2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "@(#)adm_uef.c 1.12 06/11/02 SMI"
27
28 #include <cryptoutil.h>
29 #include <fcntl.h>
30 #include <libintl.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <strings.h>
34 #include <unistd.h>
35 #include <errno.h>
36 #include <dlfcn.h>
37 #include <link.h>
38 #include <sys/types.h>
39 #include <sys/stat.h>
40 #include <security/cryptoki.h>
41 #include "cryptoadm.h"
42
43 #define HDR1 " P\n"
44 #define HDR2 " S V K a U D\n"
45 #define HDR3 " i e e i n e\n"
46 #define HDR4 " S g V r y r W w r\n"
122 (void) printf("%s %s %s %s %s %s %s %s %s %s %s %s "
123 "%s %s",
124 (mechInfo->flags & CKF_HW) ? "X" : ".",
125 (mechInfo->flags & CKF_ENCRYPT) ? "X" : ".",
126 (mechInfo->flags & CKF_DECRYPT) ? "X" : ".",
127 (mechInfo->flags & CKF_DIGEST) ? "X" : ".",
128 (mechInfo->flags & CKF_SIGN) ? "X" : ".",
129 (mechInfo->flags & CKF_SIGN_RECOVER) ? "X" : ".",
130 (mechInfo->flags & CKF_VERIFY) ? "X" : ".",
131 (mechInfo->flags & CKF_VERIFY_RECOVER) ? "X" : ".",
132 (mechInfo->flags & CKF_GENERATE) ? "X" : ".",
133 (mechInfo->flags & CKF_GENERATE_KEY_PAIR) ? "X" : ".",
134 (mechInfo->flags & CKF_WRAP) ? "X" : ".",
135 (mechInfo->flags & CKF_UNWRAP) ? "X" : ".",
136 (mechInfo->flags & CKF_DERIVE) ? "X" : ".",
137 (mechInfo->flags & ec_flags) ? "X" : ".");
138 }
139
140 /*
141 * Converts the provided list of mechanism names in their string format to
142 * their corrsponding PKCS#11 mechanism IDs.
143 *
144 * The list of mechanism names to be converted is provided in the
145 * "mlist" argument. The list of converted mechanism IDs is returned
146 * in the "pmech_list" argument.
147 *
148 * This function is called by list_metaslot_info() and
149 * list_mechlist_for_lib() functions.
150 */
151 int
152 convert_mechlist(CK_MECHANISM_TYPE **pmech_list, CK_ULONG *mech_count,
153 mechlist_t *mlist)
154 {
155 int i, n = 0;
156 mechlist_t *p = mlist;
157
158 while (p != NULL) {
159 p = p->next;
160 n++;
161 }
162
180 /*
181 * Display the mechanism list for a user-level library
182 */
183 int
184 list_mechlist_for_lib(char *libname, mechlist_t *mlist,
185 flag_val_t *rng_flag, boolean_t no_warn,
186 boolean_t verbose, boolean_t show_mechs)
187 {
188 CK_RV rv = CKR_OK;
189 CK_RV (*Tmp_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR);
190 CK_FUNCTION_LIST_PTR prov_funcs; /* Provider's function list */
191 CK_SLOT_ID_PTR prov_slots = NULL; /* Provider's slot list */
192 CK_MECHANISM_TYPE_PTR pmech_list; /* mechanism list for a slot */
193 CK_SLOT_INFO slotinfo;
194 CK_ULONG slot_count;
195 CK_ULONG mech_count;
196 uentry_t *puent = NULL;
197 boolean_t lib_initialized = B_FALSE;
198 void *dldesc = NULL;
199 char *dl_error;
200 char *mech_name;
201 char *isa;
202 char libpath[MAXPATHLEN];
203 char buf[MAXPATHLEN];
204 int i, j;
205 int rc = SUCCESS;
206
207 if (libname == NULL) {
208 /* should not happen */
209 cryptoerror(LOG_STDERR, gettext("internal error."));
210 cryptodebug("list_mechlist_for_lib() - libname is NULL.");
211 return (FAILURE);
212 }
213
214 /* Check if the library is in the pkcs11.conf file */
215 if ((puent = getent_uef(libname)) == NULL) {
216 cryptoerror(LOG_STDERR,
217 gettext("%s does not exist."), libname);
218 return (FAILURE);
219 }
220 free_uentry(puent);
429 break;
430 }
431 } else {
432 /* use the mechanism list passed in */
433 rc = convert_mechlist(&pmech_list, &mech_count, mlist);
434 if (rc != SUCCESS) {
435 goto clean_exit;
436 }
437 }
438 if (show_mechs)
439 (void) printf(gettext("Mechanisms:\n"));
440
441 if (verbose && show_mechs) {
442 display_verbose_mech_header();
443 }
444 /*
445 * Merge the current mechanism list into the returning
446 * mechanism list.
