/*************************************************************************
*
* C h k F i p s M o d e
* If arg=="true", verify FIPS mode is enabled on the internal module.
* If arg=="false", verify FIPS mode is disabled on the internal module.
*/
Error
ChkFipsMode(char *arg)
{
if (!PORT_Strcasecmp(arg, "true")) {
if (PK11_IsFIPS()) {
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
} else {
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
return FIPS_SWITCH_FAILED_ERR;
}
} else if (!PORT_Strcasecmp(arg, "false")) {
if (!PK11_IsFIPS()) {
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
} else {
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
return FIPS_SWITCH_FAILED_ERR;
}
} else {
PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
return INVALID_FIPS_ARG;
}
return SUCCESS;
}
/*************************************************************************
*
* F i p s M o d e
* If arg=="true", enable FIPS mode on the internal module. If arg=="false",
* disable FIPS mode on the internal module.
*/
Error
FipsMode(char *arg)
{
char *internal_name;
if (!PORT_Strcasecmp(arg, "true")) {
if (!PK11_IsFIPS()) {
internal_name = PR_smprintf("%s",
SECMOD_GetInternalModule()->commonName);
if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
PR_smprintf_free(internal_name);
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
PR_smprintf_free(internal_name);
if (!PK11_IsFIPS()) {
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
} else {
PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
return FIPS_ALREADY_ON_ERR;
}
} else if (!PORT_Strcasecmp(arg, "false")) {
if (PK11_IsFIPS()) {
internal_name = PR_smprintf("%s",
SECMOD_GetInternalModule()->commonName);
if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
PR_smprintf_free(internal_name);
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
PR_smprintf_free(internal_name);
if (PK11_IsFIPS()) {
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
} else {
PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
return FIPS_ALREADY_OFF_ERR;
}
} else {
PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
return INVALID_FIPS_ARG;
}
return SUCCESS;
}
PK11SlotInfo *lsw_nss_get_authenticated_slot(lsw_nss_buf_t err)
{
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
if (slot == NULL) {
snprintf(err, sizeof(lsw_nss_buf_t), "no internal key slot");
return NULL;
}
if (PK11_IsFIPS() || PK11_NeedLogin(slot)) {
SECStatus status = PK11_Authenticate(slot, PR_FALSE,
lsw_return_nss_password_file_info());
if (status != SECSuccess) {
const char *token = PK11_GetTokenName(slot);
snprintf(err, sizeof(lsw_nss_buf_t), "authentication of \"%s\" failed", token);
PK11_FreeSlot(slot);
return NULL;
}
}
return slot;
}
void nss_symkey_log(PK11SymKey *key, const char *msg)
{
if (key != NULL) {
DBG(DBG_CRYPT, DBG_log("computed key %s with length =%d", msg,
PK11_GetKeyLength(key)));
} else {
DBG_log("NULL key %s", msg);
}
if (!PK11_IsFIPS()) {
if (key != NULL) {
SECStatus status = PK11_ExtractKeyValue(key);
PR_ASSERT(status == SECSuccess);
SECItem *keydata = PK11_GetKeyData(key);
DBG(DBG_CRYPT, DBG_dump("value: ", keydata->data,
keydata->len));
/* SECITEM_FreeItem(keydata, PR_TRUE); */
}
}
}
/*
* generate an RSA signature key
*
* e is fixed at 3, without discussion. That would not be wise if these
* keys were to be used for encryption, but for signatures there are some
* real speed advantages.
* See also: https://www.imperialviolet.org/2012/03/16/rsae.html
*/
void rsasigkey(int nbits, int seedbits, const struct lsw_conf_options *oco)
{
PK11RSAGenParams rsaparams = { nbits, (long) F4 };
PK11SlotInfo *slot = NULL;
SECKEYPrivateKey *privkey = NULL;
SECKEYPublicKey *pubkey = NULL;
realtime_t now = realnow();
lsw_nss_buf_t err;
if (!lsw_nss_setup(oco->nssdir, 0, lsw_nss_get_password, err)) {
fprintf(stderr, "%s: %s\n", progname, err);
exit(1);
}
#ifdef FIPS_CHECK
if (PK11_IsFIPS() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS HMAC integrity verification test failed.\n");
exit(1);
}
#endif
/* Good for now but someone may want to use a hardware token */
slot = lsw_nss_get_authenticated_slot(err);
if (slot == NULL) {
fprintf(stderr, "%s: %s\n", progname, err);
lsw_nss_shutdown();
exit(1);
}
/* Do some random-number initialization. */
UpdateNSS_RNG(seedbits);
privkey = PK11_GenerateKeyPair(slot,
CKM_RSA_PKCS_KEY_PAIR_GEN,
&rsaparams, &pubkey,
PR_TRUE,
PK11_IsFIPS() ? PR_TRUE : PR_FALSE,
lsw_return_nss_password_file_info());
/* inTheToken, isSensitive, passwordCallbackFunction */
if (privkey == NULL) {
fprintf(stderr,
"%s: key pair generation failed: \"%d\"\n", progname,
PORT_GetError());
return;
}
chunk_t public_modulus = {
.ptr = pubkey->u.rsa.modulus.data,
.len = pubkey->u.rsa.modulus.len,
};
chunk_t public_exponent = {
.ptr = pubkey->u.rsa.publicExponent.data,
.len = pubkey->u.rsa.publicExponent.len,
};
char *hex_ckaid;
{
SECItem *ckaid = PK11_GetLowLevelKeyIDForPrivateKey(privkey);
if (ckaid == NULL) {
fprintf(stderr, "%s: 'CKAID' calculation failed\n", progname);
exit(1);
}
