friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcgenretainc.htm

363 lines
16 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: ILE C program for generating a retained key pair for cloning master keys" />
<meta name="abstract" content="Change this program example to suit your needs for generating a retained key pair for cloning master keys" />
<meta name="description" content="Change this program example to suit your needs for generating a retained key pair for cloning master keys" />
<meta name="DC.Relation" scheme="URI" content="rzajcworking.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="genretainc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: ILE C program for generating a retained key pair for cloning
master keys</title>
</head>
<body id="genretainc"><a name="genretainc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: ILE C program for generating a retained key pair for cloning
master keys</h1>
<div><p>Change this program example to suit your needs for generating a
retained key pair for cloning master keys</p>
<div class="section"><div class="p">. <div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.</div>
</div>
</div>
<div class="example"> <pre>/*-------------------------------------------------------------------*/
/* GENRETAIN */
/* */
/* Sample program to generate a retained key to be used for */
/* master key cloning. */
/* */
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 1999, 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these program. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* */
/* Note: Input format is more fully described in Chapter 2 of */
/* IBM CCA Basic Services Reference and Guide */
/* (SC31-8609) publication. */
/* */
/* Parameters: RETAINED_KEY_NAME */
/* */
/* Example: */
/* CALL PGM(GENRETAIN) PARM(TESTKEY) */
/* */
/* */
/* Note: This program assumes the card with the profile is */
/* already identified either by defaulting to the CRP01 */
/* device or by being explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* The Common Cryptographic Architecture (CCA) verbs used are */
/* PKA_Key_Token_Build (CSNDPKB) and PKA_Key_Generate (CSNDPKG). */
/* */
/* Use these commands to compile this program on the system: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(GENRETAIN) SRCFILE(SAMPLE) */
/* CRTPGM PGM(GENRETAIN) MODULE(GENRETAIN) */
/* BNDDIR(QCCA/QC6BNDDIR) */
/* */
/* Note: Authority to the CSNDPKG and CSNDPKB service programs */
/* in the QCCA library is assumed. */
/* */
/*-------------------------------------------------------------------*/
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include "csucincl.h"
int main(int argc, char *argv[])
{
/*------------------------------------------------------------------*/
/* Declares for CCA parameters */
/*------------------------------------------------------------------*/
long return_code = 0;
long reason_code = 0;
long exit_data_length = 0;
char exit_data[4];
char rule_array[24];
long rule_array_count;
long token_len = 2500;
char token[2500];
char regen_data[4];
char transport_key_id[4];
struct {
short modlen;
short modlenfld;
short pubexplen;
short prvexplen;
long pubexp;
} key_struct; /* Key structure for PKA Key Token Build */
long key_struct_length;
long zero = 0;
/*------------------------------------------------------------------*/
/* Declares for working with a PKA token */
/*------------------------------------------------------------------*/
long pub_sec_len; /* Public section length */
long prv_sec_len; /* Private section length */
long cert_sec_len; /* Certificate section length */
long info_subsec_len; /* Information subsection length */
long offset; /* Offset into token */
long tempOffset; /* (Another) Offset into token */
long tempLength; /* Length variable */
long tempLen1, tempLen2; /* temporary length variables */
char pub_token[2500];
long pub_token_len;
long name_len;
char name[64];
int i; /* Loop counter */
FILE *fp; /* File pointer */
if (argc &lt; 2) /* Check the number of parameters passed */
{
printf("Need to enter a private key name\n");
return 1;
}
memset(token,0,2500); /* Initialize token to 0 */
memcpy((void*)rule_array,"RSA-PRIVKEY-MGMT",16); /* Set rule array */
rule_array_count = 2;
memset(name,' ', 64); /* Copy key name parameter */
memcpy(name, argv[1], strlen(argv[1]));
name_len = 64;
/*---------------------------*/
/* Initialize key structure */
/*---------------------------*/
memset((void*)&amp;key_struct, 0, sizeof(key_struct));
key_struct.modlen = 1024; /* Modulus length is 1024 */
key_struct.pubexplen = 3;
key_struct.pubexp = 0x01000100; /* Public exponent is 65537 */
key_struct_length = sizeof(key_struct);
/*****************************************/
/* Call PKA_Key_Token_Build SAPI */
/*****************************************/
CSNDPKB( &amp;return_code, &amp;reason_code, &amp;exit_data_length,
