/*
 *              Common Public License Version 0.5
 *
 *              THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
 *              THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
 *              REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
 *              RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
 *
 *              1. DEFINITIONS
 *
 *              "Contribution" means:
 *                    a) in the case of the initial Contributor, the
 *                    initial code and documentation distributed under
 *                    this Agreement, and
 *
 *                    b) in the case of each subsequent Contributor:
 *                    i) changes to the Program, and
 *                    ii) additions to the Program;
 *
 *                    where such changes and/or additions to the Program
 *                    originate from and are distributed by that
 *                    particular Contributor. A Contribution 'originates'
 *                    from a Contributor if it was added to the Program
 *                    by such Contributor itself or anyone acting on such
 *                    Contributor's behalf. Contributions do not include
 *                    additions to the Program which: (i) are separate
 *                    modules of software distributed in conjunction with
 *                    the Program under their own license agreement, and
 *                    (ii) are not derivative works of the Program.
 *
 *
 *              "Contributor" means any person or entity that distributes
 *              the Program.
 *
 *              "Licensed Patents " mean patent claims licensable by a
 *              Contributor which are necessarily infringed by the use or
 *              sale of its Contribution alone or when combined with the
 *              Program.
 *
 *              "Program" means the Contributions distributed in
 *              accordance with this Agreement.
 *
 *              "Recipient" means anyone who receives the Program under
 *              this Agreement, including all Contributors.
 *
 *              2. GRANT OF RIGHTS
 *
 *                    a) Subject to the terms of this Agreement, each
 *                    Contributor hereby grants Recipient a
 *                    non-exclusive, worldwide, royalty-free copyright
 *                    license to reproduce, prepare derivative works of,
 *                    publicly display, publicly perform, distribute and
 *                    sublicense the Contribution of such Contributor, if
 *                    any, and such derivative works, in source code and
 *                    object code form.
 *
 *                    b) Subject to the terms of this Agreement, each
 *                    Contributor hereby grants Recipient a
 *                    non-exclusive, worldwide, royalty-free patent
 *                    license under Licensed Patents to make, use, sell,
 *                    offer to sell, import and otherwise transfer the
 *                    Contribution of such Contributor, if any, in source
 *                    code and object code form. This patent license
 *                    shall apply to the combination of the Contribution
 *                    and the Program if, at the time the Contribution is
 *                    added by the Contributor, such addition of the
 *                    Contribution causes such combination to be covered
 *                    by the Licensed Patents. The patent license shall
 *                    not apply to any other combinations which include
 *                    the Contribution. No hardware per se is licensed
 *                    hereunder.
 *
 *                    c) Recipient understands that although each
 *                    Contributor grants the licenses to its
 *                    Contributions set forth herein, no assurances are
 *                    provided by any Contributor that the Program does
 *                    not infringe the patent or other intellectual
 *                    property rights of any other entity. Each
 *                    Contributor disclaims any liability to Recipient
 *                    for claims brought by any other entity based on
 *                    infringement of intellectual property rights or
 *                    otherwise. As a condition to exercising the rights
 *                    and licenses granted hereunder, each Recipient
 *                    hereby assumes sole responsibility to secure any
 *                    other intellectual property rights needed, if any.
 *
 *                    For example, if a third party patent license is
 *                    required to allow Recipient to distribute the
 *                    Program, it is Recipient's responsibility to
 *                    acquire that license before distributing the
 *                    Program.
 *
 *                    d) Each Contributor represents that to its
 *                    knowledge it has sufficient copyright rights in its
 *                    Contribution, if any, to grant the copyright
 *                    license set forth in this Agreement.
 *
 *              3. REQUIREMENTS
 *
 *              A Contributor may choose to distribute the Program in
 *              object code form under its own license agreement, provided
 *              that:
 *                    a) it complies with the terms and conditions of
 *                    this Agreement; and
 *
 *                    b) its license agreement:
 *                    i) effectively disclaims on behalf of all
 *                    Contributors all warranties and conditions, express
 *                    and implied, including warranties or conditions of
 *                    title and non-infringement, and implied warranties
 *                    or conditions of merchantability and fitness for a
 *                    particular purpose;
 *
 *                    ii) effectively excludes on behalf of all
 *                    Contributors all liability for damages, including
 *                    direct, indirect, special, incidental and
 *                    consequential damages, such as lost profits;
 *
 *                    iii) states that any provisions which differ from
 *                    this Agreement are offered by that Contributor
 *                    alone and not by any other party; and
 *
 *                    iv) states that source code for the Program is
 *                    available from such Contributor, and informs
 *                    licensees how to obtain it in a reasonable manner
 *                    on or through a medium customarily used for
 *                    software exchange.
 *
 *              When the Program is made available in source code form:
 *                    a) it must be made available under this Agreement;
 *                    and
 *                    b) a copy of this Agreement must be included with
 *                    each copy of the Program.
 *
 *              Contributors may not remove or alter any copyright notices
 *              contained within the Program.
 *
 *              Each Contributor must identify itself as the originator of
 *              its Contribution, if any, in a manner that reasonably
 *              allows subsequent Recipients to identify the originator of
 *              the Contribution.
 *
 *
 *              4. COMMERCIAL DISTRIBUTION
 *
 *              Commercial distributors of software may accept certain
 *              responsibilities with respect to end users, business
 *              partners and the like. While this license is intended to
 *              facilitate the commercial use of the Program, the
 *              Contributor who includes the Program in a commercial
 *              product offering should do so in a manner which does not
 *              create potential liability for other Contributors.
 *              Therefore, if a Contributor includes the Program in a
 *              commercial product offering, such Contributor ("Commercial