hex_ckaid = strdup(conv(ckaid->data, ckaid->len, 16));
SECITEM_FreeItem(ckaid, PR_TRUE);
}
/*privkey->wincx = &pwdata;*/
PORT_Assert(pubkey != NULL);
fprintf(stderr, "Generated RSA key pair with CKAID %s was stored in the NSS database\n",
hex_ckaid);
/* and the output */
libreswan_log("output...\n"); /* deliberate extra newline */
printf("\t# RSA %d bits %s %s", nbits, outputhostname,
ctime(&now.rt.tv_sec));
/* ctime provides \n */
printf("\t# for signatures only, UNSAFE FOR ENCRYPTION\n");
printf("\t#ckaid=%s\n", hex_ckaid);
/* RFC2537/RFC3110-ish format */
{
char *base64 = NULL;
err_t err = rsa_pubkey_to_base64(public_exponent, public_modulus, &base64);
if (err) {
fprintf(stderr, "%s: unexpected error encoding RSA public key '%s'\n",
progname, err);
exit(1);
}
printf("\t#pubkey=%s\n", base64);
pfree(base64);
}
printf("\tModulus: 0x%s\n", conv(public_modulus.ptr, public_modulus.len, 16));
printf("\tPublicExponent: 0x%s\n", conv(public_exponent.ptr, public_exponent.len, 16));
if (hex_ckaid != NULL)
free(hex_ckaid);
if (privkey != NULL)
SECKEY_DestroyPrivateKey(privkey);
if (pubkey != NULL)
SECKEY_DestroyPublicKey(pubkey);
lsw_nss_shutdown();
}
/*
* lsw_random - get some random bytes from /dev/random (or wherever)
* NOTE: This is only used for additional seeding of the NSS RNG
*/
void lsw_random(size_t nbytes, unsigned char *buf)
{
size_t ndone;
int dev;
ssize_t got;
dev = open(device, 0);
if (dev < 0) {
fprintf(stderr, "%s: could not open %s (%s)\n", progname,
device, strerror(errno));
exit(1);
}
ndone = 0;
libreswan_log("getting %d random seed bytes for NSS from %s...\n",
(int) nbytes * BITS_PER_BYTE, device);
while (ndone < nbytes) {
got = read(dev, buf + ndone, nbytes - ndone);
if (got < 0) {
fprintf(stderr, "%s: read error on %s (%s)\n", progname,
device, strerror(errno));
exit(1);
}
if (got == 0) {
fprintf(stderr, "%s: eof on %s!?!\n", progname, device);
exit(1);
}
ndone += got;
}
close(dev);
}
/*
- conv - convert bits to output in specified datatot format
* NOTE: result points into a STATIC buffer
*/
static const char *conv(const unsigned char *bits, size_t nbytes, int format)
{
static char convbuf[MAXBITS / 4 + 50]; /* enough for hex */
size_t n;
n = datatot(bits, nbytes, format, convbuf, sizeof(convbuf));
if (n == 0) {
fprintf(stderr, "%s: can't-happen convert error\n", progname);
exit(1);
}
if (n > sizeof(convbuf)) {
fprintf(stderr,
"%s: can't-happen convert overflow (need %d)\n",
progname, (int) n);
exit(1);
}
return convbuf;
}
/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
log_to_stderr = FALSE;
tool_init_log("ipsec rsasigkey");
int opt;
int nbits = 0;
int seedbits = DEFAULT_SEED_BITS;
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'n':
case 'p':
fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n",
progname);
break;
case 'v': /* verbose description */
log_to_stderr = TRUE;
break;
case 'r':
fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material",
progname);
/* FALLTHROUGH */
case 'S': /* nonstandard random device for seed */
device = optarg;
break;
case 'H': /* set hostname for output */
{
size_t full_len = strlen(optarg);
bool oflow = sizeof(outputhostname) - 1 < full_len;
size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
memcpy(outputhostname, optarg, copy_len);
outputhostname[copy_len] = '\0';
}
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", progname, ipsec_version_code());
exit(0);
break;
case 'c': /* obsoleted by --nssdir|-d */
case 'd': /* -d is used for nssdirdir with nss tools */
lsw_conf_nssdir(optarg);
break;
case 'P': /* token authentication password */
lsw_conf_nsspassword(optarg);
break;
case 's': /* seed bits */
seedbits = atoi(optarg);
if (PK11_IsFIPS()) {
if (seedbits < DEFAULT_SEED_BITS) {
fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n",
progname, DEFAULT_SEED_BITS);
exit(1);
}
}
break;
case '?':
default:
printf("Usage:\t%s\n", usage);
exit(2);
}
if (outputhostname[0] == '\0') {
if (gethostname(outputhostname, sizeof(outputhostname)) < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
progname,
strerror(errno));
exit(1);
}
}
/*
* RSA-PSS requires keysize to be a multiple of 8 bits
* (see PCS#1 v2.1).
* We require a multiple of 16. (??? why?)
*/
if (argv[optind] == NULL) {
/* default keysize: a multiple of 16 in [3072,4096) */
srand(time(NULL));
nbits = 3072 + 16 * (rand() % (1024 / 16));
} else {
unsigned long u;
err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: keysize specification is malformed: %s\n",
progname, ugh);
exit(1);
}
nbits = u;
}
if (nbits < MIN_KEYBIT ) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too small - use %d or more\n",
progname, nbits, MIN_KEYBIT);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too large - (max %d)\n",
progname, nbits, MAXBITS);
exit(1);
} else if (nbits % (BITS_PER_BYTE * 2) != 0) {
fprintf(stderr,
"%s: requested RSA key size (%d) is not a multiple of %d\n",
progname, nbits, (int)BITS_PER_BYTE * 2);
exit(1);
}
/*
* Don't fetch the config options until after they have been
* processed, and really are "constant".
*/
const struct lsw_conf_options *oco = lsw_init_options();
rsasigkey(nbits, seedbits, oco);
exit(0);
}
int main(int argc, char **argv)
{
#if 0
NSS_NoDB_Init(".");
if (!test_aes_cbc(&algo_aes_cbc)) {
printf("aes-cbc failed\n");
}
if (!test_camellia_cbc(&algo_camellia_cbc)) {
printf("camellia-cbc failed\n");
}
if (!test_aes_ctr(&algo_aes_ctr)) {
printf("aes-ctr failed\n");
}
exit(0);
#endif
int lockfd;
/*
* We read the intentions for how to log from command line options
* and the config file. Then we prepare to be able to log, but until
* then log to stderr (better then nothing). Once we are ready to
* actually do loggin according to the methods desired, we set the
* variables for those methods
*/
bool log_to_stderr_desired = FALSE;
bool log_to_file_desired = FALSE;
{
int i;
/* MUST BE BEFORE ANY allocs */
for (i = 1; i < argc; ++i) {
if (streq(argv[i], "--leak-detective"))
leak_detective = TRUE;
}
}
pluto_name = argv[0];
coredir = clone_str("/var/run/pluto", "coredir in main()");
pluto_vendorid = clone_str(ipsec_version_vendorid(), "vendorid in main()");
unsigned int keep_alive = 0;
/* Overridden by virtual_private= in ipsec.conf */
char *virtual_private = NULL;
libreswan_passert_fail = passert_fail;
/* handle arguments */
for (;; ) {
/*
* Note: we don't like the way short options get parsed
* by getopt_long, so we simply pass an empty string as
* the list. It could be "hvdenp:l:s:" "NARXPECK".
*/
int longindex = -1;
int c = getopt_long(argc, argv, "", long_opts, &longindex);
const char *optname = NULL;
err_t ugh = NULL; /* complaint from case */
unsigned long u = 0; /* scratch for case */
if (longindex != -1) {
const char *optmeta;
optname = long_opts[longindex].name;
optmeta = optname + strlen(optname) + 1; /* after '\0' */
switch (optmeta[0]) {
case '_':
libreswan_log("warning: option \"--%s\" with '_' in its name is obsolete; use '-'",
optname);
break;
case '>':
libreswan_log("warning: option \"--%s\" is obsolete; use \"--%s\"",
optname, optmeta + 1);
break;
case '!':
libreswan_log("warning: option \"--%s\" is obsolete; ignored",
optname);
continue; /* ignore it! */
}
}
/* Note: "breaking" from case terminates loop */
switch (c) {
case EOF: /* end of flags */
break;
case 0:
/*
* Long option already handled by getopt_long.
* Not currently used since we always set flag to NULL.
*/
continue;
case ':': /* diagnostic already printed by getopt_long */
case '?': /* diagnostic already printed by getopt_long */
invocation_fail(NULL);
break;
case 'h': /* --help */
usage();
break; /* not actually reached */
case 'X': /* --leak-detective */
/*
* This flag was already processed at the start of main()
* because leak_detective must be immutable from before
* the first alloc().
* If this option is specified, we must have already
* set it at the start of main(), so assert it.
*/
passert(leak_detective);
continue;
case 'C': /* --coredir */
pfree(coredir);
coredir = clone_str(optarg, "coredir via getopt");
continue;
case 'V': /* --vendorid */
pfree(pluto_vendorid);
coredir = clone_str(optarg, "pluto_vendorid via getopt");
continue;
case 'S': /* --statsdir */
pfreeany(pluto_stats_binary);
pluto_stats_binary = clone_str(optarg, "statsbin");
continue;
case 'v': /* --version */
printf("%s%s\n", ipsec_version_string(),
compile_time_interop_options);
/* not exit_pluto because we are not initialized yet */
exit(0);
break; /* not actually reached */
case 'j': /* --nhelpers */
if (streq(optarg, "-1")) {
nhelpers = -1;
} else {
ugh = ttoulb(optarg, 0, 10, 1000, &u);
if (ugh != NULL)
break;
nhelpers = u;
}
continue;
case 'c': /* --seedbits */
pluto_nss_seedbits = atoi(optarg);
if (pluto_nss_seedbits == 0) {
printf("pluto: seedbits must be an integer > 0");
/* not exit_pluto because we are not initialized yet */
exit(PLUTO_EXIT_NSS_FAIL);
}
continue;
#ifdef HAVE_LABELED_IPSEC
case 'w': /* --secctx-attr-type */
ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u);
if (ugh != NULL)
break;
if (u != SECCTX && u != ECN_TUNNEL_or_old_SECCTX) {
ugh = "must be a positive 32001 (default) or 10 (for backward compatibility)";
break;
}
secctx_attr_type = u;
continue;
#endif
case 'd': /* --nofork*/
fork_desired = FALSE;
continue;
case 'e': /* --stderrlog */
log_to_stderr_desired = TRUE;
continue;
case 'g': /* --logfile */
pluto_log_file = optarg;
log_to_file_desired = TRUE;
continue;
case 't': /* --log-no-time */
log_with_timestamp = FALSE;
continue;
case '7': /* --log-no-append */
log_append = FALSE;
continue;
case '8': /* --drop-oppo-null */
pluto_drop_oppo_null = TRUE;
continue;
case '9': /* --expire-bare-shunt <interval> */
ugh = ttoulb(optarg, 0, 10, 1000, &u);
if (ugh != NULL)
break;
bare_shunt_interval = u;
continue;
case 'k': /* --use-klips */
kern_interface = USE_KLIPS;
continue;
case 'L': /* --listen ip_addr */
{
ip_address lip;
err_t e = ttoaddr(optarg, 0, AF_UNSPEC, &lip);
if (e != NULL) {
/*
*??? should we continue on failure?
* If not, use ugh mechanism.
*/
libreswan_log(
"invalid listen argument ignored: %s\n",
e);
} else {
pluto_listen =
clone_str(optarg, "pluto_listen");
libreswan_log(
"bind() will be filtered for %s\n",
pluto_listen);
}
}
continue;
case 'M': /* --use-mast */
kern_interface = USE_MASTKLIPS;
continue;
case 'F': /* --use-bsdkame */
kern_interface = USE_BSDKAME;
continue;
case 'K': /* --use-netkey */
kern_interface = USE_NETKEY;
continue;
case 'n': /* --use-nostack */
kern_interface = NO_KERNEL;
continue;
case 'D': /* --force-busy */
pluto_ddos_mode = DDOS_FORCE_BUSY;
continue;
case 'U': /* --force-unlimited */
pluto_ddos_mode = DDOS_FORCE_UNLIMITED;
continue;
case 'Z': /* --curl-iface */
curl_iface = optarg;
continue;
case 'I': /* --curl-timeout */
ugh = ttoulb(optarg, 0, 10, 0xFFFF, &u);
if (ugh != NULL)
break;
if (u <= 0) {
ugh = "must not be < 1";
break;
}
curl_timeout = u;
continue;
case 'r': /* --strictcrlpolicy */
strict_crl_policy = TRUE;
continue;
case 'o':
strict_ocsp_policy = TRUE;
continue;
case 'O':
ocsp_enable = TRUE;
continue;
case 'Y':
ocsp_default_uri = optarg;
continue;
case 'J':
ocsp_trust_name = optarg;
continue;
case 'T': /* --ocsp_timeout <seconds> */
ugh = ttoulb(optarg, 0, 10, 0xFFFF, &u);
if (ugh != NULL)
break;
if (u == 0) {
ugh = "must not be 0";
break;
}
ocsp_timeout = u;
continue;
case 'x': /* --crlcheckinterval <seconds> */
ugh = ttoulb(optarg, 0, 10, TIME_T_MAX, &u);
if (ugh != NULL)
break;
crl_check_interval = deltatime(u);
continue;
case 'u': /* --uniqueids */
uniqueIDs = TRUE;
continue;
case 'i': /* --interface <ifname|ifaddr> */
if (!use_interface(optarg)) {
ugh = "too many --interface specifications";
break;
}
continue;
/*
* This option does not really work, as this is the "left"
* site only, you also need --to --ikeport again later on
* It will result in: yourport -> 500, still not bypassing
* filters
*/
case 'p': /* --ikeport <portnumber> */
ugh = ttoulb(optarg, 0, 10, 0xFFFF, &u);
if (ugh != NULL)
break;
if (u == 0) {
ugh = "must not be 0";
break;
}
pluto_port = u;
continue;
case 'q': /* --natikeport <portnumber> */
ugh = ttoulb(optarg, 0, 10, 0xFFFF, &u);
if (ugh != NULL)
break;
if (u == 0) {
ugh = "must not be 0";
break;
}
pluto_nat_port = u;
continue;
case 'b': /* --ctlbase <path> */
/*
* ??? work to be done here:
*
* snprintf returns the required space if there
* isn't enough, not -1.
* -1 indicates another kind of error.
*
* This appears to be the only place where the
* ctlbase value is used yet it is set elsewhere.
* (This isn't clear -- it may be OK.)
*/
ctlbase = optarg;
if (snprintf(ctl_addr.sun_path,
sizeof(ctl_addr.sun_path),
"%s%s", ctlbase, CTL_SUFFIX) == -1) {
ugh = "<path>" CTL_SUFFIX " too long for sun_path";
break;
}
if (snprintf(info_addr.sun_path,
sizeof(info_addr.sun_path),
"%s%s", ctlbase, INFO_SUFFIX) == -1) {
ugh = "<path>" INFO_SUFFIX " too long for sun_path";
break;
}
if (snprintf(pluto_lock, sizeof(pluto_lock),
"%s%s", ctlbase, LOCK_SUFFIX) == -1) {
ugh = "<path>" LOCK_SUFFIX " must fit";
break;
}
continue;
case 's': /* --secretsfile <secrets-file> */
lsw_conf_secretsfile(optarg);
continue;
case 'f': /* --ipsecdir <ipsec-dir> */
lsw_init_ipsecdir(optarg);
continue;
case 'N': /* --debug-none */
base_debugging = DBG_NONE;
continue;
case 'A': /* --debug-all */
base_debugging = DBG_ALL;
continue;
case 'P': /* --perpeerlogbase */
base_perpeer_logdir = optarg;
continue;
case 'l': /* --perpeerlog */
log_to_perpeer = TRUE;
continue;
case '2': /* --keep-alive <delay_secs> */
ugh = ttoulb(optarg, 0, 10, secs_per_day, &u);
if (ugh != NULL)
break;
keep_alive = u;
continue;
case '5': /* --debug-nat-t */
base_debugging |= DBG_NATT;
continue;
case '6': /* --virtual-private */
virtual_private = optarg;
continue;
case 'z': /* --config */
{
/*
* Config struct to variables mapper. This will
* overwrite all previously set options. Keep this
* in the same order as long_opts[] is.
*/
struct starter_config *cfg = read_cfg_file(optarg);
/* leak */
set_cfg_string(&pluto_log_file,
cfg->setup.strings[KSF_PLUTOSTDERRLOG]);
if (pluto_log_file != NULL)
log_to_syslog = FALSE;
/* plutofork= no longer supported via config file */
log_with_timestamp =
cfg->setup.options[KBF_PLUTOSTDERRLOGTIME];
log_append = cfg->setup.options[KBF_PLUTOSTDERRLOGAPPEND];
pluto_drop_oppo_null = cfg->setup.options[KBF_DROP_OPPO_NULL];
pluto_ddos_mode = cfg->setup.options[KBF_DDOS_MODE];
if (cfg->setup.options[KBF_FORCEBUSY]) {
/* force-busy is obsoleted, translate to ddos-mode= */
pluto_ddos_mode = cfg->setup.options[KBF_DDOS_MODE] = DDOS_FORCE_BUSY;
}
/* ddos-ike-threshold and max-halfopen-ike */
pluto_ddos_threshold = cfg->setup.options[KBF_DDOS_IKE_THRESHOLD];
pluto_max_halfopen = cfg->setup.options[KBF_MAX_HALFOPEN_IKE];
strict_crl_policy =
cfg->setup.options[KBF_STRICTCRLPOLICY];
pluto_shunt_lifetime = deltatime(cfg->setup.options[KBF_SHUNTLIFETIME]);
strict_ocsp_policy =
cfg->setup.options[KBF_STRICTOCSPPOLICY];
ocsp_enable = cfg->setup.options[KBF_OCSPENABLE];
set_cfg_string(&ocsp_default_uri,
cfg->setup.strings[KSF_OCSPURI]);
ocsp_timeout = cfg->setup.options[KBF_OCSPTIMEOUT];
set_cfg_string(&ocsp_trust_name,
cfg->setup.strings[KSF_OCSPTRUSTNAME]);
crl_check_interval = deltatime(
cfg->setup.options[KBF_CRLCHECKINTERVAL]);
uniqueIDs = cfg->setup.options[KBF_UNIQUEIDS];
/*
* We don't check interfaces= here because that part
* has been dealt with in _stackmanager before we
* started
*/
set_cfg_string(&pluto_listen,
cfg->setup.strings[KSF_LISTEN]);
/* --ikeport */
pluto_port = cfg->setup.options[KBF_IKEPORT];
/* --nflog-all */
/* only causes nflog nmber to show in ipsec status */
pluto_nflog_group = cfg->setup.options[KBF_NFLOG_ALL];
/* only causes nflog nmber to show in ipsec status */
pluto_xfrmlifetime = cfg->setup.options[KBF_XFRMLIFETIME];
/* no config option: ctlbase */
/* --secrets */
if (cfg->setup.strings[KSF_SECRETSFILE] &&
*cfg->setup.strings[KSF_SECRETSFILE]) {
lsw_conf_secretsfile(cfg->setup.strings[KSF_SECRETSFILE]);
}
if (cfg->setup.strings[KSF_IPSECDIR] != NULL &&
*cfg->setup.strings[KSF_IPSECDIR] != 0) {
/* --ipsecdir */
lsw_init_ipsecdir(cfg->setup.strings[KSF_IPSECDIR]);
}
/* --perpeerlog */
log_to_perpeer = cfg->setup.options[KBF_PERPEERLOG];
if (log_to_perpeer) {
/* --perpeerlogbase */
if (cfg->setup.strings[KSF_PERPEERDIR]) {
set_cfg_string(&base_perpeer_logdir,
cfg->setup.strings[KSF_PERPEERDIR]);
} else {
base_perpeer_logdir = clone_str("/var/log/pluto/", "perpeer_logdir");
}
}
if (cfg->setup.strings[KSF_CURLIFACE]) {
pfreeany(curl_iface);
/* curl-iface= */
curl_iface = clone_str(cfg->setup.strings[KSF_CURLIFACE],
"curl-iface= via --config");
}
if (cfg->setup.options[KBF_CURLTIMEOUT])
curl_timeout = cfg->setup.options[KBF_CURLTIMEOUT];
if (cfg->setup.strings[KSF_DUMPDIR]) {
pfree(coredir);
/* dumpdir= */
coredir = clone_str(cfg->setup.strings[KSF_DUMPDIR],
"coredir via --config");
}
/* --vendorid */
if (cfg->setup.strings[KSF_MYVENDORID]) {
pfree(pluto_vendorid);
pluto_vendorid = clone_str(cfg->setup.strings[KSF_MYVENDORID],
"pluto_vendorid via --config");
}
/* no config option: pluto_adns_option */
if (cfg->setup.strings[KSF_STATSBINARY] != NULL) {
if (access(cfg->setup.strings[KSF_STATSBINARY], X_OK) == 0) {
pfreeany(pluto_stats_binary);
/* statsbin= */
pluto_stats_binary = clone_str(cfg->setup.strings[KSF_STATSBINARY], "statsbin via --config");
libreswan_log("statsbinary set to %s", pluto_stats_binary);
} else {
libreswan_log("statsbinary= '%s' ignored - file does not exist or is not executable",
pluto_stats_binary);
}
}
pluto_nss_seedbits = cfg->setup.options[KBF_SEEDBITS];
pluto_nat_port =
cfg->setup.options[KBF_NATIKEPORT];
keep_alive = cfg->setup.options[KBF_KEEPALIVE];
set_cfg_string(&virtual_private,
cfg->setup.strings[KSF_VIRTUALPRIVATE]);
nhelpers = cfg->setup.options[KBF_NHELPERS];
#ifdef HAVE_LABELED_IPSEC
secctx_attr_type = cfg->setup.options[KBF_SECCTX];
#endif
base_debugging = cfg->setup.options[KBF_PLUTODEBUG];
char *protostack = cfg->setup.strings[KSF_PROTOSTACK];
if (protostack == NULL || *protostack == '\0') {
kern_interface = USE_NETKEY;
} else if (streq(protostack, "none")) {
kern_interface = NO_KERNEL;
} else if (streq(protostack, "auto")) {
libreswan_log(
"The option protostack=auto is obsoleted, falling back to protostack=netkey\n");
kern_interface = USE_NETKEY;
} else if (streq(protostack, "klips")) {
kern_interface = USE_KLIPS;
} else if (streq(protostack, "mast")) {
kern_interface = USE_MASTKLIPS;
} else if (streq(protostack, "netkey") ||
streq(protostack, "native")) {
kern_interface = USE_NETKEY;
} else if (streq(protostack, "bsd") ||
streq(protostack, "kame") ||
streq(protostack, "bsdkame")) {
kern_interface = USE_BSDKAME;
} else if (streq(protostack, "win2k")) {
kern_interface = USE_WIN2K;
}
confread_free(cfg);
continue;
}
default:
if (DBG_OFFSET <= c &&
c < DBG_OFFSET + IMPAIR_roof_IX) {
base_debugging |= LELEM(c - DBG_OFFSET);
continue;
}
bad_case(c);
}
/* if ugh is set, bail with diagnostic */
if (ugh != NULL) {
char mess[200];
if (longindex == -1) {
snprintf(mess, sizeof(mess), "unknown option: %s",
ugh);
} else if (optarg == NULL) {
snprintf(mess, sizeof(mess), "--%s option: %s",
optname, ugh);
} else {
snprintf(mess, sizeof(mess), "--%s \"%s\" option: %s",
optname, optarg, ugh);
}
invocation_fail(mess);
}
break;
}
if (optind != argc)
invocation_fail("unexpected argument");
reset_debugging();
if (chdir(coredir) == -1) {
int e = errno;
libreswan_log("pluto: warning: chdir(\"%s\") to dumpdir failed (%d: %s)",
coredir, e, strerror(e));
}
oco = lsw_init_options();
lockfd = create_lock();
/* select between logging methods */
if (log_to_stderr_desired || log_to_file_desired)
log_to_syslog = FALSE;
if (!log_to_stderr_desired)
log_to_stderr = FALSE;
#if 0
if (kernel_ops->set_debug != NULL)
(*kernel_ops->set_debug)(cur_debugging, DBG_log, DBG_log);
#endif
/*
* create control socket.
* We must create it before the parent process returns so that
* there will be no race condition in using it. The easiest
* place to do this is before the daemon fork.
*/
{
err_t ugh = init_ctl_socket();
if (ugh != NULL) {
fprintf(stderr, "pluto: FATAL: %s", ugh);
exit_pluto(PLUTO_EXIT_SOCKET_FAIL);
}
}
/* If not suppressed, do daemon fork */
if (fork_desired) {
#if USE_DAEMON
if (daemon(TRUE, TRUE) < 0) {
fprintf(stderr, "pluto: FATAL: daemon failed (%d %s)\n",
errno, strerror(errno));
exit_pluto(PLUTO_EXIT_FORK_FAIL);
}
/*
* Parent just exits, so need to fill in our own PID
* file. This is racy, since the file won't be
* created until after the parent has exited.
*
* Since "ipsec start" invokes pluto with --nofork, it
* is probably safer to leave this feature disabled
* then implement it using the daemon call.
*/
(void) fill_lock(lockfd, getpid());
#elif USE_FORK
{
pid_t pid = fork();
if (pid < 0) {
int e = errno;
fprintf(stderr, "pluto: FATAL: fork failed (%d %s)\n",
errno, strerror(e));
exit_pluto(PLUTO_EXIT_FORK_FAIL);
}
if (pid != 0) {
/*
* parent: die, after filling PID into lock
* file.
* must not use exit_pluto: lock would be
* removed!
*/
exit(fill_lock(lockfd, pid) ? 0 : 1);
}
}
#else
fprintf(stderr, "pluto: FATAL: fork/daemon not supported\n");
exit_pluto(PLUTO_EXIT_FORK_FAIL);
#endif
if (setsid() < 0) {
int e = errno;
fprintf(stderr,
"FATAL: setsid() failed in main(). Errno %d: %s\n",
errno, strerror(e));
exit_pluto(PLUTO_EXIT_FAIL);
}
} else {
/* no daemon fork: we have to fill in lock file */
(void) fill_lock(lockfd, getpid());
if (isatty(fileno(stdout))) {
fprintf(stdout, "Pluto initialized\n");
fflush(stdout);
}
}
/*
* Close everything but ctl_fd and (if needed) stderr.
* There is some danger that a library that we don't know
* about is using some fd that we don't know about.
* I guess we'll soon find out.
*/
{
int i;
for (i = getdtablesize() - 1; i >= 0; i--) /* Bad hack */
if ((!log_to_stderr || i != 2) &&
i != ctl_fd)
close(i);
/* make sure that stdin, stdout, stderr are reserved */
if (open("/dev/null", O_RDONLY) != 0)
lsw_abort();
if (dup2(0, 1) != 1)
lsw_abort();
if (!log_to_stderr && dup2(0, 2) != 2)
lsw_abort();
}
init_constants();
init_pluto_constants();
pluto_init_log();
if (!pluto_init_nss(oco->nssdb)) {
loglog(RC_LOG_SERIOUS, "FATAL: NSS initialization failure");
exit_pluto(PLUTO_EXIT_NSS_FAIL);
}
libreswan_log("NSS crypto library initialized");
if (ocsp_enable) {
if (!init_nss_ocsp(ocsp_default_uri, ocsp_trust_name,
ocsp_timeout,
strict_ocsp_policy)) {
loglog(RC_LOG_SERIOUS, "Initializing NSS OCSP failed");
exit_pluto(PLUTO_EXIT_NSS_FAIL);
} else {
libreswan_log("NSS OCSP Enabled");
}
}
#ifdef HAVE_LIBCAP_NG
/*
* Drop capabilities - this generates a false positive valgrind warning
* See: http://marc.info/?l=linux-security-module&m=125895232029657
*
* We drop these after creating the pluto socket or else we can't
* create a socket if the parent dir is non-root (eg openstack)
*/
capng_clear(CAPNG_SELECT_BOTH);
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, CAP_NET_RAW,
CAP_IPC_LOCK, CAP_AUDIT_WRITE,
/* for google authenticator pam */
CAP_SETGID, CAP_SETUID,
CAP_DAC_READ_SEARCH,
-1);
/*
* We need to retain some capabilities for our children (updown):
* CAP_NET_ADMIN to change routes
* CAP_NET_RAW for iptables -t mangle
* CAP_DAC_READ_SEARCH for pam / google authenticator
*/
capng_updatev(CAPNG_ADD, CAPNG_BOUNDING_SET, CAP_NET_ADMIN, CAP_NET_RAW,
CAP_DAC_READ_SEARCH, -1);
capng_apply(CAPNG_SELECT_BOTH);
libreswan_log("libcap-ng support [enabled]");
#else
libreswan_log("libcap-ng support [disabled]");
#endif
#ifdef FIPS_CHECK
libreswan_log("FIPS HMAC integrity support [enabled]");
/*
* FIPS mode requires two conditions to be true:
* - FIPS Kernel mode: fips=1 kernel boot parameter
* - FIPS Product mode: See FIPSPRODUCTCHECK in Makefile.inc
* (in RHEL/Fedora, dracut-fips installs $FIPSPRODUCTCHECK)
*
* When FIPS mode, abort on self-check hmac failure. Otherwise, complain
*/
{
if (DBGP(IMPAIR_FORCE_FIPS)) {
libreswan_log("Forcing FIPS checks to true to emulate FIPS mode");
lsw_set_fips_mode(LSW_FIPS_ON);
}
enum lsw_fips_mode pluto_fips_mode = lsw_get_fips_mode();
bool nss_fips_mode = PK11_IsFIPS();
/*
* Now verify the consequences. Always run the tests
* as combinations such as NSS in fips mode but as out
* of it could be bad.