exit_data,
&amp;rule_array_count,
rule_array,
&amp;key_struct_length,
(unsigned char *)&amp;key_struct,
&amp;name_len,
name,
&amp;zero, /* 1 */
NULL,
&amp;zero, /* 2 */
NULL,
&amp;zero, /* 3 */
NULL,
&amp;zero, /* 4 */
NULL,
&amp;zero, /* 5 */
NULL,
&amp;token_len,
token);
if (return_code != 0)
{
printf("PKA Key Token Build Failed : return code %d : reason code %d\n",
return_code, reason_code);
return 1;
}
/**************************************************************/
/* Build certificate */
/**************************************************************/
/* Determine length of token from length */
/* bytes at offset 2 and 3. */
token_len = ((256 * token[2]) + token[3]);
/* Determine length of private key */
/* section from length bytes at offset */
/* 10. */
prv_sec_len = ((256 * token[10]) + token[11]);
/* Determine length of public key section*/
/* section from length bytes at offset */
/* 10 + private section length */
pub_sec_len = ((256 * token[prv_sec_len + 10]) +
token[prv_sec_len + 11]);
/* Calculate the signature section length*/
cert_sec_len = 328 + /* from the signature subsection length, */
20 + /* EID subsection length, */
12 + /* Serial number subsection length, */
4 + /* Information subsection header length, */
pub_sec_len + /* Public key subsection length, */
4; /* and the certificate section hdr length*/
offset = token_len; /* Offset for additions to token */
/* Fill in certicate section header */
tempLen1 = cert_sec_len;
tempLen1 &gt;&gt;= 8;
token[offset++] = 0x40;
token[offset++] = 0x00;
token[offset++] = tempLen1;
token[offset++] = cert_sec_len;
/* Fill in public key subsection */
token[offset++] = 0x41;
for (i = 1 ; i &lt; pub_sec_len ; i ++)
{
/* Copy public key to certificate */
token[offset++] = token[prv_sec_len +(i+8)];
}
/* Fill Optional Information Subsection Header */
info_subsec_len = 20 + /* Length of EID section */
12 + /* Length of serial number section */
4; /* Length of Info subsection header */
tempLen1 = info_subsec_len;
tempLen1 &gt;&gt;= 8;
token[offset++] = 0x42;
token[offset++] = 0x00;
token[offset++] = tempLen1;
token[offset++] = info_subsec_len;
/* Fill in Public Key Certficate EID subsection */
token[offset++] = 0x51;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x14;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
/* Public key Certificate Serial Number TLV */
token[offset++] = 0x52;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x0c;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
token[offset++] = 0x00;
/* Fill in Signature Subsection */
token[offset++] = 0x45;
token[offset++] = 0x00;
token[offset++] = 0x01;
token[offset++] = 0x48;
token[offset++] = 0x01;
token[offset++] = 0x01;
for (i = 0 ; i &lt; 64 ;i++)
{
/* Copy private key name out of private key name section */
/* into certificate */
token[offset++] =
token[prv_sec_len + pub_sec_len + 12 + i];
}
token_len = offset + 258; /* add 258 to allow for digtal sig. */
token[3] = token_len; /* Set new token length */
token[2] = token_len &gt;&gt; 8;
/******************************************************************/
/* Generate Retained key using PKA token with certificate */
/******************************************************************/
memcpy((void*)rule_array,"RETAIN CLONE ",16);
rule_array_count = 2;
memset(pub_token,0,2500);
pub_token_len = 2500;
memset(transport_key_id,0,4);
/*****************************************/
/* Call PKA_Key_Generate SAPI */
/*****************************************/
CSNDPKG( &amp;return_code, &amp;reason_code, &amp;exit_data_length,
exit_data,
&amp;rule_array_count,
rule_array,
&amp;zero, /* regenerated data length */
regen_data,
&amp;token_len,
token,
transport_key_id,
&amp;pub_token_len,
pub_token);
if (return_code != 0)
{
printf("PKA Key Generate Failed : return code %d :reason code %d\n",
return_code, reason_code);
return 1;
}
/******************************************************************/
/* Write public key token out to file */
/******************************************************************/
/* Append ".PUB" to key name */
memcpy((void*)&amp;name[strlen(argv[1])],".PUB",5);
fp = fopen(name,"wb"); /* Open the file */
if (!fp)
{
printf("File open failed\n");
}
else
{
fwrite(pub_token,pub_token_len,1,fp); /* Write token to file */
fclose(fp); /* Close the file */
printf("Public token written to file %s.\n",name);
}
name[strlen(argv[1])] = 0; /* Convert name to string */
printf("Private key %s is retained in the hardware\n",name);
return 0;
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcworking.htm" title="After you set up your Cryptographic Coprocessor, you can begin writing programs to make use of your Cryptographic Coprocessor's cryptographic functions.">Manage the Cryptographic Coprocessor</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink