Merge illumos-gate

[unleashed.git] / usr / src / lib / libcryptoutil / common / util.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 * Copyright 2018, Joyent, Inc.
 */

#include <cryptoutil.h>
#include <strings.h>
#include <stdio.h>
#include <tzfile.h>
#include <sys/crypto/common.h>

/*
 * In order to fit everything on one line, the 'CRYPTO_' prefix
 * has been dropped from the KCF #defines, e.g.
 * CRYPTO_SUCCESS becomes SUCCESS.
 */

static CK_RV error_number_table[CRYPTO_LAST_ERROR + 1] = {
CKR_OK,                                 /* SUCCESS */
CKR_CANCEL,                             /* CANCEL */
CKR_HOST_MEMORY,                        /* HOST_MEMORY */
CKR_GENERAL_ERROR,                      /* GENERAL_ERROR */
CKR_FUNCTION_FAILED,                    /* FAILED */
CKR_ARGUMENTS_BAD,                      /* ARGUMENTS_BAD */
CKR_ATTRIBUTE_READ_ONLY,                /* ATTRIBUTE_READ_ONLY */
CKR_ATTRIBUTE_SENSITIVE,                /* ATTRIBUTE_SENSITIVE */
CKR_ATTRIBUTE_TYPE_INVALID,             /* ATTRIBUTE_TYPE_INVALID */
CKR_ATTRIBUTE_VALUE_INVALID,            /* ATTRIBUTE_VALUE_INVALID */
CKR_FUNCTION_FAILED,                    /* CANCELED */
CKR_DATA_INVALID,                       /* DATA_INVALID */
CKR_DATA_LEN_RANGE,                     /* DATA_LEN_RANGE */
CKR_DEVICE_ERROR,                       /* DEVICE_ERROR */
CKR_DEVICE_MEMORY,                      /* DEVICE_MEMORY */
CKR_DEVICE_REMOVED,                     /* DEVICE_REMOVED */
CKR_ENCRYPTED_DATA_INVALID,             /* ENCRYPTED_DATA_INVALID */
CKR_ENCRYPTED_DATA_LEN_RANGE,           /* ENCRYPTED_DATA_LEN_RANGE */
CKR_KEY_HANDLE_INVALID,                 /* KEY_HANDLE_INVALID */
CKR_KEY_SIZE_RANGE,                     /* KEY_SIZE_RANGE */
CKR_KEY_TYPE_INCONSISTENT,              /* KEY_TYPE_INCONSISTENT */
CKR_KEY_NOT_NEEDED,                     /* KEY_NOT_NEEDED */
CKR_KEY_CHANGED,                        /* KEY_CHANGED */
CKR_KEY_NEEDED,                         /* KEY_NEEDED */
CKR_KEY_INDIGESTIBLE,                   /* KEY_INDIGESTIBLE */
CKR_KEY_FUNCTION_NOT_PERMITTED,         /* KEY_FUNCTION_NOT_PERMITTED */
CKR_KEY_NOT_WRAPPABLE,                  /* KEY_NOT_WRAPPABLE */
CKR_KEY_UNEXTRACTABLE,                  /* KEY_UNEXTRACTABLE */
CKR_MECHANISM_INVALID,                  /* MECHANISM_INVALID */
CKR_MECHANISM_PARAM_INVALID,            /* MECHANISM_PARAM_INVALID */
CKR_OBJECT_HANDLE_INVALID,              /* OBJECT_HANDLE_INVALID */
CKR_OPERATION_ACTIVE,                   /* OPERATION_ACTIVE */
CKR_OPERATION_NOT_INITIALIZED,          /* OPERATION_NOT_INITIALIZED */
CKR_PIN_INCORRECT,                      /* PIN_INCORRECT */
CKR_PIN_INVALID,                        /* PIN_INVALID */
CKR_PIN_LEN_RANGE,                      /* PIN_LEN_RANGE */
CKR_PIN_EXPIRED,                        /* PIN_EXPIRED */
CKR_PIN_LOCKED,                         /* PIN_LOCKED */
CKR_SESSION_CLOSED,                     /* SESSION_CLOSED */
CKR_SESSION_COUNT,                      /* SESSION_COUNT */
CKR_SESSION_HANDLE_INVALID,             /* SESSION_HANDLE_INVALID */
CKR_SESSION_READ_ONLY,                  /* SESSION_READ_ONLY */
CKR_SESSION_EXISTS,                     /* SESSION_EXISTS */
CKR_SESSION_READ_ONLY_EXISTS,           /* SESSION_READ_ONLY_EXISTS */
CKR_SESSION_READ_WRITE_SO_EXISTS,       /* SESSION_READ_WRITE_SO_EXISTS */
CKR_SIGNATURE_INVALID,                  /* SIGNATURE_INVALID */
CKR_SIGNATURE_LEN_RANGE,                /* SIGNATURE_LEN_RANGE */
CKR_TEMPLATE_INCOMPLETE,                /* TEMPLATE_INCOMPLETE */
CKR_TEMPLATE_INCONSISTENT,              /* TEMPLATE_INCONSISTENT */
CKR_UNWRAPPING_KEY_HANDLE_INVALID,      /* UNWRAPPING_KEY_HANDLE_INVALID */
CKR_UNWRAPPING_KEY_SIZE_RANGE,          /* UNWRAPPING_KEY_SIZE_RANGE */
CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,   /* UNWRAPPING_KEY_TYPE_INCONSISTENT */
CKR_USER_ALREADY_LOGGED_IN,             /* USER_ALREADY_LOGGED_IN */
CKR_USER_NOT_LOGGED_IN,                 /* USER_NOT_LOGGED_IN */
CKR_USER_PIN_NOT_INITIALIZED,           /* USER_PIN_NOT_INITIALIZED */
CKR_USER_TYPE_INVALID,                  /* USER_TYPE_INVALID */
CKR_USER_ANOTHER_ALREADY_LOGGED_IN,     /* USER_ANOTHER_ALREADY_LOGGED_IN */
CKR_USER_TOO_MANY_TYPES,                /* USER_TOO_MANY_TYPES */
CKR_WRAPPED_KEY_INVALID,                /* WRAPPED_KEY_INVALID */
CKR_WRAPPED_KEY_LEN_RANGE,              /* WRAPPED_KEY_LEN_RANGE */
CKR_WRAPPING_KEY_HANDLE_INVALID,        /* WRAPPING_KEY_HANDLE_INVALID */
CKR_WRAPPING_KEY_SIZE_RANGE,            /* WRAPPING_KEY_SIZE_RANGE */
CKR_WRAPPING_KEY_TYPE_INCONSISTENT,     /* WRAPPING_KEY_TYPE_INCONSISTENT */
CKR_RANDOM_SEED_NOT_SUPPORTED,          /* RANDOM_SEED_NOT_SUPPORTED */
CKR_RANDOM_NO_RNG,                      /* RANDOM_NO_RNG */
CKR_DOMAIN_PARAMS_INVALID,              /* DOMAIN_PARAMS_INVALID */
CKR_BUFFER_TOO_SMALL,                   /* BUFFER_TOO_SMALL */
CKR_INFORMATION_SENSITIVE,              /* INFORMATION_SENSITIVE */
CKR_FUNCTION_NOT_SUPPORTED,             /* NOT_SUPPORTED */
CKR_GENERAL_ERROR,                      /* QUEUED */
CKR_GENERAL_ERROR,                      /* BUFFER_TOO_BIG */
CKR_OPERATION_NOT_INITIALIZED,          /* INVALID_CONTEXT */
CKR_GENERAL_ERROR,                      /* INVALID_MAC */
CKR_GENERAL_ERROR,                      /* MECH_NOT_SUPPORTED */
CKR_GENERAL_ERROR,                      /* INCONSISTENT_ATTRIBUTE */
CKR_GENERAL_ERROR,                      /* NO_PERMISSION */
CKR_SLOT_ID_INVALID,                    /* INVALID_PROVIDER_ID */
CKR_GENERAL_ERROR,                      /* VERSION_MISMATCH */
CKR_GENERAL_ERROR,                      /* BUSY */
CKR_GENERAL_ERROR,                      /* UNKNOWN_PROVIDER */
CKR_GENERAL_ERROR,                      /* MODVERIFICATION_FAILED */
CKR_GENERAL_ERROR,                      /* OLD_CTX_TEMPLATE */
CKR_GENERAL_ERROR,                      /* WEAK_KEY */
CKR_GENERAL_ERROR                       /* FIPS140_ERROR */
};

#if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
#error "Crypto to PKCS11 error mapping table needs to be updated!"
#endif

/*
 * This function returns a fullpath based on the "dir" and "filepath" input
 * arugments.
 * - If the filepath specified does not start with a "/" and the directory
 *   is also given, prepend the directory to the filename.
 * - If only dir or filepath is given, this function returns a copy of the
 *   given argument.
 * - If the filepath is fully qualified already and the "dir" is also
 *   given, return NULL to indicate an error.
 */
char *
get_fullpath(char *dir, char *filepath)
{
        char *fullpath = NULL;
        int pathlen = 0;
        int dirlen = 0;

        if (filepath != NULL)
                pathlen = strlen(filepath);

        if (dir != NULL)
                dirlen = strlen(dir);

        if (pathlen > 0 && dirlen > 0) {
                if (filepath[0] != '/') {
                        int len = pathlen + dirlen + 2;
                        fullpath = (char *)malloc(len);
                        if (fullpath != NULL)
                                (void) snprintf(fullpath, len, "%s/%s",
                                    dir, filepath);
                } else {
                        return (NULL);
                }
        } else if (pathlen > 0) {
                fullpath = (char *)strdup(filepath);
        } else if (dirlen > 0) {
                fullpath = (char *)strdup(dir);
        }

        return (fullpath);
}

/*
 * This function converts the input string to the value of time
 * in seconds.
 * - If the input string is NULL, return zero second.
 * - The input string needs to be in the form of:
 *   number-second(s), number-minute(s), number-hour(s) or
 *   number-day(s).
 */
int
str2lifetime(char *ltimestr, uint32_t *ltime)
{
        int num;
        char timetok[10];

        if (ltimestr == NULL || !strlen(ltimestr)) {
                *ltime = 0;
                return (0);
        }

        (void) memset(timetok, 0, sizeof (timetok));
        if (sscanf(ltimestr, "%d-%08s", &num, timetok) != 2)
                return (-1);

        if (!strcasecmp(timetok, "second") ||
            !strcasecmp(timetok, "seconds")) {
                *ltime = num;
        } else if (!strcasecmp(timetok, "minute") ||
            !strcasecmp(timetok, "minutes")) {
                *ltime = num * SECSPERMIN;
        } else if (!strcasecmp(timetok, "day") ||
            !strcasecmp(timetok, "days")) {
                *ltime = num * SECSPERDAY;
        } else if (!strcasecmp(timetok, "hour") ||
            !strcasecmp(timetok, "hours")) {
                *ltime = num * SECSPERHOUR;
        } else {
                *ltime = 0;
                return (-1);
        }

        return (0);
}

/*
 * Map KCF error codes into PKCS11 error codes.
 */
CK_RV
crypto2pkcs11_error_number(uint_t n)
{
        if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
                return (CKR_GENERAL_ERROR);

        return (error_number_table[n]);
}