332 lines
13 KiB
HTML
332 lines
13 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Example: ILE C program for re-encrypting keys for your Cryptographic Coprocessor" />
|
||
|
<meta name="abstract" content="Change this program example to suit your needs for re-encrypting keys for your Cryptographic Coprocessor." />
|
||
|
<meta name="description" content="Change this program example to suit your needs for re-encrypting keys for your Cryptographic Coprocessor." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajcmasterkey.htm#reencryptingkeys" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="renkeystotxt" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Example: ILE C program for re-encrypting keys for your Cryptographic
|
||
|
Coprocessor</title>
|
||
|
</head>
|
||
|
<body id="renkeystotxt"><a name="renkeystotxt"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Example: ILE C program for re-encrypting keys for your Cryptographic
|
||
|
Coprocessor</h1>
|
||
|
<div><p>Change this program example to suit your needs for re-encrypting
|
||
|
keys for your Cryptographic Coprocessor.</p>
|
||
|
<div class="section"> <div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
|
||
|
important legal information.<p>If you choose to use this program example,
|
||
|
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
|
||
|
that you individualize these program examples rather than using the default
|
||
|
values provided.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="example"> <pre>/*---------------------------------------------------------------*/
|
||
|
/* Description: Re-enciphers key store files using the current */
|
||
|
/* master key. */
|
||
|
/* */
|
||
|
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
|
||
|
/* */
|
||
|
/* This material contains programming source code for your */
|
||
|
/* consideration. These examples have not been thoroughly */
|
||
|
/* tested under all conditions. IBM, therefore, cannot */
|
||
|
/* guarantee or imply reliability, serviceability, or function */
|
||
|
/* of these programs. All programs contained herein are */
|
||
|
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
|
||
|
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
|
||
|
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
|
||
|
/* these programs and files. */
|
||
|
/* */
|
||
|
/* Parameters: */
|
||
|
/* char * keysto_type, choices are "DES" or "PKA" */
|
||
|
/* (If omitted, the default is "PKA".) */
|
||
|
/* Examples: */
|
||
|
/* CALL PGM(REN_KEYSTO) PARM(DES) */
|
||
|
/* CALL PGM(REN_KEYSTO) */
|
||
|
/* */
|
||
|
/* Note: The CCA verbs used in the this program are more fully */
|
||
|
/* described in the IBM CCA Basic Services Reference */
|
||
|
/* and Guide (SC31-8609) publication. */
|
||
|
/* */
|
||
|
/* Note: This program assumes the card you want to use is */
|
||
|
/* already identified either by defaulting to the CRP01 */
|
||
|
/* device or has been explicitly named using the */
|
||
|
/* Cryptographic_Resource_Allocate verb. Also this */
|
||
|
/* device must be varied on and you must be authorized */
|
||
|
/* to use this device description. */
|
||
|
/* */
|
||
|
/* This program also assumes the key store file you will */
|
||
|
/* use is already identified either by being specified on */
|
||
|
/* the cryptographic device or has been explicitly named */
|
||
|
/* using the Key_Store_Designate verb. Also you must be */
|
||
|
/* authorized to update records in this file. */
|
||
|
/* */
|
||
|
/* Use the following commands to compile this program: */
|
||
|
/* ADDLIBLE LIB(QCCA) */
|
||
|
/* CRTCMOD MODULE(REN_KEYSTO) SRCFILE(SAMPLE) */
|
||
|
/* CRTPGM PGM(REN_KEYSTO) MODULE(REN_KEYSTO) */
|
||
|
/* BNDSRVPGM(QCCA/CSNBKTC QCCA/CSNBKRL */
|
||
|
/* QCCA/CSNDKTC QCCA/CSNDKRL) */
|
||
|
/* */
|
||
|
/* Note: authority to the CSNDKTC, CSNDKRL, CSNBKTC, and CSNBKRL */
|
||
|
/* service programs in the QCCA library is assumed. */
|
||
|
/* */
|
||
|
/* Common Cryptographic Architecture (CCA) verbs used: */
|
||
|
/* PKA_Key_Token_Change (CSNDKTC) */
|
||
|
/* DES_Key_Token_Change (CSNBKTC) */
|
||
|
/* PKA_Key_Record_List (CSNDKRL) */
|
||
|
/* DES_Key_Record_List (CSNBKRL) */
|
||
|
/*---------------------------------------------------------------*/
|
||
|
|
||
|
#include <stdlib.h>
|
||
|
#include <stdio.h>
|
||
|
#include <string.h>
|
||
|
#include "csucincl.h" /* header file for CCA Cryptographic
|
||
|
Service Provider */
|
||
|
|
||
|
/* Define the acceptable file types */
|
||
|
#define PKA 1
|
||
|
#define DES 0
|
||
|
|
||
|
|
||
|
int re_encipher(FILE *key_rec, long rec_length, int key_type);
|
||
|
|
||
|
int main(int argc, char *argv[])
|
||
|
{
|
||
|
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* standard return codes */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
|
||
|
#define ERROR -1
|
||
|
#define OK 0
|
||
|
|
||
|
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* standard CCA parameters */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
|
||
|
long return_code = 0;
|
||
|
long reason_code = 0;
|
||
|
long exit_data_length = 0;
|
||
|
char exit_data[2];
|
||
|
long rule_array_count = 0;
|
||
|
char rule_array[1][8];
|
||
|
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* fields unique to this sample program */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
char key_label[65] =
|
||
|
"*.*.*.*.*.*.* ";
|
||
|
long data_set_name_length = 0;
|
||
|
char data_set_name[65];
|
||
|
char security_server_name[9] = " ";
|
||
|
|
||
|
FILE *krl;
|
||
|
int keysto_type = PKA;
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* Check whether the user requested to re-encipher a DES or */
|
||
|
/* a PKA keystore file. Default to PKA if key file type is */
|
||
|
/* not specified. */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
if (argc >= 2)
|
||
|
{
|
||
|
if ((strcmp(argv[1],"DES")==0))
|
||
|
{
|
||
|
printf("\nDES ");
|
||
|
keysto_type = DES;
|
||
|
}
|
||
|
else if ((strcmp(argv[1],"PKA")==0))
|
||
|
printf("\nPKA ");
|
||
|
else
|
||
|
{
|
||
|
printf("\nKeystore type parm incorrectly specified.\n");
|
||
|
printf("Acceptable choices are PKA or DES.\n");
|
||
|
printf("The default is PKA.\n");
|
||
|
return ERROR;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
printf("\nPKA ");
|
||
|
}
|
||
|
|
||
|
if (keysto_type == DES)
|
||
|
{
|
||
|
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* Invoke the verb to create a DES Key Record List */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
CSNBKRL( &return_code,
|
||
|
&reason_code,
|
||
|
&exit_data_length,
|
||
|
exit_data,
|
||
|
key_label,
|
||
|
&data_set_name_length,
|
||
|
data_set_name,
|
||
|
security_server_name);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* Invoke the verb to create a PKA Key Record List */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
CSNDKRL( &return_code,
|
||
|
&reason_code,
|
||
|
&exit_data_length,
|
||
|
exit_data,
|
||
|
&rule_array_count,
|
||
|
(char *) rule_array,
|
||
|
key_label,
|
||
|
&data_set_name_length,
|
||
|
data_set_name,
|
||
|
security_server_name);
|
||
|
}
|
||
|
|
||
|
|
||
|
if ((return_code != 0) || (reason_code != 0))
|
||
|
{
|
||
|
printf("Key Record List generation was unsuccessful. ");
|
||
|
printf("Return/reason code = %d/%d\n",return_code, reason_code);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
printf("Key Record List generation was successful. ");
|
||
|
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
|
||
|
data_set_name[data_set_name_length] = '\0';
|
||
|
printf("data_set_name = %s\n",data_set_name);
|
||
|
|
||
|
/* Open the Key Record List file. */
|
||
|
krl = fopen(data_set_name, "rb");
|
||
|
|
||
|
if (krl == NULL) /* Open failed. */
|
||
|
{
|
||
|
printf("The open of the Key Record List file failed\n");
|
||
|
return ERROR;
|
||
|
}
|
||
|
else /* Open was successful. */
|
||
|
{
|
||
|
char header1[77];
|
||
|
int num_rec, i;
|
||
|
long rec_length, offset_rec1;
|
||
|
|
||
|
/* Read the first part of the KRL header. */
|
||
|
fread(header1,1,77,krl);
|
||
|
|
||
|
/* Get the number of key records in the file. */
|
||
|
num_rec = atoi(&header1[50]);
|
||
|
printf("Number of key records = %d\n",num_rec);
|
||
|
|
||
|
/* Get the length for the key records. */
|
||
|
rec_length = atol(&header1[58]);
|
||
|
|
||
|
/* Get the offset for the first key record. */
|
||
|
offset_rec1 = atol(&header1[62]);
|
||
|
|
||
|
/* Set the file pointer to the first key record. */
|
||
|
fseek(krl, offset_rec1, SEEK_SET);
|
||
|
|
||
|
/* Loop through the entries in the KRL and re-encipher. */
|
||
|
for (i = 1; i <= num_rec; i++)
|
||
|
{
|
||
|
int result;
|
||
|
result = re_encipher(krl, rec_length, keysto_type);
|
||
|
if (result !=0)
|
||
|
{
|
||
|
fclose(krl);
|
||
|
return ERROR;
|
||
|
}
|
||
|
}
|
||
|
printf("Key store file re-enciphered successfully.\n\n");
|
||
|
fclose(krl);
|
||
|
return OK;
|
||
|
|
||
|
}
|
||
|
}
|
||
|
|
||
|
} /* end of main() */
|
||
|
|
||
|
|
||
|
int re_encipher(FILE *key_rec, long rec_length, int key_type)
|
||
|
{
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* standard CCA parameters */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
|
||
|
long return_code;
|
||
|
long reason_code;
|
||
|
long exit_data_length = 0;
|
||
|
char exit_data[2];
|
||
|
long rule_array_count = 1;
|
||
|
char rule_array[1][8];
|
||
|
|
||
|
/*-----------------------------------------------------------*/
|
||
|
/* fields unique to this function */
|
||
|
/*-----------------------------------------------------------*/
|
||
|
long key_identifier_length = 64;
|
||
|
char key_identifier[64];
|
||
|
char key_record[154];
|
||
|
|
||
|
fread(key_record, 1, rec_length, key_rec);
|
||
|
memcpy(key_identifier, &key_record[3], 64);
|
||
|
memcpy(rule_array, "RTCMK ",8);
|
||
|
|
||
|
if (key_type == DES)
|
||
|
{
|
||
|
CSNBKTC(&return_code,
|
||
|
&reason_code,
|
||
|
&exit_data_length,
|
||
|
exit_data,
|
||
|
&rule_array_count,
|
||
|
(char *) rule_array,
|
||
|
key_identifier);
|
||
|
}
|
||
|
else if (key_type == PKA)
|
||
|
{
|
||
|
CSNDKTC(&return_code,
|
||
|
&reason_code,
|
||
|
&exit_data_length,
|
||
|
exit_data,
|
||
|
&rule_array_count,
|
||
|
(char *) rule_array,
|
||
|
&key_identifier_length,
|
||
|
key_identifier);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
printf("re_encipher() called with an invalid key type.\n");
|
||
|
return ERROR;
|
||
|
}
|
||
|
|
||
|
printf("Re-enciphering for key_label = %.64s",key_identifier);
|
||
|
printf("completed with return/reason codes of ");
|
||
|
printf("%d/%d\n",return_code,reason_code);
|
||
|
return return_code;
|
||
|
|
||
|
}/* end of re_encipher() */</pre>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div><div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzajcmasterkey.htm#reencryptingkeys">Re-encrypting keys</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|