cmd-crypto/pktool/genkey.c

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * or http://www.opensolaris.org/os/licensing.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Use is subject to license terms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdio.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <string.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ctype.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <malloc.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <libgen.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <errno.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <cryptoutil.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <security/cryptoki.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include "common.h"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapi.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysgenkey_nss(KMF_HANDLE_T kmfhandle, char *token, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *keylabel, KMF_KEY_ALG keyAlg, int keylen, KMF_CREDENTIAL *tokencred)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN kmfrv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE key;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attlist[20];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int i = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_ALG keytype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t keylength;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (keylabel == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("A key label must be specified \n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    kmfrv = configure_nss(kmfhandle, dir, prefix);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfrv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (kmfrv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&key, 0, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keytype = keyAlg;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keylength = keylen;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEY_HANDLE_ATTR, &key, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYALG_ATTR, &keytype, sizeof (keytype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYLENGTH_ATTR, &keylength, sizeof (keylength));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (keylabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEYLABEL_ATTR, keylabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(keylabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys    if (tokencred != NULL && tokencred->cred != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (token != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_TOKEN_LABEL_ATTR, token,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(token));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmfrv = kmf_create_sym_key(kmfhandle, i, attlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (kmfrv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysgenkey_pkcs11(KMF_HANDLE_T kmfhandle, char *token,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *keylabel, KMF_KEY_ALG keyAlg, int keylen,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *senstr, char *extstr, boolean_t print_hex,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CREDENTIAL *tokencred)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN kmfrv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE key;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RAW_SYM_KEY  *rkey = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    boolean_t   sensitive = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    boolean_t   not_extractable = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *hexstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int  hexstrlen;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attlist[20];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int i = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_ALG keytype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t keylength;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (keylabel == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("A key label must be specified \n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Check the sensitive option value if specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (senstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tolower(senstr[0]) == 'y')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sensitive = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else if (tolower(senstr[0]) == 'n')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            sensitive = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                gettext("Incorrect sensitive option value.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Check the extractable option value if specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (extstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tolower(extstr[0]) == 'y')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            not_extractable = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else if (tolower(extstr[0]) == 'n')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            not_extractable = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                gettext("Incorrect extractable option value.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Select a PKCS11 token first */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    kmfrv = select_token(kmfhandle, token, FALSE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfrv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (kmfrv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&key, 0, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keytype = keyAlg;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keylength = keylen; /* bits */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEY_HANDLE_ATTR, &key, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYALG_ATTR, &keytype, sizeof (keytype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYLENGTH_ATTR, &keylength, sizeof (keylength));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (keylabel != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEYLABEL_ATTR, keylabel,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(keylabel));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys    if (tokencred != NULL && tokencred->cred != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_CREDENTIAL_ATTR, tokencred,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            sizeof (KMF_CREDENTIAL));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_SENSITIVE_BOOL_ATTR, &sensitive,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (sensitive));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_NON_EXTRACTABLE_BOOL_ATTR, &not_extractable,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (not_extractable));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmfrv = kmf_create_sym_key(kmfhandle, i, attlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfrv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (print_hex) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (sensitive == B_TRUE || not_extractable == B_TRUE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                gettext("Warning: can not reveal the key value "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                "for a sensitive or non-extractable key.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rkey = malloc(sizeof (KMF_RAW_SYM_KEY));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (rkey == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                kmfrv = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) memset(rkey, 0, sizeof (KMF_RAW_SYM_KEY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            kmfrv = kmf_get_sym_key_value(kmfhandle, &key, rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (kmfrv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            hexstrlen = 2 * rkey->keydata.len + 1;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            hexstr = malloc(hexstrlen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            if (hexstr == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                kmfrv = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            tohexstr(rkey->keydata.val, rkey->keydata.len, hexstr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                hexstrlen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            (void) printf(gettext("\tKey Value =\"%s\"\n"), hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_raw_sym_key(rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (hexstr != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (kmfrv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic KMF_RETURN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysgenkey_file(KMF_HANDLE_T kmfhandle, KMF_KEY_ALG keyAlg, int keylen, char *dir,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *outkey, boolean_t print_hex)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN kmfrv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE key;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RAW_SYM_KEY *rkey = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *hexstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int hexstrlen;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE attlist[20];
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int i = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_ALG keytype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t keylength;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    char *dirpath;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (EMPTYSTRING(outkey)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("No output key file was specified for the key\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (verify_file(outkey)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("Cannot write the indicated output "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            "key file (%s).\n"), outkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    (void) memset(&key, 0, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keytype = keyAlg;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    keylength = keylen;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
