decrypt.c revision c197cb9db36685d2808c057fdbe5700734483ab2
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer * CDDL HEADER START
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * The contents of this file are subject to the terms of the
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Common Development and Distribution License (the "License").
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * You may not use this file except in compliance with the License.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * or http://www.opensolaris.org/os/licensing.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * See the License for the specific language governing permissions
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * and limitations under the License.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * When distributing Covered Code, include this CDDL HEADER in each
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If applicable, add the following below this CDDL HEADER, with the
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * fields enclosed by brackets "[]" replaced with your own identifying
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * information: Portions Copyright [yyyy] [name of copyright owner]
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * CDDL HEADER END
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/* Portions Copyright 2005 Richard Lowe */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Use is subject to license terms.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#pragma ident "%Z%%M% %I% %E% SMI"
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * decrypt.c
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Implements encrypt(1) and decrypt(1) commands
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * One binary performs both encrypt/decrypt operation.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * usage:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * algorithm - mechanism name without CKM_ prefix. Case
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * does not matter
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * keyfile - file containing key data. If not specified user is
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * prompted to enter key. key length > 0 is required
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * infile - input file to encrypt/decrypt. If omitted, stdin used.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * outfile - output file to encrypt/decrypt. If omitted, stdout used.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * if infile & outfile are same, a temp file is used for
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * output and infile is replaced with this file after
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * operation is complete.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Implementation notes:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * iv data - It is generated by random bytes equal to one block size.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * encrypted output format -
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - Output format version number - 4 bytes in network byte order.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - Iterations used in key gen function, 4 bytes in network byte order.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - IV ( 'ivlen' bytes)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - Salt data used in key gen (16 bytes)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - cipher text data.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <stdio.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <stdlib.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <unistd.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <errno.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <fcntl.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <ctype.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <strings.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <libintl.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <libgen.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <locale.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <limits.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <sys/types.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <sys/stat.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <netinet/in.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <security/cryptoki.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <cryptoutil.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#include <kmfapi.h>
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define BUFFERSIZE (2048) /* Buffer size for reading file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define BLOCKSIZE (128) /* Largest guess for block size */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define PROGRESSSIZE (BUFFERSIZE*20) /* stdin progress indicator size */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define PBKD2_ITERATIONS (1000)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define PBKD2_SALT_SIZE 16
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define SUNW_ENCRYPT_FILE_VERSION 1
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Exit Status codes
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#ifndef EXIT_SUCCESS
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define EXIT_SUCCESS 0 /* No errors */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define EXIT_FAILURE 1 /* All errors except usage */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#endif /* EXIT_SUCCESS */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define EXIT_USAGE 2 /* usage/syntax error */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define RANDOM_DEVICE "/dev/urandom" /* random device name */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define ENCRYPT_NAME "encrypt" /* name of encrypt command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define ENCRYPT_OPTIONS "a:T:K:k:i:o:lv" /* options for encrypt */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define DECRYPT_NAME "decrypt" /* name of decrypt command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define DECRYPT_OPTIONS "a:T:K:k:i:o:lv" /* options for decrypt */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define DEFAULT_TOKEN_PROMPT "Enter PIN for %s: "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define PK_DEFAULT_PK11TOKEN SOFT_TOKEN_LABEL
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Structure containing info for encrypt/decrypt
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * command
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstruct CommandInfo {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *name; /* name of the command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *options; /* command line options */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_FLAGS flags;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ATTRIBUTE_TYPE type; /* type of command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* function pointers for various operations */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV (*Init)(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV (*Update)(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG_PTR);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV (*Crypt)(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG_PTR);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV (*Final)(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang};
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic struct CommandInfo encrypt_cmd = {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang ENCRYPT_NAME,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang ENCRYPT_OPTIONS,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CKF_ENCRYPT,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CKA_ENCRYPT,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_EncryptInit,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_EncryptUpdate,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_Encrypt,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_EncryptFinal
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang};
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic struct CommandInfo decrypt_cmd = {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang DECRYPT_NAME,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang DECRYPT_OPTIONS,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CKF_DECRYPT,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CKA_DECRYPT,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_DecryptInit,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_DecryptUpdate,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_Decrypt,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang C_DecryptFinal
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang};
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstruct mech_alias {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_MECHANISM_TYPE type;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *alias;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG keysize_min;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG keysize_max;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int keysize_unit;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int ivlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang boolean_t available;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang};
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define MECH_ALIASES_COUNT 4
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic struct mech_alias mech_aliases[] = {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang { CKM_AES_CBC_PAD, "aes", ULONG_MAX, 0L, 8, 16, B_FALSE },
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang { CKM_RC4, "arcfour", ULONG_MAX, 0L, 1, 0, B_FALSE },
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang { CKM_DES_CBC_PAD, "des", 8, 8, 8, 8, B_FALSE },
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang { CKM_DES3_CBC_PAD, "3des", 24, 24, 8, 8, B_FALSE },
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang};
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic CK_BBOOL truevalue = TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic CK_BBOOL falsevalue = FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t aflag = B_FALSE; /* -a <algorithm> flag, required */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t kflag = B_FALSE; /* -k <keyfile> flag */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t iflag = B_FALSE; /* -i <infile> flag, use stdin if absent */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t oflag = B_FALSE; /* -o <outfile> flag, use stdout if absent */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t lflag = B_FALSE; /* -l flag (list) */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t vflag = B_FALSE; /* -v flag (verbose) */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t Tflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic boolean_t Kflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic char *keyfile = NULL; /* name of keyfile */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic char *inputfile = NULL; /* name of input file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic char *outputfile = NULL; /* name of output file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic char *token_label = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic char *key_label = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int status_pos = 0; /* current position of progress bar element */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * function prototypes
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic void usage(struct CommandInfo *cmd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int execute_cmd(struct CommandInfo *cmd, char *algo_str);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int cryptogetdata(char *, CK_BYTE_PTR *pkeydata, CK_ULONG_PTR pkeysize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int cryptoreadfile(char *filename, CK_BYTE_PTR *pdata,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG_PTR pdatalen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int get_random_data(CK_BYTE_PTR pivbuf, int ivlen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int crypt_multipart(struct CommandInfo *cmd, CK_SESSION_HANDLE hSession,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int infd, int outfd, off_t insize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangint
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangmain(int argc, char **argv)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang extern char *optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang extern int optind;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *optstr;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char c; /* current getopts flag */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *algo_str = NULL; /* algorithm string */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang struct CommandInfo *cmd;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *cmdname; /* name of command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang boolean_t errflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) setlocale(LC_ALL, "");
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#if !defined(TEXT_DOMAIN) /* Should be defiend by cc -D */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang#endif
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) textdomain(TEXT_DOMAIN);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Based on command name, determine
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * type of command.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cmdname = basename(argv[0]);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptodebug_init(cmdname);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (strcmp(cmdname, encrypt_cmd.name) == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cmd = &encrypt_cmd;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else if (strcmp(cmdname, decrypt_cmd.name) == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cmd = &decrypt_cmd;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "command name must be either encrypt or decrypt"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang exit(EXIT_USAGE);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang optstr = cmd->options;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Parse command line arguments */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang while (!errflag && (c = getopt(argc, argv, optstr)) != -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang switch (c) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'a':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang aflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang algo_str = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'k':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang kflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang keyfile = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'T':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang Tflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang token_label = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'K':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang Kflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang key_label = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'i':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang iflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang inputfile = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'o':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang oflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang outputfile = optarg;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'l':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang lflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 'v':
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang vflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang default:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (errflag || (!aflag && !lflag) || (lflag && argc > 2) ||
