/* * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. */ /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_PK11 #include #include #include #include "e_pk11.h" #include "e_pk11_uri.h" /* * The keystore used is always from the pubkey slot so we need to know which one * was selected so that we can get the information needed for the URI * processing. */ extern CK_SLOT_ID pubkey_SLOTID; extern CK_FUNCTION_LIST_PTR pFuncList; /* * Cached PIN so that child can use it during the re-login. Note that we do not * cache the PIN by default. */ static char *token_pin; static int mlock_pin_in_memory(char *pin); static char *run_askpass(char *dialog); /* * Get the PIN. Either run the command and use its standard output as a PIN to * fill in the PKCS11 URI structure, or read the PIN from the terminal. Using * the external command is of higher precedence. The memory for PIN is allocated * in this function and the PIN is always NULL terminated. The caller must take * care of freeing the memory used for the PIN. The maximum PIN length accepted * is PK11_MAX_PIN_LEN. * * The function is used also during the re-initialization of the engine after * the fork. * * The function must not be called under the protection of the mutex "uri_lock" * because the lock is acquired in the prefork function. * * Returns: * 0 in case of troubles (and sets "*pin" to NULL) * 1 if we got the PIN */ #define EXEC_SPEC "exec:" #define BUILTIN_SPEC "builtin" int pk11_get_pin(char *dialog, char **pin) { /* Initialize as an error. */ *pin = NULL; if (dialog == PK11_URI_BUILTIN_DIALOG) { /* The getpassphrase() function is not MT safe. */ (void) pthread_mutex_lock(uri_lock); /* Note that OpenSSL is not localized at all. */ *pin = getpassphrase("Enter token PIN: "); if (*pin == NULL) { PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN); (void) pthread_mutex_unlock(uri_lock); return (0); } else { char *pw; /* * getpassphrase() uses an internal buffer to hold the * entered password. Note that it terminates the buffer * with '\0'. */ if ((pw = strdup(*pin)) == NULL) { PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE); (void) pthread_mutex_unlock(uri_lock); return (0); } /* Zero the internal buffer to get rid of the PIN. */ memset(*pin, 0, strlen(*pin)); *pin = pw; (void) pthread_mutex_unlock(uri_lock); } } else { /* * This is the command case: "|". We will get the PIN from * the output of an external command. */ if (dialog[strlen(dialog) - 1] == '|') { char *buf; /* duplicate the command without tailing '|' */ buf = strndup(dialog, strlen(dialog) - 1); if (buf == NULL) { PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE); return (0); } *pin = run_askpass(buf); free(buf); if (*pin == NULL) { return (0); } } else { /* * Invalid specification in the pin-source keyword. */ PK11err(PK11_F_GET_PIN, PK11_R_BAD_PASSPHRASE_SPEC); return (0); } } return (1); } /* * strncmp() the attributes given by PKCS#11 URI against tokenInfo. * It return 0 if they match. 'len' is the length of each field enforced * by PKCS#11 CK_TOKEN_INFO. */ #define URI_MATCH_TOKENINFO(URI_name, tokenInfo_name, len) \ strncmp((char *)uri_struct->URI_name, \ (char *)token_info->tokenInfo_name, \ strlen((char *)uri_struct->URI_name) > (len) ? (len) : \ strlen((char *)uri_struct->URI_name)) #define TOKEN_MODEL_SIZE 16 /* * While our keystore is always the one used by the pubkey slot (which is * usually the Metaslot) we must make sure that those URI attributes that * specify the keystore match the real attributes of our slot keystore. Note * that one can use the METASLOT_OBJECTSTORE_TOKEN environment variable to * change the Metaslot's keystore from the softtoken to something else (see * libpkcs11(3LIB)). The user might want to use such attributes in the PKCS#11 * URI to make sure that the intended