99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
fa60c371cd00bdca17de2ff18fe3e64d051ae61bwyllys * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Use is subject to license terms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysgenkey_nss(KMF_HANDLE_T kmfhandle, char *token, char *dir, char *prefix,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys char *keylabel, KMF_KEY_ALG keyAlg, int keylen, KMF_CREDENTIAL *tokencred)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Check the sensitive option value if specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Check the extractable option value if specified. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Select a PKCS11 token first */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (sensitive == B_TRUE || not_extractable == B_TRUE) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "for a sensitive or non-extractable key.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfrv = kmf_get_sym_key_value(kmfhandle, &key, rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tohexstr(rkey->keydata.val, rkey->keydata.len, hexstr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("\tKey Value =\"%s\"\n"), hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysgenkey_file(KMF_HANDLE_T kmfhandle, KMF_KEY_ALG keyAlg, int keylen, char *dir,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("No output key file was specified for the key\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmfrv = kmf_get_sym_key_value(kmfhandle, &key, rkey);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys tohexstr(rkey->keydata.val, rkey->keydata.len, hexstr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) printf(gettext("\tKey Value =\"%s\"\n"), hexstr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys extern char *optarg_av;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "k:(keystore)l:(label)T:(token)d:(dir)p:(prefix)"
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "t:(keytype)y:(keylen)K:(outkey)P:(print)"
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* No additional args allowed. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Check keytype. If not specified, default to AES */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (keytype != NULL && Str2SymKeyType(keytype, &keyAlg) != 0) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Unrecognized keytype(%s).\n"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Check and set the key length.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * - For DES and 3DES, the key size are fixed. Ingore the keylen
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * option, even if it is specified.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * - For AES and ARCFOUR, if keylen is not specified, default to
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * 128 bits.
c197cb9db36685d2808c057fdbe5700734483ab2hylee else /* AES, ARCFOUR, or GENERIC SECRET */ {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "AES, ARCFOUR or GENERIC symmetric keys.\n"));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys "multiple of 8.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* check the print option */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "to the NSS keystore.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* check the sensitive and extractable options */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (kstype == KMF_KEYSTORE_NSS || kstype == KMF_KEYSTORE_OPENSSL)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys gettext("The sensitive or extractable option applies "
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "to the PKCS11 keystore only.\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN && tokenname == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys } else if (kstype == KMF_KEYSTORE_NSS && tokenname == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kstype == KMF_KEYSTORE_PK11TOKEN || kstype == KMF_KEYSTORE_NSS)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) get_token_password(kstype, tokenname, &tokencred);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys cryptoerror(LOG_STDERR, gettext("Error initializing KMF\n"));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = genkey_file(kmfhandle, keyAlg, keylen, dir, outkey,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys rv = genkey_pkcs11(kmfhandle, tokenname, keylabel, keyAlg,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (0);