Change this program example to suit your needs for enabling all access control points in the default role for your Coprocessor.
If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.
/*-------------------------------------------------------------------*/
/* SETDEFAULT */
/* */
/* Sample program to authorize the default role to all access */
/* control points in the . */
/* */
/* */
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 2000, 2000 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these program. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* */
/* Note: Input format is more fully described in Chapter 2 of */
/* IBM CCA Basic Services Reference and Guide */
/* (SC31-8609) publication. */
/* */
/* Parameters: */
/* none. */
/* */
/* Example: */
/* CALL PGM(SETDEFAULT) */
/* */
/* Use these commands to compile this program on the system: */
/* CRTCMOD MODULE(SETDEFAULT) SRCFILE(SAMPLE) */
/* CRTPGM PGM(SETDEFAULT) MODULE(SETDEFAULT) */
/* BNDSRVPGM(QCCA/CSUAACI) */
/* */
/* Note: Authority to the CSUAACI service programs */
/* in the QCCA library is assumed. */
/* */
/* The Common Cryptographic Architecture (CCA) verb used is */
/* Access_Control_Initialization (CSUAACI). */
/* */
/* Note: This program assumes the device you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/*-------------------------------------------------------------------*/
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void main(int argc, char *argv[]) {
/*-------------------------------------------------------------------*/
/* standard return codes */
/*-------------------------------------------------------------------*/
#define ERROR -1
#define OK 0
#define WARNING 4
/*-------------------------------------------------------------------*/
/* parameters for CCA APIs */
/*-------------------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length;
char exit_data[2];
char rule_array[4][8];
long rule_array_count;
long verb_data1_length;
long verb_data2_length;
char verb_data1[4];
/*--------------------------------------------------------------*/
/* Structure for defining a role */
/*--------------------------------------------------------------*/
struct role_header
{
char version[2];
short length;
char comment[20];
short checksum;
short reserved1;
char role[8];
short auth_strength;
char lower_time_hour;
char lower_time_minute;
char upper_time_hour;
char upper_time_minute;
char valid_days_of_week;
char reserved2;
} role_header;
/*--------------------------------------------------------------*/
/* Structure for defining aggregate roles */
/*--------------------------------------------------------------*/
struct aggregate_role
{
long number;
long reserved;
} aggregate_role_header;
/*--------------------------------------------------------------*/
/* Structures for defining the access control points in a role */
/*--------------------------------------------------------------*/
struct access_control_points_header
{
short number_segments; /* Number of segments of */
/* the access points map */
short reserved;
} access_control_points_header;
struct access_control_points_segment_header
{
short start_bit; /* Starting bit in this */
/* segment. */
short end_bit; /* Ending bit */
short number_bytes; /* Number of bytes in */
/* this segment */
short reserved;
} access_control_points_segment_header;
/*-------------------------------------------------------------------*/
/* Default role - access control points list - */
/* authorized to everything */
/* */
/* For access control points 0x01 - 0x127 */
/*-------------------------------------------------------------------*/
char default_bitmap[] =
{ 0x00, 0x03, 0xF0, 0xFD, 0x80, 0x00, 0x30, 0x00,
0x80, 0x00, 0x19, 0x00, 0xC0, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x2F, 0x71, 0x10,
0x18, 0x04, 0x03, 0x31, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0xFF, 0xFF, 0x80};
/*-------------------------------------------------------------------*/
/* For access control points 0x200 - 0x23F */
/*-------------------------------------------------------------------*/
char default2_bitmap[] =
{ 0xF8, 0x00, 0x7F, 0xFF, 0x7F, 0xFF, 0xE6, 0x0F };
unsigned char * verb_data2;
unsigned char * work_ptr;
int i; /* Loop counter */
/*--------------------------------------------------------------*/
/* Start of code */
/*--------------------------------------------------------------*/
/*--------------------------------------------------------------*/
/* Allocate storage for the aggregate role structure */
/*--------------------------------------------------------------*/
verb_data2 = malloc(sizeof(aggregate_role_header) +
sizeof(role_header) +
sizeof(access_control_points_header) +
sizeof(access_control_points_segment_header)