2cbed7292737821015ab481353eb10e8346b2c05wyllys    dirpath = dir;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEY_HANDLE_ATTR, &key, sizeof (KMF_KEY_HANDLE));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYALG_ATTR, &keytype, sizeof (keytype));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        KMF_KEYLENGTH_ATTR, &keylength, sizeof (keylength));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (dirpath != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_DIRPATH_ATTR, dirpath,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(dirpath));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (outkey != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_set_attr_at_index(attlist, i,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            KMF_KEY_FILENAME_ATTR, outkey,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            strlen(outkey));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        i++;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmfrv = kmf_create_sym_key(kmfhandle, i, attlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kmfrv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (print_hex) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rkey = malloc(sizeof (KMF_RAW_SYM_KEY));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rkey == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            kmfrv = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) memset(rkey, 0, sizeof (KMF_RAW_SYM_KEY));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmfrv = kmf_get_sym_key_value(kmfhandle, &key, rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kmfrv != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        hexstrlen = 2 * rkey->keydata.len + 1;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        hexstr = malloc(hexstrlen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (hexstr == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            kmfrv = KMF_ERR_MEMORY;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto out;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        tohexstr(rkey->keydata.val, rkey->keydata.len, hexstr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            hexstrlen);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) printf(gettext("\tKey Value =\"%s\"\n"), hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysout:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_raw_sym_key(rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (hexstr != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (kmfrv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysint
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyspk_genkey(int argc, char *argv[])
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int rv;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int opt;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extern int  optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    extern char *optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *tokenname = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *dir = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *prefix = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    char *keytype = "generic";
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *keylenstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int keylen = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *keylabel = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *outkey = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *senstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *extstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *printstr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_HANDLE_T kmfhandle = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_ALG keyAlg = KMF_GENERIC_SECRET;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    boolean_t print_hex = B_FALSE;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_CREDENTIAL tokencred = { NULL, 0 };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    while ((opt = getopt_av(argc, argv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "k:(keystore)l:(label)T:(token)d:(dir)p:(prefix)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "t:(keytype)y:(keylen)K:(outkey)P:(print)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        "s:(sensitive)e:(extractable)")) != EOF) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (EMPTYSTRING(optarg_av))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        switch (opt) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'k':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                kstype = KS2Int(optarg_av);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (kstype == 0)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'l':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (keylabel)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                keylabel = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'T':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (tokenname)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                tokenname = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'd':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (dir)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                dir = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'p':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (prefix)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                prefix = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 't':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                keytype = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'y':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (keylenstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                keylenstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'K':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (outkey)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                outkey = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'P':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (printstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                printstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 's':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (senstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                senstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            case 'e':
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                if (extstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                    return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                extstr = optarg_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    argc -= optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    argv += optind_av;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (argc) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* Check keytype. If not specified, default to AES */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (keytype != NULL && Str2SymKeyType(keytype, &keyAlg) != 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR, gettext("Unrecognized keytype(%s).\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            keytype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Check and set the key length.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * - For DES and 3DES, the key size are fixed. Ingore the keylen
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *   option, even if it is specified.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * - For AES and ARCFOUR, if keylen is not specified, default to
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     *   128 bits.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (keyAlg == KMF_DES)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        keylen = 64;  /* fixed size; ignore input */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    else if (keyAlg == KMF_DES3)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        keylen = 192; /* fixed size; ignore input */
c197cb9db36685d2808c057fdbe5700734483ab2hylee    else /* AES, ARCFOUR, or GENERIC SECRET */ {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (keylenstr == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                gettext("Key length must be specified for "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "AES, ARCFOUR or GENERIC symmetric keys.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (sscanf(keylenstr, "%d", &keylen) != 1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                gettext("Unrecognized key length (%s).\n"),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                keytype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (keylen == 0 || (keylen % 8) != 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                gettext("Key length bitlength must be a "
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys                "multiple of 8.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* check the print option */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (printstr != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (kstype == KMF_KEYSTORE_NSS) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                gettext("The print option does not apply "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                "to the NSS keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (tolower(printstr[0]) == 'y')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            print_hex = B_TRUE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else if (tolower(printstr[0]) == 'n')
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            print_hex = B_FALSE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys                gettext("Incorrect print option value.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* check the sensitive and extractable options */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((senstr != NULL || extstr != NULL) &&
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (kstype == KMF_KEYSTORE_NSS || kstype == KMF_KEYSTORE_OPENSSL)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            gettext("The sensitive or extractable option applies "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            "to the PKCS11 keystore only.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_PK11TOKEN && tokenname == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        tokenname = PK_DEFAULT_PK11TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (kstype == KMF_KEYSTORE_NSS && tokenname == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        tokenname = DEFAULT_NSS_TOKEN;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
577f4726f2ea5aeaa2cf3dd65aca52869834b137wyllys    DIR_OPTION_CHECK(kstype, dir);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_PK11TOKEN || kstype == KMF_KEYSTORE_NSS)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) get_token_password(kstype, tokenname, &tokencred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        cryptoerror(LOG_STDERR, gettext("Error initializing KMF\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto end;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (kstype == KMF_KEYSTORE_NSS) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = genkey_nss(kmfhandle, tokenname, dir, prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            keylabel, keyAlg, keylen, &tokencred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else if (kstype == KMF_KEYSTORE_OPENSSL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = genkey_file(kmfhandle, keyAlg, keylen, dir, outkey,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            print_hex);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = genkey_pkcs11(kmfhandle, tokenname, keylabel, keyAlg,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            keylen, senstr, extstr, print_hex, &tokencred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysend:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        display_error(kmfhandle, rv,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            gettext("Error generating key"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (tokencred.cred != NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        free(tokencred.cred);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) kmf_finalize(kmfhandle);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (PK_ERR_USAGE);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}