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (kflag && Kflag) || (Tflag && !Kflag) ||
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (optind < argc)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang usage(cmd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang exit(EXIT_USAGE);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (execute_cmd(cmd, algo_str));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * usage message
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic void
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangusage(struct CommandInfo *cmd)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("Usage:\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (cmd->type == CKA_ENCRYPT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext(" encrypt -l\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext(" encrypt -a <algorithm> "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "[-v] [-k <keyfile> | -K <keylabel> [-T <tokenspec>]] "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "[-i <infile>] [-o <outfile>]\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext(" decrypt -l\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext(" decrypt -a <algorithm> "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "[-v] [-k <keyfile> | -K <keylabel> [-T <tokenspec>]] "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "[-i <infile>] [-o <outfile>]\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Print out list of algorithms in default and verbose mode
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic void
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangalgorithm_list()
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int mech;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) printf(gettext("Algorithm Keysize: Min Max (bits)\n"
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "------------------------------------------\n"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang for (mech = 0; mech < MECH_ALIASES_COUNT; mech++) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (mech_aliases[mech].available == B_FALSE)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang continue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) printf("%-15s", mech_aliases[mech].alias);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (mech_aliases[mech].keysize_min != UINT_MAX &&
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mech].keysize_max != 0)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) printf(" %5lu %5lu\n",
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (mech_aliases[mech].keysize_min *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mech].keysize_unit),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (mech_aliases[mech].keysize_max *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mech].keysize_unit));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang else
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) printf("\n");
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic CK_RV
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fanggenerate_pkcs5_key(CK_SESSION_HANDLE hSession,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE *pSaltData,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG saltLen,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG iterations,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE *pkeydata, /* user entered passphrase */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_KEY_TYPE keytype,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG passwd_size,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG keylen, /* desired length of generated key */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ATTRIBUTE_TYPE operation,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_HANDLE *hKey)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer CK_RV rv;
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer CK_PKCS5_PBKD2_PARAMS params;
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer CK_MECHANISM mechanism;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_CLASS class = CKO_SECRET_KEY;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ATTRIBUTE tmpl[4];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int attrs = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.mechanism = CKM_PKCS5_PBKD2;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.pParameter = &params;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.ulParameterLen = sizeof (params);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].type = CKA_CLASS;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].pValue = &class;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].ulValueLen = sizeof (class);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang attrs++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].type = CKA_KEY_TYPE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].pValue = &keytype;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].ulValueLen = sizeof (keytype);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang attrs++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].type = operation;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].pValue = &truevalue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].ulValueLen = sizeof (CK_BBOOL);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang attrs++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (keylen > 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].type = CKA_VALUE_LEN;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].pValue = &keylen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpl[attrs].ulValueLen = sizeof (keylen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang attrs++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.saltSource = CKZ_SALT_SPECIFIED;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.pSaltSourceData = (void *)pSaltData;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.ulSaltSourceDataLen = saltLen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.iterations = iterations;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.pPrfData = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.ulPrfDataLen = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.pPassword = (CK_UTF8CHAR_PTR)pkeydata;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang params.ulPasswordLen = &passwd_size;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.mechanism = CKM_PKCS5_PBKD2;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.pParameter = &params;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mechanism.ulParameterLen = sizeof (params);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GenerateKey(hSession, &mechanism, tmpl,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang attrs, hKey);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (rv);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * This function will login into the token with the provided password and
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * find the token key object with the specified keytype and keylabel.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangget_token_key(CK_SESSION_HANDLE hSession, CK_KEY_TYPE keytype,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *keylabel, CK_BYTE *password, int password_len,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_HANDLE *keyobj)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV rv;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ATTRIBUTE pTmpl[10];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_CLASS class = CKO_SECRET_KEY;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BBOOL true = 1;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BBOOL is_token = 1;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG key_obj_count = 1;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int i;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_KEY_TYPE ckKeyType = keytype;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_Login(hSession, CKU_USER, (CK_UTF8CHAR_PTR)password,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (CK_ULONG)password_len);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, "Cannot login to the token."
