1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright 2012 Joyent, Inc.  All rights reserved.
  25  *
  26  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
  27  * Copyright (c) 2014 Gary Mills
  28  * Copyright (c) 2016 Andrey Sokolov
  29  */
  30 
  31 /*
  32  * lofiadm - administer lofi(7d). Very simple, add and remove file<->device
  33  * associations, and display status. All the ioctls are private between
  34  * lofi and lofiadm, and so are very simple - device information is
  35  * communicated via a minor number.
  36  */
  37 
  38 #include <sys/types.h>
  39 #include <sys/param.h>
  40 #include <sys/lofi.h>
  41 #include <sys/stat.h>
  42 #include <sys/sysmacros.h>
  43 #include <netinet/in.h>
  44 #include <stdio.h>
  45 #include <fcntl.h>
  46 #include <locale.h>
  47 #include <string.h>
  48 #include <strings.h>
  49 #include <errno.h>
  50 #include <stdlib.h>
  51 #include <unistd.h>
  52 #include <stropts.h>
  53 #include <libdevinfo.h>
  54 #include <libgen.h>
  55 #include <ctype.h>
  56 #include <dlfcn.h>
  57 #include <limits.h>
  58 #include <security/cryptoki.h>
  59 #include <cryptoutil.h>
  60 #include <sys/crypto/ioctl.h>
  61 #include <sys/crypto/ioctladmin.h>
  62 #include "utils.h"
  63 #include <LzmaEnc.h>
  64 
  65 /* Only need the IV len #defines out of these files, nothing else. */
  66 #include <aes/aes_impl.h>
  67 #include <des/des_impl.h>
  68 #include <blowfish/blowfish_impl.h>
  69 
  70 static const char USAGE[] =
  71         "Usage: %s [-r] -a file [ device ]\n"
  72         "       %s [-r] -c crypto_algorithm -a file [device]\n"
  73         "       %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
  74         "       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
  75         "-a file [device]\n"
  76         "       %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
  77         "-k wrapped_key_file -a file [device]\n"
  78         "       %s [-r] -c crypto_algorithm -e -a file [device]\n"
  79         "       %s -d file | device\n"
  80         "       %s -C [gzip|gzip-6|gzip-9|lzma] [-s segment_size] file\n"
  81         "       %s -U file\n"
  82         "       %s [ file | device ]\n";
  83 
  84 typedef struct token_spec {
  85         char    *name;
  86         char    *mfr;
  87         char    *serno;
  88         char    *key;
  89 } token_spec_t;
  90 
  91 typedef struct mech_alias {
  92         char    *alias;
  93         CK_MECHANISM_TYPE type;
  94         char    *name;          /* for ioctl */
  95         char    *iv_name;       /* for ioctl */
  96         size_t  iv_len;         /* for ioctl */
  97         iv_method_t iv_type;    /* for ioctl */
  98         size_t  min_keysize;    /* in bytes */
  99         size_t  max_keysize;    /* in bytes */
 100         token_spec_t *token;
 101         CK_SLOT_ID slot;
 102 } mech_alias_t;
 103 
 104 static mech_alias_t mech_aliases[] = {
 105         /* Preferred one should always be listed first. */
 106         { "aes-256-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
 107             IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
 108         { "aes-192-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
 109             IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
 110         { "aes-128-cbc", CKM_AES_CBC, "CKM_AES_CBC", "CKM_AES_ECB", AES_IV_LEN,
 111             IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID) -1 },
 112         { "des3-cbc", CKM_DES3_CBC, "CKM_DES3_CBC", "CKM_DES3_ECB", DES_IV_LEN,
 113             IVM_ENC_BLKNO, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 },
 114         { "blowfish-cbc", CKM_BLOWFISH_CBC, "CKM_BLOWFISH_CBC",
 115             "CKM_BLOWFISH_ECB", BLOWFISH_IV_LEN, IVM_ENC_BLKNO, ULONG_MAX,
 116             0L, NULL, (CK_SLOT_ID)-1 }
 117         /*
 118          * A cipher without an iv requirement would look like this:
 119          * { "aes-xex", CKM_AES_XEX, "CKM_AES_XEX", NULL, 0,
 120          *    IVM_NONE, ULONG_MAX, 0L, NULL, (CK_SLOT_ID)-1 }
 121          */
 122 };
 123 
 124 int     mech_aliases_count = (sizeof (mech_aliases) / sizeof (mech_alias_t));
 125 
 126 /* Preferred cipher, if one isn't specified on command line. */
 127 #define DEFAULT_CIPHER  (&mech_aliases[0])
 128 
 129 #define DEFAULT_CIPHER_NUM      64      /* guess # kernel ciphers available */
 130 #define DEFAULT_MECHINFO_NUM    16      /* guess # kernel mechs available */
 131 #define MIN_PASSLEN             8       /* min acceptable passphrase size */
 132 
 133 static int gzip_compress(void *src, size_t srclen, void *dst,
 134         size_t *destlen, int level);
 135 static int lzma_compress(void *src, size_t srclen, void *dst,
 136         size_t *destlen, int level);
 137 
 138 lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = {
 139         {NULL,                  gzip_compress,  6,      "gzip"}, /* default */
 140         {NULL,                  gzip_compress,  6,      "gzip-6"},
 141         {NULL,                  gzip_compress,  9,      "gzip-9"},
 142         {NULL,                  lzma_compress,  0,      "lzma"}
 143 };
 144 
 145 /* For displaying lofi mappings */
 146 #define FORMAT                  "%-20s     %-30s        %s\n"
 147 
 148 #define COMPRESS_ALGORITHM      "gzip"
 149 #define COMPRESS_THRESHOLD      2048
 150 #define SEGSIZE                 131072
 151 #define BLOCK_SIZE              512
 152 #define KILOBYTE                1024
 153 #define MEGABYTE                (KILOBYTE * KILOBYTE)
 154 #define GIGABYTE                (KILOBYTE * MEGABYTE)
 155 #define LIBZ                    "libz.so.1"
 156 
 157 static void
 158 usage(const char *pname)
 159 {
 160         (void) fprintf(stderr, gettext(USAGE), pname, pname, pname,
 161             pname, pname, pname, pname, pname, pname, pname);
 162         exit(E_USAGE);
 163 }
 164 
 165 static int
 166 gzip_compress(void *src, size_t srclen, void *dst, size_t *dstlen, int level)
 167 {
 168         static int (*compress2p)(void *, ulong_t *, void *, size_t, int) = NULL;
 169         void *libz_hdl = NULL;
 170 
 171         /*
 172          * The first time we are called, attempt to dlopen()
 173          * libz.so.1 and get a pointer to the compress2() function
 174          */
 175         if (compress2p == NULL) {
 176                 if ((libz_hdl = openlib(LIBZ)) == NULL)
 177                         die(gettext("could not find %s. "
 178                             "gzip compression unavailable\n"), LIBZ);
 179 
 180                 if ((compress2p =
 181                     (int (*)(void *, ulong_t *, void *, size_t, int))
 182                     dlsym(libz_hdl, "compress2")) == NULL) {
 183                         closelib();
 184                         die(gettext("could not find the correct %s. "
 185                             "gzip compression unavailable\n"), LIBZ);
 186                 }
 187         }
 188 
 189         if ((*compress2p)(dst, (ulong_t *)dstlen, src, srclen, level) != 0)
 190                 return (-1);
 191         return (0);
 192 }
 193 
 194 /*ARGSUSED*/
 195 static void
 196 *SzAlloc(void *p, size_t size)
 197 {
 198         return (malloc(size));
 199 }
 200 
 201 /*ARGSUSED*/
 202 static void
 203 SzFree(void *p, void *address, size_t size)
 204 {
 205         free(address);
 206 }
 207 
 208 static ISzAlloc g_Alloc = {
 209         SzAlloc,
 210         SzFree
 211 };
 212 
 213 #define LZMA_UNCOMPRESSED_SIZE  8
 214 #define LZMA_HEADER_SIZE (LZMA_PROPS_SIZE + LZMA_UNCOMPRESSED_SIZE)
 215 
 216 /*ARGSUSED*/
 217 static int
 218 lzma_compress(void *src, size_t srclen, void *dst,
 219         size_t *dstlen, int level)
 220 {
 221         CLzmaEncProps props;
 222         size_t outsize2;
 223         size_t outsizeprocessed;
 224         size_t outpropssize = LZMA_PROPS_SIZE;
 225         uint64_t t = 0;
 226         SRes res;
 227         Byte *dstp;
 228         int i;
 229 
 230         outsize2 = *dstlen;
 231 
 232         LzmaEncProps_Init(&props);
 233 
 234         /*
 235          * The LZMA compressed file format is as follows -
 236          *
 237          * Offset Size(bytes) Description
 238          * 0            1       LZMA properties (lc, lp, lp (encoded))
 239          * 1            4       Dictionary size (little endian)
 240          * 5            8       Uncompressed size (little endian)
 241          * 13                   Compressed data
 242          */
 243 
 244         /* set the dictionary size to be 8MB */
 245         props.dictSize = 1 << 23;
 246 
 247         if (*dstlen < LZMA_HEADER_SIZE)
 248                 return (SZ_ERROR_OUTPUT_EOF);
 249 
 250         dstp = (Byte *)dst;
 251         t = srclen;
 252         /*
 253          * Set the uncompressed size in the LZMA header
 254          * The LZMA properties (specified in 'props')
 255          * will be set by the call to LzmaEncode()
 256          */
 257         for (i = 0; i < LZMA_UNCOMPRESSED_SIZE; i++, t >>= 8) {
 258                 dstp[LZMA_PROPS_SIZE + i] = (Byte)t;
 259         }
 260 
 261         outsizeprocessed = outsize2 - LZMA_HEADER_SIZE;
 262         res = LzmaEncode(dstp + LZMA_HEADER_SIZE, &outsizeprocessed,
 263             src, srclen, &props, dstp, &outpropssize, 0, NULL,
 264             &g_Alloc, &g_Alloc);
 265 
 266         if (res != 0)
 267                 return (-1);
 268 
 269         *dstlen = outsizeprocessed + LZMA_HEADER_SIZE;
 270         return (0);
 271 }
 272 
 273 /*
 274  * Translate a lofi device name to a minor number. We might be asked
 275  * to do this when there is no association (such as when the user specifies
 276  * a particular device), so we can only look at the string.
