
646 	 * additional cipher to be used for generating the iv
647 	 */
648 	count = kciphers->ml_count;
649 	for (i = 0; i < count && !(ciph_ok && iv_ok); i++) {
650 		if (!ciph_ok &&
651 		    strcasecmp(cipher->name, kciphers->ml_list[i]) == 0)
652 			ciph_ok = B_TRUE;
653 		if (!iv_ok &&
654 		    strcasecmp(cipher->iv_name, kciphers->ml_list[i]) == 0)
655 			iv_ok = B_TRUE;
656 	}
657 	free(kciphers);
658 	kciphers = NULL;
659 
660 	if (!ciph_ok)
661 		warn(gettext("%s mechanism not supported in kernel\n"),
662 		    cipher->name);
663 	if (!iv_ok)
664 		warn(gettext("%s mechanism not supported in kernel\n"),
665 		    cipher->iv_name);
666 
667 	if (ciph_ok) {
668 		/* Get the details about the user selected cipher */
669 		count = DEFAULT_MECHINFO_NUM;
670 		kinfo = malloc(sizeof (crypto_get_all_mechanism_info_t) +
671 		    sizeof (crypto_mechanism_info_t) * (count - 1));
672 		if (kinfo == NULL) {
673 			warn(gettext("failed to allocate memory for "
674 			    "kernel mechanism info"));
675 			goto kcc_out;
676 		}
677 		kinfo->mi_count = count;
678 		(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
679 		    CRYPTO_MAX_MECH_NAME);
680 
681 		if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) == -1) {
682 			warn(gettext(
683 			    "CRYPTO_GET_ALL_MECHANISM_INFO ioctl failed"));
684 			goto kcc_out;
685 		}
686 
687 		if (kinfo->mi_return_value == CRYPTO_BUFFER_TOO_SMALL) {
688 			count = kinfo->mi_count;
689 			free(kinfo);
690 			kinfo = malloc(
691 			    sizeof (crypto_get_all_mechanism_info_t) +
692 			    sizeof (crypto_mechanism_info_t) * (count - 1));
693 			if (kinfo == NULL) {
694 				warn(gettext("failed to allocate memory for "
695 				    "kernel mechanism info"));
696 				goto kcc_out;
697 			}
698 			kinfo->mi_count = count;
699 			(void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
700 			    CRYPTO_MAX_MECH_NAME);
701 
702 			if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) ==
703 			    -1) {
704 				warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO "
705 				    "ioctl failed"));
706 				goto kcc_out;
707 			}
708 		}
709 
710 		if (kinfo->mi_return_value != CRYPTO_SUCCESS) {
711 			warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO ioctl "
712 			    "return value = %d\n"), kinfo->mi_return_value);
713 			goto kcc_out;
714 		}
715 
716 		/* Set key min and max size */
717 		count = kinfo->mi_count;
718 		i = 0;
719 		if (i < count) {
720 			keymin = kinfo->mi_list[i].mi_min_key_size;
721 			keymax = kinfo->mi_list[i].mi_max_key_size;
722 			if (kinfo->mi_list[i].mi_keysize_unit &
723 			    CRYPTO_KEYSIZE_UNIT_IN_BITS) {
724 				keymin = CRYPTO_BITS2BYTES(keymin);
725 				keymax = CRYPTO_BITS2BYTES(keymax);
726 
727 			}
728 			cipher->min_keysize = keymin;
729 			cipher->max_keysize = keymax;
730 		}
731 		free(kinfo);
732 		kinfo = NULL;
733 
734 		if (i == count) {
735 			(void) close(fd);
736 			die(gettext(
737 			    "failed to find usable %s kernel mechanism, "
738 			    "use \"cryptoadm list -m\" to find available "
739 			    "mechanisms\n"),
740 			    cipher->name);
741 		}
742 	}
743 
744 	/* Note: key min/max, unit size, usage for iv cipher are not checked. */
745 
746 	return (ciph_ok && iv_ok);
747 
748 kcc_out:
749 	if (kinfo != NULL)
750 		free(kinfo);
751 	if (kciphers != NULL)
752 		free(kciphers);
753 	if (fd != -1)
754 		(void) close(fd);
755 	return (B_FALSE);
756 }
757 
758 /*
759  * Break up token spec into its components (non-destructive)
760  */
761 static token_spec_t *
762 parsetoken(char *spec)
763 {
764 #define	FLD_NAME	0
765 #define	FLD_MANUF	1
766 #define	FLD_SERIAL	2
767 #define	FLD_LABEL	3
768 #define	NFIELDS		4
769 #define	nullfield(i)	((field[(i)+1] - field[(i)]) <= 1)
770 #define	copyfield(fld, i)	\
771 		{							\
772 			int	n;					\
773 			(fld) = NULL;					\
774 			if ((n = (field[(i)+1] - field[(i)])) > 1) {	\
775 				if (((fld) = malloc(n)) != NULL) {	\
776 					(void) strncpy((fld), field[(i)], n); \
777 					((fld))[n - 1] = '\0';		\
778 				}					\
779 			}						\
780 		}
781 
782 	int	i;
783 	char	*field[NFIELDS + 1];	/* +1 to catch extra delimiters */
784 	token_spec_t *ti = NULL;
785 
786 	if (spec == NULL)
787 		return (NULL);
788 
789 	/*
790 	 * Correct format is "[name]:[manuf]:[serial]:key". Can't use
791 	 * strtok because it treats ":::key" and "key:::" and "key" all
792 	 * as the same thing, and we can't have the :s compressed away.
793 	 */
794 	field[0] = spec;
795 	for (i = 1; i < NFIELDS + 1; i++) {
796 		field[i] = strchr(field[i-1], ':');
797 		if (field[i] == NULL)
798 			break;
799 		field[i]++;
800 	}
801 	if (i < NFIELDS)		/* not enough fields */
802 		return (NULL);
803 	if (field[NFIELDS] != NULL)	/* too many fields */
804 		return (NULL);
805 	field[NFIELDS] = strchr(field[NFIELDS-1], '\0') + 1;
806 
807 	/* key label can't be empty */
808 	if (nullfield(FLD_LABEL))
809 		return (NULL);
810 
811 	ti = malloc(sizeof (token_spec_t));
812 	if (ti == NULL)
813 		return (NULL);
814 
815 	copyfield(ti->name, FLD_NAME);
816 	copyfield(ti->mfr, FLD_MANUF);
817 	copyfield(ti->serno, FLD_SERIAL);
818 	copyfield(ti->key, FLD_LABEL);
819 
820 	/*
821 	 * If token specified and it only contains a key label, then
822 	 * search all tokens for the key, otherwise only those with
823 	 * matching name, mfr, and serno are used.
824 	 */
825 	/*
826 	 * That's how we'd like it to be, however, if only the key label
827 	 * is specified, default to using softtoken.  It's easier.
828 	 */
829 	if (ti->name == NULL && ti->mfr == NULL && ti->serno == NULL)
830 		ti->name = strdup(pkcs11_default_token());
831 	return (ti);
832 }
833 
834 /*
835  * PBE the passphrase into a raw key
836  */
837 static void
838 getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
839 {
840 	CK_SESSION_HANDLE sess;
841 	CK_RV	rv;
842 	char	*pass = NULL;
843 	size_t	passlen = 0;
844 	void	*salt = NULL;	/* don't use NULL, see note on salt below */
845 	size_t	saltlen = 0;
846 	CK_KEY_TYPE ktype;
847 	void	*kvalue;
848 	size_t	klen;
849 
850 	/* did init_crypto find a slot that supports this cipher? */
851 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
852 		rv = CKR_MECHANISM_INVALID;
853 		goto cleanup;
854 	}
855 
856 	rv = pkcs11_mech2keytype(cipher->type, &ktype);
857 	if (rv != CKR_OK)
858 		goto cleanup;
859 
860 	/*
861 	 * use the passphrase to generate a PBE PKCS#5 secret key and
862 	 * retrieve the raw key data to eventually pass it to the kernel;
863 	 */
864 	rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
865 	if (rv != CKR_OK)
866 		goto cleanup;
867 
868 	/* get user passphrase with 8 byte minimum */
869 	if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
870 		die(gettext("passphrases do not match\n"));
871 	}
872 
873 	/*
874 	 * salt should not be NULL, or else pkcs11_PasswdToKey() will
875 	 * complain about CKR_MECHANISM_PARAM_INVALID; the following is
876 	 * to make up for not having a salt until a proper one is used
877 	 */
878 	salt = pass;
879 	saltlen = passlen;
880 
881 	klen = cipher->max_keysize;
882 	rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
883 	    cipher->max_keysize, &kvalue, &klen);
884 
885 	(void) C_CloseSession(sess);
886 
887 	if (rv != CKR_OK) {
888 		goto cleanup;
889 	}
890 
891 	/* assert(klen == cipher->max_keysize); */
892 	*raw_key_sz = klen;
893 	*raw_key = (char *)kvalue;
894 	return;
895 
896 cleanup:
897 	die(gettext("failed to generate %s key from passphrase: %s"),
898 	    cipher->alias, pkcs11_strerror(rv));
899 }
900 
901 /*
902  * Read raw key from file; also handles ephemeral keys.
903  */
904 void
905 getkeyfromfile(const char *pathname, mech_alias_t *cipher, char **key,
906     size_t *ksz)
907 {
908 	int	fd;
909 	struct stat sbuf;
910 	boolean_t notplain = B_FALSE;
911 	ssize_t	cursz;
912 	ssize_t	nread;
913 
914 	/* ephemeral keys are just random data */
915 	if (pathname == NULL) {
916 		*ksz = cipher->max_keysize;
917 		*key = malloc(*ksz);
918 		if (*key == NULL)
919 			die(gettext("failed to allocate memory for"
920 			    " ephemeral key"));
921 		if (pkcs11_get_urandom(*key, *ksz) < 0) {
922 			free(*key);
923 			die(gettext("failed to get enough random data"));
924 		}
925 		return;
926 	}
927 
928 	/*
929 	 * If the remaining section of code didn't also check for secure keyfile
930 	 * permissions and whether the key is within cipher min and max lengths,
931 	 * (or, if those things moved out of this block), we could have had:
932 	 *	if (pkcs11_read_data(pathname, key, ksz) < 0)
933 	 *		handle_error();
934 	 */
935 
936 	if ((fd = open(pathname, O_RDONLY, 0)) == -1)
937 		die(gettext("open of keyfile (%s) failed"), pathname);
938 
939 	if (fstat(fd, &sbuf) == -1)
940 		die(gettext("fstat of keyfile (%s) failed"), pathname);
941 
942 	if (S_ISREG(sbuf.st_mode)) {
943 		if ((sbuf.st_mode & (S_IWGRP | S_IWOTH)) != 0)
944 			die(gettext("insecure permissions on keyfile %s\n"),
945 			    pathname);
946 
947 		*ksz = sbuf.st_size;
948 		if (*ksz < cipher->min_keysize || cipher->max_keysize < *ksz) {
949 			warn(gettext("%s: invalid keysize: %d\n"),
950 			    pathname, (int)*ksz);
951 			die(gettext("\t%d <= keysize <= %d\n"),
952 			    cipher->min_keysize, cipher->max_keysize);
953 		}
954 	} else {
955 		*ksz = cipher->max_keysize;
956 		notplain = B_TRUE;
957 	}
958 
959 	*key = malloc(*ksz);
960 	if (*key == NULL)
961 		die(gettext("failed to allocate memory for key from file"));
962 
963 	for (cursz = 0, nread = 0; cursz < *ksz; cursz += nread) {
964 		nread = read(fd, *key, *ksz);
965 		if (nread > 0)
966 			continue;
967 		/*
968 		 * nread == 0.  If it's not a regular file we were trying to
969 		 * get the maximum keysize of data possible for this cipher.
970 		 * But if we've got at least the minimum keysize of data,
971 		 * round down to the nearest keysize unit and call it good.
972 		 * If we haven't met the minimum keysize, that's an error.
973 		 * If it's a regular file, nread = 0 is also an error.
