digest.c revision 30a5e8fa1253cb33980ee4514743cf683f584b4e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* digest.c
*
* Implements digest(1) and mac(1) commands
* If command name is mac, performs mac operation
* else perform digest operation
*
* See the man pages for digest and mac for details on
* how these commands work.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <ctype.h>
#include <strings.h>
#include <libintl.h>
#include <libgen.h>
#include <locale.h>
#include <errno.h>
#include <security/cryptoki.h>
#include <limits.h>
#include <cryptoutil.h>
#include <kmfapi.h>
/*
* RESULTLEN - large enough size in bytes to hold result for
* digest and mac results for all mechanisms
*/
#define RESULTLEN (512)
/*
* Default parameters for PBKDF2 algorithm
*/
#define PBKD2_ITERATIONS (1000)
#define PBKD2_SALT_SIZE 16
/*
* Exit Status codes
*/
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0 /* No errors */
#endif /* EXIT_SUCCESS */
#define DEFAULT_TOKEN_PROMPT "Enter PIN for %s: "
#define PK_DEFAULT_PK11TOKEN SOFT_TOKEN_LABEL
static char *token_label = NULL;
struct mech_alias {
char *alias;
int keysize_unit;
};
#define MECH_ALIASES_COUNT 11
static struct mech_alias mech_aliases[] = {
};
int
{
extern char *optarg;
extern int optind;
int errflag = 0; /* We had an optstr parse error */
char c; /* current getopts flag */
int filecount;
char *optstr;
char **filelist; /* list of files */
#if !defined(TEXT_DOMAIN) /* Should be defiend by cc -D */
#endif
(void) textdomain(TEXT_DOMAIN);
/*
* Based on command name, determine
* type of command. mac is mac
* everything else is digest.
*/
else {
"command name must be either digest or mac\n"));
}
if (mac_cmd) {
} else {
}
/* Parse command line arguments */
switch (c) {
case 'v':
break;
case 'a':
break;
case 'k':
break;
case 'l':
break;
case 'T':
break;
case 'K':
break;
default:
errflag++;
}
}
}
if (filecount == 0) {
} else {
}
}
/*
*/
static void
{
if (mac_cmd) {
"[-k <keyfile> | -K <keylabel> [-T <tokenspec>]] "
"[file...]\n"));
} else {
"-a <algorithm> [file...]\n"));
}
}
/*
* Print out list of available algorithms.
*/
static void
{
int mech;
if (mac_cmd)
"Max (bits)\n"
"------------------------------------------\n"));
continue;
if (mac_cmd) {
(void) printf(" %5lu %5lu\n",
else
(void) printf("\n");
} else
}
}
static CK_RV
{
int attrs = 0;
attrs++;
attrs++;
attrs++;
if (keylen > 0) {
attrs++;
}
params.ulPrfDataLen = 0;
return (rv);
}
static int
{
CK_BBOOL true = 1;
int i;
return (-1);
}
i = 0;
i++;
i++;
i++;
i++;
pTmpl[i].ulValueLen = sizeof (true);
i++;
goto out;
}
(void) C_FindObjectsFinal(hSession);
out:
"Cannot retrieve key object. error = %s\n",
return (-1);
}
if (key_obj_count == 0) {
return (-1);
}
return (0);
}
/*
* Execute the command.
* algo_str - name of algorithm
* filecount - no. of files to process, if 0, use stdin
* filelist - list of files
* mac_cmd - if true do mac else do digest
*/
static int
{
int fd;
int keylen = 0; /* key length */
int resultstrlen; /* result string length */
int i;
int mech_match = 0;
if (aflag) {
/*
*/
mech_match++) {
break;
}
}
if (mech_match == MECH_ALIASES_COUNT) {
return (EXIT_FAILURE);
}
/* Get key to do a MAC operation */
if (mac_cmd) {
if (Kflag) {
int status;
if (token_label == NULL ||
!strlen(token_label)) {
}
if (status == -1) {
gettext("invalid passphrase."));
return (EXIT_FAILURE);
}
} else {
gettext("invalid key."));
return (EXIT_FAILURE);
}
}
}
}
/* Initialize, and get list of slots */
gettext("failed to initialize PKCS #11 framework: %s"),
return (EXIT_FAILURE);
}
/* Get slot count */
"failed to find any cryptographic provider,"
"please check with your system administrator: %s"),
goto cleanup;
}
/* Found at least one slot, allocate memory for slot list */
goto cleanup;
}
/* Get the list of slots */
"failed to find any cryptographic provider,"
"please check with your system administrator: %s"),
goto cleanup;
}
/*
* Obtain list of algorithms if -l option was given
*/
if (lflag) {
/* Iterate through each mechanism */
/* Only check algorithms that can be used */
continue;
/*
* the values available are not 0.
*/
}
}
goto cleanup;
}
/*
* Find a slot with matching mechanism
*
* If -K is specified, we find the slot id for the token first, then
* check if the slot supports the algorithm.
*/
i = 0;
if (Kflag) {
gettext("no matching PKCS#11 token"));
goto cleanup;
}
else
i = slotcount;
} else {
for (i = 0; i < slotcount; i++) {
continue; /* to the next slot */
} else {
if (mac_cmd) {
/*
* Make sure the slot supports
* PKCS5 key generation if we
* will be using it later.