 277  */
 278 static int
 279 name_to_minor(const char *devicename)
 280 {
 281         int     minor;
 282 
 283         if (sscanf(devicename, "/dev/" LOFI_BLOCK_NAME "/%d", &minor) == 1) {
 284                 return (minor);
 285         }
 286         if (sscanf(devicename, "/dev/" LOFI_CHAR_NAME "/%d", &minor) == 1) {
 287                 return (minor);
 288         }
 289         return (0);
 290 }
 291 
 292 /*
 293  * This might be the first time we've used this minor number. If so,
 294  * it might also be that the /dev links are in the process of being created
 295  * by devfsadmd (or that they'll be created "soon"). We cannot return
 296  * until they're there or the invoker of lofiadm might try to use them
 297  * and not find them. This can happen if a shell script is running on
 298  * an MP.
 299  */
 300 static int sleeptime = 2;       /* number of seconds to sleep between stat's */
 301 static int maxsleep = 120;      /* maximum number of seconds to sleep */
 302 
 303 static void
 304 wait_until_dev_complete(int minor)
 305 {
 306         struct stat64 buf;
 307         int     cursleep;
 308         char    blkpath[MAXPATHLEN];
 309         char    charpath[MAXPATHLEN];
 310         di_devlink_handle_t hdl;
 311 
 312         (void) snprintf(blkpath, sizeof (blkpath), "/dev/%s/%d",
 313             LOFI_BLOCK_NAME, minor);
 314         (void) snprintf(charpath, sizeof (charpath), "/dev/%s/%d",
 315             LOFI_CHAR_NAME, minor);
 316 
 317         /* Check if links already present */
 318         if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
 319                 return;
 320 
 321         /* First use di_devlink_init() */
 322         if (hdl = di_devlink_init("lofi", DI_MAKE_LINK)) {
 323                 (void) di_devlink_fini(&hdl);
 324                 goto out;
 325         }
 326 
 327         /*
 328          * Under normal conditions, di_devlink_init(DI_MAKE_LINK) above will
 329          * only fail if the caller is non-root. In that case, wait for
 330          * link creation via sysevents.
 331          */
 332         for (cursleep = 0; cursleep < maxsleep; cursleep += sleeptime) {
 333                 if (stat64(blkpath, &buf) == 0 && stat64(charpath, &buf) == 0)
 334                         return;
 335                 (void) sleep(sleeptime);
 336         }
 337 
 338         /* one last try */
 339 out:
 340         if (stat64(blkpath, &buf) == -1) {
 341                 die(gettext("%s was not created"), blkpath);
 342         }
 343         if (stat64(charpath, &buf) == -1) {
 344                 die(gettext("%s was not created"), charpath);
 345         }
 346 }
 347 
 348 /*
 349  * Map the file and return the minor number the driver picked for the file
 350  * DO NOT use this function if the filename is actually the device name.
 351  */
 352 static int
 353 lofi_map_file(int lfd, struct lofi_ioctl li, const char *filename)
 354 {
 355         int     minor;
 356 
 357         li.li_minor = 0;
 358         (void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
 359         minor = ioctl(lfd, LOFI_MAP_FILE, &li);
 360         if (minor == -1) {
 361                 if (errno == ENOTSUP)
 362                         warn(gettext("encrypting compressed files is "
 363                             "unsupported"));
 364                 die(gettext("could not map file %s"), filename);
 365         }
 366         wait_until_dev_complete(minor);
 367         return (minor);
 368 }
 369 
 370 /*
 371  * Add a device association. If devicename is NULL, let the driver
 372  * pick a device.
 373  */
 374 static void
 375 add_mapping(int lfd, const char *devicename, const char *filename,
 376     mech_alias_t *cipher, const char *rkey, size_t rksz, boolean_t rdonly)
 377 {
 378         struct lofi_ioctl li;
 379 
 380         li.li_readonly = rdonly;
 381 
 382         li.li_crypto_enabled = B_FALSE;
 383         if (cipher != NULL) {
 384                 /* set up encryption for mapped file */
 385                 li.li_crypto_enabled = B_TRUE;
 386                 (void) strlcpy(li.li_cipher, cipher->name,
 387                     sizeof (li.li_cipher));
 388                 if (rksz > sizeof (li.li_key)) {
 389                         die(gettext("key too large"));
 390                 }
 391                 bcopy(rkey, li.li_key, rksz);
 392                 li.li_key_len = rksz << 3;        /* convert to bits */
 393 
 394                 li.li_iv_type = cipher->iv_type;
 395                 li.li_iv_len = cipher->iv_len;       /* 0 when no iv needed */
 396                 switch (cipher->iv_type) {
 397                 case IVM_ENC_BLKNO:
 398                         (void) strlcpy(li.li_iv_cipher, cipher->iv_name,
 399                             sizeof (li.li_iv_cipher));
 400                         break;
 401                 case IVM_NONE:
 402                         /* FALLTHROUGH */
 403                 default:
 404                         break;
 405                 }
 406         }
 407 
 408         if (devicename == NULL) {
 409                 int     minor;
 410 
 411                 /* pick one via the driver */
 412                 minor = lofi_map_file(lfd, li, filename);
 413                 /* if mapping succeeds, print the one picked */
 414                 (void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, minor);
 415                 return;
 416         }
 417 
 418         /* use device we were given */
 419         li.li_minor = name_to_minor(devicename);
 420         if (li.li_minor == 0) {
 421                 die(gettext("malformed device name %s\n"), devicename);
 422         }
 423         (void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
 424 
 425         /* if device is already in use li.li_minor won't change */
 426         if (ioctl(lfd, LOFI_MAP_FILE_MINOR, &li) == -1) {
 427                 if (errno == ENOTSUP)
 428                         warn(gettext("encrypting compressed files is "
 429                             "unsupported"));
 430                 die(gettext("could not map file %s to %s"), filename,
 431                     devicename);
 432         }
 433         wait_until_dev_complete(li.li_minor);
 434 }
 435 
 436 /*
 437  * Remove an association. Delete by device name if non-NULL, or by
 438  * filename otherwise.
 439  */
 440 static void
 441 delete_mapping(int lfd, const char *devicename, const char *filename,
 442     boolean_t force)
 443 {
 444         struct lofi_ioctl li;
 445 
 446         li.li_force = force;
 447         li.li_cleanup = B_FALSE;
 448 
 449         if (devicename == NULL) {
 450                 /* delete by filename */
 451                 (void) strlcpy(li.li_filename, filename,
 452                     sizeof (li.li_filename));
 453                 li.li_minor = 0;
 454                 if (ioctl(lfd, LOFI_UNMAP_FILE, &li) == -1) {
 455                         die(gettext("could not unmap file %s"), filename);
 456                 }
 457                 return;
 458         }
 459 
 460         /* delete by device */
 461         li.li_minor = name_to_minor(devicename);
 462         if (li.li_minor == 0) {
 463                 die(gettext("malformed device name %s\n"), devicename);
 464         }
 465         if (ioctl(lfd, LOFI_UNMAP_FILE_MINOR, &li) == -1) {
 466                 die(gettext("could not unmap device %s"), devicename);
 467         }
 468 }
 469 
 470 /*
 471  * Show filename given devicename, or devicename given filename.
 472  */
 473 static void
 474 print_one_mapping(int lfd, const char *devicename, const char *filename)
 475 {
 476         struct lofi_ioctl li;
 477 
 478         if (devicename == NULL) {
 479                 /* given filename, print devicename */
 480                 li.li_minor = 0;
 481                 (void) strlcpy(li.li_filename, filename,
 482                     sizeof (li.li_filename));
 483                 if (ioctl(lfd, LOFI_GET_MINOR, &li) == -1) {
 484                         die(gettext("could not find device for %s"), filename);
 485                 }
 486                 (void) printf("/dev/%s/%d\n", LOFI_BLOCK_NAME, li.li_minor);
 487                 return;
 488         }
 489 
 490         /* given devicename, print filename */
 491         li.li_minor = name_to_minor(devicename);
 492         if (li.li_minor == 0) {
 493                 die(gettext("malformed device name %s\n"), devicename);
 494         }
 495         if (ioctl(lfd, LOFI_GET_FILENAME, &li) == -1) {
 496                 die(gettext("could not find filename for %s"), devicename);
 497         }
 498         (void) printf("%s\n", li.li_filename);
 499 }
 500 
 501 /*
 502  * Print the list of all the mappings, including a header.
 503  */
 504 static void
 505 print_mappings(int fd)
 506 {
 507         struct lofi_ioctl li;
 508         int     minor;
 509         int     maxminor;
 510         char    path[MAXPATHLEN];
 511         char    options[MAXPATHLEN] = { 0 };
 512 
 513         li.li_minor = 0;
 514         if (ioctl(fd, LOFI_GET_MAXMINOR, &li) == -1) {
 515                 die("ioctl");
 516         }
 517         maxminor = li.li_minor;
 518 
 519         (void) printf(FORMAT, gettext("Block Device"), gettext("File"),
 520             gettext("Options"));
 521         for (minor = 1; minor <= maxminor; minor++) {
 522                 li.li_minor = minor;
 523                 if (ioctl(fd, LOFI_GET_FILENAME, &li) == -1) {
 524                         if (errno == ENXIO)
 525                                 continue;
 526                         warn("ioctl");
 527                         break;
 528                 }
 529                 (void) snprintf(path, sizeof (path), "/dev/%s/%d",
 530                     LOFI_BLOCK_NAME, minor);
 531 
 532                 options[0] = '\0';
 533 
 534                 /*
 535                  * Encrypted lofi and compressed lofi are mutually exclusive.
 536                  */
 537                 if (li.li_crypto_enabled)
 538                         (void) snprintf(options, sizeof (options),
 539                             gettext("Encrypted"));
 540                 else if (li.li_algorithm[0] != '\0')
 541                         (void) snprintf(options, sizeof (options),
 542                             gettext("Compressed(%s)"), li.li_algorithm);
 543                 if (li.li_readonly) {
 544                         if (strlen(options) != 0) {
 545                                 (void) strlcat(options, ",", sizeof (options));
 546                                 (void) strlcat(options, "Readonly",
 547                                     sizeof (options));
 548                         } else {
 549                                 (void) snprintf(options, sizeof (options),
 550                                     gettext("Readonly"));
 551                         }
 552                 }
 553                 if (strlen(options) == 0)
 554                         (void) snprintf(options, sizeof (options), "-");
 555 
 556                 (void) printf(FORMAT, path, li.li_filename, options);
 557         }
 558 }
 559 
 560 /*
 561  * Verify the cipher selected by user.
 562  */
 563 static mech_alias_t *
 564 ciph2mech(const char *alias)
 565 {
 566         int     i;
 567 
 568         for (i = 0; i < mech_aliases_count; i++) {
 569                 if (strcasecmp(alias, mech_aliases[i].alias) == 0)
 570                         return (&mech_aliases[i]);
 571         }
 572         return (NULL);
 573 }
 574 
 575 /*
 576  * Verify user selected cipher is also available in kernel.
 577  *
 578  * While traversing kernel list of mechs, if the cipher is supported in the
 579  * kernel for both encryption and decryption, it also picks up the min/max
 580  * key size.
 581  */
 582 static boolean_t
 583 kernel_cipher_check(mech_alias_t *cipher)
 584 {
 585         boolean_t ciph_ok = B_FALSE;
 586         boolean_t iv_ok = B_FALSE;
 587         int     i;
 588         int     count;
 589         crypto_get_mechanism_list_t *kciphers = NULL;
 590         crypto_get_all_mechanism_info_t *kinfo = NULL;
 591         int     fd = -1;
 592         size_t  keymin;
 593         size_t  keymax;
 594 
 595         /* if cipher doesn't need iv generating mech, bypass that check now */
 596         if (cipher->iv_name == NULL)
 597                 iv_ok = B_TRUE;
 598 
 599         /* allocate some space for the list of kernel ciphers */
 600         count = DEFAULT_CIPHER_NUM;
 601         kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
 602             sizeof (crypto_mech_name_t) * (count - 1));
 603         if (kciphers == NULL)
 604                 die(gettext("failed to allocate memory for list of "
 605                     "kernel mechanisms"));
 606         kciphers->ml_count = count;
 607 
 608         /* query crypto device to get list of kernel ciphers */
 609         if ((fd = open("/dev/crypto", O_RDWR)) == -1) {
 610                 warn(gettext("failed to open %s"), "/dev/crypto");
 611                 goto kcc_out;
 612         }
 613 
 614         if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
 615                 warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
 616                 goto kcc_out;
 617         }
 618 
 619         if (kciphers->ml_return_value == CRYPTO_BUFFER_TOO_SMALL) {
 620                 count = kciphers->ml_count;
 621                 free(kciphers);
 622                 kciphers = malloc(sizeof (crypto_get_mechanism_list_t) +
 623                     sizeof (crypto_mech_name_t) * (count - 1));
 624                 if (kciphers == NULL) {
 625                         warn(gettext("failed to allocate memory for list of "
 626                             "kernel mechanisms"));
 627                         goto kcc_out;
 628                 }
 629                 kciphers->ml_count = count;
 630 
 631                 if (ioctl(fd, CRYPTO_GET_MECHANISM_LIST, kciphers) == -1) {
 632                         warn(gettext("CRYPTO_GET_MECHANISM_LIST ioctl failed"));
 633                         goto kcc_out;
 634                 }
 635         }
 636 
 637         if (kciphers->ml_return_value != CRYPTO_SUCCESS) {
 638                 warn(gettext(
 639                     "CRYPTO_GET_MECHANISM_LIST ioctl return value = %d\n"),
 640                     kciphers->ml_return_value);
 641                 goto kcc_out;
 642         }
 643 
 644         /*
 645          * scan list of kernel ciphers looking for the selected one and if
 646          * it needs an iv generated using another cipher, also look for that
 647          * additional cipher to be used for generating the iv
 648          */
 649         count = kciphers->ml_count;
 650         for (i = 0; i < count && !(ciph_ok && iv_ok); i++) {
 651                 if (!ciph_ok &&
 652                     strcasecmp(cipher->name, kciphers->ml_list[i]) == 0)
 653                         ciph_ok = B_TRUE;
 654                 if (!iv_ok &&
 655                     strcasecmp(cipher->iv_name, kciphers->ml_list[i]) == 0)
 656                         iv_ok = B_TRUE;
 657         }
 658         free(kciphers);
 659         kciphers = NULL;
 660 
 661         if (!ciph_ok)
 662                 warn(gettext("%s mechanism not supported in kernel\n"),
 663                     cipher->name);
 664         if (!iv_ok)
 665                 warn(gettext("%s mechanism not supported in kernel\n"),
 666                     cipher->iv_name);
 667 
 668         if (ciph_ok) {
 669                 /* Get the details about the user selected cipher */
 670                 count = DEFAULT_MECHINFO_NUM;
 671                 kinfo = malloc(sizeof (crypto_get_all_mechanism_info_t) +
 672                     sizeof (crypto_mechanism_info_t) * (count - 1));
 673                 if (kinfo == NULL) {
 674                         warn(gettext("failed to allocate memory for "
 675                             "kernel mechanism info"));
 676                         goto kcc_out;
 677                 }
 678                 kinfo->mi_count = count;
 679                 (void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
 680                     CRYPTO_MAX_MECH_NAME);
 681 
 682                 if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) == -1) {
 683                         warn(gettext(
 684                             "CRYPTO_GET_ALL_MECHANISM_INFO ioctl failed"));
 685                         goto kcc_out;
 686                 }
 687 
 688                 if (kinfo->mi_return_value == CRYPTO_BUFFER_TOO_SMALL) {
 689                         count = kinfo->mi_count;
 690                         free(kinfo);
 691                         kinfo = malloc(
 692                             sizeof (crypto_get_all_mechanism_info_t) +
 693                             sizeof (crypto_mechanism_info_t) * (count - 1));
 694                         if (kinfo == NULL) {
 695                                 warn(gettext("failed to allocate memory for "
 696                                     "kernel mechanism info"));
 697                                 goto kcc_out;
 698                         }
 699                         kinfo->mi_count = count;
 700                         (void) strlcpy(kinfo->mi_mechanism_name, cipher->name,
 701                             CRYPTO_MAX_MECH_NAME);
 702 
 703                         if (ioctl(fd, CRYPTO_GET_ALL_MECHANISM_INFO, kinfo) ==
 704                             -1) {
 705                                 warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO "
 706                                     "ioctl failed"));
 707                                 goto kcc_out;
 708                         }
 709                 }
 710 
 711                 if (kinfo->mi_return_value != CRYPTO_SUCCESS) {
 712                         warn(gettext("CRYPTO_GET_ALL_MECHANISM_INFO ioctl "
 713                             "return value = %d\n"), kinfo->mi_return_value);
 714                         goto kcc_out;
 715                 }
 716 
 717                 /* Set key min and max size */
 718                 count = kinfo->mi_count;
 719                 i = 0;
 720                 if (i < count) {
 721                         keymin = kinfo->mi_list[i].mi_min_key_size;
 722                         keymax = kinfo->mi_list[i].mi_max_key_size;
 723                         if (kinfo->mi_list[i].mi_keysize_unit &
 724                             CRYPTO_KEYSIZE_UNIT_IN_BITS) {
 725                                 keymin = CRYPTO_BITS2BYTES(keymin);
 726                                 keymax = CRYPTO_BITS2BYTES(keymax);
 727 
 728                         }
 729                         cipher->min_keysize = keymin;
 730                         cipher->max_keysize = keymax;
 731                 }
 732                 free(kinfo);
 733                 kinfo = NULL;
 734 
 735                 if (i == count) {
 736                         (void) close(fd);
 737                         die(gettext(
 738                             "failed to find usable %s kernel mechanism, "
 739                             "use \"cryptoadm list -m\" to find available "
 740                             "mechanisms\n"),
 741                             cipher->name);
 742                 }
 743         }
 744 
 745         /* Note: key min/max, unit size, usage for iv cipher are not checked. */
 746 
 747         return (ciph_ok && iv_ok);
 748 
 749 kcc_out:
 750         if (kinfo != NULL)
 751                 free(kinfo);
 752         if (kciphers != NULL)
 753                 free(kciphers);
 754         if (fd != -1)
 755                 (void) close(fd);
 756         return (B_FALSE);
 757 }
 758 
 759 /*
 760  * Break up token spec into its components (non-destructive)
 761  */
 762 static token_spec_t *
 763 parsetoken(char *spec)
 764 {
 765 #define FLD_NAME        0
 766 #define FLD_MANUF       1
 767 #define FLD_SERIAL      2
 768 #define FLD_LABEL       3
 769 #define NFIELDS         4
 770 #define nullfield(i)    ((field[(i)+1] - field[(i)]) <= 1)
 771 #define copyfield(fld, i)       \
 772                 {                                                       \
 773                         int     n;                                      \
 774                         (fld) = NULL;                                   \
 775                         if ((n = (field[(i)+1] - field[(i)])) > 1) { \
 776                                 if (((fld) = malloc(n)) != NULL) {      \
 777                                         (void) strncpy((fld), field[(i)], n); \
 778                                         ((fld))[n - 1] = '\0';          \
 779                                 }                                       \
 780                         }                                               \
 781                 }
 782 
 783         int     i;
 784         char    *field[NFIELDS + 1];    /* +1 to catch extra delimiters */
 785         token_spec_t *ti = NULL;
 786 
 787         if (spec == NULL)
 788                 return (NULL);
 789 
 790         /*
 791          * Correct format is "[name]:[manuf]:[serial]:key". Can't use
 792          * strtok because it treats ":::key" and "key:::" and "key" all
 793          * as the same thing, and we can't have the :s compressed away.
 794          */
 795         field[0] = spec;
 796         for (i = 1; i < NFIELDS + 1; i++) {
 797                 field[i] = strchr(field[i-1], ':');
 798                 if (field[i] == NULL)
 799                         break;
 800                 field[i]++;
 801         }
 802         if (i < NFIELDS)             /* not enough fields */
 803                 return (NULL);
 804         if (field[NFIELDS] != NULL)     /* too many fields */
 805                 return (NULL);
 806         field[NFIELDS] = strchr(field[NFIELDS-1], '\0') + 1;
 807 
 808         /* key label can't be empty */
 809         if (nullfield(FLD_LABEL))
 810                 return (NULL);
 811 
 812         ti = malloc(sizeof (token_spec_t));
 813         if (ti == NULL)
 814                 return (NULL);
 815 
 816         copyfield(ti->name, FLD_NAME);
 817         copyfield(ti->mfr, FLD_MANUF);
 818         copyfield(ti->serno, FLD_SERIAL);
 819         copyfield(ti->key, FLD_LABEL);
 820 
 821         /*
 822          * If token specified and it only contains a key label, then
 823          * search all tokens for the key, otherwise only those with
 824          * matching name, mfr, and serno are used.
 825          */
 826         /*
 827          * That's how we'd like it to be, however, if only the key label
 828          * is specified, default to using softtoken.  It's easier.
 829          */
 830         if (ti->name == NULL && ti->mfr == NULL && ti->serno == NULL)
 831                 ti->name = strdup(pkcs11_default_token());
 832         return (ti);
 833 }
 834 
 835 /*
 836  * PBE the passphrase into a raw key
 837  */
 838 static void
 839 getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
 840 {
 841         CK_SESSION_HANDLE sess;
 842         CK_RV   rv;
 843         char    *pass = NULL;
 844         size_t  passlen = 0;
 845         void    *salt = NULL;   /* don't use NULL, see note on salt below */
 846         size_t  saltlen = 0;
 847         CK_KEY_TYPE ktype;
 848         void    *kvalue;
 849         size_t  klen;
 850 
 851         /* did init_crypto find a slot that supports this cipher? */
 852         if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
 853                 rv = CKR_MECHANISM_INVALID;
 854                 goto cleanup;
 855         }
 856 
 857         rv = pkcs11_mech2keytype(cipher->type, &ktype);
 858         if (rv != CKR_OK)
 859                 goto cleanup;
 860 
 861         /*
 862          * use the passphrase to generate a PBE PKCS#5 secret key and
 863          * retrieve the raw key data to eventually pass it to the kernel;
 864          */
 865         rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
 866         if (rv != CKR_OK)
 867                 goto cleanup;
 868 
 869         /* get user passphrase with 8 byte minimum */
 870         if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
 871                 die(gettext("passphrases do not match\n"));
 872         }
 873 
 874         /*
 875          * salt should not be NULL, or else pkcs11_PasswdToKey() will
 876          * complain about CKR_MECHANISM_PARAM_INVALID; the following is
 877          * to make up for not having a salt until a proper one is used
 878          */
 879         salt = pass;
 880         saltlen = passlen;
 881 
 882         klen = cipher->max_keysize;
 883         rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
 884             cipher->max_keysize, &kvalue, &klen);
 885 
 886         (void) C_CloseSession(sess);
 887 
 888         if (rv != CKR_OK) {
 889                 goto cleanup;
 890         }
 891 
 892         /* assert(klen == cipher->max_keysize); */
 893         *raw_key_sz = klen;
 894         *raw_key = (char *)kvalue;
 895         return;
 896 
 897 cleanup:
 898         die(gettext("failed to generate %s key from passphrase: %s"),
 899             cipher->alias, pkcs11_strerror(rv));
 900 }
 901 
 902 /*
 903  * Read raw key from file; also handles ephemeral keys.
 904  */
 905 void
 906 getkeyfromfile(const char *pathname, mech_alias_t *cipher, char **key,
 907     size_t *ksz)
 908 {
 909         int     fd;
 910         struct stat sbuf;
 911         boolean_t notplain = B_FALSE;
 912         ssize_t cursz;
 913         ssize_t nread;
 914 
 915         /* ephemeral keys are just random data */
 916         if (pathname == NULL) {
 917                 *ksz = cipher->max_keysize;
 918                 *key = malloc(*ksz);
 919                 if (*key == NULL)
 920                         die(gettext("failed to allocate memory for"
 921                             " ephemeral key"));
 922                 if (pkcs11_get_urandom(*key, *ksz) < 0) {
 923                         free(*key);
 924                         die(gettext("failed to get enough random data"));
 925                 }
 926                 return;
 927         }
 928 
 929         /*
 930          * If the remaining section of code didn't also check for secure keyfile
 931          * permissions and whether the key is within cipher min and max lengths,
 932          * (or, if those things moved out of this block), we could have had:
 933          *      if (pkcs11_read_data(pathname, key, ksz) < 0)
 934          *              handle_error();
 935          */
 936 
 937         if ((fd = open(pathname, O_RDONLY, 0)) == -1)
 938                 die(gettext("open of keyfile (%s) failed"), pathname);
 939 
 940         if (fstat(fd, &sbuf) == -1)
 941                 die(gettext("fstat of keyfile (%s) failed"), pathname);
 942 
 943         if (S_ISREG(sbuf.st_mode)) {
 944                 if ((sbuf.st_mode & (S_IWGRP | S_IWOTH)) != 0)
 945                         die(gettext("insecure permissions on keyfile %s\n"),
 946                             pathname);
 947 
 948                 *ksz = sbuf.st_size;
 949                 if (*ksz < cipher->min_keysize || cipher->max_keysize < *ksz) {
 950                         warn(gettext("%s: invalid keysize: %d\n"),
 951                             pathname, (int)*ksz);
 952                         die(gettext("\t%d <= keysize <= %d\n"),
 953                             cipher->min_keysize, cipher->max_keysize);
 954                 }
 955         } else {
 956                 *ksz = cipher->max_keysize;
 957                 notplain = B_TRUE;
 958         }
 959 
 960         *key = malloc(*ksz);
 961         if (*key == NULL)
 962                 die(gettext("failed to allocate memory for key from file"));
 963 
 964         for (cursz = 0, nread = 0; cursz < *ksz; cursz += nread) {
 965                 nread = read(fd, *key, *ksz);
 966                 if (nread > 0)
 967                         continue;
 968                 /*
 969                  * nread == 0.  If it's not a regular file we were trying to
 970                  * get the maximum keysize of data possible for this cipher.
 971                  * But if we've got at least the minimum keysize of data,
 972                  * round down to the nearest keysize unit and call it good.
 973                  * If we haven't met the minimum keysize, that's an error.
 974                  * If it's a regular file, nread = 0 is also an error.
 975                  */
 976                 if (nread == 0 && notplain && cursz >= cipher->min_keysize) {
 977                         *ksz = (cursz / cipher->min_keysize) *
 978                             cipher->min_keysize;
 979                         break;
 980                 }
 981                 die(gettext("%s: can't read all keybytes"), pathname);
 982         }
 983         (void) close(fd);
 984 }
 985 
 986 /*
 987  * Read the raw key from token, or from a file that was wrapped with a
 988  * key from token
 989  */
 990 void
 991 getkeyfromtoken(CK_SESSION_HANDLE sess,
 992     token_spec_t *token, const char *keyfile, mech_alias_t *cipher,
 993     char **raw_key, size_t *raw_key_sz)
 994 {
 995         CK_RV   rv = CKR_OK;
 996         CK_BBOOL trueval = B_TRUE;
 997         CK_OBJECT_CLASS kclass;         /* secret key or RSA private key */
 998         CK_KEY_TYPE ktype;              /* from selected cipher or CKK_RSA */
 999         CK_KEY_TYPE raw_ktype;          /* from selected cipher */
1000         CK_ATTRIBUTE    key_tmpl[] = {
1001                 { CKA_CLASS, NULL, 0 }, /* re-used for token key and unwrap */
1002                 { CKA_KEY_TYPE, NULL, 0 },      /* ditto */
1003                 { CKA_LABEL, NULL, 0 },
1004                 { CKA_TOKEN, NULL, 0 },
1005                 { CKA_PRIVATE, NULL, 0 }
1006             };
1007         CK_ULONG attrs = sizeof (key_tmpl) / sizeof (CK_ATTRIBUTE);
1008         int     i;
1009         char    *pass = NULL;
1010         size_t  passlen = 0;
1011         CK_OBJECT_HANDLE obj, rawobj;
1012         CK_ULONG num_objs = 1;          /* just want to find 1 token key */
1013         CK_MECHANISM unwrap = { CKM_RSA_PKCS, NULL, 0 };
1014         char    *rkey;
1015         size_t  rksz;
1016 
1017         if (token == NULL || token->key == NULL)
1018                 return;
1019 
1020         /* did init_crypto find a slot that supports this cipher? */
1021         if (cipher->slot == (CK_SLOT_ID)-1 || cipher->max_keysize == 0) {
1022                 die(gettext("failed to find any cryptographic provider, "
1023                     "use \"cryptoadm list -p\" to find providers: %s\n"),
1024                     pkcs11_strerror(CKR_MECHANISM_INVALID));
1025         }
1026 
1027         if (pkcs11_get_pass(token->name, &pass, &passlen, 0, B_FALSE) < 0)
1028                 die(gettext("unable to get passphrase"));
1029 
1030         /* use passphrase to login to token */
1031         if (pass != NULL && passlen > 0) {
1032                 rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)pass, passlen);
1033                 if (rv != CKR_OK) {
1034                         die(gettext("cannot login to the token %s: %s\n"),
1035                             token->name, pkcs11_strerror(rv));
1036                 }
1037         }
1038 
1039         rv = pkcs11_mech2keytype(cipher->type, &raw_ktype);
1040         if (rv != CKR_OK) {
1041                 die(gettext("failed to get key type for cipher %s: %s\n"),
1042                     cipher->name, pkcs11_strerror(rv));
1043         }
1044 
1045         /*
1046          * If no keyfile was given, then the token key is secret key to
1047          * be used for encryption/decryption.  Otherwise, the keyfile
1048          * contains a wrapped secret key, and the token is actually the
1049          * unwrapping RSA private key.
1050          */
1051         if (keyfile == NULL) {
1052                 kclass = CKO_SECRET_KEY;
1053                 ktype = raw_ktype;
1054         } else {
1055                 kclass = CKO_PRIVATE_KEY;
1056                 ktype = CKK_RSA;
1057         }
1058 
1059         /* Find the key in the token first */
1060         for (i = 0; i < attrs; i++) {
1061                 switch (key_tmpl[i].type) {
1062                 case CKA_CLASS:
1063                         key_tmpl[i].pValue = &kclass;
1064                         key_tmpl[i].ulValueLen = sizeof (kclass);
1065                         break;
1066                 case CKA_KEY_TYPE:
1067                         key_tmpl[i].pValue = &ktype;
1068                         key_tmpl[i].ulValueLen = sizeof (ktype);
1069                         break;
1070                 case CKA_LABEL:
1071                         key_tmpl[i].pValue = token->key;
1072                         key_tmpl[i].ulValueLen = strlen(token->key);
1073                         break;
1074                 case CKA_TOKEN:
1075                         key_tmpl[i].pValue = &trueval;
1076                         key_tmpl[i].ulValueLen = sizeof (trueval);
1077                         break;
1078                 case CKA_PRIVATE:
1079                         key_tmpl[i].pValue = &trueval;
1080                         key_tmpl[i].ulValueLen = sizeof (trueval);
1081                         break;
1082                 default:
1083                         break;
1084                 }
1085         }
1086         rv = C_FindObjectsInit(sess, key_tmpl, attrs);
1087         if (rv != CKR_OK)
1088                 die(gettext("cannot find key %s: %s\n"), token->key,
1089                     pkcs11_strerror(rv));
1090         rv = C_FindObjects(sess, &obj, 1, &num_objs);
1091         (void) C_FindObjectsFinal(sess);
1092 
1093         if (num_objs == 0) {
1094                 die(gettext("cannot find key %s\n"), token->key);
1095         } else if (rv != CKR_OK) {
1096                 die(gettext("cannot find key %s: %s\n"), token->key,
1097                     pkcs11_strerror(rv));
1098         }
1099 
1100         /*
1101          * No keyfile means when token key is found, convert it to raw key,
1102          * and done.  Otherwise still need do an unwrap to create yet another
1103          * obj and that needs to be converted to raw key before we're done.
1104          */
1105         if (keyfile == NULL) {
1106                 /* obj contains raw key, extract it */
1107                 rv = pkcs11_ObjectToKey(sess, obj, (void **)&rkey, &rksz,
1108                     B_FALSE);
1109                 if (rv != CKR_OK) {
1110                         die(gettext("failed to get key value for %s"
1111                             " from token %s, %s\n"), token->key,
1112                             token->name, pkcs11_strerror(rv));
1113                 }
1114         } else {
1115                 getkeyfromfile(keyfile, cipher, &rkey, &rksz);
1116 
1117                 /*
1118                  * Got the wrapping RSA obj and the wrapped key from file.
1119                  * Unwrap the key from file with RSA obj to get rawkey obj.
1120                  */
1121 
1122                 /* re-use the first two attributes of key_tmpl */
1123                 kclass = CKO_SECRET_KEY;
1124                 ktype = raw_ktype;
1125 
1126                 rv = C_UnwrapKey(sess, &unwrap, obj, (CK_BYTE_PTR)rkey,
1127                     rksz, key_tmpl, 2, &rawobj);
1128                 if (rv != CKR_OK) {
1129                         die(gettext("failed to unwrap key in keyfile %s,"
1130                             " %s\n"), keyfile, pkcs11_strerror(rv));
1131                 }
1132                 /* rawobj contains raw key, extract it */
1133                 rv = pkcs11_ObjectToKey(sess, rawobj, (void **)&rkey, &rksz,
1134                     B_TRUE);
1135                 if (rv != CKR_OK) {
1136                         die(gettext("failed to get unwrapped key value for"
1137                             " key in keyfile %s, %s\n"), keyfile,
1138                             pkcs11_strerror(rv));
1139                 }
1140         }
1141 
1142         /* validate raw key size */
1143         if (rksz < cipher->min_keysize || cipher->max_keysize < rksz) {
1144                 warn(gettext("%s: invalid keysize: %d\n"), keyfile, (int)rksz);
1145                 die(gettext("\t%d <= keysize <= %d\n"), cipher->min_keysize,
1146                     cipher->max_keysize);
1147         }
1148 
1149         *raw_key_sz = rksz;
1150         *raw_key = (char *)rkey;
1151 }
1152 
1153 /*
1154  * Set up cipher key limits and verify PKCS#11 can be done
1155  * match_token_cipher is the function pointer used by
1156  * pkcs11_GetCriteriaSession() init_crypto.
1157  */
1158 boolean_t
1159 match_token_cipher(CK_SLOT_ID slot_id, void *args, CK_RV *rv)
1160 {
1161         token_spec_t *token;
1162         mech_alias_t *cipher;
1163         CK_TOKEN_INFO tokinfo;
1164         CK_MECHANISM_INFO mechinfo;
1165         boolean_t token_match;
1166 
1167         /*
1168          * While traversing slot list, pick up the following info per slot:
1169          * - if token specified, whether it matches this slot's token info
1170          * - if the slot supports the PKCS#5 PBKD2 cipher
1171          *
1172          * If the user said on the command line
1173          *      -T tok:mfr:ser:lab -k keyfile
1174          *      -c cipher -T tok:mfr:ser:lab -k keyfile
1175          * the given cipher or the default cipher apply to keyfile,
1176          * If the user said instead
1177          *      -T tok:mfr:ser:lab
1178          *      -c cipher -T tok:mfr:ser:lab
1179          * the key named "lab" may or may not agree with the given
1180          * cipher or the default cipher.  In those cases, cipher will
1181          * be overridden with the actual cipher type of the key "lab".
1182          */
1183         *rv = CKR_FUNCTION_FAILED;
1184 
1185         if (args == NULL) {
1186                 return (B_FALSE);
1187         }
1188 
1189         cipher = (mech_alias_t *)args;
1190         token = cipher->token;
1191 
1192         if (C_GetMechanismInfo(slot_id, cipher->type, &mechinfo) != CKR_OK) {
1193                 return (B_FALSE);
1194         }
1195 
1196         if (token == NULL) {
1197                 if (C_GetMechanismInfo(slot_id, CKM_PKCS5_PBKD2, &mechinfo) !=
1198                     CKR_OK) {
1199                         return (B_FALSE);
1200                 }
1201                 goto foundit;
1202         }
1203 
1204         /* does the token match the token spec? */
1205         if (token->key == NULL || (C_GetTokenInfo(slot_id, &tokinfo) != CKR_OK))
1206                 return (B_FALSE);
1207 
1208         token_match = B_TRUE;
1209 
1210         if (token->name != NULL && (token->name)[0] != '\0' &&
1211             strncmp((char *)token->name, (char *)tokinfo.label,
1212             TOKEN_LABEL_SIZE) != 0)
1213                 token_match = B_FALSE;
1214         if (token->mfr != NULL && (token->mfr)[0] != '\0' &&
1215             strncmp((char *)token->mfr, (char *)tokinfo.manufacturerID,
1216             TOKEN_MANUFACTURER_SIZE) != 0)
1217                 token_match = B_FALSE;
1218         if (token->serno != NULL && (token->serno)[0] != '\0' &&
1219             strncmp((char *)token->serno, (char *)tokinfo.serialNumber,
1220             TOKEN_SERIAL_SIZE) != 0)
1221                 token_match = B_FALSE;
1222 
1223         if (!token_match)
1224                 return (B_FALSE);
1225 
1226 foundit:
1227         cipher->slot = slot_id;
1228         return (B_TRUE);
1229 }
1230 
1231 /*
1232  * Clean up crypto loose ends
1233  */
1234 static void
1235 end_crypto(CK_SESSION_HANDLE sess)
1236 {
1237         (void) C_CloseSession(sess);
1238         (void) C_Finalize(NULL);
1239 }
1240 
1241 /*
1242  * Set up crypto, opening session on slot that matches token and cipher
1243  */
1244 static void
1245 init_crypto(token_spec_t *token, mech_alias_t *cipher,
1246     CK_SESSION_HANDLE_PTR sess)
1247 {
1248         CK_RV   rv;
1249 
1250         cipher->token = token;
1251 
1252         /* Turn off Metaslot so that we can see actual tokens */
1253         if (setenv("METASLOT_ENABLED", "false", 1) < 0) {
1254                 die(gettext("could not disable Metaslot"));
1255         }
1256 
1257         rv = pkcs11_GetCriteriaSession(match_token_cipher, (void *)cipher,
1258             sess);
1259         if (rv != CKR_OK) {
1260                 end_crypto(*sess);
1261                 if (rv == CKR_HOST_MEMORY) {
1262                         die("malloc");
1263                 }
1264                 die(gettext("failed to find any cryptographic provider, "
1265                     "use \"cryptoadm list -p\" to find providers: %s\n"),
1266                     pkcs11_strerror(rv));
1267         }
1268 }
1269 
1270 /*
1271  * Uncompress a file.
1272  *
1273  * First map the file in to establish a device
1274  * association, then read from it. On-the-fly
1275  * decompression will automatically uncompress
1276  * the file if it's compressed
1277  *
1278  * If the file is mapped and a device association
1279  * has been established, disallow uncompressing
1280  * the file until it is unmapped.
1281  */
1282 static void
1283 lofi_uncompress(int lfd, const char *filename)
1284 {
1285         struct lofi_ioctl li;
1286         char buf[MAXBSIZE];
1287         char devicename[32];
1288         char tmpfilename[MAXPATHLEN];
1289         char *x;
1290         char *dir = NULL;
1291         char *file = NULL;
1292         int minor = 0;
1293         struct stat64 statbuf;
1294         int compfd = -1;
1295         int uncompfd = -1;
1296         ssize_t rbytes;
1297 
1298         /*
1299          * Disallow uncompressing the file if it is
1300          * already mapped.
1301          */
1302         li.li_crypto_enabled = B_FALSE;
1303         li.li_minor = 0;
1304         (void) strlcpy(li.li_filename, filename, sizeof (li.li_filename));
1305         if (ioctl(lfd, LOFI_GET_MINOR, &li) != -1)
1306                 die(gettext("%s must be unmapped before uncompressing"),
1307                     filename);
1308 
1309         /* Zero length files don't need to be uncompressed */
1310         if (stat64(filename, &statbuf) == -1)
1311                 die(gettext("stat: %s"), filename);
1312         if (statbuf.st_size == 0)
1313                 return;
1314 
1315         minor = lofi_map_file(lfd, li, filename);
1316         (void) snprintf(devicename, sizeof (devicename), "/dev/%s/%d",
1317             LOFI_BLOCK_NAME, minor);
1318 
1319         /* If the file isn't compressed, we just return */
1320         if ((ioctl(lfd, LOFI_CHECK_COMPRESSED, &li) == -1) ||
1321             (li.li_algorithm[0] == '\0')) {
1322                 delete_mapping(lfd, devicename, filename, B_TRUE);
1323                 die("%s is not compressed\n", filename);
1324         }
1325 
1326         if ((compfd = open64(devicename, O_RDONLY | O_NONBLOCK)) == -1) {
1327                 delete_mapping(lfd, devicename, filename, B_TRUE);
1328                 die(gettext("open: %s"), filename);
1329         }
1330         /* Create a temp file in the same directory */
1331         x = strdup(filename);
1332         dir = strdup(dirname(x));
1333         free(x);
1334         x = strdup(filename);
1335         file = strdup(basename(x));
1336         free(x);
1337         (void) snprintf(tmpfilename, sizeof (tmpfilename),
1338             "%s/.%sXXXXXX", dir, file);
1339         free(dir);
1340         free(file);
1341 
1342         if ((uncompfd = mkstemp64(tmpfilename)) == -1) {
1343                 (void) close(compfd);
1344                 delete_mapping(lfd, devicename, filename, B_TRUE);
1345                 die("%s could not be uncompressed\n", filename);
1346         }
1347 
1348         /*
1349          * Set the mode bits and the owner of this temporary
1350          * file to be that of the original uncompressed file
1351          */
1352         (void) fchmod(uncompfd, statbuf.st_mode);
1353 
1354         if (fchown(uncompfd, statbuf.st_uid, statbuf.st_gid) == -1) {
1355                 (void) close(compfd);
1356                 (void) close(uncompfd);
1357                 delete_mapping(lfd, devicename, filename, B_TRUE);
1358                 die("%s could not be uncompressed\n", filename);
1359         }
1360 
1361         /* Now read from the device in MAXBSIZE-sized chunks */
1362         for (;;) {
1363                 rbytes = read(compfd, buf, sizeof (buf));
1364 
1365                 if (rbytes <= 0)
1366                         break;
1367 
1368                 if (write(uncompfd, buf, rbytes) != rbytes) {
1369                         rbytes = -1;
1370                         break;
1371                 }
1372         }
1373 
1374         (void) close(compfd);
1375         (void) close(uncompfd);
1376 
1377         /* Delete the mapping */
1378         delete_mapping(lfd, devicename, filename, B_TRUE);
1379 
1380         /*
1381          * If an error occured while reading or writing, rbytes will
1382          * be negative
1383          */
1384         if (rbytes < 0) {
1385                 (void) unlink(tmpfilename);
1386                 die(gettext("could not read from %s"), filename);
1387         }
1388 
1389         /* Rename the temp file to the actual file */
1390         if (rename(tmpfilename, filename) == -1)
1391                 (void) unlink(tmpfilename);
1392 }
1393 
1394 /*
1395  * Compress a file
1396  */
1397 static void
1398 lofi_compress(int *lfd, const char *filename, int compress_index,
1399     uint32_t segsize)
1400 {
1401         struct lofi_ioctl lic;
1402         lofi_compress_info_t *li;
1403         struct flock lock;
1404         char tmpfilename[MAXPATHLEN];
1405         char comp_filename[MAXPATHLEN];
1406         char algorithm[MAXALGLEN];
1407         char *x;
1408         char *dir = NULL, *file = NULL;
1409         uchar_t *uncompressed_seg = NULL;
1410         uchar_t *compressed_seg = NULL;
1411         uint32_t compressed_segsize;
1412         uint32_t len_compressed, count;
1413         uint32_t index_entries, index_sz;
1414         uint64_t *index = NULL;
1415         uint64_t offset;
1416         size_t real_segsize;
1417         struct stat64 statbuf;
1418         int compfd = -1, uncompfd = -1;
1419         int tfd = -1;
1420         ssize_t rbytes, wbytes, lastread;
1421         int i, type;
1422 
1423         /*
1424          * Disallow compressing the file if it is
1425          * already mapped
1426          */
1427         lic.li_minor = 0;
1428         (void) strlcpy(lic.li_filename, filename, sizeof (lic.li_filename));
1429         if (ioctl(*lfd, LOFI_GET_MINOR, &lic) != -1)
1430                 die(gettext("%s must be unmapped before compressing"),
1431                     filename);
1432 
1433         /*
1434          * Close the control device so other operations
1435          * can use it
1436          */
1437         (void) close(*lfd);
1438         *lfd = -1;
1439 
1440         li = &lofi_compress_table[compress_index];
1441 
1442         /*
1443          * The size of the buffer to hold compressed data must
1444          * be slightly larger than the compressed segment size.
1445          *
1446          * The compress functions use part of the buffer as
1447          * scratch space to do calculations.
1448          * Ref: http://www.zlib.net/manual.html#compress2
1449          */
1450         compressed_segsize = segsize + (segsize >> 6);
1451         compressed_seg = (uchar_t *)malloc(compressed_segsize + SEGHDR);
1452         uncompressed_seg = (uchar_t *)malloc(segsize);
1453 
1454         if (compressed_seg == NULL || uncompressed_seg == NULL)
1455                 die(gettext("No memory"));
1456 
1457         if ((uncompfd = open64(filename, O_RDWR|O_LARGEFILE, 0)) == -1)
1458                 die(gettext("open: %s"), filename);
1459 
1460         lock.l_type = F_WRLCK;
1461         lock.l_whence = SEEK_SET;
1462         lock.l_start = 0;
1463         lock.l_len = 0;
1464 
1465         /*
1466          * Use an advisory lock to ensure that only a
1467          * single lofiadm process compresses a given
1468          * file at any given time
1469          *
1470          * A close on the file descriptor automatically
1471          * closes all lock state on the file
1472          */
1473         if (fcntl(uncompfd, F_SETLKW, &lock) == -1)
1474                 die(gettext("fcntl: %s"), filename);
1475 
1476         if (fstat64(uncompfd, &statbuf) == -1) {
1477                 (void) close(uncompfd);
1478                 die(gettext("fstat: %s"), filename);
1479         }
1480 
1481         /* Zero length files don't need to be compressed */
1482         if (statbuf.st_size == 0) {
1483                 (void) close(uncompfd);
1484                 return;
1485         }
1486 
1487         /*
1488          * Create temporary files in the same directory that
1489          * will hold the intermediate data
1490          */
1491         x = strdup(filename);
1492         dir = strdup(dirname(x));
1493         free(x);
1494         x = strdup(filename);
1495         file = strdup(basename(x));
1496         free(x);
1497         (void) snprintf(tmpfilename, sizeof (tmpfilename),
1498             "%s/.%sXXXXXX", dir, file);
1499         (void) snprintf(comp_filename, sizeof (comp_filename),
1500             "%s/.%sXXXXXX", dir, file);
1501         free(dir);
1502         free(file);
1503 
1504         if ((tfd = mkstemp64(tmpfilename)) == -1)
1505                 goto cleanup;
1506 
1507         if ((compfd = mkstemp64(comp_filename)) == -1)
1508                 goto cleanup;
1509 
1510         /*
1511          * Set the mode bits and owner of the compressed
1512          * file to be that of the original uncompressed file
1513          */
1514         (void) fchmod(compfd, statbuf.st_mode);
1515 
1516         if (fchown(compfd, statbuf.st_uid, statbuf.st_gid) == -1)
1517                 goto cleanup;
1518 
1519         /*
1520          * Calculate the number of index entries required.
1521          * index entries are stored as an array. adding
1522          * a '2' here accounts for the fact that the last
1523          * segment may not be a multiple of the segment size
1524          */
1525         index_sz = (statbuf.st_size / segsize) + 2;
1526         index = malloc(sizeof (*index) * index_sz);
1527 
1528         if (index == NULL)
1529                 goto cleanup;
1530 
1531         offset = 0;
1532         lastread = segsize;
1533         count = 0;
1534 
1535         /*
1536          * Now read from the uncompressed file in 'segsize'
1537          * sized chunks, compress what was read in and
1538          * write it out to a temporary file
1539          */
1540         for (;;) {
1541                 rbytes = read(uncompfd, uncompressed_seg, segsize);
1542 
1543                 if (rbytes <= 0)
1544                         break;
1545 
1546                 if (lastread < segsize)
1547                         goto cleanup;
1548 
1549                 /*
1550                  * Account for the first byte that
1551                  * indicates whether a segment is
1552                  * compressed or not
1553                  */
1554                 real_segsize = segsize - 1;
1555                 (void) li->l_compress(uncompressed_seg, rbytes,
1556                     compressed_seg + SEGHDR, &real_segsize, li->l_level);
1557 
1558                 /*
1559                  * If the length of the compressed data is more
1560                  * than a threshold then there isn't any benefit
1561                  * to be had from compressing this segment - leave
1562                  * it uncompressed.
1563                  *
1564                  * NB. In case an error occurs during compression (above)
1565                  * the 'real_segsize' isn't changed. The logic below
1566                  * ensures that that segment is left uncompressed.
1567                  */
1568                 len_compressed = real_segsize;
1569                 if (segsize <= COMPRESS_THRESHOLD ||
1570                     real_segsize > (segsize - COMPRESS_THRESHOLD)) {
1571                         (void) memcpy(compressed_seg + SEGHDR, uncompressed_seg,
1572                             rbytes);
1573                         type = UNCOMPRESSED;
1574                         len_compressed = rbytes;
1575                 } else {
1576                         type = COMPRESSED;
1577                 }
1578 
1579                 /*
1580                  * Set the first byte or the SEGHDR to
1581                  * indicate if it's compressed or not
1582                  */
1583                 *compressed_seg = type;
1584                 wbytes = write(tfd, compressed_seg, len_compressed + SEGHDR);
1585                 if (wbytes != (len_compressed + SEGHDR)) {
1586                         rbytes = -1;
1587                         break;
1588                 }
1589 
1590                 index[count] = BE_64(offset);
1591                 offset += wbytes;
1592                 lastread = rbytes;
1593                 count++;
1594         }
1595 
1596         (void) close(uncompfd);
1597 
1598         if (rbytes < 0)
1599                 goto cleanup;
1600         /*
1601          * The last index entry is a sentinel entry. It does not point to
1602          * an actual compressed segment but helps in computing the size of
1603          * the compressed segment. The size of each compressed segment is
1604          * computed by subtracting the current index value from the next
1605          * one (the compressed blocks are stored sequentially)
1606          */
1607         index[count++] = BE_64(offset);
1608 
1609         /*
1610          * Now write the compressed data along with the
1611          * header information to this file which will
1612          * later be renamed to the original uncompressed
1613          * file name
1614          *
1615          * The header is as follows -
1616          *
1617          * Signature (name of the compression algorithm)
1618          * Compression segment size (a multiple of 512)
1619          * Number of index entries
1620          * Size of the last block
1621          * The array containing the index entries
1622          *
1623          * the header is always stored in network byte
1624          * order
1625          */
1626         (void) bzero(algorithm, sizeof (algorithm));
1627         (void) strlcpy(algorithm, li->l_name, sizeof (algorithm));
1628         if (write(compfd, algorithm, sizeof (algorithm))
1629             != sizeof (algorithm))
1630                 goto cleanup;
1631 
1632         segsize = htonl(segsize);
1633         if (write(compfd, &segsize, sizeof (segsize)) != sizeof (segsize))
1634                 goto cleanup;
1635 
1636         index_entries = htonl(count);
1637         if (write(compfd, &index_entries, sizeof (index_entries)) !=
1638             sizeof (index_entries))
1639                 goto cleanup;
1640 
1641         lastread = htonl(lastread);
1642         if (write(compfd, &lastread, sizeof (lastread)) != sizeof (lastread))
1643                 goto cleanup;
1644 
1645         for (i = 0; i < count; i++) {
1646                 if (write(compfd, index + i, sizeof (*index)) !=
1647                     sizeof (*index))
1648                         goto cleanup;
1649         }
1650 
1651         /* Header is written, now write the compressed data */
1652         if (lseek(tfd, 0, SEEK_SET) != 0)
1653                 goto cleanup;
1654 
1655         rbytes = wbytes = 0;
1656 
1657         for (;;) {
1658                 rbytes = read(tfd, compressed_seg, compressed_segsize + SEGHDR);
1659 
1660                 if (rbytes <= 0)
1661                         break;
1662 
1663                 if (write(compfd, compressed_seg, rbytes) != rbytes)
1664                         goto cleanup;
1665         }
1666 
1667         if (fstat64(compfd, &statbuf) == -1)
1668                 goto cleanup;
1669 
1670         /*
1671          * Round up the compressed file size to be a multiple of
1672          * DEV_BSIZE. lofi(7D) likes it that way.
1673          */
1674         if ((offset = statbuf.st_size % DEV_BSIZE) > 0) {
1675 
1676                 offset = DEV_BSIZE - offset;
1677 
1678                 for (i = 0; i < offset; i++)
1679                         uncompressed_seg[i] = '\0';
1680                 if (write(compfd, uncompressed_seg, offset) != offset)
1681                         goto cleanup;
1682         }
1683         (void) close(compfd);
1684         (void) close(tfd);
1685         (void) unlink(tmpfilename);
1686 cleanup:
1687         if (rbytes < 0) {
1688                 if (tfd != -1)
1689                         (void) unlink(tmpfilename);
1690                 if (compfd != -1)
1691                         (void) unlink(comp_filename);
1692                 die(gettext("error compressing file %s"), filename);
1693         } else {
1694                 /* Rename the compressed file to the actual file */
1695                 if (rename(comp_filename, filename) == -1) {
1696                         (void) unlink(comp_filename);
1697                         die(gettext("error compressing file %s"), filename);
1698                 }
1699         }
1700         if (compressed_seg != NULL)
1701                 free(compressed_seg);
1702         if (uncompressed_seg != NULL)
1703                 free(uncompressed_seg);
1704         if (index != NULL)
1705                 free(index);
1706         if (compfd != -1)
1707                 (void) close(compfd);
1708         if (uncompfd != -1)
1709                 (void) close(uncompfd);
1710         if (tfd != -1)
1711                 (void) close(tfd);
1712 }
1713 
1714 static int
1715 lofi_compress_select(const char *algname)
1716 {
1717         int i;
1718 
1719         for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
1720                 if (strcmp(lofi_compress_table[i].l_name, algname) == 0)
1721                         return (i);
1722         }
1723         return (-1);
1724 }
1725 
1726 static void
1727 check_algorithm_validity(const char *algname, int *compress_index)
1728 {
1729         *compress_index = lofi_compress_select(algname);
1730         if (*compress_index < 0)
1731                 die(gettext("invalid algorithm name: %s\n"), algname);
1732 }
1733 
1734 static void
1735 check_file_validity(const char *filename)
1736 {
1737         struct stat64 buf;
1738         int     error;
1739         int     fd;
1740 
1741         fd = open64(filename, O_RDONLY);
1742         if (fd == -1) {
1743                 die(gettext("open: %s"), filename);
1744         }
1745         error = fstat64(fd, &buf);
1746         if (error == -1) {
1747                 die(gettext("fstat: %s"), filename);
1748         } else if (!S_ISLOFIABLE(buf.st_mode)) {
1749                 die(gettext("%s is not a regular file, "
1750                     "block, or character device\n"),
1751                     filename);
1752         } else if ((buf.st_size % DEV_BSIZE) != 0) {
1753                 die(gettext("size of %s is not a multiple of %d\n"),
1754                     filename, DEV_BSIZE);
1755         }
1756         (void) close(fd);
1757 
1758         if (name_to_minor(filename) != 0) {
1759                 die(gettext("cannot use %s on itself\n"), LOFI_DRIVER_NAME);
1760         }
1761 }
1762 
1763 static uint32_t
1764 convert_to_num(const char *str)
1765 {
1766         int len;
1767         uint32_t segsize, mult = 1;
1768 
1769         len = strlen(str);
1770         if (len && isalpha(str[len - 1])) {
1771                 switch (str[len - 1]) {
1772                 case 'k':
1773                 case 'K':
1774                         mult = KILOBYTE;
1775                         break;
1776                 case 'b':
1777                 case 'B':
1778                         mult = BLOCK_SIZE;
1779                         break;
1780                 case 'm':
1781                 case 'M':
1782                         mult = MEGABYTE;
1783                         break;
1784                 case 'g':
1785                 case 'G':
1786                         mult = GIGABYTE;
1787                         break;
1788                 default:
1789                         die(gettext("invalid segment size %s\n"), str);
1790                 }
1791         }
1792 
1793         segsize = atol(str);
1794         segsize *= mult;
1795 
1796         return (segsize);
1797 }
1798 
1799 int
1800 main(int argc, char *argv[])
1801 {
1802         int     lfd;
1803         int     c;
1804         const char *devicename = NULL;
1805         const char *filename = NULL;
1806         const char *algname = COMPRESS_ALGORITHM;
1807         int     openflag;
1808         int     minor;
1809         int     compress_index;
1810         uint32_t segsize = SEGSIZE;
1811         static char *lofictl = "/dev/" LOFI_CTL_NAME;
1812         boolean_t force = B_FALSE;
1813         const char *pname;
1814         boolean_t errflag = B_FALSE;
1815         boolean_t addflag = B_FALSE;
1816         boolean_t rdflag = B_FALSE;
1817         boolean_t deleteflag = B_FALSE;
1818         boolean_t ephflag = B_FALSE;
1819         boolean_t compressflag = B_FALSE;
1820         boolean_t uncompressflag = B_FALSE;
1821         /* the next two work together for -c, -k, -T, -e options only */
1822         boolean_t need_crypto = B_FALSE;        /* if any -c, -k, -T, -e */
1823         boolean_t cipher_only = B_TRUE;         /* if -c only */
1824         const char *keyfile = NULL;
1825         mech_alias_t *cipher = NULL;
1826         token_spec_t *token = NULL;
1827         char    *rkey = NULL;
1828         size_t  rksz = 0;
1829         char realfilename[MAXPATHLEN];
1830 
1831         pname = getpname(argv[0]);
1832 
1833         (void) setlocale(LC_ALL, "");
1834         (void) textdomain(TEXT_DOMAIN);
1835 
1836         while ((c = getopt(argc, argv, "a:c:Cd:efk:rs:T:U")) != EOF) {
1837                 switch (c) {
1838                 case 'a':
1839                         addflag = B_TRUE;
1840                         if ((filename = realpath(optarg, realfilename)) == NULL)
1841                                 die("%s", optarg);
1842                         if (((argc - optind) > 0) && (*argv[optind] != '-')) {
1843                                 /* optional device */
1844                                 devicename = argv[optind];
1845                                 optind++;
1846                         }
1847                         break;
1848                 case 'C':
1849                         compressflag = B_TRUE;
1850                         if (((argc - optind) > 1) && (*argv[optind] != '-')) {
1851                                 /* optional algorithm */
1852                                 algname = argv[optind];
1853                                 optind++;
1854                         }
1855                         check_algorithm_validity(algname, &compress_index);
1856                         break;
1857                 case 'c':
1858                         /* is the chosen cipher allowed? */
1859                         if ((cipher = ciph2mech(optarg)) == NULL) {
1860                                 errflag = B_TRUE;
1861                                 warn(gettext("cipher %s not allowed\n"),
1862                                     optarg);
1863                         }
1864                         need_crypto = B_TRUE;
1865                         /* cipher_only is already set */
1866                         break;
1867                 case 'd':
1868                         deleteflag = B_TRUE;
1869                         minor = name_to_minor(optarg);
1870                         if (minor != 0)
1871                                 devicename = optarg;
1872                         else {
1873                                 if ((filename = realpath(optarg,
1874                                     realfilename)) == NULL)
1875                                         die("%s", optarg);
1876                         }
1877                         break;
1878                 case 'e':
1879                         ephflag = B_TRUE;
1880                         need_crypto = B_TRUE;
1881                         cipher_only = B_FALSE;  /* need to unset cipher_only */
1882                         break;
1883                 case 'f':
1884                         force = B_TRUE;
1885                         break;
1886                 case 'k':
1887                         keyfile = optarg;
1888                         need_crypto = B_TRUE;
1889                         cipher_only = B_FALSE;  /* need to unset cipher_only */
1890                         break;
1891                 case 'r':
1892                         rdflag = B_TRUE;
1893                         break;
1894                 case 's':
1895                         segsize = convert_to_num(optarg);
1896                         if (segsize < DEV_BSIZE || !ISP2(segsize))
1897                                 die(gettext("segment size %s is invalid "
1898                                     "or not a multiple of minimum block "
1899                                     "size %ld\n"), optarg, DEV_BSIZE);
1900                         break;
1901                 case 'T':
1902                         if ((token = parsetoken(optarg)) == NULL) {
1903                                 errflag = B_TRUE;
1904                                 warn(
1905                                     gettext("invalid token key specifier %s\n"),
1906                                     optarg);
1907                         }
1908                         need_crypto = B_TRUE;
1909                         cipher_only = B_FALSE;  /* need to unset cipher_only */
1910                         break;
1911                 case 'U':
1912                         uncompressflag = B_TRUE;
1913                         break;
1914                 case '?':
1915                 default:
1916                         errflag = B_TRUE;
1917                         break;
1918                 }
1919         }
1920 
1921         /* Check for mutually exclusive combinations of options */
1922         if (errflag ||
1923             (addflag && deleteflag) ||
1924             (rdflag && !addflag) ||
1925             (!addflag && need_crypto) ||
1926             ((compressflag || uncompressflag) && (addflag || deleteflag)))
1927                 usage(pname);
1928 
1929         /* ephemeral key, and key from either file or token are incompatible */
1930         if (ephflag && (keyfile != NULL || token != NULL)) {
1931                 die(gettext("ephemeral key cannot be used with keyfile"
1932                     " or token key\n"));
1933         }
1934 
1935         /*
1936          * "-c" but no "-k", "-T", "-e", or "-T -k" means derive key from
1937          * command line passphrase
1938          */
1939 
1940         switch (argc - optind) {
1941         case 0: /* no more args */
1942                 if (compressflag || uncompressflag)     /* needs filename */
1943                         usage(pname);
1944                 break;
1945         case 1:
1946                 if (addflag || deleteflag)
1947                         usage(pname);
1948                 /* one arg means compress/uncompress the file ... */
1949                 if (compressflag || uncompressflag) {
1950                         if ((filename = realpath(argv[optind],
1951                             realfilename)) == NULL)
1952                                 die("%s", argv[optind]);
1953                 /* ... or without options means print the association */
1954                 } else {
1955                         minor = name_to_minor(argv[optind]);
1956                         if (minor != 0)
1957                                 devicename = argv[optind];
1958                         else {
1959                                 if ((filename = realpath(argv[optind],
1960                                     realfilename)) == NULL)
1961                                         die("%s", argv[optind]);
1962                         }
1963                 }
1964                 break;
1965         default:
1966                 usage(pname);
1967                 break;
1968         }
1969 
1970         if (addflag || compressflag || uncompressflag)
1971                 check_file_validity(filename);
1972 
1973         if (filename && !valid_abspath(filename))
1974                 exit(E_ERROR);
1975 
1976         /*
1977          * Here, we know the arguments are correct, the filename is an
1978          * absolute path, it exists and is a regular file. We don't yet
1979          * know that the device name is ok or not.
1980          */
1981 
1982         openflag = O_EXCL;
1983         if (addflag || deleteflag || compressflag || uncompressflag)
1984                 openflag |= O_RDWR;
1985         else
1986                 openflag |= O_RDONLY;
1987         lfd = open(lofictl, openflag);
1988         if (lfd == -1) {
1989                 if ((errno == EPERM) || (errno == EACCES)) {
1990                         die(gettext("you do not have permission to perform "
1991                             "that operation.\n"));
1992                 } else {
1993                         die(gettext("open: %s"), lofictl);
1994                 }
1995                 /*NOTREACHED*/
1996         }
1997 
1998         /*
1999          * No passphrase is needed for ephemeral key, or when key is
2000          * in a file and not wrapped by another key from a token.
2001          * However, a passphrase is needed in these cases:
2002          * 1. cipher with no ephemeral key, key file, or token,
2003          *    in which case the passphrase is used to build the key
2004          * 2. token with an optional cipher or optional key file,
2005          *    in which case the passphrase unlocks the token
2006          * If only the cipher is specified, reconfirm the passphrase
2007          * to ensure the user hasn't mis-entered it.  Otherwise, the
2008          * token will enforce the token passphrase.
2009          */
2010         if (need_crypto) {
2011                 CK_SESSION_HANDLE       sess;
2012 
2013                 /* pick a cipher if none specified */
2014                 if (cipher == NULL)
2015                         cipher = DEFAULT_CIPHER;
2016 
2017                 if (!kernel_cipher_check(cipher))
2018                         die(gettext(
2019                             "use \"cryptoadm list -m\" to find available "
2020                             "mechanisms\n"));
2021 
2022                 init_crypto(token, cipher, &sess);
2023 
2024                 if (cipher_only) {
2025                         getkeyfromuser(cipher, &rkey, &rksz);
2026                 } else if (token != NULL) {
2027                         getkeyfromtoken(sess, token, keyfile, cipher,
2028                             &rkey, &rksz);
2029                 } else {
2030                         /* this also handles ephemeral keys */
2031                         getkeyfromfile(keyfile, cipher, &rkey, &rksz);
2032                 }
2033 
2034                 end_crypto(sess);
2035         }
2036 
2037         /*
2038          * Now to the real work.
2039          */
2040         if (addflag)
2041                 add_mapping(lfd, devicename, filename, cipher, rkey, rksz,
2042                     rdflag);
2043         else if (compressflag)
2044                 lofi_compress(&lfd, filename, compress_index, segsize);
2045         else if (uncompressflag)
2046                 lofi_uncompress(lfd, filename);
2047         else if (deleteflag)
2048                 delete_mapping(lfd, devicename, filename, force);
2049         else if (filename || devicename)
2050                 print_one_mapping(lfd, devicename, filename);
2051         else
2052                 print_mappings(lfd);
2053 
2054         if (lfd != -1)
2055                 (void) close(lfd);
2056         closelib();
2057         return (E_SUCCESS);
2058 }