 *              Contributor") hereby agrees to defend and indemnify every
 *              other Contributor ("Indemnified Contributor") against any
 *              losses, damages and costs (collectively "Losses") arising
 *              from claims, lawsuits and other legal actions brought by a
 *              third party against the Indemnified Contributor to the
 *              extent caused by the acts or omissions of such Commercial
 *              Contributor in connection with its distribution of the
 *              Program in a commercial product offering. The obligations
 *              in this section do not apply to any claims or Losses
 *              relating to any actual or alleged intellectual property
 *              infringement. In order to qualify, an Indemnified
 *              Contributor must: a) promptly notify the Commercial
 *              Contributor in writing of such claim, and b) allow the
 *              Commercial Contributor to control, and cooperate with the
 *              Commercial Contributor in, the defense and any related
 *              settlement negotiations. The Indemnified Contributor may
 *              participate in any such claim at its own expense.
 *
 *
 *              For example, a Contributor might include the Program in a
 *              commercial product offering, Product X. That Contributor
 *              is then a Commercial Contributor. If that Commercial
 *              Contributor then makes performance claims, or offers
 *              warranties related to Product X, those performance claims
 *              and warranties are such Commercial Contributor's
 *              responsibility alone. Under this section, the Commercial
 *              Contributor would have to defend claims against the other
 *              Contributors related to those performance claims and
 *              warranties, and if a court requires any other Contributor
 *              to pay any damages as a result, the Commercial Contributor
 *              must pay those damages.
 *
 *
 *              5. NO WARRANTY
 *
 *              EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
 *              PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
 *              WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
 *              IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
 *              CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR
 *              FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
 *              responsible for determining the appropriateness of using
 *              and distributing the Program and assumes all risks
 *              associated with its exercise of rights under this
 *              Agreement, including but not limited to the risks and
 *              costs of program errors, compliance with applicable laws,
 *              damage to or loss of data, programs or equipment, and
 *              unavailability or interruption of operations.
 *
 *              6. DISCLAIMER OF LIABILITY
 *              EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
 *              RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
 *              FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *              OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
 *              LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
 *              LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 *              (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 *              OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
 *              OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
 *              POSSIBILITY OF SUCH DAMAGES.
 *
 *              7. GENERAL
 *
 *              If any provision of this Agreement is invalid or
 *              unenforceable under applicable law, it shall not affect
 *              the validity or enforceability of the remainder of the
 *              terms of this Agreement, and without further action by the
 *              parties hereto, such provision shall be reformed to the
 *              minimum extent necessary to make such provision valid and
 *              enforceable.
 *
 *
 *              If Recipient institutes patent litigation against a
 *              Contributor with respect to a patent applicable to
 *              software (including a cross-claim or counterclaim in a
 *              lawsuit), then any patent licenses granted by that
 *              Contributor to such Recipient under this Agreement shall
 *              terminate as of the date such litigation is filed. In
 *              addition, If Recipient institutes patent litigation
 *              against any entity (including a cross-claim or
 *              counterclaim in a lawsuit) alleging that the Program
 *              itself (excluding combinations of the Program with other
 *              software or hardware) infringes such Recipient's
 *              patent(s), then such Recipient's rights granted under
 *              Section 2(b) shall terminate as of the date such
 *              litigation is filed.
 *
 *              All Recipient's rights under this Agreement shall
 *              terminate if it fails to comply with any of the material
 *              terms or conditions of this Agreement and does not cure
 *              such failure in a reasonable period of time after becoming
 *              aware of such noncompliance. If all Recipient's rights
 *              under this Agreement terminate, Recipient agrees to cease
 *              use and distribution of the Program as soon as reasonably
 *              practicable. However, Recipient's obligations under this
 *              Agreement and any licenses granted by Recipient relating
 *              to the Program shall continue and survive.
 *
 *              Everyone is permitted to copy and distribute copies of
 *              this Agreement, but in order to avoid inconsistency the
 *              Agreement is copyrighted and may only be modified in the
 *              following manner. The Agreement Steward reserves the right
 *              to publish new versions (including revisions) of this
 *              Agreement from time to time. No one other than the
 *              Agreement Steward has the right to modify this Agreement.
 *
 *              IBM is the initial Agreement Steward. IBM may assign the
 *              responsibility to serve as the Agreement Steward to a
 *              suitable separate entity. Each new version of the
 *              Agreement will be given a distinguishing version number.
 *              The Program (including Contributions) may always be
 *              distributed subject to the version of the Agreement under
 *              which it was received. In addition, after a new version of
 *              the Agreement is published, Contributor may elect to
 *              distribute the Program (including its Contributions) under
 *              the new version. Except as expressly stated in Sections
 *              2(a) and 2(b) above, Recipient receives no rights or
 *              licenses to the intellectual property of any Contributor
 *              under this Agreement, whether expressly, by implication,
 *              estoppel or otherwise. All rights in the Program not
 *              expressly granted under this Agreement are reserved.
 *
 *
 *              This Agreement is governed by the laws of the State of New
 *              York and the intellectual property laws of the United
 *              States of America. No party to this Agreement will bring a
 *              legal action under this Agreement more than one year after
 *              the cause of action arose. Each party waives its rights to
 *              a jury trial in any resulting litigation.
 *
 *
 *
 * (C) COPYRIGHT International Business Machines Corp. 2001,2002
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "tpmtok_int.h"
#include <pwd.h>
#include <grp.h>
#include <fcntl.h>

#define ALTERNATE_KEYSTORE_PATH "PKCS11_TPM_DIR"
#define PWD_BUFFER_SIZE 1024

static char keystore_path[MAXPATHLEN];
static boolean_t keystore_path_initialized = 0;

extern TSS_HKEY hPrivateLeafKey;
static CK_RV
restore_private_token_object(TSS_HCONTEXT, CK_BYTE  *, CK_ULONG, OBJECT *);

static struct flock fl = {
        0,
        0,
        0,
        0,
        0,
        0,
        {0, 0, 0, 0}
};

static int
lockfile(int fd, int op)
{
        fl.l_type = op;
        return (fcntl(fd, F_SETLKW, &fl));
}

static char *
get_user_default_path(char *home_path)
{
        struct passwd pwd, *user_info;
        char pwdbuf[PWD_BUFFER_SIZE];

        if (getpwuid_r(getuid(), &pwd, pwdbuf, PWD_BUFFER_SIZE,
            &user_info) != 0)
                return (NULL);

        (void) snprintf(home_path, MAXPATHLEN, "/var/tpm/pkcs11/%s",
            user_info ? user_info->pw_name : "");

        return (home_path);
}

char *
get_tpm_keystore_path()
{
        char *env_val;
        char home_path[MAXPATHLEN];

        if (!keystore_path_initialized) {
                env_val = getenv(ALTERNATE_KEYSTORE_PATH);
                bzero(keystore_path, sizeof (keystore_path));
                /*
                 * If it isn't set or is set to the empty string use the
                 * default location.  We need to check for the empty string
                 * because some users "unset" environment variables by giving
                 * them no value, this isn't the same thing as removing it
                 * from the environment.
                 *
                 * We don't want that to attempt to open the token area.
                 */
                if ((env_val == NULL) || (strcmp(env_val, "") == 0)) {
                        /* alternate path not specified, use default dir */
                        char *p = get_user_default_path(home_path);
                        if (p == NULL)
                                return (NULL);
                        (void) snprintf(keystore_path, MAXPATHLEN, "%s", p);
                } else {
                        (void) snprintf(keystore_path, MAXPATHLEN, "%s",
                            env_val);
                }
                keystore_path_initialized = 1;
        }
        return (keystore_path);
}

static CK_RV
create_keystore_dir()
{
        char *ksdir = get_tpm_keystore_path();
        char objdir[MAXPATHLEN];
        CK_RV rv = 0;

        if (ksdir == NULL)
                return (CKR_FUNCTION_FAILED);

        if (mkdir(ksdir, S_IRUSR|S_IWUSR|S_IXUSR) < 0) {
                if (errno == EEXIST) {
                        rv = 0;
                } else {
                        return (CKR_FUNCTION_FAILED);
                }
        }
        if (rv == 0) {
                (void) snprintf(objdir, sizeof (objdir),
                    "%s/%s", ksdir, TOKEN_OBJ_DIR);

                if (mkdir(objdir, S_IRUSR|S_IWUSR|S_IXUSR) < 0) {
                        if (errno == EEXIST) {
                                rv = 0;
                        } else {
                                return (CKR_FUNCTION_FAILED);
                        }
                }
        }
        return (CKR_OK);
}

static void
set_perm(int file)
{
        /*
         * In the TPM token, with per user data stores, we don't share the token
         * object amongst a group. In fact, we want to restrict access to
         * a single user.
         */
        (void) fchmod(file, S_IRUSR|S_IWUSR);
}

#define READ_TOKEN_INFO_STR(fp, rec, reclen) rc = fread(rec, reclen, 1, fp); \
        if (rc != 1) { rc = CKR_FUNCTION_FAILED; goto out_unlock; }

#define READ_TOKEN_INFO_UINT32(fp, rec) rc = fread(&fieldval, \
        sizeof (UINT32), 1, fp); \
        if (rc != 1) { rc = CKR_FUNCTION_FAILED; goto out_unlock; } \
        rec = (CK_ULONG)fieldval;

CK_RV
load_token_data(TSS_HCONTEXT hContext, TOKEN_DATA *td)
{
        FILE    *fp;
        CK_BYTE fname[MAXPATHLEN];
        CK_RV   rc;
        UINT32  fieldval;
        char *p = get_tpm_keystore_path();

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s", p, TOKEN_DATA_FILE);

        rc = XProcLock(xproclock);
        if (rc != CKR_OK)
                return (rc);

        fp = fopen((char *)fname, "r");
        if (!fp) {
                /* Better error checking added */
                if (errno == ENOENT) {
                        (void) XProcUnLock(xproclock);
                        rc = create_keystore_dir();
                        if (rc != 0)
                                goto out_nolock;

                        rc = init_token_data(hContext, td);
                        if (rc != CKR_OK) {
                                goto out_nolock;
                        }

                        rc = XProcLock(xproclock);
                        if (rc != CKR_OK) {
                                goto out_nolock;
                        }

                        fp = fopen((char *)fname, "r");
                        if (!fp) {
                                LogError("failed opening %s for read: %s",
                                    fname, (char *)strerror(errno));
                                rc = CKR_FUNCTION_FAILED;
                                goto out_unlock;
                        }
                } else {
                        /* Could not open file for some unknown reason */
                        rc = CKR_FUNCTION_FAILED;
                        goto out_unlock;
                }
        }
        if (lockfile(fileno(fp), F_RDLCK)) {
                (void) fclose(fp);
                rc = CKR_FUNCTION_FAILED;
                goto out_unlock;
        }
        set_perm(fileno(fp));

        /* Read fields individually because of 64-bit size diffs */
        READ_TOKEN_INFO_STR(fp, td->token_info.label,
            sizeof (td->token_info.label));
        READ_TOKEN_INFO_STR(fp, td->token_info.manufacturerID,
            sizeof (td->token_info.manufacturerID));
        READ_TOKEN_INFO_STR(fp, td->token_info.model,
            sizeof (td->token_info.model));
        READ_TOKEN_INFO_STR(fp, td->token_info.serialNumber,
            sizeof (td->token_info.serialNumber));
        READ_TOKEN_INFO_UINT32(fp, td->token_info.flags);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulMaxSessionCount);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulSessionCount);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulRwSessionCount);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulMaxPinLen);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulMinPinLen);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulTotalPublicMemory);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulFreePublicMemory);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulTotalPrivateMemory);
        READ_TOKEN_INFO_UINT32(fp, td->token_info.ulFreePrivateMemory);
        READ_TOKEN_INFO_STR(fp, &td->token_info.hardwareVersion,
            sizeof (td->token_info.hardwareVersion));
        READ_TOKEN_INFO_STR(fp, &td->token_info.firmwareVersion,
            sizeof (td->token_info.firmwareVersion));
        READ_TOKEN_INFO_STR(fp, td->token_info.utcTime,
            sizeof (td->token_info.utcTime));
        READ_TOKEN_INFO_STR(fp, td->user_pin_sha,
            sizeof (td->user_pin_sha));
        READ_TOKEN_INFO_STR(fp, td->so_pin_sha,
            sizeof (td->so_pin_sha));
        READ_TOKEN_INFO_STR(fp, td->next_token_object_name,
            sizeof (td->next_token_object_name));
        READ_TOKEN_INFO_STR(fp, &td->tweak_vector,
            sizeof (td->tweak_vector));

        (void) lockfile(fileno(fp), F_UNLCK);
        (void) fclose(fp);

        if (rc == 0)
                rc = CKR_FUNCTION_FAILED;
        else
                rc = CKR_OK;

out_unlock:
        (void) XProcUnLock(xproclock);

out_nolock:
        return (rc);
}


#define WRITE_TOKEN_INFO_STR(fp, rec, reclen) rc = fwrite(rec, reclen, 1, fp); \
        if (rc != 1) { rc = CKR_FUNCTION_FAILED; goto done; }

#define WRITE_TOKEN_INFO_UINT32(fp, rec) fieldval = (UINT32)rec; \
        rc = fwrite(&fieldval, sizeof (UINT32), 1, fp); \
        if (rc != 1) { rc = CKR_FUNCTION_FAILED; goto done; }

CK_RV
save_token_data(TOKEN_DATA *td)
{
        FILE    *fp;
        CK_RV   rc;
        CK_BYTE fname[MAXPATHLEN];
        char *p = get_tpm_keystore_path();
        UINT32 fieldval;

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s", p, TOKEN_DATA_FILE);

        rc = XProcLock(xproclock);
        if (rc != CKR_OK)
                goto out_nolock;

        fp = fopen((char *)fname, "w");

        if (!fp) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }
        if (lockfile(fileno(fp), F_WRLCK)) {
                rc = CKR_FUNCTION_FAILED;
                (void) fclose(fp);
                goto done;
        }
        set_perm(fileno(fp));

        /* Write token fields individually to maintain sizes on 64 and 32 bit */
        WRITE_TOKEN_INFO_STR(fp, td->token_info.label,
            sizeof (td->token_info.label));
        WRITE_TOKEN_INFO_STR(fp, td->token_info.manufacturerID,
            sizeof (td->token_info.manufacturerID));
        WRITE_TOKEN_INFO_STR(fp, td->token_info.model,
            sizeof (td->token_info.model));
        WRITE_TOKEN_INFO_STR(fp, td->token_info.serialNumber,
            sizeof (td->token_info.serialNumber));
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.flags);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulMaxSessionCount);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulSessionCount);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulRwSessionCount);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulMaxPinLen);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulMinPinLen);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulTotalPublicMemory);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulFreePublicMemory);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulTotalPrivateMemory);
        WRITE_TOKEN_INFO_UINT32(fp, td->token_info.ulFreePrivateMemory);
        WRITE_TOKEN_INFO_STR(fp, &td->token_info.hardwareVersion,
            sizeof (td->token_info.hardwareVersion));
        WRITE_TOKEN_INFO_STR(fp, &td->token_info.firmwareVersion,
            sizeof (td->token_info.firmwareVersion));
        WRITE_TOKEN_INFO_STR(fp, td->token_info.utcTime,
            sizeof (td->token_info.utcTime));
        WRITE_TOKEN_INFO_STR(fp, td->user_pin_sha,
            sizeof (td->user_pin_sha));
        WRITE_TOKEN_INFO_STR(fp, td->so_pin_sha,
            sizeof (td->so_pin_sha));
        WRITE_TOKEN_INFO_STR(fp, td->next_token_object_name,
            sizeof (td->next_token_object_name));
        WRITE_TOKEN_INFO_STR(fp, &td->tweak_vector,
            sizeof (td->tweak_vector));