*/
switch (pluto_fips_mode) {
case LSW_FIPS_UNKNOWN:
loglog(RC_LOG_SERIOUS, "ABORT: pluto FIPS mode could not be determined");
exit_pluto(PLUTO_EXIT_FIPS_FAIL);
break;
case LSW_FIPS_ON:
libreswan_log("FIPS mode enabled for pluto daemon");
if (nss_fips_mode) {
libreswan_log("NSS library is running in FIPS mode");
} else {
loglog(RC_LOG_SERIOUS, "ABORT: pluto in FIPS mode but NSS library is not");
exit_pluto(PLUTO_EXIT_FIPS_FAIL);
}
break;
case LSW_FIPS_OFF:
libreswan_log("FIPS mode disabled for pluto daemon");
if (nss_fips_mode) {
loglog(RC_LOG_SERIOUS, "Warning: NSS library is running in FIPS mode");
}
break;
case LSW_FIPS_UNSET:
default:
bad_case(pluto_fips_mode);
}
/* always run hmac check so we can print diagnostic */
bool fips_files = FIPSCHECK_verify_files(fips_package_files);
if (fips_files) {
libreswan_log("FIPS HMAC integrity verification self-test passed");
} else {
loglog(RC_LOG_SERIOUS, "FIPS HMAC integrity verification self-test FAILED");
}
if (pluto_fips_mode == LSW_FIPS_ON && !fips_files) {
exit_pluto(PLUTO_EXIT_FIPS_FAIL);
}
}
#else
libreswan_log("FIPS HMAC integrity support [disabled]");
#endif
#ifdef USE_LINUX_AUDIT
linux_audit_init();
#else
libreswan_log("Linux audit support [disabled]");
#endif
{
const char *vc = ipsec_version_code();
libreswan_log("Starting Pluto (Libreswan Version %s%s) pid:%u",
vc, compile_time_interop_options, getpid());
}
libreswan_log("core dump dir: %s", coredir);
if (oco->secretsfile && *oco->secretsfile)
libreswan_log("secrets file: %s", oco->secretsfile);
libreswan_log(leak_detective ?
"leak-detective enabled" : "leak-detective disabled");
/* Check for SAREF support */
#ifdef KLIPS_MAST
#include <ipsec_saref.h>
{
int e, sk, saref;
saref = 1;
errno = 0;
sk = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
e = setsockopt(sk, IPPROTO_IP, IP_IPSEC_REFINFO, &saref,
sizeof(saref));
if (e == -1 )
libreswan_log("SAref support [disabled]: %s",
strerror(errno));
else
libreswan_log("SAref support [enabled]");
errno = 0;
e = setsockopt(sk, IPPROTO_IP, IP_IPSEC_BINDREF, &saref,
sizeof(saref));
if (e == -1 )
libreswan_log("SAbind support [disabled]: %s",
strerror(errno));
else
libreswan_log("SAbind support [enabled]");
close(sk);
}
#endif
libreswan_log("NSS crypto [enabled]");
#ifdef XAUTH_HAVE_PAM
libreswan_log("XAUTH PAM support [enabled]");
#else
libreswan_log("XAUTH PAM support [disabled]");
#endif
/* Log various impair-* functions if they were enabled */
if (DBGP(IMPAIR_BUST_MI2))
libreswan_log("Warning: IMPAIR_BUST_MI2 enabled");
if (DBGP(IMPAIR_BUST_MR2))
libreswan_log("Warning: IMPAIR_BUST_MR2 enabled");
if (DBGP(IMPAIR_SA_CREATION))
libreswan_log("Warning: IMPAIR_SA_CREATION enabled");
if (DBGP(IMPAIR_JACOB_TWO_TWO))
libreswan_log("Warning: IMPAIR_JACOB_TWO_TWO enabled");
if (DBGP(IMPAIR_DIE_ONINFO))
libreswan_log("Warning: IMPAIR_DIE_ONINFO enabled");
if (DBGP(IMPAIR_MAJOR_VERSION_BUMP))
libreswan_log("Warning: IMPAIR_MAJOR_VERSION_BUMP enabled");
if (DBGP(IMPAIR_MINOR_VERSION_BUMP))
libreswan_log("Warning: IMPAIR_MINOR_VERSION_BUMP enabled");
if (DBGP(IMPAIR_RETRANSMITS))
libreswan_log("Warning: IMPAIR_RETRANSMITS enabled");
if (DBGP(IMPAIR_SEND_BOGUS_ISAKMP_FLAG))
libreswan_log("Warning: IMPAIR_SEND_BOGUS_ISAKMP_FLAG enabled");
if (DBGP(IMPAIR_SEND_BOGUS_PAYLOAD_FLAG))
libreswan_log("Warning: IMPAIR_SEND_BOGUS_PAYLOAD_FLAG enabled");
if (DBGP(IMPAIR_SEND_IKEv2_KE))
libreswan_log("Warning: IMPAIR_SEND_IKEv2_KE enabled");
if (DBGP(IMPAIR_SEND_KEY_SIZE_CHECK))
libreswan_log("Warning: IMPAIR_SEND_KEY_SIZE_CHECK enabled");
if (DBGP(IMPAIR_SEND_NO_DELETE))
