From c9387115d9e0332ecf04c53b53cb62067b9c4754 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@des.no>
Date: Fri, 12 Jul 2013 10:47:14 +0000
Subject: [PATCH] Factor out oath_key_{alloc,free}() and implement wiring /
 locking.

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
---
 include/security/oath_types.h |  4 ++
 lib/liboath/Makefile.am       |  2 +
 lib/liboath/oath_key.c        | 31 --------------
 lib/liboath/oath_key_alloc.c  | 80 +++++++++++++++++++++++++++++++++++
 lib/liboath/oath_key_free.c   | 78 ++++++++++++++++++++++++++++++++++
 5 files changed, 164 insertions(+), 31 deletions(-)
 create mode 100644 lib/liboath/oath_key_alloc.c
 create mode 100644 lib/liboath/oath_key_free.c

diff --git a/include/security/oath_types.h b/include/security/oath_types.h
index cec8e38..84324db 100644
--- a/include/security/oath_types.h
+++ b/include/security/oath_types.h
@@ -42,6 +42,10 @@ struct oath_key {
 	uint64_t	 counter;
 	unsigned int	 timestep; /* in seconds */
 
+	/* housekeeping */
+	unsigned int	 mapped:1;
+	unsigned int	 locked:1;
+
 	/* hash algorithm */
 	enum oath_hash	 hash;
 
diff --git a/lib/liboath/Makefile.am b/lib/liboath/Makefile.am
index 83a20ee..b31c91d 100644
--- a/lib/liboath/Makefile.am
+++ b/lib/liboath/Makefile.am
@@ -9,6 +9,8 @@ liboath_la_SOURCES = \
 	oath_base64.c \
 	oath_hotp.c \
 	oath_totp.c \
+	oath_key_alloc.c \
+	oath_key_free.c \
 	oath_key.c
 
 liboath_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
diff --git a/lib/liboath/oath_key.c b/lib/liboath/oath_key.c
index 45878bd..fbf5354 100644
--- a/lib/liboath/oath_key.c
+++ b/lib/liboath/oath_key.c
@@ -38,7 +38,6 @@
 #include <errno.h>
 #include <inttypes.h>
 #include <limits.h>
-#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -51,36 +50,6 @@
 
 #include <security/oath.h>
 
-/*
- * Allocate a struct oath_key with sufficient additional space for the
- * label and key.
- */
-struct oath_key *
-oath_key_alloc(void)
-{
-	struct oath_key *key;
-
-	if ((key = calloc(1, sizeof *key)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "malloc(): %s", strerror(errno));
-		return (NULL);
-	}
-	/* XXX should try to wire */
-	return (key);
-}
-
-/*
- * Wipe and free a struct oath_key
- */
-void
-oath_key_free(struct oath_key *key)
-{
-
-	if (key != NULL) {
-		memset(key, 0, sizeof *key);
-		free(key);
-	}
-}
-
 /*
  * Allocate a struct oath_key and populate it from a Google Authenticator
  * otpauth URI
diff --git a/lib/liboath/oath_key_alloc.c b/lib/liboath/oath_key_alloc.c
new file mode 100644
index 0000000..7385732
--- /dev/null
+++ b/lib/liboath/oath_key_alloc.c
@@ -0,0 +1,80 @@
+/*-
+ * Copyright (c) 2013 Universitetet i Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <sys/mman.h>
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+#include <security/oath.h>
+
+/*
+ * OATH
+ *
+ * Allocates an OATH key structure
+ */
+
+struct oath_key *
+oath_key_alloc(void)
+{
+	struct oath_key *key;
+
+	if ((key = mmap(NULL, sizeof *key, PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_NOCORE, -1, 0)) == NULL) {
+		memset(key, 0, sizeof *key);
+		key->mapped = 1;
+		if (mlock(key, sizeof *key) == 0)
+			key->locked = 1;
+	} else {
+		openpam_log(PAM_LOG_ERROR, "mmap(): %m");
+		if ((key = calloc(sizeof *key, 1)) == NULL)
+			openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+	}
+	return (key);
+}
+
+/**
+ * The =oath_key_alloc function allocates and initializes an OATH key
+ * structure.
+ *
+ * Keys allocated with =oath_key_alloc must be freed using =oath_key_free.
+ *
+ * >oath_key_free
+ *
+ * AUTHOR UIO
+ */
diff --git a/lib/liboath/oath_key_free.c b/lib/liboath/oath_key_free.c
new file mode 100644
index 0000000..2c1db23
--- /dev/null
+++ b/lib/liboath/oath_key_free.c
@@ -0,0 +1,78 @@
+/*-
+ * Copyright (c) 2013 Universitetet i Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <sys/mman.h>
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+#include <security/oath.h>
+
+/*
+ * OATH
+ *
+ * Wipes and frees an OATH key structure
+ */
+
+void
+oath_key_free(struct oath_key *key)
+{
+	int mapped, locked;
+
+	if (key != NULL) {
+		mapped = key->mapped;
+		locked = key->locked;
+		memset(key, 0, sizeof *key);
+		if (mapped) {
+			if (locked)
+				munlock(key, sizeof *key);
+			munmap(key, sizeof *key);
+		} else {
+			free(key);
+		}
+	}
+}
+
+/**
+ * The =oath_key_free function wipes and frees an OATH key structure which
+ * was previously allocated using the =oath_key_alloc function.
+ *
+ * >oath_key_alloc
+ *
+ * AUTHOR UIO
+ */