Change this program example to suit your needs for migrating the key store files.
This is step one. Once you run this program, use Example: IMPORTing keys to complete the migration process.
If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.
/*---------------------------------------------------------------*/
/* Description: One of two programs used to migrate DES keys */
/* from a key store file used with the 2620 to a */
/* key store file for use with the card. */
/* */
/* Note: This program is intended to be used in conjunction with */
/* IMPORT_TSS to migrate DES keys from 2620 to card. */
/* EXPORT_TSS should be run first to generate a file */
/* containing the needed key information in a secure, */
/* exportable form. The file should then be transferred */
/* to the target system. IMPORT_TSS can then be run using */
/* the file to import the keys into a previously created */
/* key storage file. */
/* */
/* */
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Parameters: File to contain exported key information */
/* */
/* Examples: */
/* CALL PGM(EXPORT_TSS) PARM('File_for_Exported_Keys') */
/* */
/* */
/* Use the following commands to compile this program: */
/* ADDLIBLE LIB(QTSS) */
/* CRTCMOD MODULE(EXPORT_TSS) SRCFILE(SAMPLE) */
/* CRTPGM PGM(EXPORT_TSS) MODULE(EXPORT_TSS) */
/* */
/* Note: authority to the functions CSNBKEX, CSNBKPI, CSNBKRL, */
/* and CSNBKTB is assumed */
/* */
/* Common Cryptographic Architecture (CCA) verbs used: */
/* Key_Export CSNBKEX */
/* Key_Part_Import CSNBKPI */
/* Key_Record_List CSNBKRL */
/* Key_Token_Build CSNBKTB */
/*---------------------------------------------------------------*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "MIPTRNAM.H" /* needed to resolve function ptrs */
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
int main(int argc, char *argv[])
{
/*--------------------------------------------------*/
/* standard return codes */
/*--------------------------------------------------*/
#define ERROR -1
#define OK 0
/*--------------------------------------------------*/
/* Declare function pointers (see csucincl.h) */
/*--------------------------------------------------*/
T_CSNBKEX *CSNBKEX;
T_CSNBKRL *CSNBKRL;
T_CSNBKPI *CSNBKPI;
T_CSNBKTB *CSNBKTB;
/*--------------------------------------------------*/
/* standard CCA parameters */
/*--------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length = 0;
char exit_data[2];
long rule_array_count = 0;
char rule_array[2][8];
/*--------------------------------------------------*/
/* additional parameters needed for CSNBKRL */
/*--------------------------------------------------*/
char key_label[64];
long data_set_name_length = 0;
char data_set_name[65];
char security_server_name[9] = " ";
/*--------------------------------------------------*/
/* additional parameters needed for CSNBKEX */
/*--------------------------------------------------*/
char key_type[8];
char source_key_identifier[64];
char exporter_key_identifier[64];
char target_key_token[64];
/*--------------------------------------------------*/
/* additional parameters needed for CSNBKTB */
/*--------------------------------------------------*/
char key_token[64];
char key_value[64];
long master_key_verification_pattern = 0;
long reserved_int;
char reserved_str[8];
char control_vector[16];
/*--------------------------------------------------*/
/* additional parameters needed for CSNBKPI */
/*--------------------------------------------------*/
char key_part[16];
char key_identifier[64];
/*--------------------------------------------------*/
/* Other variables */
/*--------------------------------------------------*/
char header1[77];
long num_rec, i;
long num_successful = 0;
long rec_length, offset_rec1;
char key_record[154];
FILE *krl, *export_file;
/* Check input parm */
if (argc < 2)
{
printf("File for storing the exported key data not specified.\n");
return ERROR;
}
/*---------------------------------------------------*/
/* Resolve function pointers */
/*---------------------------------------------------*/
_lib_qualify(CSNBKEX,QTSS)
_lib_qualify(CSNBKRL,QTSS)
_lib_qualify(CSNBKPI,QTSS)
_lib_qualify(CSNBKTB,QTSS)
memset(key_label,' ',64);
memcpy(key_label,"*.*.*.*.*",9);
/*-----------------------------------------------------------*/
/* Invoke the verb to create a DES Key Record List */
/*-----------------------------------------------------------*/
CSNBKRL( &return_code,
&reason_code,
&exit_data_length,
exit_data,
key_label,
&data_set_name_length,
data_set_name,
security_server_name);
if ((return_code != 0) || (reason_code != 0))
{
printf("Key Record List generation was unsuccessful. ");
printf("Return/reason code = %d/%d\n",return_code, reason_code);
return ERROR;
}
printf("Key Record List generation was successful. ");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
data_set_name[data_set_name_length] = '\0';
printf("data_set_name = %s\n\n",data_set_name);
/* Generate a clear key for export use. */
/* The same key will be used for import. */
memcpy(key_type,"EXPORTER",8);
rule_array_count = 2;
memcpy(rule_array[0],"INTERNAL",8);
memcpy(rule_array[1],"KEY-PART",8);
CSNBKTB( &return_code,
&reason_code,
&exit_data_length,
exit_data,
key_token,
key_type,
&rule_array_count,
(char *) rule_array,
key_value,
&master_key_verification_pattern,
&reserved_int,
reserved_str,
control_vector,
reserved_str,
&reserved_int,
reserved_str,
reserved_str);
if (return_code != 0) {
printf("Building of the export key failed.\n");
printf("Key Token Build failed.");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
return ERROR;
}
/* Import the key parts to be used. */
rule_array_count = 1;
memcpy(rule_array[0],"FIRST ",8);
memset(key_part,'\x01',16);
for(i=1;i<=2;i++) {
CSNBKPI( &return_code,
&reason_code,
&exit_data_length,
(char *) exit_data,
&rule_array_count,
(char *) rule_array,
key_part,
key_token);
if (return_code != 0) {
printf("Building of the export key failed.\n");
printf("Key Part Import failed.");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
return ERROR;
}
memcpy(rule_array[0],"LAST ",8);
/* Set key part to the clear key to be used. */
/* Note: It may not be desirable to hard-code this. */
memcpy(key_part,"ClEar.KEY.hErE!!",16);
}
/* Export key built successfully. */
/* Open the Key Record List file. */
krl = fopen(data_set_name, "rb");
if (krl == NULL)
{ /* Open failed. */
printf("The open of the Key Record List file failed.\n");
return ERROR;
}
/* Key record list open was successful. */
/* Open the file to save key info. */
export_file = fopen(argv[1], "wb");
if (export_file == NULL)
{
printf("Opening of key export file failed.\n");
fclose(krl);
return ERROR;
}
/* Write num_successful to the export file to hold a place for it. */
fwrite(&num_successful,sizeof(long),1,export_file);
/* Read the first part of the KRL header. */
fread(header1,1,77,krl);
/* Get the number of key records in the file. */
num_rec = atoi(&header1[50]);
printf("Number of key records = %d\n",num_rec);
/* Get the length for the key records. */
rec_length = atol(&header1[58]);
/* Get the offset for the first key record. */
offset_rec1 = atol(&header1[62]);
/* Set the file pointer to the first key record. */
fseek(krl, offset_rec1, SEEK_SET);
/* Set the key type to TOKEN. */
memcpy(key_type,"TOKEN ",8);
/* Loop through the entries in the KRL and EXPORT. */
for (i = 1; i <= num_rec; i++)
{
fread(key_record, 1, rec_length, krl);
memcpy(source_key_identifier, &key_record[3], 64);
CSNBKEX(&return_code,
&reason_code,
&exit_data_length,
exit_data,
key_type,
source_key_identifier,
key_token,
/* exporter_key_identifier, */
target_key_token);
printf("Exporting of key = %.64s",source_key_identifier);
printf("completed with return/reason codes of ");
printf("%d/%d\n",return_code,reason_code);
if (return_code == 0)
{
++num_successful;
fwrite(source_key_identifier, 1, 64, export_file);
fwrite(target_key_token, 1, 64, export_file);
}
} /* end of for loop */
printf("Key store file exported successfully.\n");
printf("%d key(s) successfully exported.\n\n",num_successful);
/* Write out the number of exported keys and close the file. */
fseek(export_file,0,SEEK_SET);
fwrite(&num_successful,sizeof(long),1,export_file);
/* Close the files and return. */
fclose(krl);
fclose(export_file);
return OK;
}