friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcimporttsstxt.htm

316 lines
14 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: IMPORTing keys" />
<meta name="abstract" content="Change this program example to suit your needs for completing the migration of the key store files." />
<meta name="description" content="Change this program example to suit your needs for completing the migration of the key store files." />
<meta name="DC.Relation" scheme="URI" content="rzajcmigrateprpq.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="importtsstxt" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: IMPORTing keys</title>
</head>
<body id="importtsstxt"><a name="importtsstxt"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: IMPORTing keys</h1>
<div><p>Change this program example to suit your needs for completing the
migration of the key store files.</p>
<div class="section"><p>This is step two. If you have not already done so, run the <a href="rzajcexporttsstxt.htm#exporttsstxt">Example: EXPORTing keys</a> program to begin the migration
process.</p>
<div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre>/*---------------------------------------------------------------*/
/* Description: One of two programs used to migrate DES keys */
/* from a key store file used with the 2620 to a */
/* key store file for use with the card. */
/* */
/* Note: This program is intended to be used in conjunction with */
/* EXPORT_TSS to migrate DES keys from 2620. */
/* EXPORT_TSS should be run first to generate a file */
/* containing the needed key information in a secure, */
/* exportable form. The file should then be transferred */
/* to the target system. IMPORT_TSS can then be run using */
/* the file to import the keys into a previously created */
/* key storage file. */
/* */
/* */
/* COPYRIGHT 5769-SS1 (c) IBM Corp 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these programs. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* Parameters: File containing exported key information */
/* */
/* Examples: */
/* CALL PGM(IMPORT_TSS) PARM('Exported_Key_File') */
/* */
/* Note: The CCA verbs used in the this program are more fully */
/* described in the IBM CCA Basic Services Reference */
/* and Guide (SC31-8609) publication. */
/* */
/* Note: This program assumes the card you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* This program also assumes the key store file you will */
/* use is already identified either by being specified on */
/* the cryptographic device or has been explicitly named */
/* using the Key_Store_Designate verb. Also you must be */
/* authorized to update records in this file. */
/* */
/* Use the following commands to compile this program: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(IMPORT_TSS) SRCFILE(SAMPLE) */
/* CRTPGM PGM(IMPORT_TSS) MODULE(IMPORT_TSS) */
/* BNDSRVPGM(QCCA/CSNBKRC QCCA/CSNBKIM QCCA/CSNBKPI) */
/* */
/* Note: authority to the CSNBKIM, CSNBKPI, and CSNBKRC */
/* service programs in the QCCA library is assumed. */
/* */
/* Common Cryptographic Architecture (CCA) verbs used: */
/* Key_Import CSNBKIM */
/* Key_Record_Create CSNBKRC */
/* Key_Part_Import CSNBKPI */
/*---------------------------------------------------------------*/
#include &lt;stdlib.h&gt;
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
/*---------------------------------------------------------------*/
/* Structure defining the DES key token for internal keys. This */
/* structure is used in the creation of the importer key- */
/* encrypting key. For more information on the fields in this */
/* structure, see the IBM CCA Basic Services Reference and */
/* Guide (SC31-8609-01), Appendix B and C. */
/*---------------------------------------------------------------*/
struct DES_key_token {
char type; /* Set to 0x01 for 'internal' */
char resv1; /* Reserved (set to binary zero) */
char mkvp[2]; /* Master Key Verification Pattern */
char version; /* Version. Will be set to 0x03. */
char resv2; /* Reserved (set to binary zero) */
char flag; /* Flag */
char resv3; /* Reserved (set to binary zero) */
char resv4[8]; /* Reserved (set to binary zero) */
char key1[8]; /* Single length encrypted key or
left half of double length
encrypted key. */
char key2[8]; /* Null or right half of double
length encrypted key */
int cvb1[2]; /* Control-vector base */
int cvb2[2]; /* Null or control vector base for
the 2nd eight-byte portion of a
16-byte key */
char resv5[12]; /* Reserved (set to binary zero) */
int tvv; /* Token-validation value */