974 		 */
975 		if (nread == 0 && notplain && cursz >= cipher->min_keysize) {
976 			*ksz = (cursz / cipher->min_keysize) *
977 			    cipher->min_keysize;
978 			break;
979 		}
980 		die(gettext("%s: can't read all keybytes"), pathname);
981 	}
982 	(void) close(fd);
983 }
984 
985 /*
986  * Read the raw key from token, or from a file that was wrapped with a
987  * key from token
988  */
989 void
990 getkeyfromtoken(CK_SESSION_HANDLE sess,
991     token_spec_t *token, const char *keyfile, mech_alias_t *cipher,
992     char **raw_key, size_t *raw_key_sz)
993 {
994 	CK_RV	rv = CKR_OK;
995 	CK_BBOOL trueval = B_TRUE;
996 	CK_OBJECT_CLASS kclass;		/* secret key or RSA private key */
997 	CK_KEY_TYPE ktype;		/* from selected cipher or CKK_RSA */
998 	CK_KEY_TYPE raw_ktype;		/* from selected cipher */
999 	CK_ATTRIBUTE	key_tmpl[] = {
1000 		{ CKA_CLASS, NULL, 0 },	/* re-used for token key and unwrap */
1001 		{ CKA_KEY_TYPE, NULL, 0 },	/* ditto */
1002 		{ CKA_LABEL, NULL, 0 },
1003 		{ CKA_TOKEN, NULL, 0 },
1004 		{ CKA_PRIVATE, NULL, 0 }
1005 	    };
1006 	CK_ULONG attrs = sizeof (key_tmpl) / sizeof (CK_ATTRIBUTE);
1007 	int	i;
1008 	char	*pass = NULL;
1009 	size_t	passlen = 0;
1010 	CK_OBJECT_HANDLE obj, rawobj;
1011 	CK_ULONG num_objs = 1;		/* just want to find 1 token key */
1012 	CK_MECHANISM unwrap = { CKM_RSA_PKCS, NULL, 0 };
1013 	char	*rkey;
1014 	size_t	rksz;
1015 
1016 	if (token == NULL || token->key == NULL)
1017 		return;
1018 
1019 	/* did init_crypto find a slot that supports this cipher? */
1020 	if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
1021 		die(gettext("failed to find any cryptographic provider, "
1022 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1023 		    pkcs11_strerror(CKR_MECHANISM_INVALID));
1024 	}
1025 
1026 	if (pkcs11_get_pass(token->name, &pass, &passlen, 0, B_FALSE) < 0)
1027 		die(gettext("unable to get passphrase"));
1028 
1029 	/* use passphrase to login to token */
1030 	if (pass != NULL && passlen > 0) {
1031 		rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)pass, passlen);
1032 		if (rv != CKR_OK) {
1033 			die(gettext("cannot login to the token %s: %s\n"),
1034 			    token->name, pkcs11_strerror(rv));
1035 		}
1036 	}
1037 
1038 	rv = pkcs11_mech2keytype(cipher->type, &raw_ktype);
1039 	if (rv != CKR_OK) {
1040 		die(gettext("failed to get key type for cipher %s: %s\n"),
1041 		    cipher->name, pkcs11_strerror(rv));
1042 	}
1043 
1044 	/*
1045 	 * If no keyfile was given, then the token key is secret key to
1046 	 * be used for encryption/decryption.  Otherwise, the keyfile
1047 	 * contains a wrapped secret key, and the token is actually the
1048 	 * unwrapping RSA private key.
1049 	 */
1050 	if (keyfile == NULL) {
1051 		kclass = CKO_SECRET_KEY;
1052 		ktype = raw_ktype;
1053 	} else {
1054 		kclass = CKO_PRIVATE_KEY;
1055 		ktype = CKK_RSA;
1056 	}
1057 
1058 	/* Find the key in the token first */
1059 	for (i = 0; i < attrs; i++) {
1060 		switch (key_tmpl[i].type) {
1061 		case CKA_CLASS:
1062 			key_tmpl[i].pValue = &kclass;
1063 			key_tmpl[i].ulValueLen = sizeof (kclass);
1064 			break;
1065 		case CKA_KEY_TYPE:
1066 			key_tmpl[i].pValue = &ktype;
1067 			key_tmpl[i].ulValueLen = sizeof (ktype);
1068 			break;
1069 		case CKA_LABEL:
1070 			key_tmpl[i].pValue = token->key;
1071 			key_tmpl[i].ulValueLen = strlen(token->key);
1072 			break;
1073 		case CKA_TOKEN:
1074 			key_tmpl[i].pValue = &trueval;
1075 			key_tmpl[i].ulValueLen = sizeof (trueval);
1076 			break;
1077 		case CKA_PRIVATE:
1078 			key_tmpl[i].pValue = &trueval;
1079 			key_tmpl[i].ulValueLen = sizeof (trueval);
1080 			break;
1081 		default:
1082 			break;
1083 		}
1084 	}
1085 	rv = C_FindObjectsInit(sess, key_tmpl, attrs);
1086 	if (rv != CKR_OK)
1087 		die(gettext("cannot find key %s: %s\n"), token->key,
1088 		    pkcs11_strerror(rv));
1089 	rv = C_FindObjects(sess, &obj, 1, &num_objs);
1090 	(void) C_FindObjectsFinal(sess);
1091 
1092 	if (num_objs == 0) {
1093 		die(gettext("cannot find key %s\n"), token->key);
1094 	} else if (rv != CKR_OK) {
1095 		die(gettext("cannot find key %s: %s\n"), token->key,
1096 		    pkcs11_strerror(rv));
1097 	}
1098 
1099 	/*
1100 	 * No keyfile means when token key is found, convert it to raw key,
1101 	 * and done.  Otherwise still need do an unwrap to create yet another
1102 	 * obj and that needs to be converted to raw key before we're done.
1103 	 */
1104 	if (keyfile == NULL) {
1105 		/* obj contains raw key, extract it */
1106 		rv = pkcs11_ObjectToKey(sess, obj, (void **)&rkey, &rksz,
1107 		    B_FALSE);
1108 		if (rv != CKR_OK) {
1109 			die(gettext("failed to get key value for %s"
1110 			    " from token %s, %s\n"), token->key,
1111 			    token->name, pkcs11_strerror(rv));
1112 		}
1113 	} else {
1114 		getkeyfromfile(keyfile, cipher, &rkey, &rksz);
1115 
1116 		/*
1117 		 * Got the wrapping RSA obj and the wrapped key from file.
1118 		 * Unwrap the key from file with RSA obj to get rawkey obj.
1119 		 */
1120 
1121 		/* re-use the first two attributes of key_tmpl */
1122 		kclass = CKO_SECRET_KEY;
1123 		ktype = raw_ktype;
1124 
1125 		rv = C_UnwrapKey(sess, &unwrap, obj, (CK_BYTE_PTR)rkey,
1126 		    rksz, key_tmpl, 2, &rawobj);
1127 		if (rv != CKR_OK) {
1128 			die(gettext("failed to unwrap key in keyfile %s,"
1129 			    " %s\n"), keyfile, pkcs11_strerror(rv));
1130 		}
1131 		/* rawobj contains raw key, extract it */
1132 		rv = pkcs11_ObjectToKey(sess, rawobj, (void **)&rkey, &rksz,
1133 		    B_TRUE);
1134 		if (rv != CKR_OK) {
1135 			die(gettext("failed to get unwrapped key value for"
1136 			    " key in keyfile %s, %s\n"), keyfile,
1137 			    pkcs11_strerror(rv));
1138 		}
1139 	}
1140 
1141 	/* validate raw key size */
1142 	if (rksz < cipher->min_keysize || cipher->max_keysize < rksz) {
1143 		warn(gettext("%s: invalid keysize: %d\n"), keyfile, (int)rksz);
1144 		die(gettext("\t%d <= keysize <= %d\n"), cipher->min_keysize,
1145 		    cipher->max_keysize);
1146 	}
1147 
1148 	*raw_key_sz = rksz;
1149 	*raw_key = (char *)rkey;
1150 }
1151 
1152 /*
1153  * Set up cipher key limits and verify PKCS#11 can be done
1154  * match_token_cipher is the function pointer used by
1155  * pkcs11_GetCriteriaSession() init_crypto.