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang " error = %s\n", pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].type = CKA_TOKEN;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].pValue = &is_token;
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer pTmpl[i].ulValueLen = sizeof (CK_BBOOL);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].type = CKA_CLASS;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].pValue = &class;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].ulValueLen = sizeof (class);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer pTmpl[i].type = CKA_LABEL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].pValue = keylabel;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].ulValueLen = strlen(keylabel);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].type = CKA_KEY_TYPE;
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer pTmpl[i].pValue = &ckKeyType;
0dc2366f7b9f9f36e10909b1e95edbf2a261c2acVenugopal Iyer pTmpl[i].ulValueLen = sizeof (ckKeyType);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].type = CKA_PRIVATE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].pValue = &true;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pTmpl[i].ulValueLen = sizeof (true);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_FindObjectsInit(hSession, pTmpl, i);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto out;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_FindObjects(hSession, keyobj, 1, &key_obj_count);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) C_FindObjectsFinal(hSession);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangout:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "Cannot retrieve key object. error = %s\n",
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (key_obj_count == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, "Cannot find the key object.\n");
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Execute the command.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * cmd - command pointing to type of operation.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * algo_str - alias of the algorithm passed.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangexecute_cmd(struct CommandInfo *cmd, char *algo_str)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV rv;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG slotcount;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_SLOT_ID slotID;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_SLOT_ID_PTR pSlotList = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_MECHANISM_TYPE mech_type = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_MECHANISM_INFO info, kg_info;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_MECHANISM mech;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE_PTR pkeydata = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE salt[PBKD2_SALT_SIZE];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG keysize = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int i, slot, mek; /* index variables */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int status;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang struct stat insbuf; /* stat buf for infile */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang struct stat outsbuf; /* stat buf for outfile */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char tmpnam[PATH_MAX]; /* tmp file name */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_HANDLE key = (CK_OBJECT_HANDLE) 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int infd = 0; /* input file, stdin default */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int outfd = 1; /* output file, stdout default */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *outfilename = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang boolean_t errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang boolean_t inoutsame = B_FALSE; /* if both input & output are same */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE_PTR pivbuf = NULL_PTR;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG ivlen = 0L;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int mech_match = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG iterations = PBKD2_ITERATIONS;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG keylen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int version = SUNW_ENCRYPT_FILE_VERSION;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_KEY_TYPE keytype;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang KMF_RETURN kmfrv;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_SLOT_ID token_slot_id;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (aflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Determine if algorithm is valid */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang for (mech_match = 0; mech_match < MECH_ALIASES_COUNT;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_match++) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (strcmp(algo_str,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mech_match].alias) == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_type = mech_aliases[mech_match].type;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (mech_match == MECH_ALIASES_COUNT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("unknown algorithm -- %s"), algo_str);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (EXIT_FAILURE);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Process keyfile or get the token pin if -K is specified.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If a keyfile is provided, get the key data from
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the file. Otherwise, prompt for a passphrase. The
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * passphrase is used as the key data.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (Kflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* get the pin of the token */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (token_label == NULL || !strlen(token_label)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang token_label = PK_DEFAULT_PK11TOKEN;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status = cryptogetdata(token_label, &pkeydata,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang &keysize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else if (kflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* get the key file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status = cryptoreadfile(keyfile, &pkeydata, &keysize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* get the key from input */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status = cryptogetdata(NULL, &pkeydata, &keysize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (status == -1 || keysize == 0L) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang Kflag ? gettext("invalid password.") :
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("invalid key."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (EXIT_FAILURE);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang bzero(salt, sizeof (salt));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Initialize pkcs */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_Initialize(NULL);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("failed to initialize "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "PKCS #11 framework: %s"), pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Get slot count */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GetSlotList(0, NULL_PTR, &slotcount);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK || slotcount == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to find any cryptographic provider,"
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "please check with your system administrator: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Found at least one slot, allocate memory for slot list */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pSlotList = malloc(slotcount * sizeof (CK_SLOT_ID));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (pSlotList == NULL_PTR) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int err = errno;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("malloc: %s"), strerror(err));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Get the list of slots */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((rv = C_GetSlotList(0, pSlotList, &slotcount)) != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to find any cryptographic provider,"
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "please check with your system administrator: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (lflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Iterate through slots */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang for (slot = 0; slot < slotcount; slot++) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Iterate through each mechanism */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang for (mek = 0; mek < MECH_ALIASES_COUNT; mek++) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GetMechanismInfo(pSlotList[slot],
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].type, &info);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang continue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Set to minimum/maximum key sizes assuming
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the values available are not 0.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (info.ulMinKeySize && (info.ulMinKeySize <
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].keysize_min))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].keysize_min =
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang info.ulMinKeySize;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (info.ulMaxKeySize && (info.ulMaxKeySize >
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].keysize_max))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].keysize_max =
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang info.ulMaxKeySize;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mek].available = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang algorithm_list();
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Find a slot with matching mechanism
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If -K is specified, we find the slot id for the token first, then
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * check if the slot supports the algorithm.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (Kflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang kmfrv = KMF_PK11TokenLookup(NULL, token_label, &token_slot_id);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (kmfrv != KMF_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("no matching PKCS#11 token"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GetMechanismInfo(token_slot_id, mech_type, &info);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv == CKR_OK && (info.flags & cmd->flags))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang slotID = token_slot_id;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang else
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang i = slotcount;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang for (i = 0; i < slotcount; i++) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang slotID = pSlotList[i];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GetMechanismInfo(slotID, mech_type, &info);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang continue; /* to the next slot */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If the slot support the crypto, also
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * make sure it supports the correct
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * key generation mech if needed.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * We need PKCS5 when RC4 is used or
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * when the key is entered on cmd line.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((info.flags & cmd->flags) &&
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (mech_type == CKM_RC4) ||
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (keyfile == NULL)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_GetMechanismInfo(slotID,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CKM_PKCS5_PBKD2, &kg_info);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv == CKR_OK)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else if (info.flags & cmd->flags) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Show error if no matching mechanism found */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (i == slotcount) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("no cryptographic provider was "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "found for this algorithm -- %s"), algo_str);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Open a session */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_OpenSession(slotID, CKF_SERIAL_SESSION,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang NULL_PTR, NULL, &hSession);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("can not open PKCS #11 session: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Generate IV data for encrypt.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang ivlen = mech_aliases[mech_match].ivlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((pivbuf = malloc((size_t)ivlen)) == NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int err = errno;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("malloc: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang strerror(err));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (cmd->type == CKA_ENCRYPT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((get_random_data(pivbuf,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech_aliases[mech_match].ivlen)) != 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "Unable to generate random "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "data for initialization vector."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Create the key object
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = pkcs11_mech2keytype(mech_type, &keytype);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("unable to find key type for algorithm."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Open input file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (iflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((infd = open(inputfile, O_RDONLY | O_NONBLOCK)) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "can not open input file %s"), inputfile);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Get info on input file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (fstat(infd, &insbuf) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "can not stat input file %s"), inputfile);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Prepare output file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If the input & output file are same,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the output is written to a temp
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * file first, then renamed to the original file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * after the crypt operation
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang inoutsame = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (oflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang outfilename = outputfile;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((stat(outputfile, &outsbuf) != -1) &&
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (insbuf.st_ino == outsbuf.st_ino)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *dir;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* create temp file on same dir */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang dir = dirname(outputfile);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) snprintf(tmpnam, sizeof (tmpnam),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "%s/encrXXXXXX", dir);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang outfilename = tmpnam;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((outfd = mkstemp(tmpnam)) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "cannot create temp file"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang inoutsame = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Create file for output */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((outfd = open(outfilename,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang O_CREAT|O_WRONLY|O_TRUNC,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang 0644)) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "cannot open output file %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang outfilename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Read the version number from the head of the file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * to know how to interpret the data that follows.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (cmd->type == CKA_DECRYPT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (read(infd, &version, sizeof (version)) !=
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang sizeof (version)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to get format version from "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "input file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* convert to host byte order */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang version = ntohl(version);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang switch (version) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 1:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Version 1 output format:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - Iterations used in key gen function (4 bytes)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - IV ( 'ivlen' bytes)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * - Salt data used in key gen (16 bytes)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * An encrypted file has IV as first block (0 or
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * more bytes depending on mechanism) followed
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * by cipher text. Get the IV from the encrypted
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * file.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Read iteration count and salt data.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (read(infd, &iterations,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang sizeof (iterations)) !=
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang sizeof (iterations)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to get iterations from "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "input file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* convert to host byte order */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang iterations = ntohl(iterations);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (ivlen > 0 &&