};
int main(int argc, char *argv[])
{
/*-----------------------------------------------------------*/
/* standard return codes */
/*-----------------------------------------------------------*/
#define ERROR -1
#define OK 0
/*-----------------------------------------------------------*/
/* standard CCA parameters */
/*-----------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length = 0;
char exit_data[2];
long rule_array_count = 0;
char rule_array[2][8];
/*-----------------------------------------------------------*/
/* additional parameters required for CSNBKRC and CSNBKIM */
/*-----------------------------------------------------------*/
char import_key_label[64];
char import_key_token[64];
/*-----------------------------------------------------------*/
/* additional parameters required for CSNBKPI */
/*-----------------------------------------------------------*/
struct DES_key_token importer_kt;
char importer_key_token[64];
char key_type[8];
char key_part[16];
/*---------------------------------------------------*/
/* Other variables */
/*---------------------------------------------------*/
long num_rec = 0, i;
long num_imported = 0;
FILE *import_file;
printf("\n\n");
/* Check input parm */
if (argc &lt; 2)
{
printf("File containing the exported key data not specified.\n");
return ERROR;
}
/* Generate a clear key for import use. */
/* Initialize the importer key token. */
memset(&amp;importer_kt,0x00,sizeof(struct DES_key_token));
importer_kt.type = 0x01;
importer_kt.version = 0x03;
importer_kt.flag = 0x40; /* Indicates control vector is present */
importer_kt.cvb1[0] = 0x00427d00;
importer_kt.cvb1[1] = 0x03480000;
importer_kt.cvb2[0] = 0x00427d00;
importer_kt.cvb2[1] = 0x03280000;
importer_kt.tvv = 0x0af53a00;
/* Initialize parameters for the first pass */
rule_array_count = 1;
memcpy(rule_array[0],"FIRST ",8);
memset(key_part,0x01,16);
for(i=1;i&lt;=2;i++) {
CSNBKPI( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
(char *) exit_data,
&amp;rule_array_count,
(char *) rule_array,
key_part,
(char *) &amp;importer_kt);
if (return_code != 0) {
printf("Building of the importer key failed.\n");
printf("Key Part Import failed.");
printf("Return/reason codes = %d/%d\n",return_code, reason_code);
return ERROR;
}
else if ( i == 1) {
/* Init variables for the final pass */
memcpy(rule_array[0],"LAST ",8);
/* Set key part to the clear key to be used. */
memcpy(key_part,"ClEar.KEY.hErE!!",16);
}
}
/* Import key built successfully. */
printf("Importer key built successfully.\n\n");
/* Open the Exported Key file. */
import_file = fopen(argv[1], "rb");
if (import_file == NULL)
{ /* Open failed. */
printf("The open of the Exported Key file failed\n");
return ERROR;
}
/* Import Key file open was successful. */
fread(&amp;num_rec,sizeof(num_rec),1,import_file);
/* Loop through the entries in the import file and create key records. */
for (i = 1; i &lt;= num_rec; i++)
{
fread(import_key_label, 1, 64, import_file);
fread(import_key_token, 1, 64, import_file);
printf("Importing DES key:\n");
printf(" \"%.64s\"\n",import_key_label);
/* Create a key record. */
CSNBKRC(&amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
import_key_label);
if (return_code != 0)
{
printf(" Key record creation failed. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
continue;
}
/* Else, key record created successfully so import the key. */
memcpy(key_type,"TOKEN ",8);
CSNBKIM( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
key_type,
import_key_token,
(char *) &amp;importer_kt,
import_key_label);
if (return_code != 0)
{
printf(" Key import failed. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
continue;
}
/* else, Key import was a success. */
printf(" Key imported successfully. ");
printf("Return/reason codes = %d/%d\n\n",return_code,reason_code);
++num_imported;
} /* end of for loop */
printf("\nCompleted key import procedure.\n");
printf("%d of %d key(s) successfully imported.\n\n",num_imported,num_rec);
fclose(import_file);
return OK;
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcmigrateprpq.htm" title="If you currently use the Common Cryptographic Architecture (CCA) Services for OS/400 (5799-FRF), you can migrate the keys in the key store file so that your Cryptographic Coprocessor can use them. The Coprocessor uses the migrated keys with the CCA Cryptographic Service Provider (CCA CSP, which is packaged as i5/OS Option 35).">Migrate key store files from the IBM CCA Services for OS/400 PRPQ</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink