Example in ILE C: Setting up keys
Example in ILE C: Setting up keysSee Code disclaimer information for information pertaining to code examples.
Refer to Scenario: Key Management and File Encryption Using the Cryptographic Services APIs for a description of this scenario.
/*-------------------------------------------------------------------*/
/* */
/* Sample C program: Setup_Cus */
/* */
/* COPYRIGHT 5722-SS1 (c) IBM Corp 2006 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Description: */
/* This is a sample program to demonstrate use of the Cryptographic */
/* Services APIs. APIs demonstrated in this program are: */
/* Create Key Store */
/* Generate Key Record */
/* Create Key Context */
/* Create Algorithm Context */
/* Generate Symmetric Key */
/* Destroy Key Context */
/* Destroy Algorithm Context */
/* */
/* Function: */
/* Create CUSDTA file for storing customer information */
/* Create CUSPI file for storing information needed to process */
/* CUSDTA file. */
/* Create key store file, CUSKEYFILE. */
/* Create a KEK in CUSKEYFILE with label CUSDTAKEK. */
/* Generate a key encrypted under CUSDTAKEK and store in CUSPI. */
/* */
/* Refer to the iSeries (TM) Information Center for a full */
/* description of this scenario. */
/* */
/* Use the following commands to compile this program: */
/* CRTCMOD MODULE(MY_LIB/SETUP_CUS) SRCFILE(MY_LIB/MY_SRC) */
/* CRTPGM PGM(MY_LIB/SETUP_CUS) MODULE(MY_LIB/SETUP_CUS) + */
/* BNDSRVPGM(QC3KSCRT QC3KRGEN QC3KEYGN QC3CTX) */
/* */
/*-------------------------------------------------------------------*/
/*-------------------------------------------------------------------*/
/* Retrieve various structures/utilities. */
/*-------------------------------------------------------------------*/
#include <stdio.h> /* Standard I/O header */
#include <stdlib.h> /* General utilities */
#include <stddef.h> /* Standard definitions */
#include <string.h> /* String handling utilities */
#include <recio.h> /* Record I/O routines */
#include <qusec.h> /* Error code structure */
#include <qc3kscrt.h> /* Hdr for Create Key Store API*/
#include <qc3krgen.h> /* Hdr for Gen Key Record API */
#include <qc3keygn.h> /* Hdr for Generate Key APIs */
#include <qc3ctx.h> /* Hdr for Context APIs */
/*-------------------------------------------------------------------*/
/* The following structure was generated with GENCSRC. */
/*-------------------------------------------------------------------*/
#ifdef __cplusplus
#include <bcd.h>
#else
#include <decimal.h>
#endif
/* ------------------------------------------------------- *
// PHYSICAL FILE : MY_LIB/CUSPI
// FILE LAST CHANGE DATE : 2004/02/11
// RECORD FORMAT : CUSPIREC
// FORMAT LEVEL IDENTIFIER : 248C15A88E09C
* ------------------------------------------------------- */
typedef _Packed struct {
char KEY[16]; /* ENCRYPTION KEY */
#ifndef __cplusplus
decimal( 8, 0) LASTCUS;
#else
_DecimalT< 8, 0> LASTCUS; /* LAST CUSTOMER NUMBER */
/* BCD class SPECIFIED IN DDS */
#endif
} CUSPIREC_both_t;
/*-------------------------------------------------------------------*/
/* Start of mainline code. */
/*-------------------------------------------------------------------*/
int main()
{
/*-------------------------------------------------------------------*/
/* Return codes */
/*-------------------------------------------------------------------*/
int rtn; /* Return code */
#define ERROR -1
#define OK 0
/*-------------------------------------------------------------------*/
/* File handling variables */
/*-------------------------------------------------------------------*/
_RFILE *cuspiPtr; /* Pointer to CUSPI file */
CUSPIREC_both_t cuspi; /* CUSPI record */
_RIOFB_T *db_fdbk; /* I/O Feedback */
/*-------------------------------------------------------------------*/
/* Parameters needed by the Cryptographic Services APIs */
/*-------------------------------------------------------------------*/
Qus_EC_t errCode; /* Error code structure */
char csp; /* Crypto service provider */
char ksauth[10]; /* Key store authority */
char ksdesc[50]; /* Key store description */
int mkid; /* Master key ID */
int disFunc; /* Disallowed function value */
int pubExp; /* Public key exponent */
int keyType; /* Key type */
int keySize; /* Key size */
char keyFormat; /* Key format */
char keyForm; /* Key form */
int keyStringLen; /* Length of key string */
Qc3_Format_KEYD0400_T kskey; /* Key store key name structure*/
char KEKctx[8]; /* KEK key context token */
Qc3_Format_ALGD0200_T algD; /* Block cipher alg description*/
char AESctx[8]; /* AES alg context token */
int keyLen; /* Length of generated key */
/*-------------------------------------------------------------------*/
/* Initializations */
/*-------------------------------------------------------------------*/
/* Init to good return */
rtn = OK;
/* Set to generate exceptions */
memset(&errCode, 0, sizeof(errCode));
/* Use any crypto provider */
csp = Qc3_Any_CSP;
/*-------------------------------------------------------------------*/
/* Create file CUSDTA, used for storing customer information. */
/*-------------------------------------------------------------------*/
system("CRTPF FILE(MY_LIB/CUSDTA) "
"SRCFILE(MY_LIB/QDDSSRC) SRCMBR(CUSDTA) AUT(*EXCLUDE)");
/*-------------------------------------------------------------------*/
/* Create file CUSPI, used for processing file CUSDTA. */
/*-------------------------------------------------------------------*/
system("CRTPF FILE(MY_LIB/CUSPI) "
"SRCFILE(MY_LIB/QDDSSRC) SRCMBR(CUSPI) AUT(*EXCLUDE)");
/*-------------------------------------------------------------------*/
/* Create key store file, CUSKEYFILE, and generate a key record */
/* with label CUSDTAKEK. */
/*-------------------------------------------------------------------*/
memset(&kskey, 0, sizeof(kskey)); /* Init name structure to null */
/* Create key store file CUSKEYFILE */
/* Init file name to blank */
memset(kskey.Key_Store, 0x40, sizeof(kskey.Key_Store));
/* Set file name */
memcpy(kskey.Key_Store,"CUSKEYFILEMY_LIB", 16);
memcpy(ksauth, "*EXCLUDE ", 10); /* Set public auth to *EXCLUDE */
/* Set file text description */
memcpy(ksdesc, "Key store for Customer data files, CUSDTA & CUSPI ", 50);
/* Set to use master key 3 to */
mkid = Qc3_Master_Key_3; /* encrypt key store keys */
/* Create key store file */
Qc3CreateKeyStore(kskey.Key_Store, &mkid, ksauth, ksdesc, &errCode);
/* Generate AES key record CUSDTAKEK */
/* Init record label to blank */
memset(kskey.Record_Label, 0x40, sizeof(kskey.Record_Label));
/* Set the record label */
memcpy(kskey.Record_Label, "CUSDTAKEK", 9);
keyType = Qc3_AES; /* Key type is AES */
keySize = 16; /* Key size is 16 (128 bit) */
pubExp = 0; /* Ignore public key exponent */
disFunc=0; /* No disallowed functions */
/* Generate an AES key record */
Qc3GenKeyRecord(kskey.Key_Store, kskey.Record_Label, &keyType, &keySize,
&pubExp, &disFunc, &csp, NULL, &errCode);
/*-------------------------------------------------------------------*/
/* Create a key context for CUSDTAKEK. */
/*-------------------------------------------------------------------*/
keyStringLen = sizeof(kskey); /* Set length of key string */
keyFormat = Qc3_KSLabel_Struct; /* Key format is keystore label*/
keyForm = Qc3_Clear; /* Key string is clear */
/* Key type already set to AES */
/* Create key context */
Qc3CreateKeyContext((char*)&kskey, &keyStringLen, &keyFormat,
&keyType, &keyForm, NULL, NULL, KEKctx, &errCode);
/*-------------------------------------------------------------------*/
/* Create an AES algorithm context for CUSDTAKEK. */
/*-------------------------------------------------------------------*/
memset(&algD, 0, sizeof(algD)); /* Init alg description to null*/
algD.Block_Cipher_Alg = Qc3_AES; /* Set AES algorithm */
algD.Block_Length = 16; /* Block size is 16 */
algD.Mode = Qc3_CBC; /* Use cipher block chaining */
algD.Pad_Option = Qc3_No_Pad; /* Do not pad */
/* Create algorithm context */
Qc3CreateAlgorithmContext((unsigned char*)&algD, Qc3_Alg_Block_Cipher,
AESctx, &errCode);
/*-------------------------------------------------------------------*/
/* Generate a file key encrypted under CUSDTAKEK. */
/*-------------------------------------------------------------------*/
keyFormat = Qc3_Bin_String; /* Return a binary string */
keyForm = Qc3_Encrypted; /* Encrypt generated key */
keyLen = 16; /* Receiver is 16 bytes long */
/* Key type already set to AES */
/* Key size already set to 16 */
/* Generate encrypted key */
Qc3GenSymmetricKey(&keyType, &keySize, &keyFormat, &keyForm,
(unsigned char*)&KEKctx, (unsigned char*)&AESctx,
&csp, NULL, cuspi.KEY, &keyLen, &keyLen, &errCode);
/*-------------------------------------------------------------------*/
/* Write record with encrypted file key to CUSPI. */
/*-------------------------------------------------------------------*/
cuspi.LASTCUS = 0; /* Set last customer num to 0 */
/* Open CUSDTA file */
if ((cuspiPtr = _Ropen("MY_LIB/CUSPI", "wr, riofb=N"))
== NULL)
{ /* If null ptr returned */
/* Send error message */
printf("Open of CUSPI file failed.");
return ERROR;
}
/* Write encrypted key and */
/* last customer number to file*/
db_fdbk = _Rwrite(cuspiPtr, &cuspi, sizeof(cuspi));
if (db_fdbk->num_bytes < sizeof(cuspi))
{ /* If data not written */
/* Send error message */
printf("Error writing to file CUSPI.");
_Rclose(cuspiPtr); /* Close CUSPI file */
return ERROR; /* Return error */
}
/*-------------------------------------------------------------------*/
/* Cleanup. */
/*-------------------------------------------------------------------*/
/* Wipe out encrypted file key */
memset(cuspi.KEY, 0, sizeof(cuspi.KEY));
/* Destroy KEK context */
Qc3DestroyKeyContext(KEKctx, &errCode);
/* Destroy AES alg context */
Qc3DestroyAlgorithmContext(AESctx, &errCode);
/* Close CUSPI file */
_Rclose(cuspiPtr);
/* Return */
return rtn;
}
| Top | Cryptographic Services APIs |APIs by category |