Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions | Variables
symkeyutil.c File Reference
#include <stdio.h>
#include <string.h>
#include "secutil.h"
#include "nspr.h"
#include "pk11func.h"
#include "secasn1.h"
#include "cert.h"
#include "cryptohi.h"
#include "secoid.h"
#include "certdb.h"
#include "nss.h"

Go to the source code of this file.

Classes

struct  _KeyTypes

Defines

#define FPS   fprintf(stderr,
#define MAX_KEY_SIZE   4098

Typedefs

typedef struct _KeyTypes KeyTypes

Enumerations

enum  {
  cmd_CreateNewKey = 0, cmd_DeleteKey, cmd_ImportKey, cmd_ExportKey,
  cmd_WrapKey, cmd_UnwrapKey, cmd_MoveKey, cmd_ListKeys,
  cmd_PrintHelp
}
enum  {
  opt_CertDir = 0, opt_PasswordFile, opt_TargetToken, opt_TokenName,
  opt_KeyID, opt_KeyIDFile, opt_KeyType, opt_Nickname,
  opt_KeyFile, opt_Password, opt_dbPrefix, opt_RW,
  opt_KeySize, opt_WrapKeyName, opt_WrapKeyID, opt_WrapKeyIDFile,
  opt_NoiseFile
}

Functions

int GetLen (PRFileDesc *fd)
int ReadBuf (char *inFile, SECItem *item)
int WriteBuf (char *inFile, SECItem *item)
CK_KEY_TYPE GetKeyTypeFromString (const char *keyString)
CK_MECHANISM_TYPE GetKeyMechFromString (const char *keyString)
const char * GetStringFromKeyType (CK_KEY_TYPE type)
CK_MECHANISM_TYPE GetWrapFromKeyType (CK_KEY_TYPE type)
CK_MECHANISM_TYPE GetWrapMechanism (PK11SymKey *symKey)
int GetDigit (char c)
char ToDigit (unsigned char c)
char * BufToHex (SECItem *outbuf)
int HexToBuf (char *inString, SECItem *outbuf)
void printBuf (unsigned char *data, int len)
void PrintKey (PK11SymKey *symKey)
SECStatus ListKeys (PK11SlotInfo *slot, int *printLabel, void *pwd)
PK11SymKey * FindKey (PK11SlotInfo *slot, char *name, SECItem *id, void *pwd)
PRBool IsKeyList (PK11SymKey *symKey)
void FreeKeyList (PK11SymKey *symKey)
static void Usage (char *progName)
static void LongUsage (char *progName)
int main (int argc, char **argv)
 The Xalan testcases app.

Variables

static KeyTypes keyArray []
static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0])
static secuCommandFlag symKeyUtil_commands []
static secuCommandFlag symKeyUtil_options []

Class Documentation

struct _KeyTypes

Definition at line 72 of file symkeyutil.c.

Class Members
CK_KEY_TYPE keyType
char * label
CK_MECHANISM_TYPE mechType
CK_MECHANISM_TYPE wrapMech

Define Documentation

#define FPS   fprintf(stderr,
#define MAX_KEY_SIZE   4098

Typedef Documentation

typedef struct _KeyTypes KeyTypes

Enumeration Type Documentation

anonymous enum
Enumerator:
cmd_CreateNewKey 
cmd_DeleteKey 
cmd_ImportKey 
cmd_ExportKey 
cmd_WrapKey 
cmd_UnwrapKey 
cmd_MoveKey 
cmd_ListKeys 
cmd_PrintHelp 

Definition at line 535 of file symkeyutil.c.

anonymous enum
Enumerator:
opt_CertDir 
opt_PasswordFile 
opt_TargetToken 
opt_TokenName 
opt_KeyID 
opt_KeyIDFile 
opt_KeyType 
opt_Nickname 
opt_KeyFile 
opt_Password 
opt_dbPrefix 
opt_RW 
opt_KeySize 
opt_WrapKeyName 
opt_WrapKeyID 
opt_WrapKeyIDFile 
opt_NoiseFile 

Definition at line 548 of file symkeyutil.c.


Function Documentation

char* BufToHex ( SECItem *  outbuf)

Definition at line 260 of file symkeyutil.c.

{
    int len = outbuf->len * 2 +1;
    char *string, *ptr;
    unsigned int i;

    string = PORT_Alloc(len);

    ptr = string;
    for (i=0; i < outbuf->len; i++) {
       *ptr++ = ToDigit(outbuf->data[i] >> 4);
       *ptr++ = ToDigit(outbuf->data[i] & 0xf);
    }
    *ptr = 0;
    return string;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SymKey* FindKey ( PK11SlotInfo *  slot,
char *  name,
SECItem *  id,
void pwd 
)

Definition at line 363 of file symkeyutil.c.

{
    PK11SymKey *key = NULL;
    SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);

    if (rv != SECSuccess) {
       return NULL;
    }


    if (id->data) {
       key = PK11_FindFixedKey(slot,CKM_INVALID_MECHANISM, id, pwd);
    }
    if (name && !key) {
       key = PK11_ListFixedKeysInSlot(slot,name, pwd);
    }

    if (key) {
       printf("Found a key\n");
       PrintKey(key);
    }
    return key;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void FreeKeyList ( PK11SymKey *  symKey)

Definition at line 394 of file symkeyutil.c.

{
   PK11SymKey *next,*current;

   for (current = symKey; current; current = next) {
       next = PK11_GetNextSymKey(current);
       PK11_FreeSymKey(current);
   }
   return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int GetDigit ( char  c)

Definition at line 232 of file symkeyutil.c.

{
    if (c == 0) {
       return -1;
    }
    if (c <= '9' && c >= '0') {
       return c - '0';
    }
    if (c <= 'f' && c >= 'a') {
       return c - 'a' + 0xa;
    }
    if (c <= 'F' && c >= 'A') {
       return c - 'A' + 0xa;
    }
    return -1;
}

Here is the caller graph for this function:

Definition at line 188 of file symkeyutil.c.

{
    int i;
    for (i=0; i < keyArraySize; i++) {
       if (PL_strcasecmp(keyString,keyArray[i].label) == 0) {
           return keyArray[i].mechType;
       }
    }
    return (CK_MECHANISM_TYPE)-1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_KEY_TYPE GetKeyTypeFromString ( const char *  keyString)

Definition at line 176 of file symkeyutil.c.

{
    int i;
    for (i=0; i < keyArraySize; i++) {
       if (PL_strcasecmp(keyString,keyArray[i].label) == 0) {
           return keyArray[i].keyType;
       }
    }
    return (CK_KEY_TYPE)-1;
}

Here is the call graph for this function:

int GetLen ( PRFileDesc fd)

Definition at line 111 of file symkeyutil.c.

{
    PRFileInfo info;

    if (PR_SUCCESS != PR_GetOpenFileInfo(fd, &info)) {
        return -1;
    }

    return info.size;
}

Here is the caller graph for this function:

Definition at line 200 of file symkeyutil.c.

{
    int i;
    for (i=0; i < keyArraySize; i++) {
       if (keyArray[i].keyType == type) {
           return keyArray[i].label;
       }
    }
    return "unmatched";
}

Here is the caller graph for this function:

Definition at line 212 of file symkeyutil.c.

{
    int i;
    for (i=0; i < keyArraySize; i++) {
       if (keyArray[i].keyType == type) {
           return keyArray[i].wrapMech;
       }
    }
    return CKM_INVALID_MECHANISM;
}

Here is the caller graph for this function:

CK_MECHANISM_TYPE GetWrapMechanism ( PK11SymKey *  symKey)

Definition at line 224 of file symkeyutil.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int HexToBuf ( char *  inString,
SECItem *  outbuf 
)

Definition at line 279 of file symkeyutil.c.

{
    int len = strlen(inString);
    int outlen = len+1/2;
    int trueLen = 0;

    outbuf->data = PORT_Alloc(outlen);
    if (outbuf->data) {
       return -1;
    }

    while (*inString) {
       int digit1, digit2;
       digit1 = GetDigit(*inString++);
       digit2 = GetDigit(*inString++);
       if ((digit1 == -1) || (digit2 == -1)) {
           PORT_Free(outbuf->data);
           outbuf->data = NULL;
           return -1;
       }
       outbuf->data[trueLen++] = digit1 << 4 | digit2;
    }
    outbuf->len = trueLen;
    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool IsKeyList ( PK11SymKey *  symKey)

Definition at line 388 of file symkeyutil.c.

{
   return (PRBool) (PK11_GetNextSymKey(symKey) != NULL);
}

Here is the call graph for this function:

SECStatus ListKeys ( PK11SlotInfo *  slot,
int printLabel,
void pwd 
)

Definition at line 338 of file symkeyutil.c.

                                                         {
    PK11SymKey *keyList;
    SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
    if (rv != SECSuccess) {
        return rv;;
    }

    keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd);
    if (keyList) {
       if (*printLabel) {
            printf("     Name            Len Strength     Type    Data\n");
           *printLabel = 0;
       }
       printf("%s:\n",PK11_GetTokenName(slot));
    }
    while (keyList) {
        PK11SymKey *freeKey = keyList;
        PrintKey(keyList);
        keyList = PK11_GetNextSymKey(keyList);
        PK11_FreeSymKey(freeKey);
    }
    return SECSuccess;
}

Here is the call graph for this function:

static void LongUsage ( char *  progName) [static]

Definition at line 424 of file symkeyutil.c.

{
    int i;
    FPS "%-15s List all the keys.\n", "-L");
    FPS "%-15s Generate a new key.\n", "-K");
    FPS "%-20s Specify the nickname of the new key\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the new key\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the new key\n",
       "   -j key id file");
    FPS "%-20s Specify the keyType of the new key\n",
       "   -t type");
    FPS "%-20s", "  valid types: ");
    for (i=0; i < keyArraySize ; i++) {
       FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
    }
    FPS "%-20s Specify the size of the new key in bytes (required by some types)\n",
       "   -s size");
    FPS "%-15s Delete a key.\n", "-D");
    FPS "%-20s Specify the nickname of the key to delete\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the key to delete\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the key to delete\n",
       "   -j key id file");
    FPS "%-15s Import a new key from a data file.\n", "-I");
    FPS "%-20s Specify the data file to read the key from.\n",
       "   -k key file");
    FPS "%-20s Specify the nickname of the new key\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the new key\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the new key\n",
       "   -j key id file");
    FPS "%-20s Specify the keyType of the new key\n",
       "   -t type");
    FPS "%-20s", "  valid types: ");
    for (i=0; i < keyArraySize ; i++) {
       FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
    }
    FPS "%-15s Export a key to a data file.\n", "-E");
    FPS "%-20s Specify the data file to write the key to.\n",
       "   -k key file");
    FPS "%-20s Specify the nickname of the key to export\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the key to export\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the key to export\n",
       "   -j key id file");
    FPS "%-15s Move a key to a new token.\n", "-M");
    FPS "%-20s Specify the nickname of the key to move\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the key to move\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the key to move\n",
       "   -j key id file");
    FPS "%-20s Specify the token to move the key to\n",
       "   -g target token");
    FPS "%-15s Unwrap a new key from a data file.\n", "-U");
    FPS "%-20s Specify the data file to read the encrypted key from.\n",
       "   -k key file");
    FPS "%-20s Specify the nickname of the new key\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the new key\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the new key\n",
       "   -j key id file");
    FPS "%-20s Specify the keyType of the new key\n",
       "   -t type");
    FPS "%-20s", "  valid types: ");
    for (i=0; i < keyArraySize ; i++) {
       FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
    }
    FPS "%-20s Specify the nickname of the wrapping key\n",
       "   -w wrap name");
    FPS "%-20s Specify the id in hex of the wrapping key\n",
       "   -x wrap key id");
    FPS "%-20s Specify a file to read the id of the wrapping key\n",
       "   -y wrap key id file");
    FPS "%-15s Wrap a new key to a data file. [not yet implemented]\n", "-W");
    FPS "%-20s Specify the data file to write the encrypted key to.\n",
       "   -k key file");
    FPS "%-20s Specify the nickname of the key to wrap\n",
       "   -n name");
    FPS "%-20s Specify the id in hex of the key to wrap\n",
       "   -i key id");
    FPS "%-20s Specify a file to read the id of the key to wrap\n",
       "   -j key id file");
    FPS "%-20s Specify the nickname of the wrapping key\n",
       "   -w wrap name");
    FPS "%-20s Specify the id in hex of the wrapping key\n",
       "   -x wrap key id");
    FPS "%-20s Specify a file to read the id of the wrapping key\n",
       "   -y wrap key id file");
    FPS "%-15s Options valid for all commands\n", "std_opts");
    FPS "%-20s The directory where the NSS db's reside\n",
       "   -d certdir");
    FPS "%-20s Prefix for the NSS db's\n",
       "   -P db prefix");
    FPS "%-20s Specify password on the command line\n",
       "   -p password");
    FPS "%-20s Specify password file on the command line\n",
       "   -f password file");
    FPS "%-20s Specify token to act on\n",
       "   -h token");
    exit(1);
#undef FPS
}

Here is the call graph for this function:

Here is the caller graph for this function:

int main ( int  argc,
char **  argv 
)

The Xalan testcases app.