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang read(infd, pivbuf, ivlen) != ivlen) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to get initialization "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "vector from input file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (read(infd, salt, sizeof (salt))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang != sizeof (salt)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to get salt data from "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "input file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang default:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "Unrecognized format version read from "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "input file - expected %d, got %d."),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang SUNW_ENCRYPT_FILE_VERSION, version);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If Kflag is set, let's find the token key now.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If Kflag is not set and if encrypting, we need some random
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * salt data to create the key. If decrypting,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the salt should come from head of the file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * to be decrypted.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (Kflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = get_token_key(hSession, keytype, key_label, pkeydata,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang keysize, &key);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "Can not find the token key"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto do_crypto;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else if (cmd->type == CKA_ENCRYPT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = get_random_data(salt, sizeof (salt));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang gettext("unable to generate random "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "data for key salt."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If key input is read from a file, treat it as
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * raw key data, unless it is to be used with RC4,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * in which case it must be used to generate a pkcs5
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * key to address security concerns with RC4 keys.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (kflag && keyfile != NULL && keytype != CKK_RC4) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ATTRIBUTE template[5];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int nattr = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].type = CKA_CLASS;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].pValue = &objclass;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].ulValueLen = sizeof (objclass);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].type = CKA_KEY_TYPE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].pValue = &keytype;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].ulValueLen = sizeof (keytype);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].type = cmd->type;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].pValue = &truevalue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].ulValueLen = sizeof (truevalue);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].type = CKA_TOKEN;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].pValue = &falsevalue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].ulValueLen = sizeof (falsevalue);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].type = CKA_VALUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].pValue = pkeydata;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang template[nattr].ulValueLen = keysize;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = C_CreateObject(hSession, template,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang nattr, &key);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If the encryption type has a fixed key length,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * then its not necessary to set the key length
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * parameter when generating the key.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (keytype == CKK_DES || keytype == CKK_DES3)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang keylen = 0;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang else
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang keylen = 16;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Generate a cryptographically secure key using
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the key read from the file given (-k keyfile) or
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * the passphrase entered by the user.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = generate_pkcs5_key(hSession,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang salt, sizeof (salt),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang iterations,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkeydata, keytype, keysize,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang keylen, cmd->type, &key);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to generate a key: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangdo_crypto:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Setup up mechanism */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech.mechanism = mech_type;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech.pParameter = (CK_VOID_PTR)pivbuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang mech.ulParameterLen = ivlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((rv = cmd->Init(hSession, &mech, key)) != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to initialize crypto operation: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Write the version header encrypt command */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (cmd->type == CKA_ENCRYPT) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* convert to network order for storage */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int netversion = htonl(version);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG netiter;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (write(outfd, &netversion, sizeof (netversion))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang != sizeof (netversion)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write version number "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "to output file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Write the iteration and salt data, even if they
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * were not used to generate a key.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang netiter = htonl(iterations);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (write(outfd, &netiter,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang sizeof (netiter)) != sizeof (netiter)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write iterations to output"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (ivlen > 0 &&
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang write(outfd, pivbuf, ivlen) != ivlen) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write initialization vector "
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "to output"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (write(outfd, salt, sizeof (salt)) != sizeof (salt)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write salt data to output"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (crypt_multipart(cmd, hSession, infd, outfd, insbuf.st_size) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang goto cleanup;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Clean up
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangcleanup:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Clear the key data, so others cannot snoop */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (pkeydata != NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang bzero(pkeydata, keysize);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(pkeydata);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkeydata = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Destroy key object */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (Kflag != B_FALSE && key != (CK_OBJECT_HANDLE) 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) C_DestroyObject(hSession, key);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* free allocated memory */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (pSlotList != NULL)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(pSlotList);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (pivbuf != NULL)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(pivbuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* close all the files */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (iflag && (infd != -1))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(infd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (oflag && (outfd != -1))
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(outfd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* rename tmp output to input file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (inoutsame) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rename(outfilename, inputfile) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) unlink(outfilename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("rename failed."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* If error occurred, remove the output file */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (errflag && outfilename != NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) unlink(outfilename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* close pkcs11 session */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (hSession != CK_INVALID_HANDLE)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) C_CloseSession(hSession);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) C_Finalize(NULL);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (errflag);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Function for printing progress bar when the verbose flag