        (void) lockfile(fileno(fp), F_UNLCK);
        (void) fclose(fp);

        rc = CKR_OK;
done:
        (void) XProcUnLock(xproclock);

out_nolock:
        return (rc);
}

CK_RV
save_token_object(TSS_HCONTEXT hContext, OBJECT *obj)
{
        FILE    *fp = NULL;
        CK_BYTE line[100];
        CK_RV   rc;
        CK_BYTE fname[MAXPATHLEN];
        char *p = get_tpm_keystore_path();

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        if (object_is_private(obj) == TRUE)
                rc = save_private_token_object(hContext, obj);
        else
                rc = save_public_token_object(obj);

        if (rc != CKR_OK)
                return (rc);

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s/%s", p, TOKEN_OBJ_DIR, TOKEN_OBJ_INDEX_FILE);

        fp = fopen((char *)fname, "r");
        if (fp) {
                if (lockfile(fileno(fp), F_RDLCK)) {
                        (void) fclose(fp);
                        return (CKR_FUNCTION_FAILED);
                }
                set_perm(fileno(fp));
                while (!feof(fp)) {
                        (void) fgets((char *)line, 50, fp);
                        if (!feof(fp)) {
                                line[strlen((char *)line) - 1] = 0;
                                if (strcmp((char *)line,
                                    (char *)(obj->name)) == 0) {
                                        (void) lockfile(fileno(fp), F_UNLCK);
                                        (void) fclose(fp);
                                        return (CKR_OK);
                                }
                        }
                }
                (void) lockfile(fileno(fp), F_UNLCK);
                (void) fclose(fp);
        }

        fp = fopen((char *)fname, "a");
        if (!fp)
                return (CKR_FUNCTION_FAILED);

        if (lockfile(fileno(fp), F_WRLCK)) {
                (void) fclose(fp);
                return (CKR_FUNCTION_FAILED);
        }
        set_perm(fileno(fp));

        (void) fprintf(fp, "%s\n", obj->name);
        (void) lockfile(fileno(fp), F_UNLCK);
        (void) fclose(fp);

        return (CKR_OK);
}

CK_RV
save_public_token_object(OBJECT *obj)
{
        FILE    *fp = NULL;
        CK_BYTE *cleartxt = NULL;
        CK_BYTE fname[MAXPATHLEN];
        UINT32  cleartxt_len;
        CK_BBOOL        flag = FALSE;
        CK_RV   rc;
        UINT32  total_len;

        char *p = get_tpm_keystore_path();

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s/%s", p, TOKEN_OBJ_DIR, obj->name);

        rc = object_flatten(obj, &cleartxt, &cleartxt_len);
        if (rc != CKR_OK)
                goto error;

        fp = fopen((char *)fname, "w");
        if (!fp) {
                LogError("Error opening %s - %s", fname,
                    (char *)strerror(errno));
                rc = CKR_FUNCTION_FAILED;
                goto error;
        }
        if (lockfile(fileno(fp), F_WRLCK)) {
                (void) fclose(fp);
                return (CKR_FUNCTION_FAILED);
        }

        set_perm(fileno(fp));

        total_len = cleartxt_len + sizeof (UINT32) + sizeof (CK_BBOOL);

        (void) fwrite(&total_len, sizeof (total_len), 1, fp);
        (void) fwrite(&flag, sizeof (flag), 1, fp);
        (void) fwrite(cleartxt, cleartxt_len, 1, fp);

        (void) lockfile(fileno(fp), F_UNLCK);
        (void) fclose(fp);
        free(cleartxt);

        return (CKR_OK);

error:
        if (fp)
                (void) fclose(fp);
        if (cleartxt)
                free(cleartxt);
        return (rc);
}

CK_RV
save_private_token_object(TSS_HCONTEXT hContext, OBJECT *obj)
{
        FILE *fp = NULL;
        CK_BYTE *obj_data  = NULL;
        CK_BYTE *cleartxt  = NULL;
        CK_BYTE *ciphertxt = NULL;
        CK_BYTE *ptr = NULL;
        CK_BYTE fname[100];
        CK_BYTE hash_sha[SHA1_DIGEST_LENGTH];
        CK_BBOOL        flag;
        CK_RV   rc;
        CK_ULONG ciphertxt_len;
        UINT32 cleartxt_len;
        UINT32 padded_len;
        UINT32  obj_data_len_32;
        UINT32  total_len;
        UINT32  chunksize, blocks;
        char    *p = get_tpm_keystore_path();

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        rc = object_flatten(obj, &obj_data, &obj_data_len_32);
        if (rc != CKR_OK) {
                goto error;
        }
        /*
         * format for the object file:
         *    private flag
         *      ---- begin encrypted part       <--+
         *      length of object data (4 bytes) |
         *      object data                     +---- sensitive part
         *      SHA of (object data)            |
         *      ---- end encrypted part         <--+
         */
        if ((rc = compute_sha(obj_data, obj_data_len_32, hash_sha)) != CKR_OK)
                goto error;

        /*
         * RSA OAEP crypto uses chunks smaller than the max to make room
         * for the hashes.
         * chunksize = RSA_Modulus_Size - (2 * SHA1_DIGEST_SIZE + 2) - (4 - 1)
         * == 209
         */
        chunksize = RSA_BLOCK_SIZE - (2 * SHA1_DIGEST_LENGTH + 2) - 5;

        cleartxt_len = sizeof (UINT32) + obj_data_len_32 + SHA1_DIGEST_LENGTH;

        blocks = cleartxt_len / chunksize + ((cleartxt_len % chunksize) > 0);
        padded_len   = RSA_BLOCK_SIZE * blocks;

        cleartxt  = (CK_BYTE *)malloc(padded_len);
        ciphertxt = (CK_BYTE *)malloc(padded_len);
        if (!cleartxt || !ciphertxt) {
                rc = CKR_HOST_MEMORY;
                goto error;
        }

        ciphertxt_len = padded_len;

        ptr = cleartxt;
        (void) memcpy(ptr, &obj_data_len_32, sizeof (UINT32));
        ptr += sizeof (UINT32);
        (void) memcpy(ptr,  obj_data, obj_data_len_32);
        ptr += obj_data_len_32;
        (void) memcpy(ptr, hash_sha, SHA1_DIGEST_LENGTH);

        (void) add_pkcs_padding(cleartxt + cleartxt_len, RSA_BLOCK_SIZE,
            cleartxt_len, padded_len);

        /* the encrypt function will compute the padded length */
        rc = tpm_encrypt_data(hContext, hPrivateLeafKey, cleartxt, cleartxt_len,
            ciphertxt, &ciphertxt_len);

        if (rc != CKR_OK) {
                goto error;
        }

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s/%s", p, TOKEN_OBJ_DIR, obj->name);

        fp = fopen((char *)fname, "w");
        if (!fp) {
                rc = CKR_FUNCTION_FAILED;
                goto error;
        }
        if (lockfile(fileno(fp), F_WRLCK)) {
                rc = CKR_FUNCTION_FAILED;
                goto error;
        }

        set_perm(fileno(fp));

        total_len = sizeof (UINT32) + sizeof (CK_BBOOL) + (UINT32)ciphertxt_len;

        flag = TRUE;

        (void) fwrite(&total_len, sizeof (UINT32), 1, fp);
        (void) fwrite(&flag, sizeof (CK_BBOOL), 1, fp);
        (void) fwrite(ciphertxt, ciphertxt_len,    1, fp);

        (void) lockfile(fileno(fp), F_UNLCK);
        (void) fclose(fp);

        free(obj_data);
        free(cleartxt);
        free(ciphertxt);
        return (CKR_OK);

error:
        if (fp)
                (void) fclose(fp);
        if (obj_data)
                free(obj_data);
        if (cleartxt)
                free(cleartxt);
        if (ciphertxt)
                free(ciphertxt);

        return (rc);
}

CK_RV
load_public_token_objects(void)
{
        FILE    *fp1 = NULL, *fp2 = NULL;
        CK_BYTE *buf = NULL;
        CK_BYTE tmp[MAXPATHLEN], fname[MAXPATHLEN], iname[MAXPATHLEN];
        CK_BBOOL priv;
        UINT32 size;
        char *ksdir = get_tpm_keystore_path();

        if (ksdir == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf((char *)iname, sizeof (iname),
            "%s/%s/%s", ksdir,
            TOKEN_OBJ_DIR, TOKEN_OBJ_INDEX_FILE);

        fp1 = fopen((char *)iname, "r");
        if (!fp1)
                return (CKR_OK);  // no token objects

        if (lockfile(fileno(fp1), F_RDLCK)) {
                (void) fclose(fp1);
                return (CKR_FUNCTION_FAILED);
        }

        while (!feof(fp1)) {
                (void) fgets((char *)tmp, 50, fp1);
                if (feof(fp1))
                        break;

                tmp[strlen((char *)tmp) - 1] = 0;

                (void) snprintf((char *)fname, sizeof (fname),
                    "%s/%s/", ksdir, TOKEN_OBJ_DIR);

                (void) strncat((char *)fname, (const char *)tmp,
                    (size_t)sizeof (fname));

                fp2 = fopen((char *)fname, "r");
                if (!fp2)
                        continue;

                (void) fread(&size, sizeof (UINT32), 1, fp2);
                (void) fread(&priv, sizeof (CK_BBOOL), 1, fp2);
                if (priv == TRUE) {
                        (void) fclose(fp2);
                        continue;
                }

                size = size - sizeof (UINT32) - sizeof (CK_BBOOL);
                buf = (CK_BYTE *)malloc(size);
                if (!buf) {
                        (void) lockfile(fileno(fp1), F_UNLCK);
                        (void) fclose(fp1);
                        (void) fclose(fp2);
                        return (CKR_HOST_MEMORY);
                }