Definition at line 603 of file symkeyutil.c.

{
    PK11SlotInfo *slot = NULL;
    char *      slotname        = "internal";
    char *      certPrefix      = "";
    CK_MECHANISM_TYPE keyType   = CKM_SHA_1_HMAC;
    int         keySize            = 0;
    char *      name            = NULL;
    char *      wrapName        = NULL;
    secuPWData  pwdata          = { PW_NONE, 0 };
    PRBool    readOnly      = PR_FALSE;
    SECItem   key;
    SECItem   keyID;
    SECItem   wrapKeyID;
    int commandsEntered = 0;
    int commandToRun = 0;
    char *progName;
    int i;
    SECStatus rv = SECFailure;

    secuCommand symKeyUtil;
    symKeyUtil.numCommands=sizeof(symKeyUtil_commands)/sizeof(secuCommandFlag);
    symKeyUtil.numOptions=sizeof(symKeyUtil_options)/sizeof(secuCommandFlag);
    symKeyUtil.commands = symKeyUtil_commands;
    symKeyUtil.options = symKeyUtil_options;

    key.data = NULL; key.len = 0;
    keyID.data = NULL; keyID.len = 0;
    wrapKeyID.data = NULL; wrapKeyID.len = 0;

    progName = strrchr(argv[0], '/');
    progName = progName ? progName+1 : argv[0];

    rv = SECU_ParseCommandLine(argc, argv, progName, &symKeyUtil);

    if (rv != SECSuccess)
       Usage(progName);

    rv = SECFailure;

    /* -H print help */
    if (symKeyUtil.commands[cmd_PrintHelp].activated)
       LongUsage(progName);

    /* -f password file, -p password */
    if (symKeyUtil.options[opt_PasswordFile].arg) {
       pwdata.source = PW_FROMFILE;
       pwdata.data = symKeyUtil.options[opt_PasswordFile].arg;
    } else if (symKeyUtil.options[opt_Password].arg) {
       pwdata.source = PW_PLAINTEXT;
       pwdata.data = symKeyUtil.options[opt_Password].arg;
    } 

    /* -d directory */
    if (symKeyUtil.options[opt_CertDir].activated)
       SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg);

    /* -s key size */
    if (symKeyUtil.options[opt_KeySize].activated) {
       keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg);
    }

    /*  -h specify token name  */
    if (symKeyUtil.options[opt_TokenName].activated) {
       if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0)
           slotname = NULL;
       else
           slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg);
    }

    /* -t key type */
    if  (symKeyUtil.options[opt_KeyType].activated) {
       keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg);
       if (keyType == (CK_MECHANISM_TYPE)-1) {
           PR_fprintf(PR_STDERR, 
                 "%s unknown key type (%s).\n",
                  progName, symKeyUtil.options[opt_KeyType].arg);
           return 255;
       }
    }

    /* -k for import and unwrap, it specifies an input file to read from,
     * for export and wrap it specifies an output file to write to */
    if (symKeyUtil.options[opt_KeyFile].activated) {
        if (symKeyUtil.commands[cmd_ImportKey].activated ||
              symKeyUtil.commands[cmd_UnwrapKey].activated ) {
           int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key);
           if (ret < 0) {
               PR_fprintf(PR_STDERR, 
                 "%s Couldn't read key file (%s).\n",
                  progName, symKeyUtil.options[opt_KeyFile].arg);
              return 255;
           }
       }
    }

    /* -i specify the key ID */
    if (symKeyUtil.options[opt_KeyID].activated) {
       int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID);
       if (ret < 0) {
           PR_fprintf(PR_STDERR, 
                 "%s invalid key ID (%s).\n",
                  progName, symKeyUtil.options[opt_KeyID].arg);
           return 255;
       }
    }

    /* -i & -j are mutually exclusive */
    if ((symKeyUtil.options[opt_KeyID].activated) &&
               (symKeyUtil.options[opt_KeyIDFile].activated)) {
       PR_fprintf(PR_STDERR, 
                 "%s -i and -j options are mutually exclusive.\n", progName);
       return 255;
    }

    /* -x specify the Wrap key ID */
    if (symKeyUtil.options[opt_WrapKeyID].activated) {
       int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID);
       if (ret < 0) {
           PR_fprintf(PR_STDERR, 
                 "%s invalid key ID (%s).\n",
                  progName, symKeyUtil.options[opt_WrapKeyID].arg);
           return 255;
       }
    }

    /* -x & -y are mutually exclusive */
    if ((symKeyUtil.options[opt_KeyID].activated) &&
               (symKeyUtil.options[opt_KeyIDFile].activated)) {
       PR_fprintf(PR_STDERR, 
                 "%s -i and -j options are mutually exclusive.\n", progName);
       return 255;
    }
       

    /* -y specify the key ID */
    if (symKeyUtil.options[opt_WrapKeyIDFile].activated) {
       int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg,
                                                         &wrapKeyID);
       if (ret < 0) {
           PR_fprintf(PR_STDERR, 
                 "%s Couldn't read key ID file (%s).\n",
                  progName, symKeyUtil.options[opt_WrapKeyIDFile].arg);
           return 255;
       }
    }

    /*  -P certdb name prefix */
    if (symKeyUtil.options[opt_dbPrefix].activated)
       certPrefix = strdup(symKeyUtil.options[opt_dbPrefix].arg);

    /*  Check number of commands entered.  */
    commandsEntered = 0;
    for (i=0; i< symKeyUtil.numCommands; i++) {
       if (symKeyUtil.commands[i].activated) {
           commandToRun = symKeyUtil.commands[i].flag;
           commandsEntered++;
       }
       if (commandsEntered > 1)
           break;
    }
    if (commandsEntered > 1) {
       PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
       PR_fprintf(PR_STDERR, "You entered: ");
       for (i=0; i< symKeyUtil.numCommands; i++) {
           if (symKeyUtil.commands[i].activated)
              PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag);
       }
       PR_fprintf(PR_STDERR, "\n");
       return 255;
    }
    if (commandsEntered == 0) {
       PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
       Usage(progName);
    }

    if (symKeyUtil.commands[cmd_ListKeys].activated ||
         symKeyUtil.commands[cmd_PrintHelp].activated ||
         symKeyUtil.commands[cmd_ExportKey].activated ||
         symKeyUtil.commands[cmd_WrapKey].activated) {
       readOnly = !symKeyUtil.options[opt_RW].activated;
    }

    if ((symKeyUtil.commands[cmd_ImportKey].activated ||
         symKeyUtil.commands[cmd_ExportKey].activated ||
         symKeyUtil.commands[cmd_WrapKey].activated ||
         symKeyUtil.commands[cmd_UnwrapKey].activated ) &&
        !symKeyUtil.options[opt_KeyFile].activated) {
       PR_fprintf(PR_STDERR, 
                 "%s -%c: keyfile is required for this command (-k).\n",
                  progName, commandToRun);
       return 255;
    }

    /*  -E, -D, -W, and all require -n, -i, or -j to identify the key  */
    if ((symKeyUtil.commands[cmd_ExportKey].activated ||
         symKeyUtil.commands[cmd_DeleteKey].activated ||
         symKeyUtil.commands[cmd_WrapKey].activated) &&
        !(symKeyUtil.options[opt_Nickname].activated ||
         symKeyUtil.options[opt_KeyID].activated ||
         symKeyUtil.options[opt_KeyIDFile].activated)) {
       PR_fprintf(PR_STDERR, 
         "%s -%c: nickname or id is required for this command (-n, -i, -j).\n",
                  progName, commandToRun);
       return 255;
    }

    /*  -W, -U, and all  -w, -x, or -y to identify the wrapping key  */
    if (( symKeyUtil.commands[cmd_WrapKey].activated ||
         symKeyUtil.commands[cmd_UnwrapKey].activated) &&
        !(symKeyUtil.options[opt_WrapKeyName].activated ||
         symKeyUtil.options[opt_WrapKeyID].activated ||
         symKeyUtil.options[opt_WrapKeyIDFile].activated)) {
       PR_fprintf(PR_STDERR, 
         "%s -%c: wrap key is required for this command (-w, -x, or -y).\n",
                  progName, commandToRun);
       return 255;
    }

    /* -M needs the target slot  (-g) */
    if (symKeyUtil.commands[cmd_MoveKey].activated  &&
                     !symKeyUtil.options[opt_TargetToken].activated) {
       PR_fprintf(PR_STDERR, 
                 "%s -%c: target token is required for this command (-g).\n",
                  progName, commandToRun);
       return 255;
    }

    /*  Using slotname == NULL for listing keys and certs on all slots, 
     *  but only that. */
    if (!(symKeyUtil.commands[cmd_ListKeys].activated) && slotname == NULL) {
       PR_fprintf(PR_STDERR,
                  "%s -%c: cannot use \"-h all\" for this command.\n",
                  progName, commandToRun);
       return 255;
    }

    name = SECU_GetOptionArg(&symKeyUtil, opt_Nickname);
    wrapName = SECU_GetOptionArg(&symKeyUtil, opt_WrapKeyName);