keystore is used. * * Returns: * 1 on success * 0 on failure */ int pk11_check_token_attrs(pkcs11_uri_t *uri_struct) { CK_RV rv; static CK_TOKEN_INFO_PTR token_info = NULL; (void) pthread_mutex_lock(uri_lock); if (token_info == NULL) { token_info = OPENSSL_malloc(sizeof (CK_TOKEN_INFO)); if (token_info == NULL) { PK11err(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_MALLOC_FAILURE); goto err; } rv = pFuncList->C_GetTokenInfo(pubkey_SLOTID, token_info); if (rv != CKR_OK) { PK11err_add_data(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_GETTOKENINFO, rv); goto err; } } if (uri_struct->token != NULL) { if (URI_MATCH_TOKENINFO(token, label, TOKEN_LABEL_SIZE) != 0) { goto urierr; } } if (uri_struct->manuf != NULL) { if (URI_MATCH_TOKENINFO(manuf, manufacturerID, TOKEN_MANUFACTURER_SIZE) != 0) { goto urierr; } } if (uri_struct->model != NULL) { if (URI_MATCH_TOKENINFO(model, model, TOKEN_MODEL_SIZE) != 0) { goto urierr; } } if (uri_struct->serial != NULL) { if (URI_MATCH_TOKENINFO(serial, serialNumber, TOKEN_SERIAL_SIZE) != 0) { goto urierr; } } (void) pthread_mutex_unlock(uri_lock); return (1); urierr: PK11err(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_TOKEN_ATTRS_DO_NOT_MATCH); /* Correct error already set above for the "err" label. */ err: (void) pthread_mutex_unlock(uri_lock); return (0); } /* * Return the process PIN caching policy. We initialize it just once so if the * process change OPENSSL_PKCS11_PIN_CACHING_POLICY during the operation it will * not have any affect on the policy. * * We assume that the "uri_lock" mutex is already locked. * * Returns the caching policy number. */ int pk11_get_pin_caching_policy(void) { char *value = NULL; static int policy = POLICY_NOT_INITIALIZED; if (policy != POLICY_NOT_INITIALIZED) { return (policy); } value = getenv("OPENSSL_PKCS11_PIN_CACHING_POLICY"); if (value == NULL || strcmp(value, "none") == 0) { policy = POLICY_NONE; goto done; } if (strcmp(value, "memory") == 0) { policy = POLICY_MEMORY; goto done; } if (strcmp(value, "mlocked-memory") == 0) { policy = POLICY_MLOCKED_MEMORY; goto done; } return (POLICY_WRONG_VALUE); done: return (policy); } /* * Cache the PIN in memory once. We already know that we have either "memory" or * "mlocked-memory" keyword correctly set. * * Returns: * 1 on success * 0 on failure */ int pk11_cache_pin(char *pin) { (void) pthread_mutex_lock(uri_lock); /* We set the PIN only once since all URIs must have it the same. */ if (token_pin != NULL) { goto ok; } if (pk11_get_pin_caching_policy() == POLICY_MEMORY) { if ((token_pin = strdup(pin)) == NULL) { PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE); goto err; } } else { if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY) { if (mlock_pin_in_memory(pin) == 0) { goto err; } } } ok: (void) pthread_mutex_unlock(uri_lock); return (1); err: (void) pthread_mutex_unlock(uri_lock); return (0); } /* * Cache the PIN in mlock(3C)ed memory. If mlock(3C) fails we will not resort to * the normal memory caching. * * Note that this function must be called under the protection of the "uri_lock" * mutex. * * Returns: * 1 on success * 0 on failure */ static int mlock_pin_in_memory(char *pin) { void *addr = NULL; long pagesize = 0; /* mlock(3C) locks pages so we need one whole page for the PIN. */ if ((pagesize = sysconf(_SC_PAGESIZE)) == -1) { PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_SYSCONF_FAILED); goto err; } /* This will ensure we have a page aligned pointer... */ if ((addr = mmap(0, pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0)) == MAP_FAILED) { PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_MMAP_FAILED); goto err; } /* ...because "addr" must be page aligned here. */ if (mlock(addr, pagesize) == -1) { /* * Missing the PRIV_PROC_LOCK_MEMORY privilege might be a common * problem so distinguish this situation from other issues. */ if (errno == EPERM) { PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING); } else { PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_MLOCK_FAILED); } /* * We already have a problem here so there is no need to check * that we could unmap the page. The PIN is not there yet * anyway. */ (void) munmap(addr, pagesize); goto err; } /* Copy the PIN to the mlocked memory. */ token_pin = (char *)addr; strlcpy(token_pin, pin, PK11_MAX_PIN_LEN + 1); return (1); err: return (0); } /* * Log in to the keystore if we are supposed to do that at all. Take care of * reading and caching the PIN etc. Log in only once even when called from * multiple threads. * * Returns: * 1 on success * 0 on failure */ int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done, pkcs11_uri_t *uri_struct, CK_BBOOL is_private) { CK_RV rv; int ret = 0; char *pin = NULL; if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0) { PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_NOT_INITIALIZED); return (0); } /* * If login is required or needed but the PIN has not been even * initialized we can bail out right now. Note that we are supposed to * always log in if we are going to access private keys. However, we may * need to log in even for accessing public keys in case that the * CKF_LOGIN_REQUIRED flag is set. */ if ((pubkey_token_flags & CKF_LOGIN_REQUIRED || is_private == CK_TRUE) && ~pubkey_token_flags & CKF_USER_PIN_INITIALIZED) { PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET); return (0); } /* * If token does not require login we take it as the login was done. */ if (!(pubkey_token_flags & CKF_LOGIN_REQUIRED) && (is_private == CK_FALSE)) { *login_done = CK_TRUE; return (1); } /* * Note on locking: it is possible that more than one thread gets into * pk11_get_pin() so we must deal with that. We cannot avoid it since we * cannot guard fork() in there with a lock because we could end up in * a dead lock in the child. Why? Remember we are in a multithreaded * environment so we must lock all mutexes in the prefork function to * avoid a situation in which a thread that did not call fork() held a * lock, making future unlocking impossible. We lock right before * C_Login(). */ if (*login_done == CK_FALSE && uri_struct->pinfile == NULL) { PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_PROVIDED); return (0); } if (*login_done == CK_FALSE && uri_struct->pinfile != NULL) { /* * 'pin' is allocated by pk11_get_pin(). * Note: don't call pk11_get_pin() with uri_lock held. */ if (pk11_get_pin(uri_struct->pinfile, &pin) == 0) { PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_PROVIDED); return (0); } } /* * Note that what we are logging into is the keystore from * pubkey_SLOTID because we work with OP_RSA session type here. * That also means that we can work with only one keystore in * the engine. * * We must make sure we do not try to login more than once. * Also, see the comment above on locking strategy. */ (void) pthread_mutex_lock(uri_lock); if (*login_done == CK_TRUE) { ret = 1; goto exit_locked; } if ((rv = pFuncList->C_Login(session, CKU_USER, (CK_UTF8CHAR *)pin, strlen(pin))) != CKR_OK) { PK11err_add_data(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_LOGIN_FAILED, rv); goto exit_locked; } *login_done = CK_TRUE; /* * Cache the passphrasedialog for possible child (which * would need to relogin). */ if (passphrasedialog == NULL) { if (uri_struct->pinfile == PK11_URI_BUILTIN_DIALOG) { passphrasedialog = PK11_URI_BUILTIN_DIALOG; } else if (uri_struct->pinfile != NULL) { passphrasedialog = strdup(uri_struct->pinfile); if (passphrasedialog == NULL) { PK11err_add_data(PK11_F_TOKEN_LOGIN, PK11_R_MALLOC_FAILURE, rv); goto exit_locked; } } } /* * Check the PIN caching policy. Note that user might * have provided a PIN even when no PIN was required - * in that case we always remove the PIN from memory. */ if (pk11_get_pin_caching_policy() == POLICY_WRONG_VALUE) { PK11err(PK11_F_TOKEN_LOGIN, PK11_R_PIN_CACHING_POLICY_INVALID); goto exit_locked; } if (pk11_get_pin_caching_policy() != POLICY_NONE) { if (pk11_cache_pin(pin) == 0) { goto exit_locked; } } ret = 1; exit_locked: (void) pthread_mutex_unlock(uri_lock); /* * If we raced at pk11_get_pin() we must make sure that all * threads that called pk11_get_pin() will erase the PIN from * memory, not just the one that called C_Login(). Note that if * we were supposed to cache the PIN it was already cached by * now so filling "uri_struct.pin" with zero bytes is always OK * since pk11_cache_pin() makes a copy of it. */ if (pin != NULL) { memset(pin, 0, strlen(pin)); OPENSSL_free(pin); } return (ret); } /* * Log in to the keystore in the child if we were logged in in the parent. There * are similarities in the code with pk11_token_login() but still it is quite * different so we need a separate function for this. * * Note that this function is called under the locked session mutex when fork is * detected. That means that C_Login() will be called from the child just once. * * Returns: * 1 on success * 0 on failure */ int pk11_token_relogin(CK_SESSION_HANDLE session) { CK_RV rv; /* * We are in the child so check if we should login to the token again. * Note that it is enough to log in to the token through one session * only, all already open and all future sessions can access the token * then. */ if (passphrasedialog != NULL) { char *pin = NULL; /* If we cached the PIN then use it. */ if (token_pin != NULL) { pin = token_pin; } else if (pk11_get_pin(passphrasedialog, &pin) == 0) { return (0); } (void) pthread_mutex_lock(uri_lock); if ((rv = pFuncList->C_Login(session, CKU_USER, (CK_UTF8CHAR_PTR)pin, strlen(pin))) != CKR_OK) { PK11err_add_data(PK11_F_TOKEN_RELOGIN, PK11_R_TOKEN_LOGIN_FAILED, rv); (void) pthread_mutex_unlock(uri_lock); return (0); } (void) pthread_mutex_unlock(uri_lock); /* Forget the PIN now if we did not cache it before. */ if (pin != token_pin) { memset(pin, 0, strlen(pin)); OPENSSL_free(pin); } } return (1); } /* * This function forks and runs an external command. It would be nice if we * could use popen(3C)/pclose(3C) for that but unfortunately we need to be able * to get rid of the PIN from the memory. With p(open|close) function calls we * cannot control the stdio's memory used for buffering and our tests showed * that the PIN really stays there even after pclose(). * * Returns: * allocated buffer on success * NULL on failure */ static char * run_askpass(char *dialog) { pid_t pid; int n, p[2]; char *buf = NULL; if (pipe(p) == -1) { PK11err(PK11_F_RUN_ASKPASS, PK11_R_PIPE_FAILED); return (NULL); } switch (pid = fork()) { case -1: PK11err(PK11_F_RUN_ASKPASS, PK11_R_FORK_FAILED); return (NULL); /* child */ case 0: /* * This should make sure that dup2() will not fail on * file descriptor shortage. */ close(p[0]); (void) dup2(p[1], 1); close(p[1]); /* * Note that we cannot use PK11err() here since we are * in the child. However, parent will get read() error * so do not worry. */ (void) execl(dialog, basename(dialog), NULL); exit(1); /* parent */ default: /* +1 is for the terminating '\0' */ buf = (char *)OPENSSL_malloc(PK11_MAX_PIN_LEN + 1); if (buf == NULL) { PK11err(PK11_F_RUN_ASKPASS, PK11_R_MALLOC_FAILURE); return (NULL); } close(p[1]); n = read(p[0], buf, PK11_MAX_PIN_LEN); if (n == -1 || n == 0) { PK11err(PK11_F_RUN_ASKPASS, PK11_R_PIN_NOT_READ_FROM_COMMAND); OPENSSL_free(buf); return (NULL); } buf[n] = '\0'; (void) waitpid(pid, NULL, 0); } return (buf); } #endif /* OPENSSL_NO_HW_PK11 */ #endif /* OPENSSL_NO_HW */