1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2018, Joyent, Inc. 24 */ 25 26 /* 27 * Functions used for manipulating the keystore 28 */ 29 30 #include <stdio.h> 31 #include <stdlib.h> 32 #include <errno.h> 33 #include <sys/stat.h> 34 #include <fcntl.h> 35 #include <time.h> 36 #include <unistd.h> 37 #include <pwd.h> 38 #include <sys/types.h> 39 #include <dirent.h> 40 #include <limits.h> 41 #include <libgen.h> 42 #include <strings.h> 43 #include <security/cryptoki.h> 44 #include <cryptoutil.h> 45 #include "softGlobal.h" 46 #include "softObject.h" 47 #include "softSession.h" 48 #include "softKeystore.h" 49 #include "softKeystoreUtil.h" 50 51 #define MAXPATHLEN 1024 52 #define SUNW_PATH ".sunw" /* top level Sun directory */ 53 #define KEYSTORE_PATH "pkcs11_softtoken" /* keystore directory */ 54 #define PUB_OBJ_DIR "public" /* directory for public objects */ 55 #define PRI_OBJ_DIR "private" /* directory for private objects */ 56 #define DS_FILE "objstore_info" /* keystore description file */ 57 #define TMP_DS_FILE "t_info" /* temp name for keystore desc. file */ 58 #define OBJ_PREFIX "obj" /* prefix of the keystore object file names */ 59 #define OBJ_PREFIX_LEN sizeof (OBJ_PREFIX) - 1 /* length of prefix */ 60 #define TMP_OBJ_PREFIX "t_o" /* prefix of the temp object file names */ 61 62 /* 63 * KEYSTORE DESCRIPTION FILE: 64 * 65 * The following describes the content of the keystore description file 66 * 67 * The order AND data type of the fields are very important. 68 * All the code in this file assume that they are in the order specified 69 * below. If either order of the fields or their data type changed, 70 * you must make sure the ALL the pre-define values are still valid 71 * 72 * 1) PKCS#11 release number. It's 2.20 in this release (uchar_t[32]) 73 * 2) keystore version number: used for synchronizing when different 74 * processes access the keystore at the same time. It is incremented 75 * when there is a change to the keystore. (uint_32) 76 * 3) monotonic-counter: last counter value for name of token object file. 77 * used for assigning unique name to each token (uint_32) 78 * 4) salt used for generating encryption key (uint_16) 79 * 5) salt used for generating key used for doing HMAC (uint_16) 80 * 6) Length of salt used for generating hashed pin (length of salt 81 * is variable) 82 * 7) Salt used for generating hashed pin. 83 * 8) Hashed pin len (length of hashed pin could be variable, the offset of 84 * where this value lives in the file is calculated at run time) 85 * 9) Hashed pin 86 * 87 */ 88 89 /* Keystore description file pre-defined values */ 90 #define KS_PKCS11_VER "2.20" 91 #define KS_PKCS11_OFFSET 0 92 #define KS_PKCS11_VER_SIZE 32 93 94 #define KS_VER_OFFSET (KS_PKCS11_OFFSET + KS_PKCS11_VER_SIZE) 95 #define KS_VER_SIZE 4 /* size in bytes of keystore version value */ 96 97 #define KS_COUNTER_OFFSET (KS_VER_OFFSET + KS_VER_SIZE) 98 #define KS_COUNTER_SIZE 4 /* size in bytes of the monotonic counter */ 99 100 #define KS_KEY_SALT_OFFSET (KS_COUNTER_OFFSET + KS_COUNTER_SIZE) 101 #define KS_KEY_SALT_SIZE PBKD2_SALT_SIZE 102 103 #define KS_HMAC_SALT_OFFSET (KS_KEY_SALT_OFFSET + KS_KEY_SALT_SIZE) 104 #define KS_HMAC_SALT_SIZE PBKD2_SALT_SIZE 105 106 /* Salt for hashed pin */ 107 #define KS_HASHED_PIN_SALT_LEN_OFFSET (KS_HMAC_SALT_OFFSET + KS_HMAC_SALT_SIZE) 108 #define KS_HASHED_PIN_SALT_LEN_SIZE 8 /* stores length of hashed pin salt */ 109 110 #define KS_HASHED_PIN_SALT_OFFSET \ 111 (KS_HASHED_PIN_SALT_LEN_OFFSET + KS_HASHED_PIN_SALT_LEN_SIZE) 112 113 /* 114 * hashed pin 115 * 116 * hashed_pin length offset will be calculated at run time since 117 * there's the hashed pin salt size is variable. 118 * 119 * The offset will be calculated at run time by calling the 120 * function calculate_hashed_pin_offset() 121 */ 122 static off_t ks_hashed_pinlen_offset = -1; 123 #define KS_HASHED_PINLEN_SIZE 8 124 125 /* End of Keystore description file pre-defined values */ 126 127 /* 128 * Metadata for each object 129 * 130 * The order AND data type of all the fields is very important. 131 * All the code in this file assume that they are in the order specified 132 * below. If either order of the fields or their data type is changed, 133 * you must make sure the following pre-define value is still valid 134 * Each object will have the meta data at the beginning of the object file. 135 * 136 * 1) object_version: used by softtoken to see if the object 137 * has been modified since it last reads it. (uint_32) 138 * 2) iv: initialization vector for encrypted data in the object. This 139 * value will be 0 for public objects. (uchar_t[16]) 140 * 3) obj_hmac: keyed hash as verifier to detect private object 141 * being tampered this value will be 0 for public objects (uchar_t[16]) 142 */ 143 144 /* Object metadata pre-defined values */ 145 #define OBJ_VER_OFFSET 0 146 #define OBJ_VER_SIZE 4 /* size of object version in bytes */ 147 #define OBJ_IV_OFFSET (OBJ_VER_OFFSET + OBJ_VER_SIZE) 148 #define OBJ_IV_SIZE 16 149 #define OBJ_HMAC_OFFSET (OBJ_IV_OFFSET + OBJ_IV_SIZE) 150 #define OBJ_HMAC_SIZE 16 /* MD5 HMAC keyed hash */ 151 #define OBJ_DATA_OFFSET (OBJ_HMAC_OFFSET + OBJ_HMAC_SIZE) 152 /* End of object metadata pre-defined values */ 153 154 #define ALTERNATE_KEYSTORE_PATH "SOFTTOKEN_DIR" 155 156 static soft_object_t *enc_key = NULL; 157 static soft_object_t *hmac_key = NULL; 158 static char keystore_path[MAXPATHLEN]; 159 static boolean_t keystore_path_initialized = B_FALSE; 160 static int desc_fd = 0; 161 162 static char * 163 get_keystore_path() 164 { 165 char *home = getenv("HOME"); 166 char *alt = getenv(ALTERNATE_KEYSTORE_PATH); 167 168 if (keystore_path_initialized) { 169 return (keystore_path); 170 } 171 172 bzero(keystore_path, sizeof (keystore_path)); 173 /* 174 * If it isn't set or is set to the empty string use the 175 * default location. We need to check for the empty string 176 * because some users "unset" environment variables by giving 177 * them no value, this isn't the same thing as removing it 178 * from the environment. 179 * 180 * We don't want that to attempt to open /.sunw/pkcs11_sofftoken 181 */ 182 if ((alt != NULL) && (strcmp(alt, "") != 0)) { 183 (void) snprintf(keystore_path, MAXPATHLEN, "%s/%s", 184 alt, KEYSTORE_PATH); 185 keystore_path_initialized = B_TRUE; 186 } else if ((home != NULL) && (strcmp(home, "") != 0)) { 187 /* alternate path not specified, try user's home dir */ 188 (void) snprintf(keystore_path, MAXPATHLEN, "%s/%s/%s", 189 home, SUNW_PATH, KEYSTORE_PATH); 190 keystore_path_initialized = B_TRUE; 191 } 192 return (keystore_path); 193 } 194 195 static char * 196 get_pub_obj_path(char *name) 197 { 198 bzero(name, sizeof (name)); 199 (void) snprintf(name, MAXPATHLEN, "%s/%s", 200 get_keystore_path(), PUB_OBJ_DIR); 201 return (name); 202 } 203 204 static char * 205 get_pri_obj_path(char *name) 206 { 207 bzero(name, sizeof (name)); 208 (void) snprintf(name, MAXPATHLEN, "%s/%s", 209 get_keystore_path(), PRI_OBJ_DIR); 210 return (name); 211 } 212 213 static char * 214 get_desc_file_path(char *name) 215 { 216 bzero(name, sizeof (name)); 217 (void) snprintf(name, MAXPATHLEN, "%s/%s", 218 get_keystore_path(), DS_FILE); 219 return (name); 220 } 221 222 static char * 223 get_tmp_desc_file_path(char *name) 224 { 225 bzero(name, sizeof (name)); 226 (void) snprintf(name, MAXPATHLEN, "%s/%s", 227 get_keystore_path(), TMP_DS_FILE); 228 return (name); 229 } 230 231 /* 232 * Calculates the offset for hashed_pin length and hashed pin 233 * 234 * Returns 0 if successful, -1 if there's any error. 235 * 236 * If successful, global variables "ks_hashed_pinlen_offset" will be set. 237 * 238 */ 239 static int 240 calculate_hashed_pin_offset(int fd) 241 { 242 uint64_t salt_length; 243 244 if (lseek(fd, KS_HASHED_PIN_SALT_LEN_OFFSET, SEEK_SET) 245 != KS_HASHED_PIN_SALT_LEN_OFFSET) { 246 return (-1); 247 } 248 249 if (readn_nointr(fd, (char *)&salt_length, 250 KS_HASHED_PIN_SALT_LEN_SIZE) != KS_HASHED_PIN_SALT_LEN_SIZE) { 251 return (-1); 252 } 253 salt_length = SWAP64(salt_length); 254 255 ks_hashed_pinlen_offset = KS_HASHED_PIN_SALT_LEN_OFFSET 256 + KS_HASHED_PIN_SALT_LEN_SIZE + salt_length; 257 258 return (0); 259 260 } 261 262 /* 263 * acquire or release read/write lock on a specific file 264 * 265 * read_lock: true for read lock; false for write lock 266 * set_lock: true to set a lock; false to release a lock 267 */ 268 static int 269 lock_file(int fd, boolean_t read_lock, boolean_t set_lock) 270 { 271 272 flock_t lock_info; 273 int r; 274 275 lock_info.l_whence = SEEK_SET; 276 lock_info.l_start = 0; 277 lock_info.l_len = 0; /* l_len == 0 means until end of file */ 278 279 if (read_lock) { 280 lock_info.l_type = F_RDLCK; 281 } else { 282 lock_info.l_type = F_WRLCK; 283 } 284 285 if (set_lock) { 286 while ((r = fcntl(fd, F_SETLKW, &lock_info)) == -1) { 287 if (errno != EINTR) 288 break; 289 } 290 if (r == -1) { 291 return (-1); 292 } 293 } else { 294 lock_info.l_type = F_UNLCK; 295 while ((r = fcntl(fd, F_SETLKW, &lock_info)) == -1) { 296 if (errno != EINTR) 297 break; 298 } 299 if (r == -1) { 300 return (-1); 301 } 302 } 303 304 return (0); 305 } 306 307 int 308 create_keystore() 309 { 310 int fd, buf; 311 uint64_t hashed_pin_len, hashed_pin_salt_len, ulong_buf; 312 uchar_t ver_buf[KS_PKCS11_VER_SIZE]; 313 char pub_obj_path[MAXPATHLEN], pri_obj_path[MAXPATHLEN], 314 ks_desc_file[MAXPATHLEN]; 315 CK_BYTE salt[KS_KEY_SALT_SIZE]; 316 char *hashed_pin = NULL, *hashed_pin_salt = NULL; 317 char *alt; 318 319 /* keystore doesn't exist, create keystore directory */ 320 if (mkdir(get_keystore_path(), S_IRUSR|S_IWUSR|S_IXUSR) < 0) { 321 if (errno == EEXIST) { 322 return (0); 323 } 324 325 if (errno == EACCES) { 326 return (-1); 327 } 328 329 /* can't create keystore directory */ 330 if (errno == ENOENT) { /* part of the path doesn't exist */ 331 char keystore[MAXPATHLEN]; 332 /* 333 * try to create $HOME/.sunw/pkcs11_softtoken if it 334 * doesn't exist. If it is a alternate path provided 335 * by the user, it should have existed. Will not 336 * create for them. 337 */ 338 alt = getenv(ALTERNATE_KEYSTORE_PATH); 339 if ((alt == NULL) || (strcmp(alt, "") == 0)) { 340 char *home = getenv("HOME"); 341 342 if (home == NULL || strcmp(home, "") == 0) { 343 return (-1); 344 } 345 /* create $HOME/.sunw/pkcs11_softtoken */ 346 (void) snprintf(keystore, sizeof (keystore), 347 "%s/%s/%s", home, SUNW_PATH, KEYSTORE_PATH); 348 if (mkdirp(keystore, 349 S_IRUSR|S_IWUSR|S_IXUSR) < 0) { 350 return (-1); 351 } 352 } else { 353 return (-1); 354 } 355 } 356 } 357 358 /* create keystore description file */ 359 fd = open_nointr(get_desc_file_path(ks_desc_file), 360 O_RDWR|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 361 if (fd < 0) { 362 if (errno == EEXIST) { 363 return (0); 364 } else { 365 /* can't create keystore description file */ 366 (void) rmdir(get_keystore_path()); 367 return (-1); 368 } 369 } 370 371 if (lock_file(fd, B_FALSE, B_TRUE) != 0) { 372 (void) unlink(ks_desc_file); 373 (void) close(fd); 374 (void) rmdir(get_keystore_path()); 375 return (-1); 376 } 377 378 if (mkdir(get_pub_obj_path(pub_obj_path), 379 S_IRUSR|S_IWUSR|S_IXUSR) < 0) { 380 /* can't create directory for public objects */ 381 (void) lock_file(fd, B_FALSE, B_FALSE); 382 (void) unlink(ks_desc_file); 383 (void) close(fd); 384 (void) rmdir(get_keystore_path()); 385 return (-1); 386 } 387 388 if (mkdir(get_pri_obj_path(pri_obj_path), 389 S_IRUSR|S_IWUSR|S_IXUSR) < 0) { 390 /* can't create directory for private objects */ 391 (void) lock_file(fd, B_FALSE, B_FALSE); 392 (void) unlink(ks_desc_file); 393 (void) close(fd); 394 (void) rmdir(get_keystore_path()); 395 (void) rmdir(pub_obj_path); 396 return (-1); 397 } 398 399 400 /* write file format release number */ 401 bzero(ver_buf, sizeof (ver_buf)); 402 (void) strcpy((char *)ver_buf, KS_PKCS11_VER); 403 if ((writen_nointr(fd, (char *)ver_buf, sizeof (ver_buf))) 404 != sizeof (ver_buf)) { 405 goto cleanup; 406 } 407 408 /* write version number, version = 0 since keystore just created */ 409 buf = SWAP32(0); 410 if (writen_nointr(fd, (void *)&buf, KS_VER_SIZE) != KS_VER_SIZE) { 411 goto cleanup; 412 } 413 414 /* write monotonic-counter. Counter for keystore objects start at 1 */ 415 buf = SWAP32(1); 416 if (writen_nointr(fd, (void *)&buf, KS_COUNTER_SIZE) 417 != KS_COUNTER_SIZE) { 418 goto cleanup; 419 } 420 421 /* initial encryption key salt should be all NULL */ 422 bzero(salt, sizeof (salt)); 423 if (writen_nointr(fd, (void *)salt, KS_KEY_SALT_SIZE) 424 != KS_KEY_SALT_SIZE) { 425 goto cleanup; 426 } 427 428 /* initial HMAC key salt should also be all NULL */ 429 if (writen_nointr(fd, (void *)salt, KS_HMAC_SALT_SIZE) 430 != KS_HMAC_SALT_SIZE) { 431 goto cleanup; 432 } 433 434 /* generate the hashed pin salt, and MD5 hashed pin of default pin */ 435 if (soft_gen_hashed_pin((CK_CHAR_PTR)SOFT_DEFAULT_PIN, &hashed_pin, 436 &hashed_pin_salt) < 0) { 437 goto cleanup; 438 } 439 440 if ((hashed_pin_salt == NULL) || (hashed_pin == NULL)) { 441 goto cleanup; 442 } 443 444 hashed_pin_salt_len = (uint64_t)strlen(hashed_pin_salt); 445 hashed_pin_len = (uint64_t)strlen(hashed_pin); 446 447 /* write hashed pin salt length */ 448 ulong_buf = SWAP64(hashed_pin_salt_len); 449 if (writen_nointr(fd, (void *)&ulong_buf, KS_HASHED_PIN_SALT_LEN_SIZE) 450 != KS_HASHED_PIN_SALT_LEN_SIZE) { 451 goto cleanup; 452 } 453 454 if (writen_nointr(fd, (void *)hashed_pin_salt, 455 hashed_pin_salt_len) != hashed_pin_salt_len) { 456 goto cleanup; 457 } 458 459 /* write MD5 hashed pin of the default pin */ 460 ulong_buf = SWAP64(hashed_pin_len); 461 if (writen_nointr(fd, (void *)&ulong_buf, KS_HASHED_PINLEN_SIZE) 462 != KS_HASHED_PINLEN_SIZE) { 463 goto cleanup; 464 } 465 466 if (writen_nointr(fd, (void *)hashed_pin, hashed_pin_len) 467 != hashed_pin_len) { 468 goto cleanup; 469 } 470 471 (void) lock_file(fd, B_FALSE, B_FALSE); 472 473 (void) close(fd); 474 freezero(hashed_pin_salt, hashed_pin_salt_len); 475 return (0); 476 477 cleanup: 478 (void) lock_file(fd, B_FALSE, B_FALSE); 479 (void) unlink(ks_desc_file); 480 (void) close(fd); 481 (void) rmdir(get_keystore_path()); 482 (void) rmdir(pub_obj_path); 483 (void) rmdir(pri_obj_path); 484 return (-1); 485 } 486 487 /* 488 * Determines if the file referenced by "fd" has the same 489 * inode as the file referenced by "fname". 490 * 491 * The argument "same" contains the result of determining 492 * if the inode is the same or not 493 * 494 * Returns 0 if there's no error. 495 * Returns 1 if there's any error with opening the file. 496 * 497 * 498 */ 499 static int 500 is_inode_same(int fd, char *fname, boolean_t *same) 501 { 502 struct stat fn_stat, fd_stat; 503 504 if (fstat(fd, &fd_stat) != 0) { 505 return (-1); 506 } 507 508 if (stat(fname, &fn_stat) != 0) { 509 return (-1); 510 } 511 512 /* It's the same file if both st_ino and st_dev match */ 513 if ((fd_stat.st_ino == fn_stat.st_ino) && 514 (fd_stat.st_dev == fn_stat.st_dev)) { 515 *same = B_TRUE; 516 } else { 517 *same = B_FALSE; 518 } 519 return (0); 520 } 521 522 static int 523 acquire_file_lock(int *fd, char *fname, mode_t mode) { 524 525 boolean_t read_lock = B_TRUE, same_inode; 526 527 if ((mode == O_RDWR) || (mode == O_WRONLY)) { 528 read_lock = B_FALSE; 529 } 530 531 if (lock_file(*fd, read_lock, B_TRUE) != 0) { 532 return (-1); 533 } 534 535 /* 536 * make sure another process did not modify the file 537 * while we were trying to get the lock 538 */ 539 if (is_inode_same(*fd, fname, &same_inode) != 0) { 540 (void) lock_file(*fd, B_TRUE, B_FALSE); /* unlock file */ 541 return (-1); 542 } 543 544 while (!same_inode) { 545 /* 546 * need to unlock file, close, re-open the file, 547 * and re-acquire the lock 548 */ 549 550 /* unlock file */ 551 if (lock_file(*fd, B_TRUE, B_FALSE) != 0) { 552 return (-1); 553 } 554 555 (void) close(*fd); 556 557 /* re-open */ 558 *fd = open_nointr(fname, mode|O_NONBLOCK); 559 if (*fd < 0) { 560 return (-1); 561 } 562 563 /* acquire lock again */ 564 if (lock_file(*fd, read_lock, B_TRUE) != 0) { 565 return (-1); 566 } 567 568 if (is_inode_same(*fd, fname, &same_inode) != 0) { 569 (void) lock_file(*fd, B_TRUE, B_FALSE); /* unlock */ 570 return (-1); 571 } 572 573 } 574 575 return (0); 576 } 577 578 /* 579 * Open the keystore description file in the specified mode. 580 * If the keystore doesn't exist, the "do_create_keystore" 581 * argument determines if the keystore should be created 582 */ 583 static int 584 open_and_lock_keystore_desc(mode_t mode, boolean_t do_create_keystore, 585 boolean_t lock_held) 586 { 587 588 int fd; 589 char *fname, ks_desc_file[MAXPATHLEN]; 590 591 /* open the keystore description file in requested mode */ 592 fname = get_desc_file_path(ks_desc_file); 593 fd = open_nointr(fname, mode|O_NONBLOCK); 594 if (fd < 0) { 595 if ((errno == ENOENT) && (do_create_keystore)) { 596 if (create_keystore() < 0) { 597 goto done; 598 } 599 fd = open_nointr(fname, mode|O_NONBLOCK); 600 if (fd < 0) { 601 goto done; 602 } 603 } else { 604 goto done; 605 } 606 } 607 608 if (lock_held) { 609 /* already hold the lock */ 610 return (fd); 611 } 612 613 if (acquire_file_lock(&fd, fname, mode) != 0) { 614 if (fd > 0) { 615 (void) close(fd); 616 } 617 return (-1); 618 } 619 620 done: 621 return (fd); 622 } 623 624 625 /* 626 * Set or remove read or write lock on keystore description file 627 * 628 * read_lock: true for read lock, false for write lock 629 * set_lock: true for set a lock, false to remove a lock 630 */ 631 static int 632 lock_desc_file(boolean_t read_lock, boolean_t set_lock) 633 { 634 635 char ks_desc_file[MAXPATHLEN]; 636 637 if (set_lock) { 638 int oflag; 639 640 /* 641 * make sure desc_fd is not already used. If used, it means 642 * some other lock is already set on the file 643 */ 644 if (desc_fd > 0) { 645 return (-1); 646 } 647 648 (void) get_desc_file_path(ks_desc_file); 649 650 if (read_lock) { 651 oflag = O_RDONLY; 652 } else { 653 oflag = O_WRONLY; 654 } 655 if ((desc_fd = open_and_lock_keystore_desc(oflag, 656 B_FALSE, B_FALSE)) < 0) { 657 return (-1); 658 } 659 } else { 660 /* make sure we have a valid fd */ 661 if (desc_fd <= 0) { 662 return (-1); 663 } 664 665 if (lock_file(desc_fd, read_lock, B_FALSE) == 1) { 666 return (-1); 667 } 668 669 (void) close(desc_fd); 670 desc_fd = 0; 671 672 } 673 return (0); 674 } 675 676 static int 677 open_and_lock_object_file(ks_obj_handle_t *ks_handle, int oflag, 678 boolean_t lock_held) 679 { 680 char obj_fname[MAXPATHLEN]; 681 int fd; 682 683 if (ks_handle->public) { 684 char pub_obj_path[MAXPATHLEN]; 685 (void) snprintf(obj_fname, MAXPATHLEN, "%s/%s", 686 get_pub_obj_path(pub_obj_path), ks_handle->name); 687 } else { 688 char pri_obj_path[MAXPATHLEN]; 689 (void) snprintf(obj_fname, MAXPATHLEN, "%s/%s", 690 get_pri_obj_path(pri_obj_path), ks_handle->name); 691 } 692 693 fd = open_nointr(obj_fname, oflag|O_NONBLOCK); 694 if (fd < 0) { 695 return (-1); 696 } 697 698 if (lock_held) { 699 /* already hold the lock */ 700 return (fd); 701 } 702 703 if (acquire_file_lock(&fd, obj_fname, oflag) != 0) { 704 if (fd > 0) { 705 (void) close(fd); 706 } 707 return (-1); 708 } 709 710 711 return (fd); 712 } 713 714 715 /* 716 * Update file version number in a temporary file that's 717 * a copy of the keystore description file. 718 * The update is NOT made to the original keystore description 719 * file. It makes the update in a tempoary file. 720 * 721 * Name of the temporary file is assumed to be provided, but 722 * the file is assumed to not exist. 