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * is set.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * The vertical bar is printed at 25, 50, and 75% complete.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * The function is passed the number of positions on the screen it needs to
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * advance and loops.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic void
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangprint_status(int pos_to_advance)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang while (pos_to_advance > 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang switch (status_pos) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 0:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("["));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 19:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 39:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang case 59:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("|"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang default:
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pos_to_advance--;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_pos++;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Encrypt/Decrypt in multi part.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * This function reads the input file (infd) and writes the
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * encrypted/decrypted output to file (outfd).
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * cmd - pointing to commandinfo
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * hSession - pkcs session
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * infd - input file descriptor
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * outfd - output file descriptor
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangcrypt_multipart(struct CommandInfo *cmd, CK_SESSION_HANDLE hSession,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int infd, int outfd, off_t insize)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_RV rv;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG resultlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG resultbuflen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE_PTR resultbuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG datalen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE databuf[BUFFERSIZE];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_BYTE outbuf[BUFFERSIZE+BLOCKSIZE];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang CK_ULONG status_index = 0; /* current total file size read */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang float status_last = 0.0; /* file size of last element used */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang float status_incr = 0.0; /* file size element increments */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int pos; /* # of progress bar elements to be print */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang ssize_t nread;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang boolean_t errflag = B_FALSE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang datalen = sizeof (databuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultbuflen = sizeof (outbuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultbuf = outbuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Divide into 79 increments for progress bar element spacing */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (vflag && iflag)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_incr = (insize / 79.0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang while ((nread = read(infd, databuf, datalen)) > 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Start with the initial buffer */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultlen = resultbuflen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = cmd->Update(hSession, databuf, (CK_ULONG)nread,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultbuf, &resultlen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Need a bigger buffer? */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv == CKR_BUFFER_TOO_SMALL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* free the old buffer */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (resultbuf != NULL && resultbuf != outbuf) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang bzero(resultbuf, resultbuflen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(resultbuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* allocate a new big buffer */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((resultbuf = malloc((size_t)resultlen)) == NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int err = errno;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("malloc: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang strerror(err));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultbuflen = resultlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Try again with bigger buffer */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = cmd->Update(hSession, databuf, (CK_ULONG)nread,
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang resultbuf, &resultlen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv != CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "crypto operation failed: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* write the output */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (write(outfd, resultbuf, resultlen) != resultlen) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write result to output file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang break;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (vflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_index += resultlen;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * If input is from stdin, do a our own progress bar
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * by printing periods at a pre-defined increment
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * until the file is done.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (!iflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * Print at least 1 element in case the file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * is small, it looks better than nothing.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (status_pos == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_pos = 1;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((status_index - status_last) >
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (PROGRESSSIZE)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, gettext("."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_last = status_index;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang continue;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Calculate the number of elements need to be print */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (insize <= BUFFERSIZE)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pos = 78;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang else
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pos = (int)((status_index - status_last) /
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_incr);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Add progress bar elements, if needed */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (pos > 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang print_status(pos);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang status_last += (status_incr * pos);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Print verbose completion */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (vflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (iflag)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, "]");
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) fprintf(stderr, "\n%s\n", gettext("Done."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Error in reading */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (nread == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "error reading from input file"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (!errflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Do the final part */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang rv = cmd->Final(hSession, resultbuf, &resultlen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (rv == CKR_OK) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* write the output */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (write(outfd, resultbuf, resultlen) != resultlen) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "failed to write result to output file."));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "crypto operation failed: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang pkcs11_strerror(rv));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang errflag = B_TRUE;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (resultbuf != NULL && resultbuf != outbuf) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang bzero(resultbuf, resultbuflen);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(resultbuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (errflag) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * cryptoreadfile - reads file into a buffer
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * This function can be used for reading files
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * containing key or initialization vector data.
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * filename - name of file
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * pdata - entire file returned in this buffer
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * must be freed by caller using free()
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * pdatalen - length of data returned
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * returns 0 if success, -1 if error
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangcryptoreadfile(char *filename, CK_BYTE_PTR *pdata, CK_ULONG_PTR pdatalen)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang struct stat statbuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *filebuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int filesize;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int fd;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (filename == NULL)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* read the file into a buffer */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((fd = open(filename, O_RDONLY | O_NONBLOCK)) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "cannot open %s"), filename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (fstat(fd, &statbuf) == -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "cannot stat %s"), filename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (!S_ISREG(statbuf.st_mode)) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext(
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang "%s not a regular file"), filename);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang filesize = (size_t)statbuf.st_size;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (filesize == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* allocate a buffer to hold the entire key */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((filebuf = malloc(filesize)) == NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int err = errno;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("malloc: %s"), strerror(err));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (read(fd, filebuf, filesize) != filesize) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int err = errno;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang cryptoerror(LOG_STDERR, gettext("error reading file: %s"),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang strerror(err));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang free(filebuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *pdata = (CK_BYTE_PTR)filebuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *pdatalen = (CK_ULONG)filesize;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * cryptogetdata - prompt user for a key or the PIN for a token
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * pdata - buffer for returning key or pin data
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * must be freed by caller using free()
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * psize - size of buffer returned
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * returns
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * 0 for success, -1 for failure
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangcryptogetdata(char *token_spec, CK_BYTE_PTR *pdata, CK_ULONG_PTR psize)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *databuf = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char *tmpbuf = NULL;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang char prompt[1024];
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (token_spec != NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) snprintf(prompt, sizeof (prompt),
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang DEFAULT_TOKEN_PROMPT, token_spec);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpbuf = getpassphrase(gettext(prompt));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang tmpbuf = getpassphrase(gettext("Enter key:"));
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (tmpbuf == NULL) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1); /* error */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang } else {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang databuf = strdup(tmpbuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) memset(tmpbuf, 0, strlen(tmpbuf)); /* clean up */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (databuf == NULL)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *pdata = (CK_BYTE_PTR)databuf;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang *psize = (CK_ULONG)strlen(databuf);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang/*
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * get_random_data - generate initialization vector data
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * iv data is random bytes
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * hSession - a pkcs session
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * pivbuf - buffer where data is returned
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang * ivlen - size of iv data
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangstatic int
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fangget_random_data(CK_BYTE_PTR pivbuf, int ivlen)
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang{
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang int fd;
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (ivlen == 0) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* nothing to generate */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang /* Read random data directly from /dev/random */
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if ((fd = open(RANDOM_DEVICE, O_RDONLY)) != -1) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang if (read(fd, pivbuf, (size_t)ivlen) == ivlen) {
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (0);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang }
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang (void) close(fd);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang return (-1);
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang}
22a84b8d79248a611e4ba663a268d3c4bed054acQuaker Fang