* We use it whenever the key
* is entered at command line.
*/
break;
break;
}
} else {
break;
}
}
}
}
/* Show error if no matching mechanism found */
if (i == slotcount) {
gettext("no cryptographic provider was "
"found for this algorithm -- %s"), algo_str);
goto cleanup;
}
/* Mechanism is supported. Go ahead & open a session */
gettext("can not open PKCS#11 session: %s"),
goto cleanup;
}
/* Create a key object for mac operation */
if (mac_cmd) {
/*
* If we read keybytes from a file,
* do NOT process them with C_GenerateKey,
* treat them as raw keydata bytes and
* create a key object for them.
*/
if (keyfile) {
int nattr = 0;
if (mech_type == CKM_DES_MAC) {
}
nattr++;
nattr++;
nattr++;
nattr++;
nattr++;
} else if (Kflag) {
if (mech_type == CKM_DES_MAC) {
} else {
}
goto cleanup;
}
} else {
if (mech_type == CKM_DES_MAC) {
keysize = 0;
} else {
}
/*
* We use a fixed salt (0x0a, 0x0a, 0x0a ...)
* for creating the key so that the end user
* will be able to generate the same 'mac'
* using the same passphrase.
*/
}
gettext("unable to create key for crypto "
goto cleanup;
}
}
/* Allocate a buffer to store result. */
goto cleanup;
}
/* Allocate a buffer to store result string */
goto cleanup;
}
mech.ulParameterLen = 0;
i = 0;
do {
-1) {
"can not open input file %s\n"), filename);
continue;
}
} else {
fd = 0; /* use stdin */
}
/*
* Perform the operation
*/
if (mac_cmd) {
&resultlen);
} else {
&resultlen);
}
gettext("crypto operation failed for "
"file %s: %s\n"),
continue;
}
/* if result size has changed, allocate a bigger resulstr buf */
goto cleanup;
}
}
/* Output the result */
/* Include mechanism name for verbose */
if (vflag)
/* Include file name for multiple files, or if verbose */
}
} while (++i < filecount);
/* clear and free the key */
if (mac_cmd) {
}
}
}
}
}
if (hSession != CK_INVALID_HANDLE)
(void) C_CloseSession(hSession);
(void) C_Finalize(NULL_PTR);
return (exitcode);
}
/*
* do_digest - Compute digest of a file
*
* hSession - session
* pmech - ptr to mechanism to be used for digest
* fd - file descriptor
* pdigest - buffer where digest result is returned
* pdigestlen - length of digest buffer on input,
* length of result on output
*/
static CK_RV
{
int saved_errno;
return (rv);
}
/* Get the digest */
return (rv);
}
/*
* Perform the C_DigestFinal, even if there is a read error.
* Otherwise C_DigestInit will return CKR_OPERATION_ACTIVE
* next time it is called (for another file)
*/
/* result too big to fit? Allocate a bigger buffer */
if (rv == CKR_BUFFER_TOO_SMALL) {
return (CKR_HOST_MEMORY);
}
}
/* There was a read error */
if (nread == -1) {
return (CKR_GENERAL_ERROR);
} else {
return (rv);
}
}
/*
* do_mac - Compute mac of a file
*
* hSession - session
* pmech - ptr to mechanism to be used
* fd - file descriptor
* key - key to be used
* psignature - ptr buffer where mac result is returned
* returns new buf if current buf is small
* psignaturelen - length of mac buffer on input,
* length of result on output
*/
static CK_RV
{
int saved_errno;
return (rv);
}
/* Get the MAC */
return (rv);
}
/*
* Perform the C_SignFinal, even if there is a read error.
* Otherwise C_SignInit will return CKR_OPERATION_ACTIVE
* next time it is called (for another file)
*/
/* result too big to fit? Allocate a bigger buffer */
if (rv == CKR_BUFFER_TOO_SMALL) {
if (*psignature == NULL_PTR) {
return (CKR_HOST_MEMORY);
}
}
/* There was a read error */
if (nread == -1) {
return (CKR_GENERAL_ERROR);
} else {
return (rv);
}
}
/*
* getkey - gets keydata from file specified
*
* filename - name of file, if null, prompt for pass phrase
* pkeydata - binary key data is returned in this buf
*
* returns length of key, or -1 if error
*/
static int
{
char *tmpbuf;
int keylen;
int fd;
/* read the key file into a buffer */
"can't open %s\n"), filename);
return (-1);
}
"can't stat %s\n"), filename);
return (-1);
}
"%s not a regular file\n"), filename);
return (-1);
}
if (keylen > 0) {
/* allocate a buffer to hold the entire key */
return (-1);
}
"can't read %s\n"), filename);
return (-1);
}
}
} else {
/* No file, prompt for a pass phrase */
return (-1); /* error */
} else {
}
}
return (keylen);
}
static int
{
char *databuf;
char *tmpbuf;
char prompt[1024];
if (token_spec == NULL)
return (-1);
return (-1); /* error */
}
return (-1);
return (0);
}