Change this program example to suit your needs for re-encrypting keys for your Cryptographic Coprocessor.
If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.
/*---------------------------------------------------------------*/
/* Description: Re-enciphers key store files using the current */
/* master key. */
/* */
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Parameters: */
/* char * keysto_type, choices are "DES" or "PKA" */
/* (If omitted, the default is "PKA".) */
/* Examples: */
/* CALL PGM(REN_KEYSTO) PARM(DES) */
/* CALL PGM(REN_KEYSTO) */
/* */
/* Note: The CCA verbs used in the this program are more fully */
/* described in the IBM CCA Basic Services Reference */
/* and Guide (SC31-8609) publication. */
/* */
/* Note: This program assumes the card you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* This program also assumes the key store file you will */
/* use is already identified either by being specified on */
/* the cryptographic device or has been explicitly named */
/* using the Key_Store_Designate verb. Also you must be */
/* authorized to update records in this file. */
/* */
/* Use the following commands to compile this program: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(REN_KEYSTO) SRCFILE(SAMPLE) */
/* CRTPGM PGM(REN_KEYSTO) MODULE(REN_KEYSTO) */
/* BNDSRVPGM(QCCA/CSNBKTC QCCA/CSNBKRL */
/* QCCA/CSNDKTC QCCA/CSNDKRL) */
/* */
/* Note: authority to the CSNDKTC, CSNDKRL, CSNBKTC, and CSNBKRL */
/* service programs in the QCCA library is assumed. */
/* */
/* Common Cryptographic Architecture (CCA) verbs used: */
/* PKA_Key_Token_Change (CSNDKTC) */
/* DES_Key_Token_Change (CSNBKTC) */
/* PKA_Key_Record_List (CSNDKRL) */
/* DES_Key_Record_List (CSNBKRL) */
/*---------------------------------------------------------------*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
/* Define the acceptable file types */
#define PKA 1
#define DES 0
int re_encipher(FILE *key_rec, long rec_length, int key_type);
int main(int argc, char *argv[])
{
/*-----------------------------------------------------------*/
/* standard return codes */
/*-----------------------------------------------------------*/
#define ERROR -1
#define OK 0
/*-----------------------------------------------------------*/
/* standard CCA parameters */
/*-----------------------------------------------------------*/
long return_code = 0;
long reason_code = 0;
long exit_data_length = 0;
char exit_data[2];
long rule_array_count = 0;
char rule_array[1][8];
/*-----------------------------------------------------------*/
/* fields unique to this sample program */
/*-----------------------------------------------------------*/
char key_label[65] =
"*.*.*.*.*.*.* ";
long data_set_name_length = 0;
char data_set_name[65];
char security_server_name[9] = " ";
FILE *krl;
int keysto_type = PKA;
/*-----------------------------------------------------------*/
/* Check whether the user requested to re-encipher a DES or */
/* a PKA keystore file. Default to PKA if key file type is */
/* not specified. */
/*-----------------------------------------------------------*/
if (argc >= 2)
{
if ((strcmp(argv[1],"DES")==0))
{
printf("\nDES ");
keysto_type = DES;
}
else if ((strcmp(argv[1],"PKA")==0))
printf("\nPKA ");
else
{
printf("\nKeystore type parm incorrectly specified.\n");
printf("Acceptable choices are PKA or DES.\n");
printf("The default is PKA.\n");
return ERROR;
}
}
else
{
printf("\nPKA ");
}
if (keysto_type == DES)
{
/*-----------------------------------------------------------*/
/* Invoke the verb to create a DES Key Record List */
/*-----------------------------------------------------------*/
CSNBKRL( &return_code,
&reason_code,
&exit_data_length,
exit_data,
key_label,
&data_set_name_length,
data_set_name,
security_server_name);
}
else
{
/*-----------------------------------------------------------*/
/* Invoke the verb to create a PKA Key Record List */
/*-----------------------------------------------------------*/
CSNDKRL( &return_code,
&reason_code,
&exit_data_length,
exit_data,
&rule_array_count,
(char *) rule_array,
key_label,
&data_set_name_length,
data_set_name,
security_server_name);
}
if ((return_code != 0) || (reason_code != 0))
{
printf("Key Record List generation was unsuccessful. ");
printf("Return/reason code = %d/%d\n",return_code, reason_code);
}
else
{
printf("Key Record List generation was successful. ");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
data_set_name[data_set_name_length] = '\0';
printf("data_set_name = %s\n",data_set_name);
/* Open the Key Record List file. */
krl = fopen(data_set_name, "rb");
if (krl == NULL) /* Open failed. */
{
printf("The open of the Key Record List file failed\n");
return ERROR;
}
else /* Open was successful. */
{
char header1[77];
int num_rec, i;
long rec_length, offset_rec1;
/* Read the first part of the KRL header. */
fread(header1,1,77,krl);
/* Get the number of key records in the file. */
num_rec = atoi(&header1[50]);
printf("Number of key records = %d\n",num_rec);
/* Get the length for the key records. */
rec_length = atol(&header1[58]);
/* Get the offset for the first key record. */
offset_rec1 = atol(&header1[62]);
/* Set the file pointer to the first key record. */
fseek(krl, offset_rec1, SEEK_SET);
/* Loop through the entries in the KRL and re-encipher. */
for (i = 1; i <= num_rec; i++)
{
int result;
result = re_encipher(krl, rec_length, keysto_type);
if (result !=0)
{
fclose(krl);
return ERROR;
}
}
printf("Key store file re-enciphered successfully.\n\n");
fclose(krl);
return OK;
}
}
} /* end of main() */
int re_encipher(FILE *key_rec, long rec_length, int key_type)
{
/*-----------------------------------------------------------*/
/* standard CCA parameters */
/*-----------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length = 0;
char exit_data[2];
long rule_array_count = 1;
char rule_array[1][8];
/*-----------------------------------------------------------*/
/* fields unique to this function */
/*-----------------------------------------------------------*/
long key_identifier_length = 64;
char key_identifier[64];
char key_record[154];
fread(key_record, 1, rec_length, key_rec);
memcpy(key_identifier, &key_record[3], 64);
memcpy(rule_array, "RTCMK ",8);
if (key_type == DES)
{
CSNBKTC(&return_code,
&reason_code,
&exit_data_length,
exit_data,
&rule_array_count,
(char *) rule_array,
key_identifier);
}
else if (key_type == PKA)
{
CSNDKTC(&return_code,
&reason_code,
&exit_data_length,
exit_data,
&rule_array_count,
(char *) rule_array,
&key_identifier_length,
key_identifier);
}
else
{
printf("re_encipher() called with an invalid key type.\n");
return ERROR;
}
printf("Re-enciphering for key_label = %.64s",key_identifier);
printf("completed with return/reason codes of ");
printf("%d/%d\n",return_code,reason_code);
return return_code;
}/* end of re_encipher() */