                (void) fread(buf, size, 1, fp2);

                if (pthread_mutex_lock(&obj_list_mutex)) {
                        (void) lockfile(fileno(fp1), F_UNLCK);
                        (void) fclose(fp1);
                        (void) fclose(fp2);
                        free(buf);
                        return (CKR_FUNCTION_FAILED);
                }

                (void) object_mgr_restore_obj(buf, NULL);

                (void) pthread_mutex_unlock(&obj_list_mutex);
                free(buf);
                (void) fclose(fp2);
        }
        (void) lockfile(fileno(fp1), F_UNLCK);
        (void) fclose(fp1);

        return (CKR_OK);
}

CK_RV
load_private_token_objects(TSS_HCONTEXT hContext)
{
        FILE *fp1 = NULL, *fp2 = NULL;
        CK_BYTE *buf = NULL;
        CK_BYTE tmp[MAXPATHLEN], fname[MAXPATHLEN], iname[MAXPATHLEN];
        CK_BBOOL priv;
        UINT32 size;
        CK_RV rc;
        char *ksdir = get_tpm_keystore_path();

        if (ksdir == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf((char *)iname, sizeof (iname),
            "%s/%s/%s", ksdir, TOKEN_OBJ_DIR, TOKEN_OBJ_INDEX_FILE);

        fp1 = fopen((char *)iname, "r");
        if (!fp1)
                return (CKR_OK);

        if (lockfile(fileno(fp1), F_RDLCK)) {
                rc = CKR_FUNCTION_FAILED;
                goto error;
        }

        while (!feof(fp1)) {
                (void) fgets((char *)tmp, sizeof (tmp), fp1);
                if (feof(fp1))
                        break;

                tmp[strlen((char *)tmp) - 1] = 0;

                (void) snprintf((char *)fname, sizeof (fname),
                    "%s/%s/%s", ksdir, TOKEN_OBJ_DIR, tmp);

                fp2 = fopen((char *)fname, "r");
                if (!fp2)
                        continue;

                (void) fread(&size, sizeof (UINT32), 1, fp2);
                (void) fread(&priv, sizeof (CK_BBOOL), 1, fp2);
                if (priv == FALSE) {
                        (void) fclose(fp2);
                        continue;
                }

                size = size - sizeof (UINT32) - sizeof (CK_BBOOL);
                buf = (CK_BYTE *)malloc(size);
                if (!buf) {
                        rc = CKR_HOST_MEMORY;
                        goto error;
                }

                rc = fread((char *)buf, size, 1, fp2);
                if (rc != 1) {
                        rc = CKR_FUNCTION_FAILED;
                        goto error;
                }

                if (pthread_mutex_lock(&obj_list_mutex)) {
                        rc = CKR_FUNCTION_FAILED;
                        goto error;
                }
                rc = restore_private_token_object(hContext, buf, size, NULL);
                (void) pthread_mutex_unlock(&obj_list_mutex);
                if (rc != CKR_OK)
                        goto error;

                free(buf);
                (void) fclose(fp2);
        }
        (void) lockfile(fileno(fp1), F_UNLCK);
        (void) fclose(fp1);

        return (CKR_OK);

error:
        if (buf)
                free(buf);
        if (fp1) {
                (void) lockfile(fileno(fp1), F_UNLCK);
                (void) fclose(fp1);
        }
        if (fp2)
                (void) fclose(fp2);
        return (rc);
}

static CK_RV
restore_private_token_object(
        TSS_HCONTEXT hContext,
        CK_BYTE  *data,
        CK_ULONG len,
        OBJECT   *pObj)
{
        CK_BYTE * cleartxt  = NULL;
        CK_BYTE * obj_data  = NULL;
        CK_BYTE *ptr = NULL;
        CK_BYTE hash_sha[SHA1_DIGEST_LENGTH];
        UINT32 cleartxt_len;
        UINT32 obj_data_len;
        CK_RV rc;

        /*
         * format for the object data:
         *    (private flag has already been read at this point)
         *    ---- begin encrypted part
         *      length of object data (4 bytes)
         *      object data
         *      SHA of object data
         *    ---- end encrypted part
         */

        cleartxt_len = len;

        cleartxt = (CK_BYTE *)malloc(len);
        if (!cleartxt) {
                rc = CKR_HOST_MEMORY;
                goto done;
        }

        rc = tpm_decrypt_data(hContext, hPrivateLeafKey, data, len,
            cleartxt, &len);

        if (rc != CKR_OK) {
                goto done;
        }

        (void) strip_pkcs_padding(cleartxt, len, &cleartxt_len);

        if (cleartxt_len > len) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }

        ptr = cleartxt;

        bcopy(ptr, &obj_data_len, sizeof (UINT32));
        ptr += sizeof (UINT32);
        obj_data = ptr;

        if ((rc = compute_sha(ptr, obj_data_len, hash_sha)) != CKR_OK)
                goto done;
        ptr += obj_data_len;

        if (memcmp((const void *)ptr, (const void *)hash_sha,
            (size_t)SHA1_DIGEST_LENGTH) != 0) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }

        (void) object_mgr_restore_obj(obj_data, pObj);
        rc = CKR_OK;
done:
        if (cleartxt)
                free(cleartxt);

        return (rc);
}

CK_RV
reload_token_object(TSS_HCONTEXT hContext, OBJECT *obj)
{
        FILE *fp = NULL;
        CK_BYTE *buf = NULL;
        CK_BYTE fname[MAXPATHLEN];
        CK_BBOOL priv;
        UINT32 size;
        CK_RV rc;
        char *p = get_tpm_keystore_path();

        if (p == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) memset((char *)fname, 0x0, sizeof (fname));

        (void) snprintf((char *)fname, sizeof (fname),
            "%s/%s/", p, TOKEN_OBJ_DIR);

        (void) strncat((char *)fname, (char *)obj->name, sizeof (fname));

        fp = fopen((char *)fname, "r");
        if (!fp) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }
        if (lockfile(fileno(fp), F_RDLCK)) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }

        set_perm(fileno(fp));

        (void) fread(&size, sizeof (UINT32), 1, fp);
        (void) fread(&priv, sizeof (CK_BBOOL), 1, fp);

        size = size - sizeof (UINT32) - sizeof (CK_BBOOL);

        buf = (CK_BYTE *)malloc(size);
        if (!buf) {
                rc = CKR_HOST_MEMORY;
                goto done;
        }

        (void) fread(buf, size, 1, fp);

        if (priv) {
                rc = restore_private_token_object(hContext, buf, size, obj);
        } else {
                rc = object_mgr_restore_obj(buf, obj);
        }

done:
        if (fp) {
                (void) lockfile(fileno(fp), F_UNLCK);
                (void) fclose(fp);
        }
        if (buf)
                free(buf);
        return (rc);
}

static int
islink(char *fname)
{
        struct stat st;

        if (stat((const char *)fname, &st))
                return (-1);
        else if (S_ISLNK(st.st_mode))
                return (1);
        return (0);
}

CK_RV
delete_token_object(OBJECT *obj)
{
        FILE *fp1, *fp2;
        CK_BYTE line[100];
        char objidx[MAXPATHLEN], idxtmp[MAXPATHLEN], fname[MAXPATHLEN];
        char *ksdir = get_tpm_keystore_path();

        if (ksdir == NULL)
                return (CKR_FUNCTION_FAILED);

        (void) snprintf(objidx, sizeof (objidx),
            "%s/%s/%s", ksdir, TOKEN_OBJ_DIR, TOKEN_OBJ_INDEX_FILE);

        (void) snprintf(idxtmp, sizeof (idxtmp),
            "%s/IDX.TMP", ksdir, TOKEN_OBJ_DIR);

        /*
         * If either file is a link, fail.
         */
        if (islink(objidx) != 0)
                return (CKR_FUNCTION_FAILED);

        /*
         * idxtmp is a temporary file (and should not exist yet), only fail
         * if it is already an existing link.
         */
        if (islink(idxtmp) == 1)
                return (CKR_FUNCTION_FAILED);

        fp1 = fopen(objidx, "r");
        fp2 = fopen(idxtmp, "w");
        if (!fp1 || !fp2) {
                if (fp1)
                        (void) fclose(fp1);
                if (fp2)
                        (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }

        if (lockfile(fileno(fp1), F_RDLCK)) {
                (void) fclose(fp1);
                (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }
        if (lockfile(fileno(fp2), F_WRLCK)) {
                (void) lockfile(fileno(fp1), F_UNLCK);
                (void) fclose(fp1);
                (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }
        set_perm(fileno(fp2));

        while (!feof(fp1)) {
                (void) fgets((char *)line, 50, fp1);
                if (!feof(fp1)) {
                        line[ strlen((char *)line)-1 ] = 0;
                        if (strcmp((char *)line, (char *)obj->name))
                                (void) fprintf(fp2, "%s\n", line);
                }
        }

        (void) lockfile(fileno(fp1), F_UNLCK);
        (void) lockfile(fileno(fp2), F_UNLCK);
        (void) fclose(fp1);
        (void) fclose(fp2);

        fp2 = fopen(objidx, "w");
        fp1 = fopen(idxtmp, "r");
        if (!fp1 || !fp2) {
                if (fp1)
                        (void) fclose(fp1);
                if (fp2)
                        (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }
        if (lockfile(fileno(fp1), F_RDLCK)) {
                (void) fclose(fp1);
                (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }
        if (lockfile(fileno(fp2), F_WRLCK)) {
                (void) lockfile(fileno(fp1), F_UNLCK);
                (void) fclose(fp1);
                (void) fclose(fp2);
                return (CKR_FUNCTION_FAILED);
        }

        set_perm(fileno(fp2));

        while (!feof(fp1)) {
                (void) fgets((char *)line, 50, fp1);
                if (!feof(fp1))
                        (void) fprintf(fp2, "%s", (char *)line);
        }

        (void) lockfile(fileno(fp1), F_UNLCK);
        (void) lockfile(fileno(fp2), F_UNLCK);
        (void) fclose(fp1);
        (void) fclose(fp2);

        (void) snprintf(fname, sizeof (fname),
            "%s/%s/%s", ksdir, TOKEN_OBJ_DIR, (char *)obj->name);

        (void) unlink(fname);
        return (CKR_OK);
}