    PK11_SetPasswordFunc(SECU_GetModulePassword);

    /*  Initialize NSPR and NSS.  */
    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
    rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix,
                        "secmod.db", readOnly ? NSS_INIT_READONLY: 0);
    if (rv != SECSuccess) {
       SECU_PrintPRandOSError(progName);
       goto shutdown;
    }
    rv = SECFailure;

    if (PL_strcmp(slotname, "internal") == 0)
       slot = PK11_GetInternalKeySlot();
    else if (slotname != NULL)
       slot = PK11_FindSlotByName(slotname);

    /* generating a new key */
    if (symKeyUtil.commands[cmd_CreateNewKey].activated)  {
       PK11SymKey *symKey;

       symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize, 
                                                 NULL, PR_TRUE, &pwdata);
       if (!symKey) {
           PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName);
           goto shutdown;
       }
       if (symKeyUtil.options[opt_Nickname].activated) {
           rv = PK11_SetSymKeyNickname(symKey, name);
           if (rv != SECSuccess) {
              PK11_DeleteTokenSymKey(symKey);
              PK11_FreeSymKey(symKey);
               PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
                                                         progName);
              goto shutdown;
           }
       }
       rv = SECSuccess;
       PrintKey(symKey);
       PK11_FreeSymKey(symKey);
    }
    if (symKeyUtil.commands[cmd_DeleteKey].activated) {
       PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata);

       if (!symKey) {
           char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
           PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           goto shutdown;
       }

       rv = PK11_DeleteTokenSymKey(symKey);
       FreeKeyList(symKey);
       if (rv != SECSuccess) {
           PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName);
           goto shutdown;
       }
    }
    if (symKeyUtil.commands[cmd_UnwrapKey].activated) {
       PK11SymKey *wrapKey = FindKey(slot,wrapName,&wrapKeyID,&pwdata);
       PK11SymKey *symKey;
       CK_MECHANISM_TYPE mechanism;

       if (!wrapKey) {
           char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) 
                                                 : PORT_Strdup(wrapName);
           PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           goto shutdown;
       }
       mechanism = GetWrapMechanism(wrapKey);
       if (mechanism == CKM_INVALID_MECHANISM) {
           char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) 
                                                 : PORT_Strdup(wrapName);
           PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           PK11_FreeSymKey(wrapKey);
           goto shutdown;
       }

       symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL,
                     &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE);
       PK11_FreeSymKey(wrapKey);
       if (!symKey) {
           PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName);
           goto shutdown;
       }

       if (symKeyUtil.options[opt_Nickname].activated) {
           rv = PK11_SetSymKeyNickname(symKey, name);
           if (rv != SECSuccess) {
               PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", 
                                                        progName);
              PK11_DeleteTokenSymKey(symKey);
              PK11_FreeSymKey(symKey);
              goto shutdown;
           }
       }
       rv = SECSuccess;
       PrintKey(symKey);
       PK11_FreeSymKey(symKey);
    }

#define MAX_KEY_SIZE 4098
    if (symKeyUtil.commands[cmd_WrapKey].activated) {
       PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
       PK11SymKey *wrapKey;
       CK_MECHANISM_TYPE mechanism;
       SECItem data;
       unsigned char buf[MAX_KEY_SIZE];
       int ret;

       if (!symKey) {
           char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
           PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           goto shutdown;
       }

       wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
       if (!wrapKey) {
           char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) 
                                                 : PORT_Strdup(wrapName);
           PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           PK11_FreeSymKey(symKey);
           goto shutdown;
       }

       mechanism = GetWrapMechanism(wrapKey);
       if (mechanism == CKM_INVALID_MECHANISM) {
           char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) 
                                                 : PORT_Strdup(wrapName);
           PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           PK11_FreeSymKey(symKey);
           PK11_FreeSymKey(wrapKey);
           goto shutdown;
       }

       data.data = buf;
       data.len = sizeof(buf);
       rv = PK11_WrapSymKey(mechanism, NULL,  wrapKey, symKey, &data);
       PK11_FreeSymKey(symKey);
       PK11_FreeSymKey(wrapKey);
       if (rv != SECSuccess) {
           PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n",progName);
           goto shutdown;
       }