1156  */
1157 boolean_t
1158 match_token_cipher(CK_SLOT_ID slot_id, void *args, CK_RV *rv)
1159 {
1160 	token_spec_t *token;
1161 	mech_alias_t *cipher;
1162 	CK_TOKEN_INFO tokinfo;
1163 	CK_MECHANISM_INFO mechinfo;
1164 	boolean_t token_match;
1165 
1166 	/*
1167 	 * While traversing slot list, pick up the following info per slot:
1168 	 * - if token specified, whether it matches this slot's token info
1169 	 * - if the slot supports the PKCS#5 PBKD2 cipher
1170 	 *
1171 	 * If the user said on the command line
1172 	 *	-T tok:mfr:ser:lab -k keyfile
1173 	 *	-c cipher -T tok:mfr:ser:lab -k keyfile
1174 	 * the given cipher or the default cipher apply to keyfile,
1175 	 * If the user said instead
1176 	 *	-T tok:mfr:ser:lab
1177 	 *	-c cipher -T tok:mfr:ser:lab
1178 	 * the key named "lab" may or may not agree with the given
1179 	 * cipher or the default cipher.  In those cases, cipher will
1180 	 * be overridden with the actual cipher type of the key "lab".
1181 	 */
1182 	*rv = CKR_FUNCTION_FAILED;
1183 
1184 	if (args == NULL) {
1185 		return (B_FALSE);
1186 	}
1187 
1188 	cipher = (mech_alias_t *)args;
1189 	token = cipher->token;
1190 
1191 	if (C_GetMechanismInfo(slot_id, cipher->type, &mechinfo) != CKR_OK) {
1192 		return (B_FALSE);
1193 	}
1194 
1195 	if (token == NULL) {
1196 		if (C_GetMechanismInfo(slot_id, CKM_PKCS5_PBKD2, &mechinfo) !=
1197 		    CKR_OK) {
1198 			return (B_FALSE);
1199 		}
1200 		goto foundit;
1201 	}
1202 
1203 	/* does the token match the token spec? */
1204 	if (token->key == NULL || (C_GetTokenInfo(slot_id, &tokinfo) != CKR_OK))
1205 		return (B_FALSE);
1206 
1207 	token_match = B_TRUE;
1208 
1209 	if (token->name != NULL && (token->name)[0] != '\0' &&
1210 	    strncmp((char *)token->name, (char *)tokinfo.label,
1211 	    TOKEN_LABEL_SIZE) != 0)
1212 		token_match = B_FALSE;
1213 	if (token->mfr != NULL && (token->mfr)[0] != '\0' &&
1214 	    strncmp((char *)token->mfr, (char *)tokinfo.manufacturerID,
1215 	    TOKEN_MANUFACTURER_SIZE) != 0)
1216 		token_match = B_FALSE;
1217 	if (token->serno != NULL && (token->serno)[0] != '\0' &&
1218 	    strncmp((char *)token->serno, (char *)tokinfo.serialNumber,
1219 	    TOKEN_SERIAL_SIZE) != 0)
1220 		token_match = B_FALSE;
1221 
1222 	if (!token_match)
1223 		return (B_FALSE);
1224 
1225 foundit:
1226 	cipher->slot = slot_id;
1227 	return (B_TRUE);
1228 }
1229 
1230 /*
1231  * Clean up crypto loose ends
1232  */
1233 static void
1234 end_crypto(CK_SESSION_HANDLE sess)
1235 {
1236 	(void) C_CloseSession(sess);
1237 	(void) C_Finalize(NULL);
1238 }
1239 
1240 /*
1241  * Set up crypto, opening session on slot that matches token and cipher
1242  */
1243 static void
1244 init_crypto(token_spec_t *token, mech_alias_t *cipher,
1245     CK_SESSION_HANDLE_PTR sess)
1246 {
1247 	CK_RV	rv;
1248 
1249 	cipher->token = token;
1250 
1251 	/* Turn off Metaslot so that we can see actual tokens */
1252 	if (setenv("METASLOT_ENABLED", "false", 1) < 0) {
1253 		die(gettext("could not disable Metaslot"));
1254 	}
1255 
1256 	rv = pkcs11_GetCriteriaSession(match_token_cipher, (void *)cipher,
1257 	    sess);
1258 	if (rv != CKR_OK) {
1259 		end_crypto(*sess);
1260 		if (rv == CKR_HOST_MEMORY) {
1261 			die("malloc");
1262 		}
1263 		die(gettext("failed to find any cryptographic provider, "
1264 		    "use \"cryptoadm list -p\" to find providers: %s\n"),
1265 		    pkcs11_strerror(rv));
1266 	}
1267 }
1268 
1269 /*
1270  * Uncompress a file.
1271  *
1272  * First map the file in to establish a device
1273  * association, then read from it. On-the-fly
1274  * decompression will automatically uncompress
1275  * the file if it's compressed
1276  *
1277  * If the file is mapped and a device association
1278  * has been established, disallow uncompressing
1279  * the file until it is unmapped.
1280  */
1281 static void
1282 lofi_uncompress(int lfd, const char *filename)
1283 {
1284 	struct lofi_ioctl li;
1285 	char buf[MAXBSIZE];
1286 	char devicename[32];
1287 	char tmpfilename[MAXPATHLEN];
1288 	char *x;
1289 	char *dir = NULL;
1290 	char *file = NULL;
1291 	int minor = 0;
1292 	struct stat64 statbuf;
1293 	int compfd = -1;
1294 	int uncompfd = -1;
1295 	ssize_t rbytes;
1296 
1297 	/*
1298 	 * Disallow uncompressing the file if it is
1299 	 * already mapped.
1300 	 */
1301 	li.li_crypto_enabled = B_FALSE;
1302 	li.li_minor = 0;
1303 	(void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
1304 	if (ioctl(lfd, LOFI_GET_MINOR, &li) != -1)
1305 		die(gettext("%s must be unmapped before uncompressing"),
1306 		    filename);
1307 
1308 	/* Zero length files don't need to be uncompressed */
1309 	if (stat64(filename, &statbuf) == -1)
1310 		die(gettext("stat: %s"), filename);
1311 	if (statbuf.st_size == 0)
1312 		return;
1313 
1314 	minor = lofi_map_file(lfd, li, filename);
1315 	(void) snprintf(devicename, sizeof (devicename), "/dev/%s/%d",
1316 	    LOFI_BLOCK_NAME, minor);
1317 
1318 	/* If the file isn't compressed, we just return */
1319 	if ((ioctl(lfd, LOFI_CHECK_COMPRESSED, &li) == -1) ||
1320 	    (li.li_algorithm[0] == '\0')) {
1321 		delete_mapping(lfd, devicename, filename, B_TRUE);
1322 		die("%s is not compressed\n", filename);
1323 	}
1324 
1325 	if ((compfd = open64(devicename, O_RDONLY | O_NONBLOCK)) == -1) {
1326 		delete_mapping(lfd, devicename, filename, B_TRUE);
1327 		die(gettext("open: %s"), filename);
1328 	}
1329 	/* Create a temp file in the same directory */
1330 	x = strdup(filename);
1331 	dir = strdup(dirname(x));
1332 	free(x);
1333 	x = strdup(filename);
1334 	file = strdup(basename(x));
1335 	free(x);
1336 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1337 	    "%s/.%sXXXXXX", dir, file);
1338 	free(dir);
1339 	free(file);
1340 
1341 	if ((uncompfd = mkstemp64(tmpfilename)) == -1) {
1342 		(void) close(compfd);
1343 		delete_mapping(lfd, devicename, filename, B_TRUE);
1344 		die("%s could not be uncompressed\n", filename);
1345 	}
1346 
1347 	/*
1348 	 * Set the mode bits and the owner of this temporary
1349 	 * file to be that of the original uncompressed file
1350 	 */
1351 	(void) fchmod(uncompfd, statbuf.st_mode);
1352 
1353 	if (fchown(uncompfd, statbuf.st_uid, statbuf.st_gid) == -1) {
1354 		(void) close(compfd);
1355 		(void) close(uncompfd);
1356 		delete_mapping(lfd, devicename, filename, B_TRUE);
1357 		die("%s could not be uncompressed\n", filename);
1358 	}
1359 
1360 	/* Now read from the device in MAXBSIZE-sized chunks */
1361 	for (;;) {
1362 		rbytes = read(compfd, buf, sizeof (buf));
1363 
1364 		if (rbytes <= 0)
1365 			break;
1366 
1367 		if (write(uncompfd, buf, rbytes) != rbytes) {
1368 			rbytes = -1;
1369 			break;
1370 		}
1371 	}
1372 
1373 	(void) close(compfd);
1374 	(void) close(uncompfd);
1375 
1376 	/* Delete the mapping */
1377 	delete_mapping(lfd, devicename, filename, B_TRUE);
1378 
1379 	/*
1380 	 * If an error occured while reading or writing, rbytes will
1381 	 * be negative
1382 	 */
1383 	if (rbytes < 0) {
1384 		(void) unlink(tmpfilename);
1385 		die(gettext("could not read from %s"), filename);
1386 	}
1387 
1388 	/* Rename the temp file to the actual file */
1389 	if (rename(tmpfilename, filename) == -1)
1390 		(void) unlink(tmpfilename);
1391 }
1392 
1393 /*
1394  * Compress a file
1395  */
1396 static void
1397 lofi_compress(int *lfd, const char *filename, int compress_index,
1398     uint32_t segsize)
1399 {
1400 	struct lofi_ioctl lic;
1401 	lofi_compress_info_t *li;
1402 	struct flock lock;
1403 	char tmpfilename[MAXPATHLEN];
1404 	char comp_filename[MAXPATHLEN];
1405 	char algorithm[MAXALGLEN];
1406 	char *x;
1407 	char *dir = NULL, *file = NULL;
1408 	uchar_t *uncompressed_seg = NULL;
1409 	uchar_t *compressed_seg = NULL;
1410 	uint32_t compressed_segsize;
1411 	uint32_t len_compressed, count;
1412 	uint32_t index_entries, index_sz;
1413 	uint64_t *index = NULL;
1414 	uint64_t offset;
1415 	size_t real_segsize;
1416 	struct stat64 statbuf;
1417 	int compfd = -1, uncompfd = -1;
1418 	int tfd = -1;
1419 	ssize_t rbytes, wbytes, lastread;
1420 	int i, type;
1421 
1422 	/*
1423 	 * Disallow compressing the file if it is
1424 	 * already mapped
1425 	 */
1426 	lic.li_minor = 0;
1427 	(void) strlcpy(lic.li_filename, filename, sizeof (lic.li_filename));
1428 	if (ioctl(*lfd, LOFI_GET_MINOR, &lic) != -1)
1429 		die(gettext("%s must be unmapped before compressing"),
1430 		    filename);
1431 
1432 	/*
1433 	 * Close the control device so other operations
1434 	 * can use it
1435 	 */
1436 	(void) close(*lfd);
1437 	*lfd = -1;
1438 
1439 	li = &lofi_compress_table[compress_index];
1440 
1441 	/*
1442 	 * The size of the buffer to hold compressed data must
1443 	 * be slightly larger than the compressed segment size.
1444 	 *
1445 	 * The compress functions use part of the buffer as
1446 	 * scratch space to do calculations.
1447 	 * Ref: http://www.zlib.net/manual.html#compress2
1448 	 */
1449 	compressed_segsize = segsize + (segsize >> 6);
1450 	compressed_seg = (uchar_t *)malloc(compressed_segsize + SEGHDR);
1451 	uncompressed_seg = (uchar_t *)malloc(segsize);
1452 
1453 	if (compressed_seg == NULL || uncompressed_seg == NULL)
1454 		die(gettext("No memory"));
1455 
1456 	if ((uncompfd = open64(filename, O_RDWR|O_LARGEFILE, 0)) == -1)
1457 		die(gettext("open: %s"), filename);
1458 
1459 	lock.l_type = F_WRLCK;
1460 	lock.l_whence = SEEK_SET;
1461 	lock.l_start = 0;
1462 	lock.l_len = 0;
1463 
1464 	/*
1465 	 * Use an advisory lock to ensure that only a
1466 	 * single lofiadm process compresses a given
1467 	 * file at any given time
1468 	 *
1469 	 * A close on the file descriptor automatically
1470 	 * closes all lock state on the file
1471 	 */
1472 	if (fcntl(uncompfd, F_SETLKW, &lock) == -1)
1473 		die(gettext("fcntl: %s"), filename);
1474 
1475 	if (fstat64(uncompfd, &statbuf) == -1) {
1476 		(void) close(uncompfd);
1477 		die(gettext("fstat: %s"), filename);
1478 	}
1479 
1480 	/* Zero length files don't need to be compressed */
1481 	if (statbuf.st_size == 0) {
1482 		(void) close(uncompfd);
1483 		return;
1484 	}
1485 
1486 	/*
1487 	 * Create temporary files in the same directory that
1488 	 * will hold the intermediate data
1489 	 */
1490 	x = strdup(filename);
1491 	dir = strdup(dirname(x));
1492 	free(x);
1493 	x = strdup(filename);
1494 	file = strdup(basename(x));
1495 	free(x);
1496 	(void) snprintf(tmpfilename, sizeof (tmpfilename),
1497 	    "%s/.%sXXXXXX", dir, file);
1498 	(void) snprintf(comp_filename, sizeof (comp_filename),
1499 	    "%s/.%sXXXXXX", dir, file);
1500 	free(dir);
1501 	free(file);
1502 
1503 	if ((tfd = mkstemp64(tmpfilename)) == -1)
1504 		goto cleanup;
1505 
1506 	if ((compfd = mkstemp64(comp_filename)) == -1)
1507 		goto cleanup;
1508 
1509 	/*
1510 	 * Set the mode bits and owner of the compressed
1511 	 * file to be that of the original uncompressed file
1512 	 */
1513 	(void) fchmod(compfd, statbuf.st_mode);
1514 
1515 	if (fchown(compfd, statbuf.st_uid, statbuf.st_gid) == -1)
1516 		goto cleanup;
1517 
1518 	/*
1519 	 * Calculate the number of index entries required.
1520 	 * index entries are stored as an array. adding
1521 	 * a '2' here accounts for the fact that the last
1522 	 * segment may not be a multiple of the segment size
1523 	 */
1524 	index_sz = (statbuf.st_size / segsize) + 2;
1525 	index = malloc(sizeof (*index) * index_sz);
1526 
1527 	if (index == NULL)
1528 		goto cleanup;
1529 
1530 	offset = 0;
1531 	lastread = segsize;
1532 	count = 0;
1533 
1534 	/*
1535 	 * Now read from the uncompressed file in 'segsize'
1536 	 * sized chunks, compress what was read in and
1537 	 * write it out to a temporary file
1538 	 */
1539 	for (;;) {
1540 		rbytes = read(uncompfd, uncompressed_seg, segsize);
1541 
1542 		if (rbytes <= 0)
1543 			break;
1544 
1545 		if (lastread < segsize)
1546 			goto cleanup;
1547 
1548 		/*
1549 		 * Account for the first byte that
1550 		 * indicates whether a segment is
1551 		 * compressed or not
1552 		 */
1553 		real_segsize = segsize - 1;
1554 		(void) li->l_compress(uncompressed_seg, rbytes,
1555 		    compressed_seg + SEGHDR, &real_segsize, li->l_level);
1556 
1557 		/*
1558 		 * If the length of the compressed data is more
1559 		 * than a threshold then there isn't any benefit
1560 		 * to be had from compressing this segment - leave
1561 		 * it uncompressed.
1562 		 *
1563 		 * NB. In case an error occurs during compression (above)
1564 		 * the 'real_segsize' isn't changed. The logic below
1565 		 * ensures that that segment is left uncompressed.
1566 		 */
1567 		len_compressed = real_segsize;
1568 		if (segsize <= COMPRESS_THRESHOLD ||
1569 		    real_segsize > (segsize - COMPRESS_THRESHOLD)) {
1570 			(void) memcpy(compressed_seg + SEGHDR, uncompressed_seg,
1571 			    rbytes);
1572 			type = UNCOMPRESSED;
1573 			len_compressed = rbytes;
1574 		} else {
1575 			type = COMPRESSED;
1576 		}
1577 
1578 		/*
1579 		 * Set the first byte or the SEGHDR to
1580 		 * indicate if it's compressed or not
1581 		 */
1582 		*compressed_seg = type;
1583 		wbytes = write(tfd, compressed_seg, len_compressed + SEGHDR);
1584 		if (wbytes != (len_compressed + SEGHDR)) {
1585 			rbytes = -1;
1586 			break;
1587 		}
1588 
1589 		index[count] = BE_64(offset);
1590 		offset += wbytes;
1591 		lastread = rbytes;
1592 		count++;
1593 	}
1594 
1595 	(void) close(uncompfd);
1596 
1597 	if (rbytes < 0)
1598 		goto cleanup;
1599 	/*
1600 	 * The last index entry is a sentinel entry. It does not point to
1601 	 * an actual compressed segment but helps in computing the size of
1602 	 * the compressed segment. The size of each compressed segment is
1603 	 * computed by subtracting the current index value from the next
1604 	 * one (the compressed blocks are stored sequentially)
1605 	 */
1606 	index[count++] = BE_64(offset);
1607 
1608 	/*
1609 	 * Now write the compressed data along with the
1610 	 * header information to this file which will
1611 	 * later be renamed to the original uncompressed
1612 	 * file name
1613 	 *
1614 	 * The header is as follows -
1615 	 *
1616 	 * Signature (name of the compression algorithm)
1617 	 * Compression segment size (a multiple of 512)
1618 	 * Number of index entries
1619 	 * Size of the last block
1620 	 * The array containing the index entries
1621 	 *
1622 	 * the header is always stored in network byte
1623 	 * order
1624 	 */
1625 	(void) bzero(algorithm, sizeof (algorithm));
1626 	(void) strlcpy(algorithm, li->l_name, sizeof (algorithm));
1627 	if (write(compfd, algorithm, sizeof (algorithm))
1628 	    != sizeof (algorithm))
1629 		goto cleanup;
1630 
1631 	segsize = htonl(segsize);
1632 	if (write(compfd, &segsize, sizeof (segsize)) != sizeof (segsize))
1633 		goto cleanup;
1634 
1635 	index_entries = htonl(count);
1636 	if (write(compfd, &index_entries, sizeof (index_entries)) !=
1637 	    sizeof (index_entries))
1638 		goto cleanup;
1639 
1640 	lastread = htonl(lastread);
1641 	if (write(compfd, &lastread, sizeof (lastread)) != sizeof (lastread))
1642 		goto cleanup;
1643 
1644 	for (i = 0; i < count; i++) {
1645 		if (write(compfd, index + i, sizeof (*index)) !=
1646 		    sizeof (*index))
1647 			goto cleanup;
1648 	}
1649 
1650 	/* Header is written, now write the compressed data */
1651 	if (lseek(tfd, 0, SEEK_SET) != 0)
1652 		goto cleanup;
1653 
1654 	rbytes = wbytes = 0;
1655 
1656 	for (;;) {
1657 		rbytes = read(tfd, compressed_seg, compressed_segsize + SEGHDR);
1658 
1659 		if (rbytes <= 0)
1660 			break;
1661 
1662 		if (write(compfd, compressed_seg, rbytes) != rbytes)
1663 			goto cleanup;
1664 	}
1665 
1666 	if (fstat64(compfd, &statbuf) == -1)
1667 		goto cleanup;
1668 
1669 	/*
1670 	 * Round up the compressed file size to be a multiple of
1671 	 * DEV_BSIZE. lofi(7D) likes it that way.