723 * 724 * return 0 if creating temp file is successful, returns -1 otherwise 725 */ 726 static int 727 create_updated_keystore_version(int fd, char *tmp_fname) 728 { 729 int version, tmp_fd; 730 char buf[BUFSIZ]; 731 size_t nread; 732 733 /* first, create the tempoary file */ 734 tmp_fd = open_nointr(tmp_fname, 735 O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 736 if (tmp_fd < 0) { 737 return (-1); 738 } 739 740 /* 741 * copy everything from keystore version to temp file except 742 * the keystore version. Keystore version is updated 743 * 744 */ 745 746 /* pkcs11 version */ 747 if (readn_nointr(fd, buf, KS_PKCS11_VER_SIZE) != KS_PKCS11_VER_SIZE) { 748 goto cleanup; 749 } 750 751 if (writen_nointr(tmp_fd, buf, KS_PKCS11_VER_SIZE) != 752 KS_PKCS11_VER_SIZE) { 753 goto cleanup; 754 } 755 756 /* version number, it needs to be updated */ 757 758 /* read the current version number */ 759 if (readn_nointr(fd, &version, KS_VER_SIZE) != KS_VER_SIZE) { 760 goto cleanup; 761 } 762 763 version = SWAP32(version); 764 version++; 765 version = SWAP32(version); 766 767 /* write the updated value to the tmp file */ 768 if (writen_nointr(tmp_fd, (void *)&version, KS_VER_SIZE) 769 != KS_VER_SIZE) { 770 goto cleanup; 771 } 772 773 /* read rest of information, nothing needs to be updated */ 774 nread = readn_nointr(fd, buf, BUFSIZ); 775 while (nread > 0) { 776 if (writen_nointr(tmp_fd, buf, nread) != nread) { 777 goto cleanup; 778 } 779 nread = readn_nointr(fd, buf, BUFSIZ); 780 } 781 782 (void) close(tmp_fd); 783 return (0); /* no error */ 784 785 cleanup: 786 (void) close(tmp_fd); 787 (void) remove(tmp_fname); 788 return (-1); 789 } 790 791 static CK_RV 792 get_all_objs_in_dir(DIR *dirp, ks_obj_handle_t *ks_handle, 793 ks_obj_t **result_obj_list, boolean_t lock_held) 794 { 795 struct dirent *dp; 796 ks_obj_t *obj; 797 CK_RV rv; 798 799 while ((dp = readdir(dirp)) != NULL) { 800 801 if (strncmp(dp->d_name, OBJ_PREFIX, OBJ_PREFIX_LEN) != 0) 802 continue; 803 804 (void) strcpy((char *)ks_handle->name, dp->d_name); 805 rv = soft_keystore_get_single_obj(ks_handle, &obj, lock_held); 806 if (rv != CKR_OK) { 807 return (rv); 808 } 809 if (obj != NULL) { 810 if (*result_obj_list == NULL) { 811 *result_obj_list = obj; 812 } else { 813 obj->next = *result_obj_list; 814 *result_obj_list = obj; 815 } 816 } 817 } 818 return (CKR_OK); 819 } 820 821 /* 822 * This function prepares the obj data for encryption by prepending 823 * the FULL path of the file that will be used for storing 824 * the object. Having full path of the file as part of 825 * of the data for the object will prevent an attacker from 826 * copying a "bad" object into the keystore undetected. 827 * 828 * This function will always allocate: 829 * MAXPATHLEN + buf_len 830 * amount of data. If the full path of the filename doesn't occupy 831 * the whole MAXPATHLEN, the rest of the space will just be empty. 832 * It is the caller's responsibility to free the buffer allocated here. 833 * 834 * The allocated buffer is returned in the variable "prepared_buf" 835 * if there's no error. 836 * 837 * Returns 0 if there's no error, -1 otherwise. 838 */ 839 static int 840 prepare_data_for_encrypt(char *obj_path, unsigned char *buf, CK_ULONG buf_len, 841 unsigned char **prepared_buf, CK_ULONG *prepared_len) 842 { 843 *prepared_len = MAXPATHLEN + buf_len; 844 *prepared_buf = malloc(*prepared_len); 845 if (*prepared_buf == NULL) { 846 return (-1); 847 } 848 849 /* 850 * only zero out the space for the path name. I could zero out 851 * the whole buffer, but that will be a waste of processing 852 * cycle since the rest of the buffer will be 100% filled all 853 * the time 854 */ 855 bzero(*prepared_buf, MAXPATHLEN); 856 (void) memcpy(*prepared_buf, obj_path, strlen(obj_path)); 857 (void) memcpy(*prepared_buf + MAXPATHLEN, buf, buf_len); 858 return (0); 859 } 860 861 /* 862 * retrieves the hashed pin from the keystore 863 */ 864 static CK_RV 865 get_hashed_pin(int fd, char **hashed_pin) 866 { 867 uint64_t hashed_pin_size; 868 869 if (ks_hashed_pinlen_offset == -1) { 870 if (calculate_hashed_pin_offset(fd) != 0) { 871 return (CKR_FUNCTION_FAILED); 872 } 873 } 874 875 /* first, get size of the hashed pin */ 876 if (lseek(fd, ks_hashed_pinlen_offset, SEEK_SET) 877 != ks_hashed_pinlen_offset) { 878 return (CKR_FUNCTION_FAILED); 879 } 880 881 if (readn_nointr(fd, (char *)&hashed_pin_size, 882 KS_HASHED_PINLEN_SIZE) != KS_HASHED_PINLEN_SIZE) { 883 return (CKR_FUNCTION_FAILED); 884 } 885 886 hashed_pin_size = SWAP64(hashed_pin_size); 887 888 *hashed_pin = malloc(hashed_pin_size + 1); 889 if (*hashed_pin == NULL) { 890 return (CKR_HOST_MEMORY); 891 } 892 893 if ((readn_nointr(fd, *hashed_pin, hashed_pin_size)) 894 != (ssize_t)hashed_pin_size) { 895 freezero(*hashed_pin, hashed_pin_size + 1); 896 *hashed_pin = NULL; 897 return (CKR_FUNCTION_FAILED); 898 } 899 (*hashed_pin)[hashed_pin_size] = '\0'; 900 return (CKR_OK); 901 } 902 903 904 /* 905 * FUNCTION: soft_keystore_lock 906 * 907 * ARGUMENTS: 908 * set_lock: TRUE to set readlock on the keystore object file, 909 * FALSE to remove readlock on keystore object file. 910 * 911 * RETURN VALUE: 912 * 913 * 0: success 914 * -1: failure 915 * 916 * DESCRIPTION: 917 * 918 * set or remove readlock on the keystore description file. 919 */ 920 int 921 soft_keystore_readlock(boolean_t set_lock) 922 { 923 924 return (lock_desc_file(B_TRUE, set_lock)); 925 } 926 927 928 /* 929 * FUNCTION: soft_keystore_writelock 930 * 931 * ARGUMENTS: 932 * set_lock: TRUE to set writelock on the keystore description file 933 * FALSE to remove write lock on keystore description file. 934 * 935 * RETURN VALUE: 936 * 937 * 0: no error 938 * 1: some error occurred 939 * 940 * DESCRIPTION: 941 * set/reset writelock on the keystore description file. 942 */ 943 int 944 soft_keystore_writelock(boolean_t set_lock) 945 { 946 return (lock_desc_file(B_FALSE, set_lock)); 947 948 } 949 950 /* 951 * 952 * FUNCTION: soft_keystore_lock_object 953 * 954 * ARGUMENTS: 955 * 956 * ks_handle: handle of the keystore object file to be accessed. 957 * read_lock: TRUE to set readlock on the keystore object file, 958 * FALSE to set writelock on keystore object file. 959 * 960 * RETURN VALUE: 961 * 962 * If no error, file descriptor of locked file will be returned 963 * -1: some error occurred 964 * 965 * DESCRIPTION: 966 * 967 * set readlock or writelock on the keystore object file. 968 */ 969 int 970 soft_keystore_lock_object(ks_obj_handle_t *ks_handle, boolean_t read_lock) 971 { 972 int fd; 973 int oflag; 974 975 if (read_lock) { 976 oflag = O_RDONLY; 977 } else { 978 oflag = O_WRONLY; 979 } 980 981 if ((fd = open_and_lock_object_file(ks_handle, oflag, B_FALSE)) < 0) { 982 return (-1); 983 } 984 985 return (fd); 986 } 987 988 /* 989 * FUNCTION: soft_keystore_unlock_object 990 * 991 * ARGUMENTS: 992 * fd: file descriptor returned from soft_keystore_lock_object 993 * 994 * RETURN VALUE: 995 * 0: no error 996 * 1: some error occurred while getting the pin 997 * 998 * DESCRIPTION: 999 * set/reset writelock on the keystore object file. 1000 */ 1001 int 1002 soft_keystore_unlock_object(int fd) 1003 { 1004 if (lock_file(fd, B_TRUE, B_FALSE) != 0) { 1005 return (1); 1006 } 1007 1008 (void) close(fd); 1009 return (0); 1010 } 1011 1012 1013 1014 /* 1015 * FUNCTION: soft_keystore_get_version 1016 * 1017 * ARGUMENTS: 1018 * version: pointer to caller allocated memory for storing 1019 * the version of the keystore. 1020 * lock_held: TRUE if the lock is held by caller. 1021 * 1022 * RETURN VALUE: 1023 * 1024 * 0: no error 1025 * -1: some error occurred while getting the version number 1026 * 1027 * DESCRIPTION: 1028 * get the version number of the keystore from keystore 1029 * description file. 1030 */ 1031 int 1032 soft_keystore_get_version(uint_t *version, boolean_t lock_held) 1033 { 1034 int fd, ret_val = 0; 1035 uint_t buf; 1036 1037 if ((fd = open_and_lock_keystore_desc(O_RDONLY, 1038 B_FALSE, lock_held)) < 0) { 1039 return (-1); 1040 } 1041 1042 if (lseek(fd, KS_VER_OFFSET, SEEK_SET) != KS_VER_OFFSET) { 1043 ret_val = -1; 1044 goto cleanup; 1045 } 1046 1047 if (readn_nointr(fd, (char *)&buf, KS_VER_SIZE) != KS_VER_SIZE) { 1048 ret_val = -1; 1049 goto cleanup; 1050 } 1051 *version = SWAP32(buf); 1052 1053 cleanup: 1054 1055 if (!lock_held) { 1056 if (lock_file(fd, B_TRUE, B_FALSE) < 0) { 1057 ret_val = -1; 1058 } 1059 } 1060 1061 (void) close(fd); 1062 return (ret_val); 1063 } 1064 1065 /* 1066 * FUNCTION: soft_keystore_get_object_version 1067 * 1068 * ARGUMENTS: 1069 * 1070 * ks_handle: handle of the key store object to be accessed. 1071 * version: 1072 * pointer to caller allocated memory for storing 1073 * the version of the object. 1074 * lock_held: TRUE if the lock is held by caller. 1075 * 1076 * RETURN VALUE: 1077 * 1078 * 0: no error 1079 * -1: some error occurred while getting the pin 1080 * 1081 * DESCRIPTION: 1082 * get the version number of the specified token object. 1083 */ 1084 int 1085 soft_keystore_get_object_version(ks_obj_handle_t *ks_handle, 1086 uint_t *version, boolean_t lock_held) 1087 { 1088 int fd, ret_val = 0; 1089 uint_t tmp; 1090 1091 if ((fd = open_and_lock_object_file(ks_handle, O_RDONLY, 1092 lock_held)) < 0) { 1093 return (-1); 1094 } 1095 1096 /* 1097 * read version. Version is always first item in object file 1098 * so, no need to do lseek 1099 */ 1100 if (readn_nointr(fd, (char *)&tmp, OBJ_VER_SIZE) != OBJ_VER_SIZE) { 1101 ret_val = -1; 1102 goto cleanup; 1103 } 1104 1105 *version = SWAP32(tmp); 1106 1107 cleanup: 1108 if (!lock_held) { 1109 if (lock_file(fd, B_TRUE, B_FALSE) < 0) { 1110 ret_val = -1; 1111 } 1112 } 1113 1114 1115 (void) close(fd); 1116 return (ret_val); 1117 } 1118 1119 /* 1120 * FUNCTION: soft_keystore_getpin 1121 * 1122 * ARGUMENTS: 1123 * hashed_pin: pointer to caller allocated memory 1124 * for storing the pin to be returned. 1125 * lock_held: TRUE if the lock is held by caller. 1126 * 1127 * RETURN VALUE: 1128 * 1129 * 0: no error 1130 * -1: some error occurred while getting the pin 1131 * 1132 * DESCRIPTION: 1133 * 1134 * Reads the MD5 hash from the keystore description 1135 * file and return it to the caller in the provided 1136 * buffer. If there is no PIN in the description file 1137 * because the file is just created, this function 1138 * will get a MD5 digest of the string "changeme", 1139 * store it in the file, and also return this 1140 * string to the caller. 1141 */ 1142 int 1143 soft_keystore_getpin(char **hashed_pin, boolean_t lock_held) 1144 { 1145 int fd, ret_val = -1; 1146 CK_RV rv; 1147 1148 if ((fd = open_and_lock_keystore_desc(O_RDONLY, B_FALSE, 1149 lock_held)) < 0) { 1150 return (-1); 1151 } 1152 1153 rv = get_hashed_pin(fd, hashed_pin); 1154 if (rv == CKR_OK) { 1155 ret_val = 0; 1156 } 1157 1158 cleanup: 1159 if (!lock_held) { 1160 if (lock_file(fd, B_TRUE, B_FALSE) < 0) { 1161 ret_val = -1; 1162 } 1163 } 1164 1165 (void) close(fd); 1166 return (ret_val); 1167 } 1168 1169 1170 /* 1171 * Generate a 16-byte Initialization Vector (IV). 1172 */ 1173 CK_RV 1174 soft_gen_iv(CK_BYTE *iv) 1175 { 1176 return (pkcs11_get_nzero_urandom(iv, 16) < 0 ? 1177 CKR_DEVICE_ERROR : CKR_OK); 1178 } 1179 1180 1181 /* 1182 * This function reads all the data until the end of the file, and 1183 * put the data into the "buf" in argument. Memory for buf will 1184 * be allocated in this function. It is the caller's responsibility 1185 * to free it. The number of bytes read will be returned 1186 * in the argument "bytes_read" 1187 * 1188 * returns CKR_OK if no error. Other CKR error codes if there's an error 1189 */ 1190 static CK_RV 1191 read_obj_data(int old_fd, char **buf, ssize_t *bytes_read) 1192 { 1193 1194 ssize_t nread, loop_count; 1195 char *buf1 = NULL; 1196 1197 *buf = malloc(BUFSIZ); 1198 if (*buf == NULL) { 1199 return (CKR_HOST_MEMORY); 1200 } 1201 1202 nread = readn_nointr(old_fd, *buf, BUFSIZ); 1203 if (nread < 0) { 1204 free(*buf); 1205 return (CKR_FUNCTION_FAILED); 1206 } 1207 loop_count = 1; 1208 while (nread == (loop_count * BUFSIZ)) { 1209 ssize_t nread_tmp; 1210 1211 loop_count++; 1212 /* more than BUFSIZ of data */ 1213 buf1 = realloc(*buf, loop_count * BUFSIZ); 1214 if (buf1 == NULL) { 1215 free(*buf); 1216 return (CKR_HOST_MEMORY); 1217 } 1218 *buf = buf1; 1219 nread_tmp = readn_nointr(old_fd, 1220 *buf + ((loop_count - 1) * BUFSIZ), BUFSIZ); 1221 if (nread_tmp < 0) { 1222 free(*buf); 1223 return (CKR_FUNCTION_FAILED); 1224 } 1225 nread += nread_tmp; 1226 } 1227 *bytes_read = nread; 1228 return (CKR_OK); 1229 } 1230 1231 /* 1232 * Re-encrypt an object using the provided new_enc_key. The new HMAC 1233 * is calculated using the new_hmac_key. The global static variables 1234 * enc_key, and hmac_key will be used for decrypting the original 1235 * object, and verifying its signature. 1236 * 1237 * The re-encrypted object will be stored in the file named 1238 * in the "new_obj_name" variable. The content of the "original" 1239 * file named in "orig_obj_name" is not disturbed. 1240 * 1241 * Returns 0 if there's no error, returns -1 otherwise. 1242 * 1243 */ 1244 static int 1245 reencrypt_obj(soft_object_t *new_enc_key, soft_object_t *new_hmac_key, 1246 char *orig_obj_name, char *new_obj_name) { 1247 1248 int old_fd, new_fd, version, ret_val = -1; 1249 CK_BYTE iv[OBJ_IV_SIZE], old_iv[OBJ_IV_SIZE]; 1250 ssize_t nread; 1251 CK_ULONG decrypted_len, encrypted_len, hmac_len; 1252 CK_BYTE hmac[OBJ_HMAC_SIZE], *decrypted_buf = NULL, *buf = NULL; 1253 1254 old_fd = open_nointr(orig_obj_name, O_RDONLY|O_NONBLOCK); 1255 if (old_fd < 0) { 1256 return (-1); 1257 } 1258 1259 if (acquire_file_lock(&old_fd, orig_obj_name, O_RDONLY) != 0) { 1260 if (old_fd > 0) { 1261 (void) close(old_fd); 1262 } 1263 return (-1); 1264 } 1265 1266 new_fd = open_nointr(new_obj_name, 1267 O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 1268 if (new_fd < 0) { 1269 (void) close(old_fd); 1270 return (-1); 1271 } 1272 1273 if (lock_file(new_fd, B_FALSE, B_TRUE) != 0) { 1274 /* unlock old file */ 1275 (void) lock_file(old_fd, B_TRUE, B_FALSE); 1276 (void) close(old_fd); 1277 (void) close(new_fd); 1278 return (-1); 1279 } 1280 1281 /* read version, increment, and write to tmp file */ 1282 if (readn_nointr(old_fd, (char *)&version, OBJ_VER_SIZE) 1283 != OBJ_VER_SIZE) { 1284 goto cleanup; 1285 } 1286 1287 version = SWAP32(version); 1288 version++; 1289 version = SWAP32(version); 1290 1291 if (writen_nointr(new_fd, (char *)&version, OBJ_VER_SIZE) 1292 != OBJ_VER_SIZE) { 1293 goto cleanup; 1294 } 1295 1296 /* read old iv */ 1297 if (readn_nointr(old_fd, (char *)old_iv, OBJ_IV_SIZE) != OBJ_IV_SIZE) { 1298 goto cleanup; 1299 } 1300 1301 /* generate new IV */ 1302 if (soft_gen_iv(iv) != CKR_OK) { 1303 goto cleanup; 1304 } 1305 1306 if (writen_nointr(new_fd, (char *)iv, OBJ_IV_SIZE) != OBJ_IV_SIZE) { 1307 goto cleanup; 1308 } 1309 1310 /* seek to the original encrypted data, and read all of them */ 1311 if (lseek(old_fd, OBJ_DATA_OFFSET, SEEK_SET) != OBJ_DATA_OFFSET) { 1312 goto cleanup; 1313 } 1314 1315 if (read_obj_data(old_fd, (char **)&buf, &nread) != CKR_OK) { 1316 goto cleanup; 1317 } 1318 1319 /* decrypt data using old key */ 1320 decrypted_len = 0; 1321 if (soft_keystore_crypt(enc_key, old_iv, B_FALSE, buf, nread, 1322 NULL, &decrypted_len) != CKR_OK) { 1323 freezero(buf, nread); 1324 goto cleanup; 1325 } 1326 1327 decrypted_buf = malloc(decrypted_len); 1328 if (decrypted_buf == NULL) { 1329 freezero(buf, nread); 1330 goto cleanup; 1331 } 1332 1333 if (soft_keystore_crypt(enc_key, old_iv, B_FALSE, buf, nread, 1334 decrypted_buf, &decrypted_len) != CKR_OK) { 1335 freezero(buf, nread); 1336 freezero(decrypted_buf, decrypted_len); 1337 } 1338 1339 freezero(buf, nread); 1340 1341 /* re-encrypt with new key */ 1342 encrypted_len = 0; 1343 if (soft_keystore_crypt(new_enc_key, iv, B_TRUE, decrypted_buf, 1344 decrypted_len, NULL, &encrypted_len) != CKR_OK) { 1345 freezero(decrypted_buf, decrypted_len); 1346 goto cleanup; 1347 } 1348 1349 buf = malloc(encrypted_len); 1350 if (buf == NULL) { 1351 freezero(decrypted_buf, decrypted_len); 1352 goto cleanup; 1353 } 1354 1355 if (soft_keystore_crypt(new_enc_key, iv, B_TRUE, decrypted_buf, 1356 decrypted_len, buf, &encrypted_len) != CKR_OK) { 1357 freezero(buf, encrypted_len); 1358 freezero(buf, decrypted_len); 1359 goto cleanup; 1360 } 1361 1362 freezero(decrypted_buf, decrypted_len); 1363 1364 /* calculate hmac on re-encrypted data using new hmac key */ 1365 hmac_len = OBJ_HMAC_SIZE; 1366 if (soft_keystore_hmac(new_hmac_key, B_TRUE, buf, 1367 encrypted_len, hmac, &hmac_len) != CKR_OK) { 1368 freezero(buf, encrypted_len); 1369 goto cleanup; 1370 } 1371 1372 /* just for sanity check */ 1373 if (hmac_len != OBJ_HMAC_SIZE) { 1374 freezero(buf, encrypted_len); 1375 goto cleanup; 1376 } 1377 1378 /* write new hmac */ 1379 if (writen_nointr(new_fd, (char *)hmac, OBJ_HMAC_SIZE) 1380 != OBJ_HMAC_SIZE) { 1381 freezero(buf, encrypted_len); 1382 goto cleanup; 1383 } 1384 1385 /* write re-encrypted buffer to temp file */ 1386 if (writen_nointr(new_fd, (void *)buf, encrypted_len) 1387 != encrypted_len) { 1388 freezero(buf, encrypted_len); 1389 goto cleanup; 1390 } 1391 freezero(buf, encrypted_len); 1392 ret_val = 0; 1393 1394 cleanup: 1395 /* unlock the files */ 1396 (void) lock_file(old_fd, B_TRUE, B_FALSE); 1397 (void) lock_file(new_fd, B_FALSE, B_FALSE); 1398 1399 (void) close(old_fd); 1400 (void) close(new_fd); 1401 if (ret_val != 0) { 1402 (void) remove(new_obj_name); 1403 } 1404 return (ret_val); 1405 } 1406 1407 /* 1408 * FUNCTION: soft_keystore_setpin 1409 * 1410 * ARGUMENTS: 1411 * newpin: new pin entered by the user. 1412 * lock_held: TRUE if the lock is held by caller. 1413 * 1414 * RETURN VALUE: 1415 * 0: no error 1416 * -1: failure 1417 * 1418 * DESCRIPTION: 1419 * 1420 * This function does the following: 1421 * 1422 * 1) Generates crypted value of newpin and store it 1423 * in keystore description file. 1424 * 2) Dervies the new encryption key from the newpin. This key 1425 * will be used to re-encrypt the private token objects. 1426 * 3) Re-encrypt all of this user's existing private token 1427 * objects (if any). 1428 * 4) Increments the keystore version number. 1429 */ 1430 int 1431 soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held) 1432 { 1433 int fd, tmp_ks_fd, version, ret_val = -1; 1434 soft_object_t *new_crypt_key = NULL, *new_hmac_key = NULL; 1435 char filebuf[BUFSIZ]; 1436 DIR *pri_dirp; 1437 struct dirent *pri_ent; 1438 char pri_obj_path[MAXPATHLEN], ks_desc_file[MAXPATHLEN], 1439 tmp_ks_desc_name[MAXPATHLEN]; 1440 typedef struct priobjs { 1441 char orig_name[MAXPATHLEN]; 1442 char tmp_name[MAXPATHLEN]; 1443 struct priobjs *next; 1444 } priobjs_t; 1445 priobjs_t *pri_objs = NULL, *tmp; 1446 CK_BYTE *crypt_salt = NULL, *hmac_salt = NULL; 1447 boolean_t pin_never_set = B_FALSE, user_logged_in; 1448 char *new_hashed_pin = NULL; 1449 uint64_t hashed_pin_salt_length, new_hashed_pin_len, swaped_val; 1450 char *hashed_pin_salt = NULL; 1451 priobjs_t *obj; 1452 1453 if ((enc_key == NULL) || 1454 (enc_key->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) { 1455 user_logged_in = B_FALSE; 1456 } else { 1457 user_logged_in = B_TRUE; 1458 } 1459 1460 if ((fd = open_and_lock_keystore_desc(O_RDWR, B_TRUE, 1461 lock_held)) < 0) { 1462 return (-1); 1463 } 1464 1465 (void) get_desc_file_path(ks_desc_file); 1466 (void) get_tmp_desc_file_path(tmp_ks_desc_name); 1467 1468 /* 1469 * create a tempoary file for the keystore description 1470 * file for updating version and counter information 1471 */ 1472 tmp_ks_fd = open_nointr(tmp_ks_desc_name, 1473 O_RDWR|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 1474 if (tmp_ks_fd < 0) { 1475 (void) close(fd); 1476 return (-1); 1477 } 1478 1479 /* read and write PKCS version to temp file */ 1480 if (readn_nointr(fd, filebuf, KS_PKCS11_VER_SIZE) 1481 != KS_PKCS11_VER_SIZE) { 1482 goto cleanup; 1483 } 1484 1485 if (writen_nointr(tmp_ks_fd, filebuf, KS_PKCS11_VER_SIZE) 1486 != KS_PKCS11_VER_SIZE) { 1487 goto cleanup; 1488 } 1489 1490 /* get version number, and write updated number to temp file */ 1491 if (readn_nointr(fd, &version, KS_VER_SIZE) != KS_VER_SIZE) { 1492 goto cleanup; 1493 } 1494 1495 version = SWAP32(version); 1496 version++; 1497 version = SWAP32(version); 1498 1499 if (writen_nointr(tmp_ks_fd, (void *)&version, KS_VER_SIZE) 1500 != KS_VER_SIZE) { 1501 goto cleanup; 1502 } 1503 1504 1505 /* read and write counter, no modification necessary */ 1506 if (readn_nointr(fd, filebuf, KS_COUNTER_SIZE) != KS_COUNTER_SIZE) { 1507 goto cleanup; 1508 } 1509 1510 if (writen_nointr(tmp_ks_fd, filebuf, KS_COUNTER_SIZE) 1511 != KS_COUNTER_SIZE) { 1512 goto cleanup; 1513 } 1514 1515 /* read old encryption salt */ 1516 crypt_salt = malloc(KS_KEY_SALT_SIZE); 1517 if (crypt_salt == NULL) { 1518 goto cleanup; 1519 } 1520 if (readn_nointr(fd, (char *)crypt_salt, KS_KEY_SALT_SIZE) 1521 != KS_KEY_SALT_SIZE) { 1522 goto cleanup; 1523 } 1524 1525 /* read old hmac salt */ 1526 hmac_salt = malloc(KS_HMAC_SALT_SIZE); 1527 if (hmac_salt == NULL) { 1528 goto cleanup; 1529 } 1530 if (readn_nointr(fd, (char *)hmac_salt, KS_HMAC_SALT_SIZE) 1531 != KS_HMAC_SALT_SIZE) { 1532 goto cleanup; 1533 } 1534 1535 /* just create some empty bytes */ 1536 bzero(filebuf, sizeof (filebuf)); 1537 1538 if (memcmp(crypt_salt, filebuf, KS_KEY_SALT_SIZE) == 0) { 1539 /* PIN as never been set */ 1540 CK_BYTE *new_crypt_salt = NULL, *new_hmac_salt = NULL; 1541 1542 pin_never_set = B_TRUE; 1543 if (soft_gen_crypt_key(newpin, &new_crypt_key, &new_crypt_salt) 1544 != CKR_OK) { 1545 goto cleanup; 1546 } 1547 if (writen_nointr(tmp_ks_fd, (void *)new_crypt_salt, 1548 KS_KEY_SALT_SIZE) != KS_KEY_SALT_SIZE) { 1549 freezero(new_crypt_salt, 1550 KS_KEY_SALT_SIZE); 1551 (void) soft_cleanup_object(new_crypt_key); 1552 goto cleanup; 1553 } 1554 freezero(new_crypt_salt, KS_KEY_SALT_SIZE); 1555 1556 if (soft_gen_hmac_key(newpin, &new_hmac_key, &new_hmac_salt) 1557 != CKR_OK) { 1558 (void) soft_cleanup_object(new_crypt_key); 1559 goto cleanup; 1560 } 1561 if (writen_nointr(tmp_ks_fd, (void *)new_hmac_salt, 1562 KS_HMAC_SALT_SIZE) != KS_HMAC_SALT_SIZE) { 1563 freezero(new_hmac_salt, 1564 KS_HMAC_SALT_SIZE); 1565 goto cleanup3; 1566 } 1567 freezero(new_hmac_salt, KS_HMAC_SALT_SIZE); 1568 } else { 1569 if (soft_gen_crypt_key(newpin, &new_crypt_key, 1570 (CK_BYTE **)&crypt_salt) != CKR_OK) { 1571 goto cleanup; 1572 } 1573 /* no change to the encryption salt */ 1574 if (writen_nointr(tmp_ks_fd, (void *)crypt_salt, 1575 KS_KEY_SALT_SIZE) != KS_KEY_SALT_SIZE) { 1576 (void) soft_cleanup_object(new_crypt_key); 1577 goto cleanup; 1578 } 1579 1580 if (soft_gen_hmac_key(newpin, &new_hmac_key, 1581 (CK_BYTE **)&hmac_salt) != CKR_OK) { 1582 (void) soft_cleanup_object(new_crypt_key); 1583 goto cleanup; 1584 } 1585 1586 /* no change to the hmac salt */ 1587 if (writen_nointr(tmp_ks_fd, (void *)hmac_salt, 1588 KS_HMAC_SALT_SIZE) != KS_HMAC_SALT_SIZE) { 1589 goto cleanup3; 1590 } 1591 } 1592 1593 /* 1594 * read hashed pin salt, and write to updated keystore description 1595 * file unmodified. 1596 */ 1597 if (readn_nointr(fd, (char *)&hashed_pin_salt_length, 1598 KS_HASHED_PIN_SALT_LEN_SIZE) != KS_HASHED_PIN_SALT_LEN_SIZE) { 1599 goto cleanup3; 1600 } 1601 1602 if (writen_nointr(tmp_ks_fd, (void *)&hashed_pin_salt_length, 1603 KS_HASHED_PIN_SALT_LEN_SIZE) != KS_HASHED_PIN_SALT_LEN_SIZE) { 1604 goto cleanup3; 1605 } 1606 1607 hashed_pin_salt_length = SWAP64(hashed_pin_salt_length); 1608 1609 hashed_pin_salt = malloc(hashed_pin_salt_length + 1); 1610 if (hashed_pin_salt == NULL) { 1611 goto cleanup3; 1612 } 1613 1614 if ((readn_nointr(fd, hashed_pin_salt, hashed_pin_salt_length)) != 1615 (ssize_t)hashed_pin_salt_length) { 1616 freezero(hashed_pin_salt, 1617 hashed_pin_salt_length + 1); 1618 goto cleanup3; 1619 } 1620 1621 if ((writen_nointr(tmp_ks_fd, hashed_pin_salt, hashed_pin_salt_length)) 1622 != (ssize_t)hashed_pin_salt_length) { 1623 freezero(hashed_pin_salt, 1624 hashed_pin_salt_length + 1); 1625 goto cleanup3; 1626 } 1627 1628 hashed_pin_salt[hashed_pin_salt_length] = '\0'; 1629 1630 /* old hashed pin length and value can be ignored, generate new one */ 1631 if (soft_gen_hashed_pin(newpin, &new_hashed_pin, 1632 &hashed_pin_salt) < 0) { 1633 freezero(hashed_pin_salt, 1634 hashed_pin_salt_length + 1); 1635 goto cleanup3; 1636 } 1637 1638 freezero(hashed_pin_salt, hashed_pin_salt_length + 1); 1639 1640 if (new_hashed_pin == NULL) { 1641 goto cleanup3; 1642 } 1643 1644 new_hashed_pin_len = strlen(new_hashed_pin); 1645 1646 /* write new hashed pin length to file */ 1647 swaped_val = SWAP64(new_hashed_pin_len); 1648 if (writen_nointr(tmp_ks_fd, (void *)&swaped_val, 1649 KS_HASHED_PINLEN_SIZE) != KS_HASHED_PINLEN_SIZE) { 1650 goto cleanup3; 1651 } 1652 1653 if (writen_nointr(tmp_ks_fd, (void *)new_hashed_pin, 1654 new_hashed_pin_len) != (ssize_t)new_hashed_pin_len) { 1655 goto cleanup3; 1656 } 1657 1658 if (pin_never_set) { 1659 /* there was no private object, no need to re-encrypt them */ 1660 goto rename_desc_file; 1661 } 1662 1663 /* re-encrypt all the private objects */ 1664 pri_dirp = opendir(get_pri_obj_path(pri_obj_path)); 1665 if (pri_dirp == NULL) { 1666 /* 1667 * this directory should exist, even if it doesn't contain 1668 * any objects. Don't want to update the pin if the 1669 * keystore is somehow messed up. 1670 */ 1671 1672 goto cleanup3; 1673 } 1674 1675 /* if user did not login, need to set the old pin */ 1676 if (!user_logged_in) { 1677 if (soft_keystore_authpin(oldpin) != 0) { 1678 goto cleanup3; 1679 } 1680 } 1681 1682 while ((pri_ent = readdir(pri_dirp)) != NULL) { 1683 1684 if ((strcmp(pri_ent->d_name, ".") == 0) || 1685 (strcmp(pri_ent->d_name, "..") == 0) || 1686 (strncmp(pri_ent->d_name, TMP_OBJ_PREFIX, 1687 strlen(TMP_OBJ_PREFIX)) == 0)) { 1688 continue; 1689 } 1690 1691 obj = malloc(sizeof (priobjs_t)); 1692 if (obj == NULL) { 1693 goto cleanup2; 1694 } 1695 (void) snprintf(obj->orig_name, MAXPATHLEN, 1696 "%s/%s", pri_obj_path, pri_ent->d_name); 1697 (void) snprintf(obj->tmp_name, MAXPATHLEN, "%s/%s%s", 1698 pri_obj_path, TMP_OBJ_PREFIX, 1699 (pri_ent->d_name) + OBJ_PREFIX_LEN); 1700 if (reencrypt_obj(new_crypt_key, new_hmac_key, 1701 obj->orig_name, obj->tmp_name) != 0) { 1702 free(obj); 1703 goto cleanup2; 1704 } 1705 1706 /* insert into list of file to be renamed */ 1707 if (pri_objs == NULL) { 1708 obj->next = NULL; 1709 pri_objs = obj; 1710 } else { 1711 obj->next = pri_objs; 1712 pri_objs = obj; 1713 } 1714 } 1715 1716 /* rename all the private objects */ 1717 tmp = pri_objs; 1718 while (tmp) { 1719 (void) rename(tmp->tmp_name, tmp->orig_name); 1720 tmp = tmp->next; 1721 } 1722 1723 rename_desc_file: 1724 1725 /* destroy the old encryption key, and hmac key */ 1726 if ((!pin_never_set) && (user_logged_in)) { 1727 (void) soft_cleanup_object(enc_key); 1728 (void) soft_cleanup_object(hmac_key); 1729 } 1730 1731 if (user_logged_in) { 1732 enc_key = new_crypt_key; 1733 hmac_key = new_hmac_key; 1734 } 1735 (void) rename(tmp_ks_desc_name, ks_desc_file); 1736 1737 ret_val = 0; 1738 1739 cleanup2: 1740 if (pri_objs != NULL) { 1741 priobjs_t *p = pri_objs; 1742 while (p) { 1743 tmp = p->next; 1744 free(p); 1745 p = tmp; 1746 } 1747 } 1748 if (!pin_never_set) { 1749 (void) closedir(pri_dirp); 1750 } 1751 1752 if ((!user_logged_in) && (!pin_never_set)) { 1753 (void) soft_cleanup_object(enc_key); 1754 (void) soft_cleanup_object(hmac_key); 1755 enc_key = NULL; 1756 hmac_key = NULL; 1757 } 1758 cleanup3: 1759 if ((ret_val != 0) || (!user_logged_in)) { 1760 (void) soft_cleanup_object(new_crypt_key); 1761 (void) soft_cleanup_object(new_hmac_key); 1762 } 1763 1764 cleanup: 1765 if (!lock_held) { 1766 if (lock_file(fd, B_FALSE, B_FALSE) < 0) { 1767 ret_val = 1; 1768 } 1769 } 1770 freezero(crypt_salt, KS_KEY_SALT_SIZE); 1771 freezero(hmac_salt, KS_HMAC_SALT_SIZE); 1772 (void) close(fd); 1773 (void) close(tmp_ks_fd); 1774 if (ret_val != 0) { 1775 (void) remove(tmp_ks_desc_name); 1776 } 1777 return (ret_val); 1778 } 1779 1780 /* 1781 * FUNCTION: soft_keystore_authpin 1782 * 1783 * ARGUMENTS: 1784 * pin: pin specified by the user for logging into 1785 * the keystore. 1786 * 1787 * RETURN VALUE: 1788 * 0: if no error 1789 * -1: if there is any error 1790 * 1791 * DESCRIPTION: 1792 * 1793 * This function takes the pin specified in the argument 1794 * and generates an encryption key based on the pin. 1795 * The generated encryption key will be used for 1796 * all future encryption and decryption for private 1797 * objects. Before this function is called, none 1798 * of the keystore related interfaces is able 1799 * to decrypt/encrypt any private object. 1800 */ 1801 int 1802 soft_keystore_authpin(uchar_t *pin) 1803 { 1804 int fd; 1805 int ret_val = -1; 1806 CK_BYTE *crypt_salt = NULL, *hmac_salt; 1807 1808 /* get the salt from the keystore description file */ 1809 if ((fd = open_and_lock_keystore_desc(O_RDONLY, 1810 B_FALSE, B_FALSE)) < 0) { 1811 return (-1); 1812 } 1813 1814 crypt_salt = malloc(KS_KEY_SALT_SIZE); 1815 if (crypt_salt == NULL) { 1816 goto cleanup; 1817 } 1818 1819 if (lseek(fd, KS_KEY_SALT_OFFSET, SEEK_SET) != KS_KEY_SALT_OFFSET) { 1820 goto cleanup; 1821 } 1822 1823 if (readn_nointr(fd, (char *)crypt_salt, KS_KEY_SALT_SIZE) 1824 != KS_KEY_SALT_SIZE) { 1825 goto cleanup; 1826 } 1827 1828 if (soft_gen_crypt_key(pin, &enc_key, (CK_BYTE **)&crypt_salt) 1829 != CKR_OK) { 1830 goto cleanup; 1831 } 1832 1833 hmac_salt = malloc(KS_HMAC_SALT_SIZE); 1834 if (hmac_salt == NULL) { 1835 goto cleanup; 1836 } 1837 1838 if (lseek(fd, KS_HMAC_SALT_OFFSET, SEEK_SET) != KS_HMAC_SALT_OFFSET) { 1839 goto cleanup; 1840 } 1841 1842 if (readn_nointr(fd, (char *)hmac_salt, KS_HMAC_SALT_SIZE) 1843 != KS_HMAC_SALT_SIZE) { 1844 goto cleanup; 1845 } 1846 1847 if (soft_gen_hmac_key(pin, &hmac_key, (CK_BYTE **)&hmac_salt) 1848 != CKR_OK) { 1849 goto cleanup; 1850 } 1851 1852 ret_val = 0; 1853 1854 cleanup: 1855 /* unlock the file */ 1856 (void) lock_file(fd, B_TRUE, B_FALSE); 1857 (void) close(fd); 1858 freezero(crypt_salt, KS_KEY_SALT_SIZE); 1859 freezero(hmac_salt, KS_HMAC_SALT_SIZE); 1860 return (ret_val); 1861 } 1862 1863 /* 1864 * FUNCTION: soft_keystore_get_objs 1865 * 1866 * ARGUMENTS: 1867 * 1868 * search_type: Specify type of objects to return. 1869 * lock_held: TRUE if the lock is held by caller. 1870 * 1871 * 1872 * RETURN VALUE: 1873 * 1874 * NULL: if there are no object in the database. 1875 * 1876 * Otherwise, linked list of objects as requested 1877 * in search type. 1878 * 1879 * The linked list returned will need to be freed 1880 * by the caller. 1881 * 1882 * DESCRIPTION: 1883 * 1884 * Returns objects as requested. 1885 * 1886 * If private objects is requested, and the caller 1887 * has not previously passed in the pin or if the pin 1888 * passed in is wrong, private objects will not 1889 * be returned. 1890 * 1891 * The buffers returned for private objects are already 1892 * decrypted. 1893 */ 1894 CK_RV 1895 soft_keystore_get_objs(ks_search_type_t search_type, 1896 ks_obj_t **result_obj_list, boolean_t lock_held) 1897 { 1898 DIR *dirp; 1899 ks_obj_handle_t ks_handle; 1900 CK_RV rv; 1901 ks_obj_t *tmp; 1902 int ks_fd; 1903 1904 *result_obj_list = NULL; 1905 1906 /* 1907 * lock the keystore description file in "read" mode so that 1908 * objects won't get added/deleted/modified while we are 1909 * doing the search 1910 */ 1911 if ((ks_fd = open_and_lock_keystore_desc(O_RDONLY, B_FALSE, 1912 B_FALSE)) < 0) { 1913 return (CKR_FUNCTION_FAILED); 1914 } 1915 1916 if ((search_type == ALL_TOKENOBJS) || (search_type == PUB_TOKENOBJS)) { 1917 1918 char pub_obj_path[MAXPATHLEN]; 1919 1920 ks_handle.public = B_TRUE; 1921 1922 if ((dirp = opendir(get_pub_obj_path(pub_obj_path))) == NULL) { 1923 (void) lock_file(ks_fd, B_TRUE, B_FALSE); 1924 (void) close(ks_fd); 1925 return (CKR_FUNCTION_FAILED); 1926 } 1927 rv = get_all_objs_in_dir(dirp, &ks_handle, result_obj_list, 1928 lock_held); 1929 if (rv != CKR_OK) { 1930 (void) closedir(dirp); 1931 goto cleanup; 1932 } 1933 1934 (void) closedir(dirp); 1935 } 1936 1937 if ((search_type == ALL_TOKENOBJS) || (search_type == PRI_TOKENOBJS)) { 1938 1939 char pri_obj_path[MAXPATHLEN]; 1940 1941 if ((enc_key == NULL) || 1942 (enc_key->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) { 1943 /* has not login - no need to go any further */ 1944 (void) lock_file(ks_fd, B_TRUE, B_FALSE); 1945 (void) close(ks_fd); 1946 return (CKR_OK); 1947 } 1948 1949 ks_handle.public = B_FALSE; 1950 1951 if ((dirp = opendir(get_pri_obj_path(pri_obj_path))) == NULL) { 1952 (void) lock_file(ks_fd, B_TRUE, B_FALSE); 1953 (void) close(ks_fd); 1954 return (CKR_OK); 1955 } 1956 rv = get_all_objs_in_dir(dirp, &ks_handle, result_obj_list, 1957 lock_held); 1958 if (rv != CKR_OK) { 1959 (void) closedir(dirp); 1960 goto cleanup; 1961 } 1962 1963 (void) closedir(dirp); 1964 } 1965 /* close the keystore description file */ 1966 (void) lock_file(ks_fd, B_TRUE, B_FALSE); 1967 (void) close(ks_fd); 1968 return (CKR_OK); 1969 cleanup: 1970 1971 /* close the keystore description file */ 1972 (void) lock_file(ks_fd, B_TRUE, B_FALSE); 1973 (void) close(ks_fd); 1974 1975 /* free all the objects found before hitting the error */ 1976 tmp = *result_obj_list; 1977 while (tmp) { 1978 *result_obj_list = tmp->next; 1979 freezero(tmp->buf, tmp->size); 1980 free(tmp); 1981 tmp = *result_obj_list; 1982 } 1983 *result_obj_list = NULL; 1984 return (rv); 1985 } 1986 1987 1988 /* 1989 * FUNCTION: soft_keystore_get_single_obj 1990 * 1991 * ARGUMENTS: 1992 * ks_handle: handle of the key store object to be accessed 1993 * lock_held: TRUE if the lock is held by caller. 1994 * 1995 * RETURN VALUE: 1996 * 1997 * NULL: if handle doesn't match any object 1998 * 1999 * Otherwise, the object is returned in 2000 * the same structure used in soft_keystore_get_objs(). 2001 * The structure need to be freed by the caller. 2002 * 2003 * DESCRIPTION: 2004 * 2005 * Retrieves the object specified by the object 2006 * handle to the caller. 2007 * 2008 * If a private object is requested, and the caller 2009 * has not previously passed in the pin or if the pin 2010 * passed in is wrong, the requested private object will not 2011 * be returned. 2012 * 2013 * The buffer returned for the requested private object 2014 * is already decrypted. 2015 */ 2016 CK_RV 2017 soft_keystore_get_single_obj(ks_obj_handle_t *ks_handle, 2018 ks_obj_t **return_obj, boolean_t lock_held) 2019 { 2020 2021 ks_obj_t *obj; 2022 uchar_t iv[OBJ_IV_SIZE], obj_hmac[OBJ_HMAC_SIZE]; 2023 uchar_t *buf, *decrypted_buf; 2024 int fd; 2025 ssize_t nread; 2026 CK_RV rv = CKR_FUNCTION_FAILED; 2027 2028 if (!(ks_handle->public)) { 2029 if ((enc_key == NULL) || 2030 (enc_key->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) { 2031 return (CKR_FUNCTION_FAILED); 2032 } 2033 } 2034 2035 if ((fd = open_and_lock_object_file(ks_handle, O_RDONLY, 2036 lock_held)) < 0) { 2037 return (CKR_FUNCTION_FAILED); 2038 } 2039 2040 obj = malloc(sizeof (ks_obj_t)); 2041 if (obj == NULL) { 2042 return (CKR_HOST_MEMORY); 2043 } 2044 2045 obj->next = NULL; 2046 2047 (void) strcpy((char *)((obj->ks_handle).name), 2048 (char *)ks_handle->name); 2049 (obj->ks_handle).public = ks_handle->public; 2050 2051 /* 1st get the version */ 2052 if (readn_nointr(fd, &(obj->obj_version), OBJ_VER_SIZE) 2053 != OBJ_VER_SIZE) { 2054 goto cleanup; 2055 } 2056 obj->obj_version = SWAP32(obj->obj_version); 2057 2058 /* Then, read the IV */ 2059 if (readn_nointr(fd, iv, OBJ_IV_SIZE) != OBJ_IV_SIZE) { 2060 goto cleanup; 2061 } 2062 2063 /* Then, read the HMAC */ 2064 if (readn_nointr(fd, obj_hmac, OBJ_HMAC_SIZE) != OBJ_HMAC_SIZE) { 2065 goto cleanup; 2066 } 2067 2068 /* read the object */ 2069 rv = read_obj_data(fd, (char **)&buf, &nread); 2070 if (rv != CKR_OK) { 2071 goto cleanup; 2072 } 2073 2074 if (ks_handle->public) { 2075 obj->size = nread; 2076 obj->buf = buf; 2077 *return_obj = obj; 2078 } else { 2079 2080 CK_ULONG out_len = 0, hmac_size; 2081 2082 /* verify HMAC of the object, make sure it matches */ 2083 hmac_size = OBJ_HMAC_SIZE; 2084 if (soft_keystore_hmac(hmac_key, B_FALSE, buf, 2085 nread, obj_hmac, &hmac_size) != CKR_OK) { 2086 freezero(buf, nread); 2087 rv = CKR_FUNCTION_FAILED; 2088 goto cleanup; 2089 } 2090 2091 /* decrypt object */ 2092 if (soft_keystore_crypt(enc_key, iv, B_FALSE, buf, nread, 2093 NULL, &out_len) != CKR_OK) { 2094 freezero(buf, nread); 2095 rv = CKR_FUNCTION_FAILED; 2096 goto cleanup; 2097 } 2098 2099 decrypted_buf = malloc(sizeof (uchar_t) * out_len); 2100 if (decrypted_buf == NULL) { 2101 freezero(buf, nread); 2102 rv = CKR_HOST_MEMORY; 2103 goto cleanup; 2104 } 2105 2106 if (soft_keystore_crypt(enc_key, iv, B_FALSE, buf, nread, 2107 decrypted_buf, &out_len) != CKR_OK) { 2108 freezero(buf, nread); 2109 freezero(decrypted_buf, out_len); 2110 rv = CKR_FUNCTION_FAILED; 2111 goto cleanup; 2112 } 2113 2114 obj->size = out_len - MAXPATHLEN; 2115 2116 /* 2117 * decrypted buf here actually contains full path name of 2118 * object plus the actual data. so, need to skip the 2119 * full pathname. 2120 * See prepare_data_for_encrypt() function in the file 2121 * to understand how and why the pathname is added. 2122 */ 2123 obj->buf = malloc(sizeof (uchar_t) * (out_len - MAXPATHLEN)); 2124 if (obj->buf == NULL) { 2125 freezero(buf, nread); 2126 freezero(decrypted_buf, out_len); 2127 rv = CKR_HOST_MEMORY; 2128 goto cleanup; 2129 } 2130 (void) memcpy(obj->buf, decrypted_buf + MAXPATHLEN, obj->size); 2131 freezero(buf, nread); 2132 freezero(decrypted_buf, out_len); 2133 *return_obj = obj; 2134 } 2135 2136 cleanup: 2137 2138 if (rv != CKR_OK) { 2139 free(obj); 2140 } 2141 2142 /* unlock the file after reading */ 2143 if (!lock_held) { 2144 (void) lock_file(fd, B_TRUE, B_FALSE); 2145 } 2146 2147 (void) close(fd); 2148 2149 return (rv); 2150 } 2151 2152 2153 /* 2154 * FUNCTION: soft_keystore_put_new_obj 2155 * 2156 * ARGUMENTS: 2157 * buf: buffer containing un-encrypted data 2158 * to be stored in keystore. 2159 * len: length of data 2160 * public: TRUE if it is a public object, 2161 * FALSE if it is private obj 2162 * lock_held: TRUE if the lock is held by caller. 2163 * keyhandle: pointer to object handle to 2164 * receive keyhandle for new object 2165 * 2166 * RETURN VALUE: 2167 * 0: object successfully stored in file 2168 * -1: some error occurred, object is not stored in file. 2169 * 2170 * DESCRIPTION: 2171 * This API is used to write a newly created token object 2172 * to keystore. 2173 * 2174 * This function does the following: 2175 * 2176 * 1) Creates a token object file based on "public" parameter. 2177 * 2) Generates a new IV and stores it in obj_meta_data_t if it is 2178 * private object. 2179 * 3) Set object version number to 1. 2180 * 4) If it is a private object, it will be encrypted before 2181 * being written to the newly created keystore token object 2182 * file. 2183 * 5) Calculates the obj_chksum in obj_meta_data_t. 2184 * 6) Calculates the pin_chksum in obj_meta_data_t. 2185 * 7) Increments the keystore version number. 2186 */ 2187 int 2188 soft_keystore_put_new_obj(uchar_t *buf, size_t len, boolean_t public, 2189 boolean_t lock_held, ks_obj_handle_t *keyhandle) 2190 { 2191 2192 int fd, tmp_ks_fd, obj_fd; 2193 unsigned int counter, version; 2194 uchar_t obj_hmac[OBJ_HMAC_SIZE]; 2195 CK_BYTE iv[OBJ_IV_SIZE]; 2196 char obj_name[MAXPATHLEN], tmp_ks_desc_name[MAXPATHLEN]; 2197 char filebuf[BUFSIZ]; 2198 char pub_obj_path[MAXPATHLEN], pri_obj_path[MAXPATHLEN], 2199 ks_desc_file[MAXPATHLEN]; 2200 CK_ULONG hmac_size; 2201 ssize_t nread; 2202 2203 if (keyhandle == NULL) { 2204 return (-1); 2205 } 2206 2207 /* if it is private object, make sure we have the key */ 2208 if (!public) { 2209 if ((enc_key == NULL) || 2210 (enc_key->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) { 2211 return (-1); 2212 } 2213 } 2214 2215 /* open keystore, and set write lock */ 2216 if ((fd = open_and_lock_keystore_desc(O_RDWR, B_FALSE, 2217 lock_held)) < 0) { 2218 return (-1); 2219 } 2220 2221 (void) get_desc_file_path(ks_desc_file); 2222 (void) get_tmp_desc_file_path(tmp_ks_desc_name); 2223 2224 /* 2225 * create a tempoary file for the keystore description 2226 * file for updating version and counter information 2227 */ 2228 tmp_ks_fd = open_nointr(tmp_ks_desc_name, 2229 O_RDWR|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 2230 if (tmp_ks_fd < 0) { 2231 (void) close(fd); 2232 return (-1); 2233 } 2234 2235 /* read and write pkcs11 version */ 2236 if (readn_nointr(fd, filebuf, KS_PKCS11_VER_SIZE) 2237 != KS_PKCS11_VER_SIZE) { 2238 goto cleanup; 2239 } 2240 2241 if (writen_nointr(tmp_ks_fd, filebuf, KS_PKCS11_VER_SIZE) 2242 != KS_PKCS11_VER_SIZE) { 2243 goto cleanup; 2244 } 2245 2246 /* get version number, and write updated number to temp file */ 2247 if (readn_nointr(fd, &version, KS_VER_SIZE) != KS_VER_SIZE) { 2248 goto cleanup; 2249 } 2250 2251 version = SWAP32(version); 2252 version++; 2253 version = SWAP32(version); 2254 2255 if (writen_nointr(tmp_ks_fd, (void *)&version, 2256 KS_VER_SIZE) != KS_VER_SIZE) { 2257 goto cleanup; 2258 } 2259 2260 /* get object count value */ 2261 if (readn_nointr(fd, &counter, KS_COUNTER_SIZE) != KS_COUNTER_SIZE) { 2262 goto cleanup; 2263 } 2264 counter = SWAP32(counter); 2265 2266 bzero(obj_name, sizeof (obj_name)); 2267 if (public) { 2268 (void) snprintf(obj_name, MAXPATHLEN, "%s/%s%d", 2269 get_pub_obj_path(pub_obj_path), OBJ_PREFIX, counter); 2270 } else { 2271 (void) snprintf(obj_name, MAXPATHLEN, "%s/%s%d", 2272 get_pri_obj_path(pri_obj_path), OBJ_PREFIX, counter); 2273 } 2274 2275 /* create object file */ 2276 obj_fd = open_nointr(obj_name, 2277 O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 2278 if (obj_fd < 0) { 2279 /* can't create object file */ 2280 goto cleanup; 2281 } 2282 2283 /* lock object file for writing */ 2284 if (lock_file(obj_fd, B_FALSE, B_TRUE) != 0) { 2285 (void) close(obj_fd); 2286 goto cleanup2; 2287 } 2288 2289 /* write object meta data */ 2290 version = SWAP32(1); 2291 if (writen_nointr(obj_fd, (void *)&version, sizeof (version)) 2292 != sizeof (version)) { 2293 goto cleanup2; 2294 } 2295 2296 if (public) { 2297 bzero(iv, sizeof (iv)); 2298 } else { 2299 /* generate an IV */ 2300 if (soft_gen_iv(iv) != CKR_OK) { 2301 goto cleanup2; 2302 } 2303 2304 } 2305 2306 if (writen_nointr(obj_fd, (void *)iv, sizeof (iv)) != sizeof (iv)) { 2307 goto cleanup2; 2308 } 2309 2310 if (public) { 2311 2312 bzero(obj_hmac, sizeof (obj_hmac)); 2313 if (writen_nointr(obj_fd, (void *)obj_hmac, 2314 sizeof (obj_hmac)) != sizeof (obj_hmac)) { 2315 goto cleanup2; 2316 } 2317 2318 if (writen_nointr(obj_fd, (char *)buf, len) != len) { 2319 goto cleanup2; 2320 } 2321 2322 } else { 2323 2324 uchar_t *encrypted_buf, *prepared_buf; 2325 CK_ULONG out_len = 0, prepared_len; 2326 2327 if (prepare_data_for_encrypt(obj_name, buf, len, 2328 &prepared_buf, &prepared_len) != 0) { 2329 goto cleanup2; 2330 } 2331 2332 if (soft_keystore_crypt(enc_key, iv, 2333 B_TRUE, prepared_buf, prepared_len, 2334 NULL, &out_len) != CKR_OK) { 2335 freezero(prepared_buf, prepared_len); 2336 goto cleanup2; 2337 } 2338 2339 encrypted_buf = malloc(out_len * sizeof (char)); 2340 if (encrypted_buf == NULL) { 2341 freezero(prepared_buf, prepared_len); 2342 goto cleanup2; 2343 } 2344 2345 if (soft_keystore_crypt(enc_key, iv, 2346 B_TRUE, prepared_buf, prepared_len, 2347 encrypted_buf, &out_len) != CKR_OK) { 2348 freezero(encrypted_buf, out_len); 2349 freezero(prepared_buf, prepared_len); 2350 goto cleanup2; 2351 } 2352 freezero(prepared_buf, prepared_len); 2353 2354 /* calculate HMAC of encrypted object */ 2355 hmac_size = OBJ_HMAC_SIZE; 2356 if (soft_keystore_hmac(hmac_key, B_TRUE, encrypted_buf, 2357 out_len, obj_hmac, &hmac_size) != CKR_OK) { 2358 freezero(encrypted_buf, out_len); 2359 goto cleanup2; 2360 } 2361 2362 if (hmac_size != OBJ_HMAC_SIZE) { 2363 freezero(encrypted_buf, out_len); 2364 goto cleanup2; 2365 } 2366 2367 /* write hmac */ 2368 if (writen_nointr(obj_fd, (void *)obj_hmac, 2369 sizeof (obj_hmac)) != sizeof (obj_hmac)) { 2370 freezero(encrypted_buf, out_len); 2371 goto cleanup2; 2372 } 2373 2374 /* write encrypted object */ 2375 if (writen_nointr(obj_fd, (void *)encrypted_buf, out_len) 2376 != out_len) { 2377 freezero(encrypted_buf, out_len); 2378 goto cleanup2; 2379 } 2380 2381 freezero(encrypted_buf, out_len); 2382 } 2383 2384 2385 (void) close(obj_fd); 2386 (void) snprintf((char *)keyhandle->name, sizeof (keyhandle->name), 2387 "obj%d", counter); 2388 keyhandle->public = public; 2389 2390 /* 2391 * store new counter to temp keystore description file. 2392 */ 2393 counter++; 2394 counter = SWAP32(counter); 2395 if (writen_nointr(tmp_ks_fd, (void *)&counter, 2396 sizeof (counter)) != sizeof (counter)) { 2397 goto cleanup2; 2398 } 2399 2400 /* read rest of keystore description file and store into temp file */ 2401 nread = readn_nointr(fd, filebuf, sizeof (filebuf)); 2402 while (nread > 0) { 2403 if (writen_nointr(tmp_ks_fd, filebuf, nread) != nread) { 2404 goto cleanup2; 2405 } 2406 nread = readn_nointr(fd, filebuf, sizeof (filebuf)); 2407 } 2408 2409 (void) close(tmp_ks_fd); 2410 (void) rename(tmp_ks_desc_name, ks_desc_file); 2411 2412 if (!lock_held) { 2413 /* release lock on description file */ 2414 if (lock_file(fd, B_FALSE, B_FALSE) != 0) { 2415 (void) close(fd); 2416 return (-1); 2417 } 2418 } 2419 (void) close(fd); 2420 explicit_bzero(obj_hmac, sizeof (obj_hmac)); 2421 explicit_bzero(iv, sizeof (iv)); 2422 return (0); 2423 2424 cleanup2: 2425 2426 /* remove object file. No need to remove lock first */ 2427 (void) unlink(obj_name); 2428 2429 cleanup: 2430 2431 (void) close(tmp_ks_fd); 2432 (void) remove(tmp_ks_desc_name); 2433 if (!lock_held) { 2434 /* release lock on description file */ 2435 (void) lock_file(fd, B_FALSE, B_FALSE); 2436 } 2437 2438 (void) close(fd); 2439 explicit_bzero(obj_hmac, sizeof (obj_hmac)); 2440 explicit_bzero(iv, sizeof (iv)); 2441 return (-1); 2442 } 2443 2444 /* 2445 * FUNCTION: soft_keystore_modify_obj 2446 * 2447 * ARGUMENTS: 2448 * ks_handle: handle of the key store object to be modified 2449 * buf: buffer containing un-encrypted data 2450 * to be modified in keystore. 2451 * len: length of data 2452 * lock_held: TRUE if the lock is held by caller. 2453 * 2454 * RETURN VALUE: 2455 * -1: if any error occurred. 2456 * Otherwise, 0 is returned. 2457 * 2458 * DESCRIPTION: 2459 * 2460 * This API is used to write a modified token object back 2461 * to keystore. This function will do the following: 2462 * 2463 * 1) If it is a private object, it will be encrypted before 2464 * being written to the corresponding keystore token 2465 * object file. 2466 * 2) Record incremented object version number. 2467 * 3) Record incremented keystore version number. 2468 */ 2469 int 2470 soft_keystore_modify_obj(ks_obj_handle_t *ks_handle, uchar_t *buf, 2471 size_t len, boolean_t lock_held) 2472 { 2473 int fd, ks_fd, tmp_fd, version; 2474 char orig_name[MAXPATHLEN], tmp_name[MAXPATHLEN], 2475 tmp_ks_name[MAXPATHLEN]; 2476 uchar_t iv[OBJ_IV_SIZE], obj_hmac[OBJ_HMAC_SIZE]; 2477 char pub_obj_path[MAXPATHLEN], pri_obj_path[MAXPATHLEN], 2478 ks_desc_file[MAXPATHLEN]; 2479 CK_ULONG hmac_size; 2480 2481 /* if it is private object, make sure we have the key */ 2482 if (!(ks_handle->public)) { 2483 if ((enc_key == NULL) || 2484 (enc_key->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) { 2485 return (-1); 2486 } 2487 } 2488 2489 /* open and lock keystore description file */ 2490 if ((ks_fd = open_and_lock_keystore_desc(O_RDWR, B_FALSE, 2491 B_FALSE)) < 0) { 2492 return (-1); 2493 } 2494 2495 (void) get_desc_file_path(ks_desc_file); 2496 2497 /* update the version of for keystore file in tempoary file */ 2498 (void) get_tmp_desc_file_path(tmp_ks_name); 2499 if (create_updated_keystore_version(ks_fd, tmp_ks_name) != 0) { 2500 /* unlock keystore description file */ 2501 (void) lock_file(ks_fd, B_FALSE, B_FALSE); 2502 (void) close(ks_fd); 2503 return (-1); 2504 } 2505 2506 /* open object file */ 2507 if ((fd = open_and_lock_object_file(ks_handle, O_RDWR, 2508 lock_held)) < 0) { 2509 goto cleanup; 2510 } 2511 2512 /* 2513 * make the change in a temporary file. Create the temp 2514 * file in the same directory as the token object. That 2515 * way, the "rename" later will be an atomic operation 2516 */ 2517 if (ks_handle->public) { 2518 (void) snprintf(orig_name, MAXPATHLEN, "%s/%s", 2519 get_pub_obj_path(pub_obj_path), ks_handle->name); 2520 (void) snprintf(tmp_name, MAXPATHLEN, "%s/%s%s", 2521 pub_obj_path, TMP_OBJ_PREFIX, 2522 (ks_handle->name) + OBJ_PREFIX_LEN); 2523 } else { 2524 (void) snprintf(orig_name, MAXPATHLEN, "%s/%s", 2525 get_pri_obj_path(pri_obj_path), ks_handle->name); 2526 (void) snprintf(tmp_name, MAXPATHLEN, "%s/%s%s", 2527 pri_obj_path, TMP_OBJ_PREFIX, 2528 (ks_handle->name) + OBJ_PREFIX_LEN); 2529 } 2530 2531 tmp_fd = open_nointr(tmp_name, 2532 O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK, S_IRUSR|S_IWUSR); 2533 if (tmp_fd < 0) { 2534 /* can't create tmp object file */ 2535 goto cleanup1; 2536 } 2537 2538 /* read version, increment, and write to tmp file */ 2539 if (readn_nointr(fd, (char *)&version, OBJ_VER_SIZE) != OBJ_VER_SIZE) { 2540 goto cleanup2; 2541 } 2542 2543 version = SWAP32(version); 2544 version++; 2545 version = SWAP32(version); 2546 2547 if (writen_nointr(tmp_fd, (char *)&version, OBJ_VER_SIZE) 2548 != OBJ_VER_SIZE) { 2549 goto cleanup2; 2550 } 2551 2552 /* generate a new IV for the object, old one can be ignored */ 2553 if (soft_gen_iv(iv) != CKR_OK) { 2554 goto cleanup2; 2555 } 2556 2557 if (writen_nointr(tmp_fd, (char *)iv, OBJ_IV_SIZE) != OBJ_IV_SIZE) { 2558 goto cleanup2; 2559 } 2560 2561 if (ks_handle->public) { 2562 2563 /* hmac is always NULL for public objects */ 2564 bzero(obj_hmac, sizeof (obj_hmac)); 2565 if (writen_nointr(tmp_fd, (char *)obj_hmac, OBJ_HMAC_SIZE) 2566 != OBJ_HMAC_SIZE) { 2567 goto cleanup2; 2568 } 2569 2570 /* write updated object */ 2571 if (writen_nointr(tmp_fd, (char *)buf, len) != len) { 2572 goto cleanup2; 2573 } 2574 2575 } else { 2576 2577 uchar_t *encrypted_buf, *prepared_buf; 2578 CK_ULONG out_len = 0, prepared_len; 2579 2580 if (prepare_data_for_encrypt(orig_name, buf, len, 2581 &prepared_buf, &prepared_len) != 0) { 2582 goto cleanup2; 2583 } 2584 2585 /* encrypt the data */ 2586 if (soft_keystore_crypt(enc_key, iv, B_TRUE, prepared_buf, 2587 prepared_len, NULL, &out_len) != CKR_OK) { 2588 free(prepared_buf); 2589 goto cleanup2; 2590 } 2591 2592 encrypted_buf = malloc(out_len * sizeof (char)); 2593 if (encrypted_buf == NULL) { 2594 freezero(prepared_buf, prepared_len); 2595 goto cleanup2; 2596 } 2597 2598 if (soft_keystore_crypt(enc_key, iv, B_TRUE, prepared_buf, 2599 prepared_len, encrypted_buf, &out_len) != CKR_OK) { 2600 freezero(prepared_buf, prepared_len); 2601 freezero(encrypted_buf, out_len); 2602 goto cleanup2; 2603 } 2604 2605 freezero(prepared_buf, prepared_len); 2606 2607 /* calculate hmac on encrypted buf */ 2608 hmac_size = OBJ_HMAC_SIZE; 2609 if (soft_keystore_hmac(hmac_key, B_TRUE, encrypted_buf, 2610 out_len, obj_hmac, &hmac_size) != CKR_OK) { 2611 freezero(encrypted_buf, out_len); 2612 goto cleanup2; 2613 } 2614 2615 if (hmac_size != OBJ_HMAC_SIZE) { 2616 freezero(encrypted_buf, out_len); 2617 goto cleanup2; 2618 } 2619 2620 if (writen_nointr(tmp_fd, (char *)obj_hmac, OBJ_HMAC_SIZE) 2621 != OBJ_HMAC_SIZE) { 2622 freezero(encrypted_buf, out_len); 2623 goto cleanup2; 2624 } 2625 2626 if (writen_nointr(tmp_fd, (void *)encrypted_buf, out_len) 2627 != out_len) { 2628 freezero(encrypted_buf, out_len); 2629 goto cleanup2; 2630 } 2631 freezero(encrypted_buf, out_len); 2632 } 2633 (void) close(tmp_fd); 2634 2635 /* rename updated temporary object file */ 2636 if (rename(tmp_name, orig_name) != 0) { 2637 (void) unlink(tmp_name); 2638 return (-1); 2639 } 2640 2641 /* rename updated keystore description file */ 2642 if (rename(tmp_ks_name, ks_desc_file) != 0) { 2643 (void) unlink(tmp_name); 2644 (void) unlink(tmp_ks_name); 2645 return (-1); 2646 } 2647 2648 /* determine need to unlock file or not */ 2649 if (!lock_held) { 2650 if (lock_file(fd, B_FALSE, B_FALSE) < 0) { 2651 (void) close(fd); 2652 (void) unlink(tmp_name); 2653 return (-1); 2654 } 2655 } 2656 2657 /* unlock keystore description file */ 2658 if (lock_file(ks_fd, B_FALSE, B_FALSE) != 0) { 2659 (void) close(ks_fd); 2660 (void) close(fd); 2661 return (-1); 2662 } 2663 2664 (void) close(ks_fd); 2665 2666 (void) close(fd); 2667 2668 explicit_bzero(iv, sizeof (iv)); 2669 explicit_bzero(obj_hmac, sizeof (obj_hmac)); 2670 return (0); /* All operations completed successfully */ 2671 2672 cleanup2: 2673 (void) close(tmp_fd); 2674 (void) remove(tmp_name); 2675 2676 cleanup1: 2677 (void) close(fd); 2678 2679 cleanup: 2680 /* unlock keystore description file */ 2681 (void) lock_file(ks_fd, B_FALSE, B_FALSE); 2682 (void) close(ks_fd); 2683 (void) remove(tmp_ks_name); 2684 explicit_bzero(iv, sizeof (iv)); 2685 explicit_bzero(obj_hmac, sizeof (obj_hmac)); 2686 return (-1); 2687 } 2688 2689 /* 2690 * FUNCTION: soft_keystore_del_obj 2691 * 2692 * ARGUMENTS: 2693 * ks_handle: handle of the key store object to be deleted 2694 * lock_held: TRUE if the lock is held by caller. 2695 * 2696 * RETURN VALUE: 2697 * -1: if any error occurred. 2698 * 0: object successfully deleted from keystore. 2699 * 2700 * DESCRIPTION: 2701 * This API is used to delete a particular token object from 2702 * the keystore. The corresponding token object file will be 2703 * removed from the file system. 2704 * Any future reference to the deleted file will 2705 * return an CKR_OBJECT_HANDLE_INVALID error. 2706 */ 2707 int 2708 soft_keystore_del_obj(ks_obj_handle_t *ks_handle, boolean_t lock_held) 2709 { 2710 char objname[MAXPATHLEN], tmp_ks_name[MAXPATHLEN]; 2711 int fd; 2712 char pub_obj_path[MAXPATHLEN], pri_obj_path[MAXPATHLEN], 2713 ks_desc_file[MAXPATHLEN]; 2714 int ret_val = -1; 2715 int obj_fd; 2716 2717 if ((fd = open_and_lock_keystore_desc(O_RDWR, B_FALSE, 2718 lock_held)) < 0) { 2719 return (-1); 2720 } 2721 2722 (void) get_desc_file_path(ks_desc_file); 2723 (void) get_tmp_desc_file_path(tmp_ks_name); 2724 if (create_updated_keystore_version(fd, tmp_ks_name) != 0) { 2725 goto cleanup; 2726 } 2727 2728 if (ks_handle->public) { 2729 (void) snprintf(objname, MAXPATHLEN, "%s/%s", 2730 get_pub_obj_path(pub_obj_path), ks_handle->name); 2731 } else { 2732 (void) snprintf(objname, MAXPATHLEN, "%s/%s", 2733 get_pri_obj_path(pri_obj_path), ks_handle->name); 2734 } 2735 2736 /* 2737 * make sure no other process is reading/writing the file 2738 * by acquiring the lock on the file 2739 */ 2740 if ((obj_fd = open_and_lock_object_file(ks_handle, O_WRONLY, 2741 B_FALSE)) < 0) { 2742 return (-1); 2743 } 2744 2745 if (unlink(objname) != 0) { 2746 (void) lock_file(obj_fd, B_FALSE, B_FALSE); 2747 (void) close(obj_fd); 2748 goto cleanup; 2749 } 2750 2751 (void) lock_file(obj_fd, B_FALSE, B_FALSE); 2752 (void) close(obj_fd); 2753 2754 if (rename(tmp_ks_name, ks_desc_file) != 0) { 2755 goto cleanup; 2756 } 2757 ret_val = 0; 2758 2759 cleanup: 2760 /* unlock keystore description file */ 2761 if (!lock_held) { 2762 if (lock_file(fd, B_FALSE, B_FALSE) != 0) { 2763 (void) close(fd); 2764 return (-1); 2765 } 2766 } 2767 2768 (void) close(fd); 2769 return (ret_val); 2770 } 2771 2772 /* 2773 * Get the salt used for generating hashed pin from the 2774 * keystore description file. 2775 * 2776 * The result will be stored in the provided buffer "salt" passed 2777 * in as an argument. 2778 * 2779 * Return 0 if no error, return -1 if there's any error. 2780 */ 2781 int 2782 soft_keystore_get_pin_salt(char **salt) 2783 { 2784 int fd, ret_val = -1; 2785 uint64_t hashed_pin_salt_size; 2786 2787 if ((fd = open_and_lock_keystore_desc(O_RDONLY, B_FALSE, 2788 B_FALSE)) < 0) { 2789 return (-1); 2790 } 2791 2792 if (lseek(fd, KS_HASHED_PIN_SALT_LEN_OFFSET, SEEK_SET) 2793 != KS_HASHED_PIN_SALT_LEN_OFFSET) { 2794 goto cleanup; 2795 } 2796 2797 if (readn_nointr(fd, (char *)&hashed_pin_salt_size, 2798 KS_HASHED_PIN_SALT_LEN_SIZE) != KS_HASHED_PIN_SALT_LEN_SIZE) { 2799 goto cleanup; 2800 } 2801 hashed_pin_salt_size = SWAP64(hashed_pin_salt_size); 2802 2803 *salt = malloc(hashed_pin_salt_size + 1); 2804 if (*salt == NULL) { 2805 goto cleanup; 2806 } 2807 2808 if ((readn_nointr(fd, *salt, hashed_pin_salt_size)) 2809 != (ssize_t)hashed_pin_salt_size) { 2810 freezero(*salt, hashed_pin_salt_size + 1); 2811 goto cleanup; 2812 } 2813 (*salt)[hashed_pin_salt_size] = '\0'; 2814 2815 ret_val = 0; 2816 2817 cleanup: 2818 if (lock_file(fd, B_TRUE, B_FALSE) < 0) { 2819 ret_val = -1; 2820 } 2821 2822 (void) close(fd); 2823 return (ret_val); 2824 } 2825 2826 /* 2827 * FUNCTION: soft_keystore_pin_initialized 2828 * 2829 * ARGUMENTS: 2830 * initialized: This value will be set to true if keystore is 2831 * initialized, and false otherwise. 2832 * hashed_pin: If the keystore is initialized, this will contain 2833 * the hashed pin. It will be NULL if the keystore 2834 * pin is not initialized. Memory allocated 2835 * for the hashed pin needs to be freed by 2836 * the caller. 2837 * lock_held: TRUE if the lock is held by caller. 2838 * 2839 * RETURN VALUE: 2840 * CKR_OK: No error 2841 * any other appropriate CKR_value 2842 * 2843 * DESCRIPTION: 2844 * This API is used to determine if the PIN in the keystore 2845 * has been initialized or not. 2846 * It makes the determination using the salt for generating the 2847 * encryption key. The salt is stored in the keystore 2848 * descryption file. The salt should be all zero if 2849 * the keystore pin has not been initialized. 2850 * If the pin has been initialized, it is returned in the 2851 * hashed_pin argument. 2852 */ 2853 CK_RV 2854 soft_keystore_pin_initialized(boolean_t *initialized, char **hashed_pin, 2855 boolean_t lock_held) 2856 { 2857 int fd; 2858 CK_BYTE crypt_salt[KS_KEY_SALT_SIZE], tmp_buf[KS_KEY_SALT_SIZE]; 2859 CK_RV ret_val = CKR_OK; 2860 2861 if ((fd = open_and_lock_keystore_desc(O_RDONLY, B_FALSE, 2862 lock_held)) < 0) { 2863 return (CKR_FUNCTION_FAILED); 2864 } 2865 2866 if (lseek(fd, KS_KEY_SALT_OFFSET, SEEK_SET) != KS_KEY_SALT_OFFSET) { 2867 ret_val = CKR_FUNCTION_FAILED; 2868 goto cleanup; 2869 } 2870 2871 if (readn_nointr(fd, (char *)crypt_salt, KS_KEY_SALT_SIZE) 2872 != KS_KEY_SALT_SIZE) { 2873 ret_val = CKR_FUNCTION_FAILED; 2874 goto cleanup; 2875 } 2876 2877 (void) bzero(tmp_buf, KS_KEY_SALT_SIZE); 2878 2879 if (memcmp(crypt_salt, tmp_buf, KS_KEY_SALT_SIZE) == 0) { 2880 *initialized = B_FALSE; 2881 hashed_pin = NULL; 2882 } else { 2883 *initialized = B_TRUE; 2884 ret_val = get_hashed_pin(fd, hashed_pin); 2885 } 2886 2887 cleanup: 2888 2889 if (!lock_held) { 2890 if (lock_file(fd, B_TRUE, B_FALSE) < 0) { 2891 ret_val = CKR_FUNCTION_FAILED; 2892 } 2893 } 2894 2895 (void) close(fd); 2896 return (ret_val); 2897 } 2898 2899 /* 2900 * This checks if the keystore file exists 2901 */ 2902 2903 static int 2904 soft_keystore_exists() 2905 { 2906 int ret; 2907 struct stat fn_stat; 2908 char *fname, ks_desc_file[MAXPATHLEN]; 2909 2910 fname = get_desc_file_path(ks_desc_file); 2911 ret = stat(fname, &fn_stat); 2912 if (ret == 0) 2913 return (0); 2914 return (errno); 2915 } 2916 2917 /* 2918 * FUNCTION: soft_keystore_init 2919 * 2920 * ARGUMENTS: 2921 * desired_state: The keystore state the caller would like 2922 * it to be. 2923 * 2924 * RETURN VALUE: 2925 * Returns the state the function is in. If it succeeded, it 2926 * will be the same as the desired, if not it will be 2927 * KEYSTORE_UNAVAILABLE. 2928 * 2929 * DESCRIPTION: 2930 * This function will only load as much keystore data as is 2931 * requested at that time. This is for performace by delaying the 2932 * reading of token objects until they are needed or never at 2933 * all if they are not used. 2934 * 2935 * Primary use is from C_InitToken(). 2936 * It is also called by soft_keystore_status() when the 2937 * "desired_state" is not the the current load state of keystore. 2938 * 2939 */ 2940 int 2941 soft_keystore_init(int desired_state) 2942 { 2943 int ret; 2944 2945 (void) pthread_mutex_lock(&soft_slot.keystore_mutex); 2946 2947 /* 2948 * If more than one session tries to initialize the keystore, the 2949 * second and other following sessions that were waiting for the lock 2950 * will quickly exit if their requirements are satisfied. 2951 */ 2952 if (desired_state <= soft_slot.keystore_load_status) { 2953 (void) pthread_mutex_unlock(&soft_slot.keystore_mutex); 2954 return (soft_slot.keystore_load_status); 2955 } 2956 2957 /* 2958 * With 'keystore_load_status' giving the current state of the 2959 * process, this switch will bring it up to the desired state if 2960 * possible. 2961 */ 2962 2963 switch (soft_slot.keystore_load_status) { 2964 case KEYSTORE_UNINITIALIZED: 2965 ret = soft_keystore_exists(); 2966 if (ret == 0) 2967 soft_slot.keystore_load_status = KEYSTORE_PRESENT; 2968 else if (ret == ENOENT) 2969 if (create_keystore() == 0) 2970 soft_slot.keystore_load_status = 2971 KEYSTORE_PRESENT; 2972 else { 2973 soft_slot.keystore_load_status = 2974 KEYSTORE_UNAVAILABLE; 2975 cryptoerror(LOG_DEBUG, 2976 "pkcs11_softtoken: " 2977 "Cannot create keystore."); 2978 break; 2979 } 2980 2981 if (desired_state <= KEYSTORE_PRESENT) 2982 break; 2983 2984 /* FALLTHRU */ 2985 case KEYSTORE_PRESENT: 2986 if (soft_keystore_get_version(&soft_slot.ks_version, B_FALSE) 2987 != 0) { 2988 soft_slot.keystore_load_status = KEYSTORE_UNAVAILABLE; 2989 cryptoerror(LOG_DEBUG, 2990 "pkcs11_softtoken: Keystore access failed."); 2991 break; 2992 } 2993 2994 soft_slot.keystore_load_status = KEYSTORE_LOAD; 2995 if (desired_state <= KEYSTORE_LOAD) 2996 break; 2997 2998 /* FALLTHRU */ 2999 case KEYSTORE_LOAD: 3000 /* Load all the public token objects from keystore */ 3001 if (soft_get_token_objects_from_keystore(PUB_TOKENOBJS) 3002 != CKR_OK) { 3003 (void) soft_destroy_token_session(); 3004 soft_slot.keystore_load_status = KEYSTORE_UNAVAILABLE; 3005 cryptoerror(LOG_DEBUG, 3006 "pkcs11_softtoken: Cannot initialize keystore."); 3007 break; 3008 } 3009 3010 soft_slot.keystore_load_status = KEYSTORE_INITIALIZED; 3011 }; 3012 3013 (void) pthread_mutex_unlock(&soft_slot.keystore_mutex); 3014 return (soft_slot.keystore_load_status); 3015 } 3016 3017 /* 3018 * FUNCTION: soft_keystore_status 3019 * 3020 * ARGUMENTS: 3021 * desired_state: The keystore state the caller would like 3022 * it to be. 3023 * 3024 * RETURN VALUE: 3025 * B_TRUE if keystore is ready and at the desired state. 3026 * B_FALSE if keystore had an error and is not available. 3027 * 3028 * DESCRIPTION: 3029 * The calling function wants to make sure the keystore load 3030 * status to in a state it requires. If it is not at that 3031 * state it will call the load function. 3032 * If keystore is at the desired state or has just been 3033 * loaded to that state, it will return TRUE. If there has been 3034 * load failure, it will return FALSE. 3035 * 3036 */ 3037 boolean_t 3038 soft_keystore_status(int desired_state) 3039 { 3040 3041 if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) 3042 return (B_FALSE); 3043 3044 return ((desired_state <= soft_slot.keystore_load_status) || 3045 (soft_keystore_init(desired_state) == desired_state)); 3046 }