       /* WriteBuf outputs it's own error using SECU_PrintError */
       ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data);
       if (ret < 0) {
           goto shutdown;
       }
    }

    if (symKeyUtil.commands[cmd_ImportKey].activated) {
       PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType,
                      PK11_OriginUnwrap, CKA_ENCRYPT, &key,&pwdata);
       if (!symKey) {
           PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName);
           goto shutdown;
       }
       if (symKeyUtil.options[opt_Nickname].activated) {
           rv = PK11_SetSymKeyNickname(symKey, name);
           if (rv != SECSuccess) {
               PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", 
                                                        progName);
              PK11_DeleteTokenSymKey(symKey);
              PK11_FreeSymKey(symKey);
              goto shutdown;
           }
       }
       rv = SECSuccess;
       PrintKey(symKey);
       PK11_FreeSymKey(symKey);
    }

    /*  List certs (-L)  */
    if (symKeyUtil.commands[cmd_ListKeys].activated) {
       int printLabel = 1;
       if (slot) {
           rv = ListKeys(slot,&printLabel,&pwdata);
       } else {
           /* loop over all the slots */
           PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
                                   PR_FALSE, PR_FALSE, &pwdata);
           PK11SlotListElement *se;

           if (slotList == NULL) {
               PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName);
           }
           for (se = PK11_GetFirstSafe(slotList); se; 
                            se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
               rv = ListKeys(se->slot,&printLabel,&pwdata);
               if (rv !=SECSuccess) {
                  break;
              }
           }
       }
    }

    /*  Move key (-M)  */
    if (symKeyUtil.commands[cmd_MoveKey].activated) {
       PK11SlotInfo *target;
       char *targetName = symKeyUtil.options[opt_TargetToken].arg;
       PK11SymKey *newKey;
       PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata);
       char *keyName = PK11_GetSymKeyNickname(symKey);

       if (!symKey) {
           char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
           PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
                     progName, keyName, PK11_GetTokenName(slot));
           PORT_Free(keyName);
           goto shutdown;
       }
       target = PK11_FindSlotByName(targetName);
       if (!target) {
           PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n",
                     progName, targetName);
           goto shutdown;
       }
       rv = PK11_Authenticate(target, PR_FALSE, &pwdata);
       if (rv != SECSuccess) {
           PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n",
                     progName, targetName);
           goto shutdown;
       }
       rv = SECFailure;
       newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey);
       if (!newKey) {
           PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n",progName);
           goto shutdown;
       }
       if (keyName) {
           rv = PK11_SetSymKeyNickname(newKey, keyName);
           if (rv != SECSuccess) {
              PK11_DeleteTokenSymKey(newKey);
              PK11_FreeSymKey(newKey);
               PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
                                                         progName);
              goto shutdown;
           }
       }
       PK11_FreeSymKey(newKey);
       rv = SECSuccess;
    }

shutdown:
    if (rv != SECSuccess) {
       PR_fprintf(PR_STDERR, "%s: %s\n", progName,
                                   SECU_Strerror(PORT_GetError()));
    }

    if (key.data) {
       PORT_Free(key.data);
    }

    if (keyID.data) {
       PORT_Free(keyID.data);
    }

    if (slot) {
       PK11_FreeSlot(slot);
    }

    if (NSS_Shutdown() != SECSuccess) {
        exit(1);
    }

    if (rv == SECSuccess) {
       return 0;
    } else {
       return 255;
    }
}
void printBuf ( unsigned char *  data,
int  len 
)

Definition at line 306 of file symkeyutil.c.

{
    int i;

    for (i=0; i < len; i++) {
       printf("%02x",data[i]);
    }
}

Here is the caller graph for this function:

void PrintKey ( PK11SymKey *  symKey)

Definition at line 316 of file symkeyutil.c.

{
    char *name = PK11_GetSymKeyNickname(symKey);
    int len = PK11_GetKeyLength(symKey);
    int strength = PK11_GetKeyStrength(symKey, NULL);
    SECItem *value = NULL;
    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
    (void) PK11_ExtractKeyValue(symKey);

    value = PK11_GetKeyData(symKey);

    printf("%-20s %3d   %4d   %10s  ", name ? name: " ", len, strength, 
                            GetStringFromKeyType(type));
    if (value && value->data) {
       printBuf(value->data, value->len);
    } else {
       printf("<restricted>");
    }
    printf("\n");
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ReadBuf ( char *  inFile,
SECItem *  item 
)

Definition at line 123 of file symkeyutil.c.

{
    int len;
    int ret;
    PRFileDesc* fd = PR_Open(inFile, PR_RDONLY, 0);
    if (NULL == fd) {
        SECU_PrintError("symkeyutil", "PR_Open failed");
       return -1;
    }

    len = GetLen(fd);
    if (len < 0) {
       SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed");
       return -1;
    }
    item->data = (unsigned char *)PORT_Alloc(len);
    if (item->data == NULL) {
       fprintf(stderr,"Failed to allocate %d to read file %s\n",len,inFile);
       return -1;
    }

    ret = PR_Read(fd,item->data,item->len);
    if (ret < 0) {
       SECU_PrintError("symkeyutil", "PR_Read failed");
       PORT_Free(item->data);
       item->data = NULL;
       return -1;
    }
    PR_Close(fd);
    item->len = len;
    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char ToDigit ( unsigned char  c)

Definition at line 250 of file symkeyutil.c.

{
    c = c & 0xf;
    if (c <= 9) {
       return (char) (c+'0');
    }
    return (char) (c+'a'-0xa);
}

Here is the caller graph for this function:

static void Usage ( char *  progName) [static]

Definition at line 406 of file symkeyutil.c.

{
#define FPS fprintf(stderr, 
    FPS "Type %s -H for more detailed descriptions\n", progName);
    FPS "Usage:");
    FPS "\t%s -L [std_opts] [-r]\n", progName);
    FPS "\t%s -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts]\n", progName);
    FPS "\t%s -D <[-n name | -i id | -j id_file> [std_opts]\n", progName);
    FPS "\t%s -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts]\n", progName);
    FPS "\t%s -E  <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts]\n", progName);
    FPS "\t%s -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts]\n", progName);
    FPS "\t%s -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts]\n", progName);
    FPS "\t%s -M <-n name | -i id | -j id_file> -g target_token [std_opts]\n", progName);
    FPS "\t\t std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token]\n");
    FPS "\t\t wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file>\n");
    exit(1);
}

Here is the call graph for this function:

int WriteBuf ( char *  inFile,
SECItem *  item 
)

Definition at line 157 of file symkeyutil.c.

{
    int ret;
    PRFileDesc* fd = PR_Open(inFile, PR_WRONLY|PR_CREATE_FILE, 0x200);
    if (NULL == fd) {
        SECU_PrintError("symkeyutil", "PR_Open failed");
       return -1;
    }

    ret = PR_Write(fd,item->data,item->len);
    if (ret < 0) {
       SECU_PrintError("symkeyutil", "PR_Write failed");
       return -1;
    }
    PR_Close(fd);
    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

KeyTypes keyArray[] [static]
int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]) [static]

Definition at line 108 of file symkeyutil.c.

Initial value:
{
       {   'K', PR_FALSE, 0, PR_FALSE },
       {   'D', PR_FALSE, 0, PR_FALSE },
       {   'I', PR_FALSE, 0, PR_FALSE },
       {   'E', PR_FALSE, 0, PR_FALSE },
       {   'W', PR_FALSE, 0, PR_FALSE },
       {   'U', PR_FALSE, 0, PR_FALSE },
       {   'M', PR_FALSE, 0, PR_FALSE },
       {   'L', PR_FALSE, 0, PR_FALSE },
       {   'H', PR_FALSE, 0, PR_FALSE },
}

Definition at line 568 of file symkeyutil.c.

Initial value:
{
       {   'd', PR_TRUE,  0, PR_FALSE },
       {   'f', PR_TRUE,  0, PR_FALSE },
       {   'g', PR_TRUE,  0, PR_FALSE },
       {   'h', PR_TRUE,  0, PR_FALSE },
       {   'i', PR_TRUE,  0, PR_FALSE },
       {   'j', PR_TRUE,  0, PR_FALSE },
       {   't', PR_TRUE,  0, PR_FALSE },
       {   'n', PR_TRUE,  0, PR_FALSE },
       {   'k', PR_TRUE,  0, PR_FALSE },
       {   'p', PR_TRUE,  0, PR_FALSE },
       {   'P', PR_TRUE,  0, PR_FALSE },
       {   'r', PR_FALSE, 0, PR_FALSE },
       {   's', PR_TRUE,  0, PR_FALSE },
       {   'w', PR_TRUE,  0, PR_FALSE },
       {   'x', PR_TRUE,  0, PR_FALSE },
       {   'y', PR_TRUE,  0, PR_FALSE },
       {   'z', PR_TRUE,  0, PR_FALSE },
}

Definition at line 581 of file symkeyutil.c.