diff options
Diffstat (limited to 'nss/cmd/symkeyutil/symkeyutil.c')
| -rw-r--r-- | nss/cmd/symkeyutil/symkeyutil.c | 1048 |
1 files changed, 524 insertions, 524 deletions
diff --git a/nss/cmd/symkeyutil/symkeyutil.c b/nss/cmd/symkeyutil/symkeyutil.c index 353da71..6170cc3 100644 --- a/nss/cmd/symkeyutil/symkeyutil.c +++ b/nss/cmd/symkeyutil/symkeyutil.c @@ -38,7 +38,7 @@ #include "nss.h" typedef struct _KeyTypes { - CK_KEY_TYPE keyType; + CK_KEY_TYPE keyType; CK_MECHANISM_TYPE mechType; CK_MECHANISM_TYPE wrapMech; char *label; @@ -54,10 +54,10 @@ static KeyTypes keyArray[] = { { CKK_KEA, CKM_KEA_KEY_DERIVE, CKM_INVALID_MECHANISM, "kea" }, #endif { CKK_GENERIC_SECRET, CKM_SHA_1_HMAC, CKM_INVALID_MECHANISM, "generic" }, - { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB,"rc2" }, + { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB, "rc2" }, /* don't define a wrap mech for RC-4 since it's note really safe */ - { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" }, - { CKK_DES, CKM_DES_CBC, CKM_DES_ECB,"des" }, + { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" }, + { CKK_DES, CKM_DES_CBC, CKM_DES_ECB, "des" }, { CKK_DES2, CKM_DES2_KEY_GEN, CKM_DES3_ECB, "des2" }, { CKK_DES3, CKM_DES3_KEY_GEN, CKM_DES3_ECB, "des3" }, { CKK_CAST, CKM_CAST_CBC, CKM_CAST_ECB, "cast" }, @@ -74,10 +74,10 @@ static KeyTypes keyArray[] = { { CKK_CAMELLIA, CKM_CAMELLIA_CBC, CKM_CAMELLIA_ECB, "camellia" }, }; -static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]); +static int keyArraySize = sizeof(keyArray) / sizeof(keyArray[0]); int -GetLen(PRFileDesc* fd) +GetLen(PRFileDesc *fd) { PRFileInfo info; @@ -93,29 +93,29 @@ ReadBuf(char *inFile, SECItem *item) { int len; int ret; - PRFileDesc* fd = PR_Open(inFile, PR_RDONLY, 0); + PRFileDesc *fd = PR_Open(inFile, PR_RDONLY, 0); if (NULL == fd) { SECU_PrintError("symkeyutil", "PR_Open failed"); - return -1; + return -1; } len = GetLen(fd); if (len < 0) { - SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed"); - return -1; + SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed"); + return -1; } item->data = (unsigned char *)PORT_Alloc(len); if (item->data == NULL) { - fprintf(stderr,"Failed to allocate %d to read file %s\n",len,inFile); - return -1; + fprintf(stderr, "Failed to allocate %d to read file %s\n", len, inFile); + return -1; } - ret = PR_Read(fd,item->data,item->len); + ret = PR_Read(fd, item->data, item->len); if (ret < 0) { - SECU_PrintError("symkeyutil", "PR_Read failed"); - PORT_Free(item->data); - item->data = NULL; - return -1; + SECU_PrintError("symkeyutil", "PR_Read failed"); + PORT_Free(item->data); + item->data = NULL; + return -1; } PR_Close(fd); item->len = len; @@ -126,16 +126,16 @@ int WriteBuf(char *inFile, SECItem *item) { int ret; - PRFileDesc* fd = PR_Open(inFile, PR_WRONLY|PR_CREATE_FILE, 0x200); + PRFileDesc *fd = PR_Open(inFile, PR_WRONLY | PR_CREATE_FILE, 0x200); if (NULL == fd) { SECU_PrintError("symkeyutil", "PR_Open failed"); - return -1; + return -1; } - ret = PR_Write(fd,item->data,item->len); + ret = PR_Write(fd, item->data, item->len); if (ret < 0) { - SECU_PrintError("symkeyutil", "PR_Write failed"); - return -1; + SECU_PrintError("symkeyutil", "PR_Write failed"); + return -1; } PR_Close(fd); return 0; @@ -145,10 +145,10 @@ CK_KEY_TYPE GetKeyTypeFromString(const char *keyString) { int i; - for (i=0; i < keyArraySize; i++) { - if (PL_strcasecmp(keyString,keyArray[i].label) == 0) { - return keyArray[i].keyType; - } + for (i = 0; i < keyArraySize; i++) { + if (PL_strcasecmp(keyString, keyArray[i].label) == 0) { + return keyArray[i].keyType; + } } return (CK_KEY_TYPE)-1; } @@ -157,10 +157,10 @@ CK_MECHANISM_TYPE GetKeyMechFromString(const char *keyString) { int i; - for (i=0; i < keyArraySize; i++) { - if (PL_strcasecmp(keyString,keyArray[i].label) == 0) { - return keyArray[i].mechType; - } + for (i = 0; i < keyArraySize; i++) { + if (PL_strcasecmp(keyString, keyArray[i].label) == 0) { + return keyArray[i].mechType; + } } return (CK_MECHANISM_TYPE)-1; } @@ -169,10 +169,10 @@ const char * GetStringFromKeyType(CK_KEY_TYPE type) { int i; - for (i=0; i < keyArraySize; i++) { - if (keyArray[i].keyType == type) { - return keyArray[i].label; - } + for (i = 0; i < keyArraySize; i++) { + if (keyArray[i].keyType == type) { + return keyArray[i].label; + } } return "unmatched"; } @@ -181,10 +181,10 @@ CK_MECHANISM_TYPE GetWrapFromKeyType(CK_KEY_TYPE type) { int i; - for (i=0; i < keyArraySize; i++) { - if (keyArray[i].keyType == type) { - return keyArray[i].wrapMech; - } + for (i = 0; i < keyArraySize; i++) { + if (keyArray[i].keyType == type) { + return keyArray[i].wrapMech; + } } return CKM_INVALID_MECHANISM; } @@ -201,16 +201,16 @@ int GetDigit(char c) { if (c == 0) { - return -1; + return -1; } if (c <= '9' && c >= '0') { - return c - '0'; + return c - '0'; } if (c <= 'f' && c >= 'a') { - return c - 'a' + 0xa; + return c - 'a' + 0xa; } if (c <= 'F' && c >= 'A') { - return c - 'A' + 0xa; + return c - 'A' + 0xa; } return -1; } @@ -220,52 +220,51 @@ ToDigit(unsigned char c) { c = c & 0xf; if (c <= 9) { - return (char) (c+'0'); + return (char)(c + '0'); } - return (char) (c+'a'-0xa); + return (char)(c + 'a' - 0xa); } char * BufToHex(SECItem *outbuf) { - int len = outbuf->len * 2 +1; + int len = outbuf->len * 2 + 1; char *string, *ptr; unsigned int i; string = PORT_Alloc(len); ptr = string; - for (i=0; i < outbuf->len; i++) { - *ptr++ = ToDigit(outbuf->data[i] >> 4); - *ptr++ = ToDigit(outbuf->data[i] & 0xf); + for (i = 0; i < outbuf->len; i++) { + *ptr++ = ToDigit(outbuf->data[i] >> 4); + *ptr++ = ToDigit(outbuf->data[i] & 0xf); } *ptr = 0; return string; } - int HexToBuf(char *inString, SECItem *outbuf) { int len = strlen(inString); - int outlen = len+1/2; + int outlen = len + 1 / 2; int trueLen = 0; outbuf->data = PORT_Alloc(outlen); if (outbuf->data) { - return -1; + return -1; } while (*inString) { - int digit1, digit2; - digit1 = GetDigit(*inString++); - digit2 = GetDigit(*inString++); - if ((digit1 == -1) || (digit2 == -1)) { - PORT_Free(outbuf->data); - outbuf->data = NULL; - return -1; - } - outbuf->data[trueLen++] = digit1 << 4 | digit2; + int digit1, digit2; + digit1 = GetDigit(*inString++); + digit2 = GetDigit(*inString++); + if ((digit1 == -1) || (digit2 == -1)) { + PORT_Free(outbuf->data); + outbuf->data = NULL; + return -1; + } + outbuf->data[trueLen++] = digit1 << 4 | digit2; } outbuf->len = trueLen; return 0; @@ -276,8 +275,8 @@ printBuf(unsigned char *data, int len) { int i; - for (i=0; i < len; i++) { - printf("%02x",data[i]); + for (i = 0; i < len; i++) { + printf("%02x", data[i]); } } @@ -289,35 +288,37 @@ PrintKey(PK11SymKey *symKey) int strength = PK11_GetKeyStrength(symKey, NULL); SECItem *value = NULL; CK_KEY_TYPE type = PK11_GetSymKeyType(symKey); - (void) PK11_ExtractKeyValue(symKey); + (void)PK11_ExtractKeyValue(symKey); value = PK11_GetKeyData(symKey); - printf("%-20s %3d %4d %10s ", name ? name: " ", len, strength, - GetStringFromKeyType(type)); + printf("%-20s %3d %4d %10s ", name ? name : " ", len, strength, + GetStringFromKeyType(type)); if (value && value->data) { - printBuf(value->data, value->len); + printBuf(value->data, value->len); } else { - printf("<restricted>"); + printf("<restricted>"); } printf("\n"); } SECStatus -ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd) { +ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd) +{ PK11SymKey *keyList; SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd); if (rv != SECSuccess) { - return rv;; + return rv; + ; } keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd); if (keyList) { - if (*printLabel) { + if (*printLabel) { printf(" Name Len Strength Type Data\n"); - *printLabel = 0; - } - printf("%s:\n",PK11_GetTokenName(slot)); + *printLabel = 0; + } + printf("%s:\n", PK11_GetTokenName(slot)); } while (keyList) { PK11SymKey *freeKey = keyList; @@ -335,20 +336,19 @@ FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd) SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd); if (rv != SECSuccess) { - return NULL; + return NULL; } - if (id->data) { - key = PK11_FindFixedKey(slot,CKM_INVALID_MECHANISM, id, pwd); + key = PK11_FindFixedKey(slot, CKM_INVALID_MECHANISM, id, pwd); } if (name && !key) { - key = PK11_ListFixedKeysInSlot(slot,name, pwd); + key = PK11_ListFixedKeysInSlot(slot, name, pwd); } if (key) { - printf("Found a key\n"); - PrintKey(key); + printf("Found a key\n"); + PrintKey(key); } return key; } @@ -356,25 +356,25 @@ FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd) PRBool IsKeyList(PK11SymKey *symKey) { - return (PRBool) (PK11_GetNextSymKey(symKey) != NULL); + return (PRBool)(PK11_GetNextSymKey(symKey) != NULL); } void FreeKeyList(PK11SymKey *symKey) { - PK11SymKey *next,*current; + PK11SymKey *next, *current; - for (current = symKey; current; current = next) { - next = PK11_GetNextSymKey(current); - PK11_FreeSymKey(current); - } - return; + for (current = symKey; current; current = next) { + next = PK11_GetNextSymKey(current); + PK11_FreeSymKey(current); + } + return; } - -static void + +static void Usage(char *progName) { -#define FPS fprintf(stderr, +#define FPS fprintf(stderr, FPS "Type %s -H for more detailed descriptions\n", progName); FPS "Usage:"); FPS "\t%s -L [std_opts] [-r]\n", progName); @@ -390,112 +390,113 @@ Usage(char *progName) exit(1); } -static void LongUsage(char *progName) +static void +LongUsage(char *progName) { int i; FPS "%-15s List all the keys.\n", "-L"); FPS "%-15s Generate a new key.\n", "-K"); FPS "%-20s Specify the nickname of the new key\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); + " -j key id file"); FPS "%-20s Specify the keyType of the new key\n", - " -t type"); + " -t type"); FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); + for (i = 0; i < keyArraySize; i++) { + FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); } FPS "%-20s Specify the size of the new key in bytes (required by some types)\n", - " -s size"); + " -s size"); FPS "%-15s Delete a key.\n", "-D"); FPS "%-20s Specify the nickname of the key to delete\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the key to delete\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the key to delete\n", - " -j key id file"); + " -j key id file"); FPS "%-15s Import a new key from a data file.\n", "-I"); FPS "%-20s Specify the data file to read the key from.\n", - " -k key file"); + " -k key file"); FPS "%-20s Specify the nickname of the new key\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); + " -j key id file"); FPS "%-20s Specify the keyType of the new key\n", - " -t type"); + " -t type"); FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); + for (i = 0; i < keyArraySize; i++) { + FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); } FPS "%-15s Export a key to a data file.\n", "-E"); FPS "%-20s Specify the data file to write the key to.\n", - " -k key file"); + " -k key file"); FPS "%-20s Specify the nickname of the key to export\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the key to export\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the key to export\n", - " -j key id file"); + " -j key id file"); FPS "%-15s Move a key to a new token.\n", "-M"); FPS "%-20s Specify the nickname of the key to move\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the key to move\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the key to move\n", - " -j key id file"); + " -j key id file"); FPS "%-20s Specify the token to move the key to\n", - " -g target token"); + " -g target token"); FPS "%-15s Unwrap a new key from a data file.\n", "-U"); FPS "%-20s Specify the data file to read the encrypted key from.\n", - " -k key file"); + " -k key file"); FPS "%-20s Specify the nickname of the new key\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the new key\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the new key\n", - " -j key id file"); + " -j key id file"); FPS "%-20s Specify the keyType of the new key\n", - " -t type"); + " -t type"); FPS "%-20s", " valid types: "); - for (i=0; i < keyArraySize ; i++) { - FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); + for (i = 0; i < keyArraySize; i++) { + FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':','); } FPS "%-20s Specify the nickname of the wrapping key\n", - " -w wrap name"); + " -w wrap name"); FPS "%-20s Specify the id in hex of the wrapping key\n", - " -x wrap key id"); + " -x wrap key id"); FPS "%-20s Specify a file to read the id of the wrapping key\n", - " -y wrap key id file"); + " -y wrap key id file"); FPS "%-15s Wrap a new key to a data file. [not yet implemented]\n", "-W"); FPS "%-20s Specify the data file to write the encrypted key to.\n", - " -k key file"); + " -k key file"); FPS "%-20s Specify the nickname of the key to wrap\n", - " -n name"); + " -n name"); FPS "%-20s Specify the id in hex of the key to wrap\n", - " -i key id"); + " -i key id"); FPS "%-20s Specify a file to read the id of the key to wrap\n", - " -j key id file"); + " -j key id file"); FPS "%-20s Specify the nickname of the wrapping key\n", - " -w wrap name"); + " -w wrap name"); FPS "%-20s Specify the id in hex of the wrapping key\n", - " -x wrap key id"); + " -x wrap key id"); FPS "%-20s Specify a file to read the id of the wrapping key\n", - " -y wrap key id file"); + " -y wrap key id file"); FPS "%-15s Options valid for all commands\n", "std_opts"); FPS "%-20s The directory where the NSS db's reside\n", - " -d certdir"); + " -d certdir"); FPS "%-20s Prefix for the NSS db's\n", - " -P db prefix"); + " -P db prefix"); FPS "%-20s Specify password on the command line\n", - " -p password"); + " -p password"); FPS "%-20s Specify password file on the command line\n", - " -f password file"); + " -f password file"); FPS "%-20s Specify token to act on\n", - " -h token"); + " -h token"); exit(1); #undef FPS } @@ -535,54 +536,54 @@ enum { }; static secuCommandFlag symKeyUtil_commands[] = -{ - { /* cmd_CreateNewKey */ 'K', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteKey */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ImportKey */ 'I', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ExportKey */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_WrapKey */ 'W', PR_FALSE, 0, PR_FALSE }, - { /* cmd_UnwrapKey */ 'U', PR_FALSE, 0, PR_FALSE }, - { /* cmd_MoveKey */ 'M', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListKeys */ 'L', PR_FALSE, 0, PR_FALSE }, - { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, -}; + { + { /* cmd_CreateNewKey */ 'K', PR_FALSE, 0, PR_FALSE }, + { /* cmd_DeleteKey */ 'D', PR_FALSE, 0, PR_FALSE }, + { /* cmd_ImportKey */ 'I', PR_FALSE, 0, PR_FALSE }, + { /* cmd_ExportKey */ 'E', PR_FALSE, 0, PR_FALSE }, + { /* cmd_WrapKey */ 'W', PR_FALSE, 0, PR_FALSE }, + { /* cmd_UnwrapKey */ 'U', PR_FALSE, 0, PR_FALSE }, + { /* cmd_MoveKey */ 'M', PR_FALSE, 0, PR_FALSE }, + { /* cmd_ListKeys */ 'L', PR_FALSE, 0, PR_FALSE }, + { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, + }; static secuCommandFlag symKeyUtil_options[] = -{ - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_TargetToken */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyID */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyIDFile */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyType */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyFile */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_Password */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_dbPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_RW */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeySize */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyName */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyID */ 'x', PR_TRUE, 0, PR_FALSE }, - { /* opt_WrapKeyIDFile */ 'y', PR_TRUE, 0, PR_FALSE }, - { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, -}; + { + { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, + { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, + { /* opt_TargetToken */ 'g', PR_TRUE, 0, PR_FALSE }, + { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeyID */ 'i', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeyIDFile */ 'j', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeyType */ 't', PR_TRUE, 0, PR_FALSE }, + { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeyFile */ 'k', PR_TRUE, 0, PR_FALSE }, + { /* opt_Password */ 'p', PR_TRUE, 0, PR_FALSE }, + { /* opt_dbPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, + { /* opt_RW */ 'r', PR_FALSE, 0, PR_FALSE }, + { /* opt_KeySize */ 's', PR_TRUE, 0, PR_FALSE }, + { /* opt_WrapKeyName */ 'w', PR_TRUE, 0, PR_FALSE }, + { /* opt_WrapKeyID */ 'x', PR_TRUE, 0, PR_FALSE }, + { /* opt_WrapKeyIDFile */ 'y', PR_TRUE, 0, PR_FALSE }, + { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, + }; -int +int main(int argc, char **argv) { PK11SlotInfo *slot = NULL; - char * slotname = "internal"; - char * certPrefix = ""; - CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC; - int keySize = 0; - char * name = NULL; - char * wrapName = NULL; - secuPWData pwdata = { PW_NONE, 0 }; - PRBool readOnly = PR_FALSE; - SECItem key; - SECItem keyID; - SECItem wrapKeyID; + char *slotname = "internal"; + char *certPrefix = ""; + CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC; + int keySize = 0; + char *name = NULL; + char *wrapName = NULL; + secuPWData pwdata = { PW_NONE, 0 }; + PRBool readOnly = PR_FALSE; + SECItem key; + SECItem keyID; + SECItem wrapKeyID; int commandsEntered = 0; int commandToRun = 0; char *progName; @@ -590,177 +591,179 @@ main(int argc, char **argv) SECStatus rv = SECFailure; secuCommand symKeyUtil; - symKeyUtil.numCommands=sizeof(symKeyUtil_commands)/sizeof(secuCommandFlag); - symKeyUtil.numOptions=sizeof(symKeyUtil_options)/sizeof(secuCommandFlag); + symKeyUtil.numCommands = sizeof(symKeyUtil_commands) / sizeof(secuCommandFlag); + symKeyUtil.numOptions = sizeof(symKeyUtil_options) / sizeof(secuCommandFlag); symKeyUtil.commands = symKeyUtil_commands; symKeyUtil.options = symKeyUtil_options; - key.data = NULL; key.len = 0; - keyID.data = NULL; keyID.len = 0; - wrapKeyID.data = NULL; wrapKeyID.len = 0; + key.data = NULL; + key.len = 0; + keyID.data = NULL; + keyID.len = 0; + wrapKeyID.data = NULL; + wrapKeyID.len = 0; progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; + progName = progName ? progName + 1 : argv[0]; rv = SECU_ParseCommandLine(argc, argv, progName, &symKeyUtil); if (rv != SECSuccess) - Usage(progName); + Usage(progName); rv = SECFailure; /* -H print help */ if (symKeyUtil.commands[cmd_PrintHelp].activated) - LongUsage(progName); + LongUsage(progName); /* -f password file, -p password */ if (symKeyUtil.options[opt_PasswordFile].arg) { - pwdata.source = PW_FROMFILE; - pwdata.data = symKeyUtil.options[opt_PasswordFile].arg; + pwdata.source = PW_FROMFILE; + pwdata.data = symKeyUtil.options[opt_PasswordFile].arg; } else if (symKeyUtil.options[opt_Password].arg) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = symKeyUtil.options[opt_Password].arg; - } + pwdata.source = PW_PLAINTEXT; + pwdata.data = symKeyUtil.options[opt_Password].arg; + } /* -d directory */ if (symKeyUtil.options[opt_CertDir].activated) - SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg); + SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg); /* -s key size */ if (symKeyUtil.options[opt_KeySize].activated) { - keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg); + keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg); } /* -h specify token name */ if (symKeyUtil.options[opt_TokenName].activated) { - if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0) - slotname = NULL; - else - slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg); + if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0) + slotname = NULL; + else + slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg); } /* -t key type */ - if (symKeyUtil.options[opt_KeyType].activated) { - keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg); - if (keyType == (CK_MECHANISM_TYPE)-1) { - PR_fprintf(PR_STDERR, - "%s unknown key type (%s).\n", - progName, symKeyUtil.options[opt_KeyType].arg); - return 255; - } + if (symKeyUtil.options[opt_KeyType].activated) { + keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg); + if (keyType == (CK_MECHANISM_TYPE)-1) { + PR_fprintf(PR_STDERR, + "%s unknown key type (%s).\n", + progName, symKeyUtil.options[opt_KeyType].arg); + return 255; + } } /* -k for import and unwrap, it specifies an input file to read from, * for export and wrap it specifies an output file to write to */ if (symKeyUtil.options[opt_KeyFile].activated) { if (symKeyUtil.commands[cmd_ImportKey].activated || - symKeyUtil.commands[cmd_UnwrapKey].activated ) { - int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s Couldn't read key file (%s).\n", - progName, symKeyUtil.options[opt_KeyFile].arg); - return 255; - } - } + symKeyUtil.commands[cmd_UnwrapKey].activated) { + int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key); + if (ret < 0) { + PR_fprintf(PR_STDERR, + "%s Couldn't read key file (%s).\n", + progName, symKeyUtil.options[opt_KeyFile].arg); + return 255; + } + } } /* -i specify the key ID */ if (symKeyUtil.options[opt_KeyID].activated) { - int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s invalid key ID (%s).\n", - progName, symKeyUtil.options[opt_KeyID].arg); - return 255; - } + int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID); + if (ret < 0) { + PR_fprintf(PR_STDERR, + "%s invalid key ID (%s).\n", + progName, symKeyUtil.options[opt_KeyID].arg); + return 255; + } } /* -i & -j are mutually exclusive */ if ((symKeyUtil.options[opt_KeyID].activated) && - (symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -i and -j options are mutually exclusive.\n", progName); - return 255; + (symKeyUtil.options[opt_KeyIDFile].activated)) { + PR_fprintf(PR_STDERR, + "%s -i and -j options are mutually exclusive.\n", progName); + return 255; } /* -x specify the Wrap key ID */ if (symKeyUtil.options[opt_WrapKeyID].activated) { - int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s invalid key ID (%s).\n", - progName, symKeyUtil.options[opt_WrapKeyID].arg); - return 255; - } + int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID); + if (ret < 0) { + PR_fprintf(PR_STDERR, + "%s invalid key ID (%s).\n", + progName, symKeyUtil.options[opt_WrapKeyID].arg); + return 255; + } } /* -x & -y are mutually exclusive */ if ((symKeyUtil.options[opt_KeyID].activated) && - (symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -i and -j options are mutually exclusive.\n", progName); - return 255; + (symKeyUtil.options[opt_KeyIDFile].activated)) { + PR_fprintf(PR_STDERR, + "%s -i and -j options are mutually exclusive.\n", progName); + return 255; } - /* -y specify the key ID */ if (symKeyUtil.options[opt_WrapKeyIDFile].activated) { - int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg, - &wrapKeyID); - if (ret < 0) { - PR_fprintf(PR_STDERR, - "%s Couldn't read key ID file (%s).\n", - progName, symKeyUtil.options[opt_WrapKeyIDFile].arg); - return 255; - } + int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg, + &wrapKeyID); + if (ret < 0) { + PR_fprintf(PR_STDERR, + "%s Couldn't read key ID file (%s).\n", + progName, symKeyUtil.options[opt_WrapKeyIDFile].arg); + return 255; + } } /* -P certdb name prefix */ if (symKeyUtil.options[opt_dbPrefix].activated) - certPrefix = symKeyUtil.options[opt_dbPrefix].arg; + certPrefix = symKeyUtil.options[opt_dbPrefix].arg; /* Check number of commands entered. */ commandsEntered = 0; - for (i=0; i< symKeyUtil.numCommands; i++) { - if (symKeyUtil.commands[i].activated) { - commandToRun = symKeyUtil.commands[i].flag; - commandsEntered++; - } - if (commandsEntered > 1) - break; + for (i = 0; i < symKeyUtil.numCommands; i++) { + if (symKeyUtil.commands[i].activated) { + commandToRun = symKeyUtil.commands[i].flag; + commandsEntered++; + } + if (commandsEntered > 1) + break; } if (commandsEntered > 1) { - PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); - PR_fprintf(PR_STDERR, "You entered: "); - for (i=0; i< symKeyUtil.numCommands; i++) { - if (symKeyUtil.commands[i].activated) - PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag); - } - PR_fprintf(PR_STDERR, "\n"); - return 255; + PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); + PR_fprintf(PR_STDERR, "You entered: "); + for (i = 0; i < symKeyUtil.numCommands; i++) { + if (symKeyUtil.commands[i].activated) + PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag); + } + PR_fprintf(PR_STDERR, "\n"); + return 255; } if (commandsEntered == 0) { - PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); - Usage(progName); + PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); + Usage(progName); } if (symKeyUtil.commands[cmd_ListKeys].activated || - symKeyUtil.commands[cmd_PrintHelp].activated || - symKeyUtil.commands[cmd_ExportKey].activated || - symKeyUtil.commands[cmd_WrapKey].activated) { - readOnly = !symKeyUtil.options[opt_RW].activated; + symKeyUtil.commands[cmd_PrintHelp].activated || + symKeyUtil.commands[cmd_ExportKey].activated || + symKeyUtil.commands[cmd_WrapKey].activated) { + readOnly = !symKeyUtil.options[opt_RW].activated; } if ((symKeyUtil.commands[cmd_ImportKey].activated || symKeyUtil.commands[cmd_ExportKey].activated || symKeyUtil.commands[cmd_WrapKey].activated || - symKeyUtil.commands[cmd_UnwrapKey].activated ) && + symKeyUtil.commands[cmd_UnwrapKey].activated) && !symKeyUtil.options[opt_KeyFile].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: keyfile is required for this command (-k).\n", - progName, commandToRun); - return 255; + PR_fprintf(PR_STDERR, + "%s -%c: keyfile is required for this command (-k).\n", + progName, commandToRun); + return 255; } /* -E, -D, -W, and all require -n, -i, or -j to identify the key */ @@ -768,42 +771,42 @@ main(int argc, char **argv) symKeyUtil.commands[cmd_DeleteKey].activated || symKeyUtil.commands[cmd_WrapKey].activated) && !(symKeyUtil.options[opt_Nickname].activated || - symKeyUtil.options[opt_KeyID].activated || - symKeyUtil.options[opt_KeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -%c: nickname or id is required for this command (-n, -i, -j).\n", - progName, commandToRun); - return 255; + symKeyUtil.options[opt_KeyID].activated || + symKeyUtil.options[opt_KeyIDFile].activated)) { + PR_fprintf(PR_STDERR, + "%s -%c: nickname or id is required for this command (-n, -i, -j).\n", + progName, commandToRun); + return 255; } /* -W, -U, and all -w, -x, or -y to identify the wrapping key */ - if (( symKeyUtil.commands[cmd_WrapKey].activated || + if ((symKeyUtil.commands[cmd_WrapKey].activated || symKeyUtil.commands[cmd_UnwrapKey].activated) && !(symKeyUtil.options[opt_WrapKeyName].activated || - symKeyUtil.options[opt_WrapKeyID].activated || - symKeyUtil.options[opt_WrapKeyIDFile].activated)) { - PR_fprintf(PR_STDERR, - "%s -%c: wrap key is required for this command (-w, -x, or -y).\n", - progName, commandToRun); - return 255; + symKeyUtil.options[opt_WrapKeyID].activated || + symKeyUtil.options[opt_WrapKeyIDFile].activated)) { + PR_fprintf(PR_STDERR, + "%s -%c: wrap key is required for this command (-w, -x, or -y).\n", + progName, commandToRun); + return 255; } /* -M needs the target slot (-g) */ - if (symKeyUtil.commands[cmd_MoveKey].activated && - !symKeyUtil.options[opt_TargetToken].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: target token is required for this command (-g).\n", - progName, commandToRun); - return 255; + if (symKeyUtil.commands[cmd_MoveKey].activated && + !symKeyUtil.options[opt_TargetToken].activated) { + PR_fprintf(PR_STDERR, + "%s -%c: target token is required for this command (-g).\n", + progName, commandToRun); + return 255; } - /* Using slotname == NULL for listing keys and certs on all slots, + /* Using slotname == NULL for listing keys and certs on all slots, * but only that. */ if (!(symKeyUtil.commands[cmd_ListKeys].activated) && slotname == NULL) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-h all\" for this command.\n", - progName, commandToRun); - return 255; + PR_fprintf(PR_STDERR, + "%s -%c: cannot use \"-h all\" for this command.\n", + progName, commandToRun); + return 255; } name = SECU_GetOptionArg(&symKeyUtil, opt_Nickname); @@ -814,203 +817,203 @@ main(int argc, char **argv) /* Initialize NSPR and NSS. */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, - "secmod.db", readOnly ? NSS_INIT_READONLY: 0); + "secmod.db", readOnly ? NSS_INIT_READONLY : 0); if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - goto shutdown; + SECU_PrintPRandOSError(progName); + goto shutdown; } rv = SECFailure; if (PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); + slot = PK11_GetInternalKeySlot(); else if (slotname != NULL) - slot = PK11_FindSlotByName(slotname); + slot = PK11_FindSlotByName(slotname); /* generating a new key */ - if (symKeyUtil.commands[cmd_CreateNewKey].activated) { - PK11SymKey *symKey; - - symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize, - NULL, PR_TRUE, &pwdata); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName); - goto shutdown; - } - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", - progName); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); + if (symKeyUtil.commands[cmd_CreateNewKey].activated) { + PK11SymKey *symKey; + + symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize, + NULL, PR_TRUE, &pwdata); + if (!symKey) { + PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName); + goto shutdown; + } + if (symKeyUtil.options[opt_Nickname].activated) { + rv = PK11_SetSymKeyNickname(symKey, name); + if (rv != SECSuccess) { + PK11_DeleteTokenSymKey(symKey); + PK11_FreeSymKey(symKey); + PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", + progName); + goto shutdown; + } + } + rv = SECSuccess; + PrintKey(symKey); + PK11_FreeSymKey(symKey); } if (symKeyUtil.commands[cmd_DeleteKey].activated) { - PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata); - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - - rv = PK11_DeleteTokenSymKey(symKey); - FreeKeyList(symKey); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName); - goto shutdown; - } + PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata); + + if (!symKey) { + char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); + PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + goto shutdown; + } + + rv = PK11_DeleteTokenSymKey(symKey); + FreeKeyList(symKey); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName); + goto shutdown; + } } if (symKeyUtil.commands[cmd_UnwrapKey].activated) { - PK11SymKey *wrapKey = FindKey(slot,wrapName,&wrapKeyID,&pwdata); - PK11SymKey *symKey; - CK_MECHANISM_TYPE mechanism; - - if (!wrapKey) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - mechanism = GetWrapMechanism(wrapKey); - if (mechanism == CKM_INVALID_MECHANISM) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(wrapKey); - goto shutdown; - } - - symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL, - &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE); - PK11_FreeSymKey(wrapKey); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName); - goto shutdown; - } - - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", - progName); - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); + PK11SymKey *wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata); + PK11SymKey *symKey; + CK_MECHANISM_TYPE mechanism; + + if (!wrapKey) { + char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) + : PORT_Strdup(wrapName); + PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + goto shutdown; + } + mechanism = GetWrapMechanism(wrapKey); + if (mechanism == CKM_INVALID_MECHANISM) { + char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) + : PORT_Strdup(wrapName); + PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + PK11_FreeSymKey(wrapKey); + goto shutdown; + } + + symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL, + &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE); + PK11_FreeSymKey(wrapKey); + if (!symKey) { + PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName); + goto shutdown; + } + + if (symKeyUtil.options[opt_Nickname].activated) { + rv = PK11_SetSymKeyNickname(symKey, name); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", + progName); + PK11_DeleteTokenSymKey(symKey); + PK11_FreeSymKey(symKey); + goto shutdown; + } + } + rv = SECSuccess; + PrintKey(symKey); + PK11_FreeSymKey(symKey); } #define MAX_KEY_SIZE 4098 if (symKeyUtil.commands[cmd_WrapKey].activated) { - PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata); - PK11SymKey *wrapKey; - CK_MECHANISM_TYPE mechanism; - SECItem data; - unsigned char buf[MAX_KEY_SIZE]; - int ret; - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - - wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata); - if (!wrapKey) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(symKey); - goto shutdown; - } - - mechanism = GetWrapMechanism(wrapKey); - if (mechanism == CKM_INVALID_MECHANISM) { - char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) - : PORT_Strdup(wrapName); - PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - PK11_FreeSymKey(symKey); - PK11_FreeSymKey(wrapKey); - goto shutdown; - } - - data.data = buf; - data.len = sizeof(buf); - rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data); - PK11_FreeSymKey(symKey); - PK11_FreeSymKey(wrapKey); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n",progName); - goto shutdown; - } - - /* WriteBuf outputs it's own error using SECU_PrintError */ - ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data); - if (ret < 0) { - goto shutdown; - } + PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata); + PK11SymKey *wrapKey; + CK_MECHANISM_TYPE mechanism; + SECItem data; + unsigned char buf[MAX_KEY_SIZE]; + int ret; + + if (!symKey) { + char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); + PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + goto shutdown; + } + + wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata); + if (!wrapKey) { + char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) + : PORT_Strdup(wrapName); + PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + PK11_FreeSymKey(symKey); + goto shutdown; + } + + mechanism = GetWrapMechanism(wrapKey); + if (mechanism == CKM_INVALID_MECHANISM) { + char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID) + : PORT_Strdup(wrapName); + PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + PK11_FreeSymKey(symKey); + PK11_FreeSymKey(wrapKey); + goto shutdown; + } + + data.data = buf; + data.len = sizeof(buf); + rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data); + PK11_FreeSymKey(symKey); + PK11_FreeSymKey(wrapKey); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n", progName); + goto shutdown; + } + + /* WriteBuf outputs it's own error using SECU_PrintError */ + ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data); + if (ret < 0) { + goto shutdown; + } } if (symKeyUtil.commands[cmd_ImportKey].activated) { - PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType, - PK11_OriginUnwrap, CKA_ENCRYPT, &key,&pwdata); - if (!symKey) { - PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName); - goto shutdown; - } - if (symKeyUtil.options[opt_Nickname].activated) { - rv = PK11_SetSymKeyNickname(symKey, name); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", - progName); - PK11_DeleteTokenSymKey(symKey); - PK11_FreeSymKey(symKey); - goto shutdown; - } - } - rv = SECSuccess; - PrintKey(symKey); - PK11_FreeSymKey(symKey); + PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType, + PK11_OriginUnwrap, CKA_ENCRYPT, &key, &pwdata); + if (!symKey) { + PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName); + goto shutdown; + } + if (symKeyUtil.options[opt_Nickname].activated) { + rv = PK11_SetSymKeyNickname(symKey, name); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n", + progName); + PK11_DeleteTokenSymKey(symKey); + PK11_FreeSymKey(symKey); + goto shutdown; + } + } + rv = SECSuccess; + PrintKey(symKey); + PK11_FreeSymKey(symKey); } /* List certs (-L) */ if (symKeyUtil.commands[cmd_ListKeys].activated) { - int printLabel = 1; - if (slot) { - rv = ListKeys(slot,&printLabel,&pwdata); - } else { - /* loop over all the slots */ - PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, - PR_FALSE, PR_FALSE, &pwdata); - if (slotList == NULL) { - PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName); - } else { + int printLabel = 1; + if (slot) { + rv = ListKeys(slot, &printLabel, &pwdata); + } else { + /* loop over all the slots */ + PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, + PR_FALSE, PR_FALSE, &pwdata); + if (slotList == NULL) { + PR_fprintf(PR_STDERR, "%s: No tokens found\n", progName); + } else { PK11SlotListElement *se; - for (se = PK11_GetFirstSafe(slotList); se; - se=PK11_GetNextSafe(slotList,se, PR_FALSE)) { - rv = ListKeys(se->slot,&printLabel,&pwdata); - if (rv !=SECSuccess) { + for (se = PK11_GetFirstSafe(slotList); se; + se = PK11_GetNextSafe(slotList, se, PR_FALSE)) { + rv = ListKeys(se->slot, &printLabel, &pwdata); + if (rv != SECSuccess) { break; } } @@ -1019,72 +1022,72 @@ main(int argc, char **argv) } PK11_FreeSlotList(slotList); } - } + } } /* Move key (-M) */ if (symKeyUtil.commands[cmd_MoveKey].activated) { - PK11SlotInfo *target; - char *targetName = symKeyUtil.options[opt_TargetToken].arg; - PK11SymKey *newKey; - PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata); - char *keyName = PK11_GetSymKeyNickname(symKey); - - if (!symKey) { - char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); - PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", - progName, keyName, PK11_GetTokenName(slot)); - PORT_Free(keyName); - goto shutdown; - } - target = PK11_FindSlotByName(targetName); - if (!target) { - PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n", - progName, targetName); - goto shutdown; - } - rv = PK11_Authenticate(target, PR_FALSE, &pwdata); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n", - progName, targetName); - goto shutdown; - } - rv = SECFailure; - newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey); - if (!newKey) { - PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n",progName); - goto shutdown; - } - if (keyName) { - rv = PK11_SetSymKeyNickname(newKey, keyName); - if (rv != SECSuccess) { - PK11_DeleteTokenSymKey(newKey); - PK11_FreeSymKey(newKey); - PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", - progName); - goto shutdown; - } - } - PK11_FreeSymKey(newKey); - rv = SECSuccess; + PK11SlotInfo *target; + char *targetName = symKeyUtil.options[opt_TargetToken].arg; + PK11SymKey *newKey; + PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata); + char *keyName = PK11_GetSymKeyNickname(symKey); + + if (!symKey) { + char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name); + PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n", + progName, keyName, PK11_GetTokenName(slot)); + PORT_Free(keyName); + goto shutdown; + } + target = PK11_FindSlotByName(targetName); + if (!target) { + PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n", + progName, targetName); + goto shutdown; + } + rv = PK11_Authenticate(target, PR_FALSE, &pwdata); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n", + progName, targetName); + goto shutdown; + } + rv = SECFailure; + newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey); + if (!newKey) { + PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n", progName); + goto shutdown; + } + if (keyName) { + rv = PK11_SetSymKeyNickname(newKey, keyName); + if (rv != SECSuccess) { + PK11_DeleteTokenSymKey(newKey); + PK11_FreeSymKey(newKey); + PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n", + progName); + goto shutdown; + } + } + PK11_FreeSymKey(newKey); + rv = SECSuccess; } shutdown: if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s: %s\n", progName, - SECU_Strerror(PORT_GetError())); + PR_fprintf(PR_STDERR, "%s: %s\n", progName, + SECU_Strerror(PORT_GetError())); } if (key.data) { - PORT_Free(key.data); + PORT_Free(key.data); } if (keyID.data) { - PORT_Free(keyID.data); + PORT_Free(keyID.data); } if (slot) { - PK11_FreeSlot(slot); + PK11_FreeSlot(slot); } if (NSS_Shutdown() != SECSuccess) { @@ -1092,11 +1095,8 @@ shutdown: } if (rv == SECSuccess) { - return 0; + return 0; } else { - return 255; + return 255; } } - - - |