1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 
  27 #include <stdlib.h>
  28 #include <stdio.h>
  29 #include <string.h>
  30 #include <strings.h>
  31 #include <sys/param.h>
  32 #include <pwd.h>
  33 #include <nss_dbdefs.h>
  34 #include <auth_attr.h>
  35 #include "crypto_util.h"
  36 
  37 /* init kmf handle and pkcs11 handle, for cc creation */
  38 int
  39 wusb_crypto_init(
  40                 KMF_HANDLE_T *kmfhandle,
  41                 CK_SESSION_HANDLE *pkhandle,
  42                 const char *pktoken,
  43                 const char *tokendir)
  44 {
  45         KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
  46         boolean_t bfalse = FALSE;
  47         KMF_ATTRIBUTE attrlist[20];
  48         int numattr;
  49 
  50         /* change default softtoken directory */
  51         if (setenv("SOFTTOKEN_DIR", tokendir, 1) != 0) {
  52 
  53                 return (-1);
  54         }
  55 
  56         /* init kmf */
  57         if (kmf_initialize(kmfhandle, NULL, NULL) != KMF_OK) {
  58 
  59                 return (-1);
  60         }
  61 
  62         numattr = 0;
  63         kmf_set_attr_at_index(attrlist, numattr++,
  64             KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
  65         kmf_set_attr_at_index(attrlist, numattr++,
  66             KMF_TOKEN_LABEL_ATTR, (void *)pktoken, strlen(pktoken) + 1);
  67         kmf_set_attr_at_index(attrlist, numattr++,
  68             KMF_READONLY_ATTR, &bfalse, sizeof (bfalse));
  69 
  70         if (kmf_configure_keystore(*kmfhandle, numattr, attrlist) != KMF_OK) {
  71 
  72                 return (-1);
  73         }
  74 
  75         /* get pkcs11 handle from kmf */
  76         *pkhandle = kmf_get_pk11_handle(*kmfhandle);
  77         if (*pkhandle == NULL) {
  78 
  79                 return (-1);
  80         }
  81 
  82         return (0);
  83 }
  84 
  85 void
  86 wusb_crypto_fini(KMF_HANDLE_T kmfhandle)
  87 {
  88         (void) kmf_finalize(kmfhandle);
  89 }
  90 
  91 /* random generation, for cc creation */
  92 int
  93 wusb_random(
  94                 CK_SESSION_HANDLE hSession,
  95                 CK_BYTE *seed, size_t slen,
  96                 CK_BYTE *rand, size_t rlen)
  97 {
  98         hrtime_t hrt;
  99 
 100         if (seed == NULL) {
 101                 hrt = gethrtime() + gethrvtime();
 102                 if (C_SeedRandom(hSession, (CK_BYTE *)&hrt,
 103                     sizeof (hrt)) != CKR_OK) {
 104 
 105                         return (-1);
 106                 }
 107         } else {
 108                 if (C_SeedRandom(hSession, seed, slen) != CKR_OK) {
 109 
 110                         return (-1);
 111                 }
 112         }
 113 
 114         if (C_GenerateRandom(hSession, rand, rlen) != CKR_OK) {
 115 
 116                 return (-1);
 117         }
 118 
 119         return (0);
 120 }
 121 
 122 
 123 /* conver mac address to label string */
 124 void
 125 mac_to_label(uint8_t *mac, char *label)
 126 {
 127         int i;
 128 
 129         bzero(label, WUSB_CC_LABEL_LENGTH);
 130         for (i = 0; i < WUSB_DEV_MAC_LENGTH; i++) {
 131                 (void) snprintf(label, WUSB_CC_LABEL_LENGTH,
 132                     "%s%02x", label, mac[i]);
 133         }
 134 }
 135 
 136 /* ARGSUSED */
 137 /* For debug only, print an array of byte */
 138 void
 139 print_array(const char *label, CK_BYTE *array, size_t len)
 140 {
 141 #ifdef DEBUG
 142         int i;
 143 
 144         fprintf(stdout, "%s :\n", label);
 145         for (i = 0; i < len; i++) {
 146                 fprintf(stdout, "%02x ", array[i]);
 147                 if ((i & 15) == 15) fprintf(stdout, "\n");
 148         }
 149 #endif
 150 }
 151 
 152 /* Check if a uid has auths */
 153 int
 154 chk_auths(uid_t uid, const char *auths)
 155 {
 156         struct  passwd pwd;
 157         char    buf[NSS_LINELEN_PASSWD];
 158 
 159 
 160         if (uid == (uid_t)-1) {
 161                 return (-1);
 162         }
 163 
 164         /* get user name */
 165         if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) {
 166                 return (-1);
 167         }
 168 
 169         /* check the auths */
 170         if (chkauthattr(auths, pwd.pw_name) != 1) {
 171                 return (-1);
 172         }
 173         return (0);
 174 
 175 }