1672 	 */
1673 	if ((offset = statbuf.st_size % DEV_BSIZE) > 0) {
1674 
1675 		offset = DEV_BSIZE - offset;
1676 
1677 		for (i = 0; i < offset; i++)
1678 			uncompressed_seg[i] = '\0';
1679 		if (write(compfd, uncompressed_seg, offset) != offset)
1680 			goto cleanup;
1681 	}
1682 	(void) close(compfd);
1683 	(void) close(tfd);
1684 	(void) unlink(tmpfilename);
1685 cleanup:
1686 	if (rbytes < 0) {
1687 		if (tfd != -1)
1688 			(void) unlink(tmpfilename);
1689 		if (compfd != -1)
1690 			(void) unlink(comp_filename);
1691 		die(gettext("error compressing file %s"), filename);
1692 	} else {
1693 		/* Rename the compressed file to the actual file */
1694 		if (rename(comp_filename, filename) == -1) {
1695 			(void) unlink(comp_filename);
1696 			die(gettext("error compressing file %s"), filename);
1697 		}
1698 	}
1699 	if (compressed_seg != NULL)
1700 		free(compressed_seg);
1701 	if (uncompressed_seg != NULL)
1702 		free(uncompressed_seg);
1703 	if (index != NULL)
1704 		free(index);
1705 	if (compfd != -1)
1706 		(void) close(compfd);
1707 	if (uncompfd != -1)
1708 		(void) close(uncompfd);
1709 	if (tfd != -1)
1710 		(void) close(tfd);
1711 }
1712 
1713 static int
1714 lofi_compress_select(const char *algname)
1715 {
1716 	int i;
1717 
1718 	for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
1719 		if (strcmp(lofi_compress_table[i].l_name, algname) == 0)
1720 			return (i);
1721 	}
1722 	return (-1);
1723 }
1724 
1725 static void
1726 check_algorithm_validity(const char *algname, int *compress_index)
1727 {
1728 	*compress_index = lofi_compress_select(algname);
1729 	if (*compress_index < 0)
1730 		die(gettext("invalid algorithm name: %s\n"), algname);
1731 }
1732 
1733 static void
1734 check_file_validity(const char *filename)
1735 {
1736 	struct stat64 buf;
1737 	int 	error;
1738 	int	fd;
1739 
1740 	fd = open64(filename, O_RDONLY);
1741 	if (fd == -1) {
1742 		die(gettext("open: %s"), filename);
1743 	}
1744 	error = fstat64(fd, &buf);
1745 	if (error == -1) {
1746 		die(gettext("fstat: %s"), filename);
1747 	} else if (!S_ISLOFIABLE(buf.st_mode)) {
1748 		die(gettext("%s is not a regular file, "
1749 		    "block, or character device\n"),
1750 		    filename);
1751 	} else if ((buf.st_size % DEV_BSIZE) != 0) {
1752 		die(gettext("size of %s is not a multiple of %d\n"),
1753 		    filename, DEV_BSIZE);
1754 	}
1755 	(void) close(fd);
1756 
1757 	if (name_to_minor(filename) != 0) {
1758 		die(gettext("cannot use %s on itself\n"), LOFI_DRIVER_NAME);
1759 	}
1760 }
1761 
1762 static uint32_t
1763 convert_to_num(const char *str)
1764 {
1765 	int len;
1766 	uint32_t segsize, mult = 1;
1767 
1768 	len = strlen(str);
1769 	if (len && isalpha(str[len - 1])) {
1770 		switch (str[len - 1]) {
1771 		case 'k':
1772 		case 'K':
1773 			mult = KILOBYTE;
1774 			break;
1775 		case 'b':
1776 		case 'B':
1777 			mult = BLOCK_SIZE;
1778 			break;
1779 		case 'm':
1780 		case 'M':
1781 			mult = MEGABYTE;
1782 			break;
1783 		case 'g':
1784 		case 'G':
1785 			mult = GIGABYTE;
1786 			break;
1787 		default:
1788 			die(gettext("invalid segment size %s\n"), str);
1789 		}
1790 	}
1791 
1792 	segsize = atol(str);
1793 	segsize *= mult;
1794 
1795 	return (segsize);
1796 }
1797 
1798 int
1799 main(int argc, char *argv[])
1800 {
1801 	int	lfd;
1802 	int	c;
1803 	const char *devicename = NULL;
1804 	const char *filename = NULL;
1805 	const char *algname = COMPRESS_ALGORITHM;
1806 	int	openflag;
1807 	int	minor;
1808 	int 	compress_index;
1809 	uint32_t segsize = SEGSIZE;
1810 	static char *lofictl = "/dev/" LOFI_CTL_NAME;
1811 	boolean_t force = B_FALSE;
1812 	const char *pname;
1813 	boolean_t errflag = B_FALSE;
1814 	boolean_t addflag = B_FALSE;
1815 	boolean_t rdflag = B_FALSE;
1816 	boolean_t deleteflag = B_FALSE;
1817 	boolean_t ephflag = B_FALSE;
1818 	boolean_t compressflag = B_FALSE;
1819 	boolean_t uncompressflag = B_FALSE;
1820 	/* the next two work together for -c, -k, -T, -e options only */
1821 	boolean_t need_crypto = B_FALSE;	/* if any -c, -k, -T, -e */
1822 	boolean_t cipher_only = B_TRUE;		/* if -c only */
1823 	const char *keyfile = NULL;
1824 	mech_alias_t *cipher = NULL;
1825 	token_spec_t *token = NULL;
1826 	char	*rkey = NULL;
1827 	size_t	rksz = 0;
1828 	char realfilename[MAXPATHLEN];
1829 
1830 	pname = getpname(argv[0]);
1831 
1832 	(void) setlocale(LC_ALL, "");
1833 	(void) textdomain(TEXT_DOMAIN);
1834 
1835 	while ((c = getopt(argc, argv, "a:c:Cd:efk:o:rs:T:U")) != EOF) {
1836 		switch (c) {
1837 		case 'a':
1838 			addflag = B_TRUE;
1839 			if ((filename = realpath(optarg, realfilename)) == NULL)
1840 				die("%s", optarg);
1841 			if (((argc - optind) > 0) && (*argv[optind] != '-')) {
1842 				/* optional device */
1843 				devicename = argv[optind];
1844 				optind++;
1845 			}
1846 			break;
1847 		case 'C':
1848 			compressflag = B_TRUE;
1849 			if (((argc - optind) > 1) && (*argv[optind] != '-')) {
1850 				/* optional algorithm */
1851 				algname = argv[optind];
1852 				optind++;
1853 			}
1854 			check_algorithm_validity(algname, &compress_index);
1855 			break;
1856 		case 'c':
1857 			/* is the chosen cipher allowed? */
1858 			if ((cipher = ciph2mech(optarg)) == NULL) {
1859 				errflag = B_TRUE;
1860 				warn(gettext("cipher %s not allowed\n"),
1861 				    optarg);
1862 			}
1863 			need_crypto = B_TRUE;
1864 			/* cipher_only is already set */
1865 			break;
1866 		case 'd':
1867 			deleteflag = B_TRUE;
1868 			minor = name_to_minor(optarg);
1869 			if (minor != 0)
1870 				devicename = optarg;
1871 			else {
1872 				if ((filename = realpath(optarg,
1873 				    realfilename)) == NULL)
1874 					die("%s", optarg);
1875 			}
1876 			break;
1877 		case 'e':
1878 			ephflag = B_TRUE;
1879 			need_crypto = B_TRUE;
1880 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1881 			break;
1882 		case 'f':
1883 			force = B_TRUE;
1884 			break;
1885 		case 'k':
1886 			keyfile = optarg;
1887 			need_crypto = B_TRUE;
1888 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1889 			break;
1890 		case 'r':
1891 			rdflag = B_TRUE;
1892 			break;
1893 		case 's':
1894 			segsize = convert_to_num(optarg);
1895 			if (segsize < DEV_BSIZE || !ISP2(segsize))
1896 				die(gettext("segment size %s is invalid "
1897 				    "or not a multiple of minimum block "
1898 				    "size %ld\n"), optarg, DEV_BSIZE);
1899 			break;
1900 		case 'T':
1901 			if ((token = parsetoken(optarg)) == NULL) {
1902 				errflag = B_TRUE;
1903 				warn(
1904 				    gettext("invalid token key specifier %s\n"),
1905 				    optarg);
1906 			}
1907 			need_crypto = B_TRUE;
1908 			cipher_only = B_FALSE;	/* need to unset cipher_only */
1909 			break;
1910 		case 'U':
1911 			uncompressflag = B_TRUE;
1912 			break;
1913 		case '?':
1914 		default:
1915 			errflag = B_TRUE;
1916 			break;
1917 		}
1918 	}
1919 
1920 	/* Check for mutually exclusive combinations of options */
1921 	if (errflag ||
1922 	    (addflag && deleteflag) ||
1923 	    (rdflag && !addflag) ||
1924 	    (!addflag && need_crypto) ||
1925 	    ((compressflag || uncompressflag) && (addflag || deleteflag)))
1926 		usage(pname);
1927 
1928 	/* ephemeral key, and key from either file or token are incompatible */
1929 	if (ephflag && (keyfile != NULL || token != NULL)) {
1930 		die(gettext("ephemeral key cannot be used with keyfile"
1931 		    " or token key\n"));
1932 	}
1933 
1934 	/*
1935 	 * "-c" but no "-k", "-T", "-e", or "-T -k" means derive key from
1936 	 * command line passphrase
1937 	 */
1938 
1939 	switch (argc - optind) {
1940 	case 0: /* no more args */
1941 		if (compressflag || uncompressflag)	/* needs filename */
1942 			usage(pname);
1943 		break;
1944 	case 1:
1945 		if (addflag || deleteflag)
1946 			usage(pname);
1947 		/* one arg means compress/uncompress the file ... */
1948 		if (compressflag || uncompressflag) {
1949 			if ((filename = realpath(argv[optind],
1950 			    realfilename)) == NULL)
1951 				die("%s", argv[optind]);
1952 		/* ... or without options means print the association */
1953 		} else {
1954 			minor = name_to_minor(argv[optind]);
1955 			if (minor != 0)
1956 				devicename = argv[optind];
1957 			else {
1958 				if ((filename = realpath(argv[optind],
1959 				    realfilename)) == NULL)
1960 					die("%s", argv[optind]);
1961 			}
1962 		}
1963 		break;
1964 	default:
1965 		usage(pname);
1966 		break;
1967 	}
1968 
1969 	if (addflag || compressflag || uncompressflag)
1970 		check_file_validity(filename);
1971 
1972 	if (filename && !valid_abspath(filename))
1973 		exit(E_ERROR);
1974 
1975 	/*
1976 	 * Here, we know the arguments are correct, the filename is an
1977 	 * absolute path, it exists and is a regular file. We don't yet
1978 	 * know that the device name is ok or not.
1979 	 */
1980 
1981 	openflag = O_EXCL;
1982 	if (addflag || deleteflag || compressflag || uncompressflag)
1983 		openflag |= O_RDWR;
1984 	else
1985 		openflag |= O_RDONLY;
1986 	lfd = open(lofictl, openflag);
1987 	if (lfd == -1) {
1988 		if ((errno == EPERM) || (errno == EACCES)) {
1989 			die(gettext("you do not have permission to perform "
1990 			    "that operation.\n"));
1991 		} else {
1992 			die(gettext("open: %s"), lofictl);
1993 		}
1994 		/*NOTREACHED*/
1995 	}
1996 
1997 	/*
1998 	 * No passphrase is needed for ephemeral key, or when key is
1999 	 * in a file and not wrapped by another key from a token.
2000 	 * However, a passphrase is needed in these cases:
2001 	 * 1. cipher with no ephemeral key, key file, or token,
2002 	 *    in which case the passphrase is used to build the key
2003 	 * 2. token with an optional cipher or optional key file,
2004 	 *    in which case the passphrase unlocks the token
2005 	 * If only the cipher is specified, reconfirm the passphrase
2006 	 * to ensure the user hasn't mis-entered it.  Otherwise, the
2007 	 * token will enforce the token passphrase.
2008 	 */
2009 	if (need_crypto) {
2010 		CK_SESSION_HANDLE	sess;
2011 
2012 		/* pick a cipher if none specified */
2013 		if (cipher == NULL)
2014 			cipher = DEFAULT_CIPHER;
2015 
2016 		if (!kernel_cipher_check(cipher))
2017 			die(gettext(
2018 			    "use \"cryptoadm list -m\" to find available "
2019 			    "mechanisms\n"));
2020 
2021 		init_crypto(token, cipher, &sess);
2022 
2023 		if (cipher_only) {
2024 			getkeyfromuser(cipher, &rkey, &rksz);
2025 		} else if (token != NULL) {
2026 			getkeyfromtoken(sess, token, keyfile, cipher,
2027 			    &rkey, &rksz);
2028 		} else {
2029 			/* this also handles ephemeral keys */
2030 			getkeyfromfile(keyfile, cipher, &rkey, &rksz);
2031 		}
2032 
2033 		end_crypto(sess);
2034 	}
2035 
2036 	/*
2037 	 * Now to the real work.
2038 	 */
2039 	if (addflag)
2040 		add_mapping(lfd, devicename, filename, cipher, rkey, rksz,
2041 		    rdflag);
2042 	else if (compressflag)
2043 		lofi_compress(&lfd, filename, compress_index, segsize);
2044 	else if (uncompressflag)
2045 		lofi_uncompress(lfd, filename);
2046 	else if (deleteflag)
2047 		delete_mapping(lfd, devicename, filename, force);
2048 	else if (filename || devicename)
2049 		print_one_mapping(lfd, devicename, filename);
2050 	else
2051 		print_mappings(lfd);
2052 
2053 	if (lfd != -1)
2054 		(void) close(lfd);
2055 	closelib();
2056 	return (E_SUCCESS);
2057 }
2058