Change this program example to suit your needs for completing the migration of the key store files.
This is step two. If you have not already done so, run the Example: EXPORTing keys program to begin the migration process.
If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.
/*---------------------------------------------------------------*/
/* Description: One of two programs used to migrate DES keys */
/* from a key store file used with the 2620 to a */
/* key store file for use with the card. */
/* */
/* Note: This program is intended to be used in conjunction with */
/* EXPORT_TSS to migrate DES keys from 2620. */
/* EXPORT_TSS should be run first to generate a file */
/* containing the needed key information in a secure, */
/* exportable form. The file should then be transferred */
/* to the target system. IMPORT_TSS can then be run using */
/* the file to import the keys into a previously created */
/* key storage file. */
/* */
/* */
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Parameters: File containing exported key information */
/* */
/* Examples: */
/* CALL PGM(IMPORT_TSS) PARM('Exported_Key_File') */
/* */
/* Note: The CCA verbs used in the this program are more fully */
/* described in the IBM CCA Basic Services Reference */
/* and Guide (SC31-8609) publication. */
/* */
/* Note: This program assumes the card you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* This program also assumes the key store file you will */
/* use is already identified either by being specified on */
/* the cryptographic device or has been explicitly named */
/* using the Key_Store_Designate verb. Also you must be */
/* authorized to update records in this file. */
/* */
/* Use the following commands to compile this program: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(IMPORT_TSS) SRCFILE(SAMPLE) */
/* CRTPGM PGM(IMPORT_TSS) MODULE(IMPORT_TSS) */
/* BNDSRVPGM(QCCA/CSNBKRC QCCA/CSNBKIM QCCA/CSNBKPI) */
/* */
/* Note: authority to the CSNBKIM, CSNBKPI, and CSNBKRC */
/* service programs in the QCCA library is assumed. */
/* */
/* Common Cryptographic Architecture (CCA) verbs used: */
/* Key_Import CSNBKIM */
/* Key_Record_Create CSNBKRC */
/* Key_Part_Import CSNBKPI */
/*---------------------------------------------------------------*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
/*---------------------------------------------------------------*/
/* Structure defining the DES key token for internal keys. This */
/* structure is used in the creation of the importer key- */
/* encrypting key. For more information on the fields in this */
/* structure, see the IBM CCA Basic Services Reference and */
/* Guide (SC31-8609-01), Appendix B and C. */
/*---------------------------------------------------------------*/
struct DES_key_token {
char type; /* Set to 0x01 for 'internal' */
char resv1; /* Reserved (set to binary zero) */
char mkvp[2]; /* Master Key Verification Pattern */
char version; /* Version. Will be set to 0x03. */
char resv2; /* Reserved (set to binary zero) */
char flag; /* Flag */
char resv3; /* Reserved (set to binary zero) */
char resv4[8]; /* Reserved (set to binary zero) */
char key1[8]; /* Single length encrypted key or
left half of double length
encrypted key. */
char key2[8]; /* Null or right half of double
length encrypted key */
int cvb1[2]; /* Control-vector base */
int cvb2[2]; /* Null or control vector base for
the 2nd eight-byte portion of a
16-byte key */
char resv5[12]; /* Reserved (set to binary zero) */
int tvv; /* Token-validation value */
};
int main(int argc, char *argv[])
{
/*-----------------------------------------------------------*/
/* standard return codes */
/*-----------------------------------------------------------*/
#define ERROR -1
#define OK 0
/*-----------------------------------------------------------*/
/* standard CCA parameters */
/*-----------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length = 0;
char exit_data[2];
long rule_array_count = 0;
char rule_array[2][8];
/*-----------------------------------------------------------*/
/* additional parameters required for CSNBKRC and CSNBKIM */
/*-----------------------------------------------------------*/
char import_key_label[64];
char import_key_token[64];
/*-----------------------------------------------------------*/
/* additional parameters required for CSNBKPI */
/*-----------------------------------------------------------*/
struct DES_key_token importer_kt;
char importer_key_token[64];
char key_type[8];
char key_part[16];
/*---------------------------------------------------*/
/* Other variables */
/*---------------------------------------------------*/
long num_rec = 0, i;
long num_imported = 0;
FILE *import_file;
printf("\n\n");
/* Check input parm */
if (argc < 2)
{
printf("File containing the exported key data not specified.\n");
return ERROR;
}
/* Generate a clear key for import use. */
/* Initialize the importer key token. */
memset(&importer_kt,0x00,sizeof(struct DES_key_token));
importer_kt.type = 0x01;
importer_kt.version = 0x03;
importer_kt.flag = 0x40; /* Indicates control vector is present */
importer_kt.cvb1[0] = 0x00427d00;
importer_kt.cvb1[1] = 0x03480000;
importer_kt.cvb2[0] = 0x00427d00;
importer_kt.cvb2[1] = 0x03280000;
importer_kt.tvv = 0x0af53a00;
/* Initialize parameters for the first pass */
rule_array_count = 1;
memcpy(rule_array[0],"FIRST ",8);
memset(key_part,0x01,16);
for(i=1;i<=2;i++) {
CSNBKPI( &return_code,
&reason_code,
&exit_data_length,
(char *) exit_data,
&rule_array_count,
(char *) rule_array,
key_part,
(char *) &importer_kt);
if (return_code != 0) {
printf("Building of the importer key failed.\n");
printf("Key Part Import failed.");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
return ERROR;
}
else if ( i == 1) {
/* Init variables for the final pass */
memcpy(rule_array[0],"LAST ",8);
/* Set key part to the clear key to be used. */
memcpy(key_part,"ClEar.KEY.hErE!!",16);
}
}
/* Import key built successfully. */
printf("Importer key built successfully.\n\n");
/* Open the Exported Key file. */
import_file = fopen(argv[1], "rb");
if (import_file == NULL)
{ /* Open failed. */
printf("The open of the Exported Key file failed\n");
return ERROR;
}
/* Import Key file open was successful. */
fread(&num_rec,sizeof(num_rec),1,import_file);
/* Loop through the entries in the import file and create key records. */
for (i = 1; i <= num_rec; i++)
{
fread(import_key_label, 1, 64, import_file);
fread(import_key_token, 1, 64, import_file);
printf("Importing DES key:\n");
printf(" \"%.64s\"\n",import_key_label);
/* Create a key record. */
CSNBKRC(&return_code,
&reason_code,
&exit_data_length,
exit_data,
import_key_label);
if (return_code != 0)
{
printf(" Key record creation failed. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
continue;
}
/* Else, key record created successfully so import the key. */
memcpy(key_type,"TOKEN ",8);
CSNBKIM( &return_code,
&reason_code,
&exit_data_length,
exit_data,
key_type,
import_key_token,
(char *) &importer_kt,
import_key_label);
if (return_code != 0)
{
printf(" Key import failed. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
continue;
}
/* else, Key import was a success. */
printf(" Key imported successfully. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
++num_imported;
} /* end of for loop */
printf("\nCompleted key import procedure.\n");
printf("%d of %d key(s) successfully imported.\n\n",num_imported,num_rec);
fclose(import_file);
return OK;
}