* 2 +
sizeof(default_bitmap) +
sizeof(default2_bitmap));
work_ptr = verb_data2; /* Set up work pointer */
aggregate_role_header.number = 1; /* Define/replace 1 role */
aggregate_role_header.reserved = 0; /* Initialize reserved field*/
/* Copy header to verb_data2
storage. */
memcpy(work_ptr,(void*)&aggregate_role_header,
sizeof(aggregate_role_header));
work_ptr += sizeof(aggregate_role_header); /* Set work pointer
after role header */
/*--------------------------------------------------------------*/
/* Fill in the fields of the role definition. */
/*--------------------------------------------------------------*/
role_header.version[0] = 1; /* Version 1 role */
role_header.version[1] = 0;
/* Set length of the role */
role_header.length = sizeof(role_header)
+ sizeof(access_control_points_header)
+ 2 *
sizeof(access_control_points_segment_header)
+ sizeof(default_bitmap)
+ sizeof(default2_bitmap);
role_header.checksum = 0; /* Checksum is not used */
role_header.reserved1 = 0; /* Reserved must be 0 */
role_header.auth_strength = 0; /* Authentication strength */
/* is set to 0. */
/* Lower time is 00:00 */
role_header.lower_time_hour = 0;
role_header.lower_time_minute = 0;
/* Upper time is 23:59 */
role_header.upper_time_hour = 23;
role_header.upper_time_minute = 59;
role_header.valid_days_of_week = 0xFE; /* Valid every day */
/* 7 bits - 1 bit each day */
role_header.reserved2 = 0; /* Reserved must be 0 */
/* Role is DEFAULT */
/* expressed in ASCII */
memcpy(role_header.role, "\x44\x45\x46\x41\x55\x4C\x54\x20", 8);
memset(role_header.comment,' ',20); /* No description for role */
/*---------------------------------------------------*/
/* Copy role header into verb_data2 storage */
/*---------------------------------------------------*/
memcpy(work_ptr,(void*)&role_header, sizeof(role_header));
work_ptr += sizeof(role_header);
/*---------------------------------------------------*/
/* Set up access control points header and then */
/* copy it into verb_data2 storage. */
/*---------------------------------------------------*/
access_control_points_header.number_segments = 2;
access_control_points_header.reserved = 0;
access_control_points_segment_header.reserved = 0;
memcpy(work_ptr,
(void *)&access_control_points_header,
sizeof(access_control_points_header));
/* Adjust work_ptr to point to the
first segment */
work_ptr += sizeof(access_control_points_header);
/*---------------------------------------------------*/
/* Set up the segment header for segment 1 and then */
/* copy into verb_data2 storage */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0;
access_control_points_segment_header.end_bit = 0x127;
access_control_points_segment_header.number_bytes =
sizeof(default_bitmap);
memcpy(work_ptr,
(void *)&access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work_ptr to point to the
first segment bitmap */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, default_bitmap, sizeof(default_bitmap));
/* Adjust work_ptr to point to the
second segment */
work_ptr += sizeof(default_bitmap);
/*---------------------------------------------------*/
/* Set up the segment header for segment 2 and then */
/* copy into verb_data2 storage */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0x200;
access_control_points_segment_header.end_bit = 0x23F;
access_control_points_segment_header.number_bytes =
sizeof(default2_bitmap);
memcpy(work_ptr,
(void *)&access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work_ptr to point to the
second segment bitmap */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 2 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, default2_bitmap, sizeof(default2_bitmap));
/*---------------------------------------------------*/
/* Set the length of verb data 2 (Role definition) */
/*---------------------------------------------------*/
verb_data2_length = sizeof(aggregate_role_header) +
role_header.length;
/*---------------------------------------------------*/
/* Set remaining parameters */
/*---------------------------------------------------*/
rule_array_count = 2;
memcpy(rule_array, "INIT-AC REPLACE ", 16);
verb_data1_length = 0;
/*------------------------------------------------------*/
/* Call Access_Control_Initialize (CSUAACI) to set the */
/* default role. */
/*------------------------------------------------------*/
CSUAACI( &return_code,
&reason_code,
&exit_data_length,
exit_data,
&rule_array_count,
(unsigned char *)rule_array,
&verb_data1_length,
(unsigned char *) verb_data1,
&verb_data2_length,
verb_data2);
if (return_code > 4)
printf("The default role was not replaced. Return/reason code:\
%d/%d\n",return_code, reason_code);
else
printf("The default role was successfully updated.\n");
}