447 */
448 for (j = 0; show_mechs && j < mech_count; j++) {
449 mech_name = pkcs11_mech2str(pmech_list[j]);
450 (void) printf("%-29s", mech_name);
451 if (verbose) {
452 CK_MECHANISM_INFO mech_info;
453 rv = prov_funcs->C_GetMechanismInfo(
454 prov_slots[i], pmech_list[j], &mech_info);
455 if (rv != CKR_OK) {
456 cryptodebug(
457 "failed to call "
458 "C_GetMechanismInfo() from %s.",
459 libname);
460 (void) free(pmech_list);
461 rc = FAILURE;
462 break;
463 }
464 display_mech_info(&mech_info);
465 }
466 (void) printf("\n");
467 }
468 (void) free(pmech_list);
469 if (rc == FAILURE) {
470 break;
471 }
472 }
473
474 if (rng_flag != NULL || rc == FAILURE) {
1098 rc = FAILURE;
1099 } else {
1100 rc = SUCCESS;
1101 }
1102
1103 if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) {
1104 err = errno;
1105 cryptoerror(LOG_STDERR, gettext(
1106 "(Warning) failed to remove %s: %s"),
1107 tmpfile_name, strerror(err));
1108 }
1109
1110 return (rc);
1111 }
1112
1113
1114 int
1115 display_policy(uentry_t *puent)
1116 {
1117 CK_MECHANISM_TYPE mech_id;
1118 char *mech_name;
1119 umechlist_t *ptr;
1120
1121 if (puent == NULL) {
1122 return (SUCCESS);
1123 }
1124
1125 if (puent->flag_enabledlist == B_FALSE) {
1126 (void) printf(gettext("%s: all mechanisms are enabled"),
1127 puent->name);
1128 ptr = puent->policylist;
1129 if (ptr == NULL) {
1130 (void) printf(".");
1131 } else {
1132 (void) printf(gettext(", except "));
1133 while (ptr != NULL) {
1134 mech_id = strtoul(ptr->name, NULL, 0);
1135 if (mech_id & CKO_VENDOR_DEFINED) {
1136 /* vendor defined mechanism */
1137 (void) printf("%s", ptr->name);
1138 } else {
1139 mech_name = pkcs11_mech2str(mech_id);
1140 if (mech_name == NULL) {
1141 return (FAILURE);
1142 }
1143 (void) printf("%s", mech_name);
1144 free(mech_name);
1145 }
1146
1147 ptr = ptr->next;
1148 if (ptr == NULL) {
1149 (void) printf(".");
1150 } else {
1151 (void) printf(",");
1152 }
1153 }
1154 }
1155 } else { /* puent->flag_enabledlist == B_TRUE */
1156 (void) printf(gettext("%s: all mechanisms are disabled"),
1157 puent->name);
1158 ptr = puent->policylist;
1159 if (ptr == NULL) {
1160 (void) printf(".");
1161 } else {
1162 (void) printf(gettext(", except "));
1163 while (ptr != NULL) {
1164 mech_id = strtoul(ptr->name, NULL, 0);
1165 if (mech_id & CKO_VENDOR_DEFINED) {
1166 /* vendor defined mechanism */
1167 (void) printf("%s", ptr->name);
1168 } else {
1169 mech_name = pkcs11_mech2str(mech_id);
1170 if (mech_name == NULL) {
1171 return (FAILURE);
1172 }
1173 (void) printf("%s", mech_name);
1174 free(mech_name);
1175 }
1176 ptr = ptr->next;
1177 if (ptr == NULL) {
1178 (void) printf(".");
1179 } else {
1180 (void) printf(",");
1181 }
1182 }
1183 }
1184 }
1185 return (SUCCESS);
1186 }
1187
1188
1189
1190 /*
1191 * Print out the mechanism policy for a user-level provider pointed by puent.
1192 */
1193 int
1194 print_uef_policy(uentry_t *puent)
|
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "@(#)adm_uef.c 1.13 08/06/27 SMI"
27
28 #include <cryptoutil.h>
29 #include <fcntl.h>
30 #include <libintl.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <strings.h>
34 #include <unistd.h>
35 #include <errno.h>
36 #include <dlfcn.h>
37 #include <link.h>
38 #include <sys/types.h>
39 #include <sys/stat.h>
40 #include <security/cryptoki.h>
41 #include "cryptoadm.h"
42
43 #define HDR1 " P\n"
44 #define HDR2 " S V K a U D\n"
45 #define HDR3 " i e e i n e\n"
46 #define HDR4 " S g V r y r W w r\n"
122 (void) printf("%s %s %s %s %s %s %s %s %s %s %s %s "
123 "%s %s",
124 (mechInfo->flags & CKF_HW) ? "X" : ".",
125 (mechInfo->flags & CKF_ENCRYPT) ? "X" : ".",
126 (mechInfo->flags & CKF_DECRYPT) ? "X" : ".",
127 (mechInfo->flags & CKF_DIGEST) ? "X" : ".",
128 (mechInfo->flags & CKF_SIGN) ? "X" : ".",
129 (mechInfo->flags & CKF_SIGN_RECOVER) ? "X" : ".",
130 (mechInfo->flags & CKF_VERIFY) ? "X" : ".",
131 (mechInfo->flags & CKF_VERIFY_RECOVER) ? "X" : ".",
132 (mechInfo->flags & CKF_GENERATE) ? "X" : ".",
133 (mechInfo->flags & CKF_GENERATE_KEY_PAIR) ? "X" : ".",
134 (mechInfo->flags & CKF_WRAP) ? "X" : ".",
135 (mechInfo->flags & CKF_UNWRAP) ? "X" : ".",
136 (mechInfo->flags & CKF_DERIVE) ? "X" : ".",
137 (mechInfo->flags & ec_flags) ? "X" : ".");
138 }
139
140 /*
141 * Converts the provided list of mechanism names in their string format to
142 * their corresponding PKCS#11 mechanism IDs.
143 *
144 * The list of mechanism names to be converted is provided in the
145 * "mlist" argument. The list of converted mechanism IDs is returned
146 * in the "pmech_list" argument.
147 *
148 * This function is called by list_metaslot_info() and
149 * list_mechlist_for_lib() functions.
150 */
151 int
152 convert_mechlist(CK_MECHANISM_TYPE **pmech_list, CK_ULONG *mech_count,
153 mechlist_t *mlist)
154 {
155 int i, n = 0;
156 mechlist_t *p = mlist;
157
158 while (p != NULL) {
159 p = p->next;
160 n++;
161 }
162
180 /*
181 * Display the mechanism list for a user-level library
182 */
183 int
184 list_mechlist_for_lib(char *libname, mechlist_t *mlist,
185 flag_val_t *rng_flag, boolean_t no_warn,
186 boolean_t verbose, boolean_t show_mechs)
187 {
188 CK_RV rv = CKR_OK;
189 CK_RV (*Tmp_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR);
190 CK_FUNCTION_LIST_PTR prov_funcs; /* Provider's function list */
191 CK_SLOT_ID_PTR prov_slots = NULL; /* Provider's slot list */
192 CK_MECHANISM_TYPE_PTR pmech_list; /* mechanism list for a slot */
193 CK_SLOT_INFO slotinfo;
194 CK_ULONG slot_count;
195 CK_ULONG mech_count;
196 uentry_t *puent = NULL;
197 boolean_t lib_initialized = B_FALSE;
198 void *dldesc = NULL;
199 char *dl_error;
200 const char *mech_name;
201 char *isa;
202 char libpath[MAXPATHLEN];
203 char buf[MAXPATHLEN];
204 int i, j;
205 int rc = SUCCESS;
206
207 if (libname == NULL) {
208 /* should not happen */
209 cryptoerror(LOG_STDERR, gettext("internal error."));
210 cryptodebug("list_mechlist_for_lib() - libname is NULL.");
211 return (FAILURE);
212 }
213
214 /* Check if the library is in the pkcs11.conf file */
215 if ((puent = getent_uef(libname)) == NULL) {
216 cryptoerror(LOG_STDERR,
217 gettext("%s does not exist."), libname);
218 return (FAILURE);
219 }
220 free_uentry(puent);
429 break;
430 }
431 } else {
432 /* use the mechanism list passed in */
433 rc = convert_mechlist(&pmech_list, &mech_count, mlist);
434 if (rc != SUCCESS) {
435 goto clean_exit;
436 }
437 }
438 if (show_mechs)
439 (void) printf(gettext("Mechanisms:\n"));
440
441 if (verbose && show_mechs) {
442 display_verbose_mech_header();
443 }
444 /*
445 * Merge the current mechanism list into the returning
446 * mechanism list.
447 */
448 for (j = 0; show_mechs && j < mech_count; j++) {
449 CK_MECHANISM_TYPE mech = pmech_list[j];
450
451 if (mech > CKM_VENDOR_DEFINED) {
452 (void) printf("%#lx", mech);
453 } else {
454 mech_name = pkcs11_mech2str(mech);
455 (void) printf("%-29s", mech_name);
456 }
457
458 if (verbose) {
459 CK_MECHANISM_INFO mech_info;
460 rv = prov_funcs->C_GetMechanismInfo(
461 prov_slots[i], mech, &mech_info);
462 if (rv != CKR_OK) {
463 cryptodebug(
464 "failed to call "
465 "C_GetMechanismInfo() from %s.",
466 libname);
467 (void) free(pmech_list);
468 rc = FAILURE;
469 break;
470 }
471 display_mech_info(&mech_info);
472 }
473 (void) printf("\n");
474 }
475 (void) free(pmech_list);
476 if (rc == FAILURE) {
477 break;
478 }
479 }
480
481 if (rng_flag != NULL || rc == FAILURE) {
1105 rc = FAILURE;
1106 } else {
1107 rc = SUCCESS;
1108 }
1109
1110 if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) {
1111 err = errno;
1112 cryptoerror(LOG_STDERR, gettext(
1113 "(Warning) failed to remove %s: %s"),
1114 tmpfile_name, strerror(err));
1115 }
1116
1117 return (rc);
1118 }
1119
1120
1121 int
1122 display_policy(uentry_t *puent)
1123 {
1124 CK_MECHANISM_TYPE mech_id;
1125 const char *mech_name;
1126 umechlist_t *ptr;
1127
1128 if (puent == NULL) {
1129 return (SUCCESS);
1130 }
1131
1132 if (puent->flag_enabledlist == B_FALSE) {
1133 (void) printf(gettext("%s: all mechanisms are enabled"),
1134 puent->name);
1135 ptr = puent->policylist;
1136 if (ptr == NULL) {
1137 (void) printf(".");
1138 } else {
1139 (void) printf(gettext(", except "));
1140 while (ptr != NULL) {
1141 mech_id = strtoul(ptr->name, NULL, 0);
1142 if (mech_id & CKO_VENDOR_DEFINED) {
1143 /* vendor defined mechanism */
1144 (void) printf("%s", ptr->name);
1145 } else {
1146 if (mech_id > CKM_VENDOR_DEFINED) {
1147 (void) printf("%#lx", mech_id);
1148 } else {
1149 mech_name = pkcs11_mech2str(
1150 mech_id);
1151 if (mech_name == NULL) {
1152 return (FAILURE);
1153 }
1154 (void) printf("%s", mech_name);
1155 }
1156 }
1157
1158 ptr = ptr->next;
1159 if (ptr == NULL) {
1160 (void) printf(".");
1161 } else {
1162 (void) printf(",");
1163 }
1164 }
1165 }
1166 } else { /* puent->flag_enabledlist == B_TRUE */
1167 (void) printf(gettext("%s: all mechanisms are disabled"),
1168 puent->name);
1169 ptr = puent->policylist;
1170 if (ptr == NULL) {
1171 (void) printf(".");
1172 } else {
1173 (void) printf(gettext(", except "));
1174 while (ptr != NULL) {
1175 mech_id = strtoul(ptr->name, NULL, 0);
1176 if (mech_id & CKO_VENDOR_DEFINED) {
1177 /* vendor defined mechanism */
1178 (void) printf("%s", ptr->name);
1179 } else {
1180 mech_name = pkcs11_mech2str(mech_id);
1181 if (mech_name == NULL) {
1182 return (FAILURE);
1183 }
1184 (void) printf("%s", mech_name);
1185 }
1186 ptr = ptr->next;
1187 if (ptr == NULL) {
1188 (void) printf(".");
1189 } else {
1190 (void) printf(",");
1191 }
1192 }
1193 }
1194 }
1195 return (SUCCESS);
1196 }
1197
1198
1199
1200 /*
1201 * Print out the mechanism policy for a user-level provider pointed by puent.
1202 */
1203 int
1204 print_uef_policy(uentry_t *puent)
|