libreswan_log("Warning: IMPAIR_SEND_NO_DELETE enabled");
if (DBGP(IMPAIR_FORCE_FIPS))
libreswan_log("Warning: IMPAIR_FORCE_FIPS enabled");
if (DBGP(IMPAIR_SEND_NO_IKEV2_AUTH))
libreswan_log("Warning: IMPAIR_SEND_NO_IKEV2_AUTH enabled");
if (DBGP(IMPAIR_SEND_ZERO_GX))
libreswan_log("Warning: IMPAIR_SEND_ZERO_GX enabled");
if (DBGP(IMPAIR_SEND_BOGUS_DCOOKIE))
libreswan_log("Warning: IMPAIR_SEND_BOGUS_DCOOKIE enabled");
/* Initialize all of the various features */
init_nat_traversal(keep_alive);
init_virtual_ip(virtual_private);
/* obsoleted by nss code init_rnd_pool(); */
init_event_base();
init_secret();
init_states();
init_connections();
init_crypto();
init_crypto_helpers(nhelpers);
init_demux();
init_kernel();
init_id();
init_vendorid();
#if defined(LIBCURL) || defined(LDAP_VER)
init_fetch();
#endif
load_crls();
#ifdef HAVE_LABELED_IPSEC
init_avc();
#endif
daily_log_event();
#ifdef USE_SYSTEMD_WATCHDOG
pluto_sd_init();
#endif
call_server();
return -1; /* Shouldn't ever reach this */
}
bool lsw_nss_setup(const char *configdir, unsigned setup_flags,
PK11PasswordFunc get_password, lsw_nss_buf_t err)
{
/*
* save for cleanup
*/
flags = setup_flags;
/*
* According to the manual, not needed, and all parameters are
* ignored. Does no harm?
*/
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 1);
libreswan_log("Initializing NSS");
if (configdir) {
const char sql[] = "sql:";
char *nssdb;
if (strncmp(sql, configdir, strlen(sql)) == 0) {
nssdb = strdup(configdir);
} else {
nssdb = alloc_bytes(strlen(configdir) + strlen(sql) + 1, "nssdb");
strcpy(nssdb, sql);
strcat(nssdb, configdir);
}
libreswan_log("Opening NSS database \"%s\" %s", nssdb,
(flags & LSW_NSS_READONLY) ? "read-only" : "read-write");
SECStatus rv = NSS_Initialize(nssdb, "", "", SECMOD_DB,
(flags & LSW_NSS_READONLY) ? NSS_INIT_READONLY : 0);
if (rv != SECSuccess) {
snprintf(err, sizeof(lsw_nss_buf_t),
"Initialization of NSS with %s database \"%s\" failed (%d)",
(flags & LSW_NSS_READONLY) ? "read-only" : "read-write",
nssdb, PR_GetError());
pfree(nssdb);
return FALSE;
}
} else {
NSS_NoDB_Init(".");
}
if (PK11_IsFIPS() && get_password == NULL) {
snprintf(err, sizeof(lsw_nss_buf_t),
"on FIPS mode a password is required");
return FALSE;
}
if (get_password) {
PK11_SetPasswordFunc(get_password);
}
if (!(flags & LSW_NSS_SKIP_AUTH)) {
PK11SlotInfo *slot = lsw_nss_get_authenticated_slot(err);
if (slot == NULL) {
return FALSE;
}
PK11_FreeSlot(slot);
}
return TRUE;
}
/*
* generate an RSA signature key
*
* e is fixed at 3, without discussion. That would not be wise if these
* keys were to be used for encryption, but for signatures there are some
* real speed advantages.
* See also: https://www.imperialviolet.org/2012/03/16/rsae.html
*/
void rsasigkey(int nbits, int seedbits, char *configdir, char *password)
{
SECStatus rv;
PK11RSAGenParams rsaparams = { nbits, (long) E };
secuPWData pwdata = { PW_NONE, NULL };
PK11SlotInfo *slot = NULL;
SECKEYPrivateKey *privkey = NULL;
SECKEYPublicKey *pubkey = NULL;
realtime_t now = realnow();
if (password == NULL) {
pwdata.source = PW_NONE;
} else {
/* check if passwd == configdir/nsspassword */
size_t cdl = strlen(configdir);
size_t pwl = strlen(password);
static const char suf[] = "/nsspassword";
if (pwl == cdl + sizeof(suf) - 1 &&
memeq(password, configdir, cdl) &&
memeq(password + cdl, suf, sizeof(suf)))
pwdata.source = PW_FROMFILE;
else
pwdata.source = PW_PLAINTEXT;
}
pwdata.data = password;
lsw_nss_buf_t err;
if (!lsw_nss_setup(configdir, FALSE/*rw*/, GetModulePassword, err)) {
fprintf(stderr, "%s: %s\n", me, err);
exit(1);
}
#ifdef FIPS_CHECK
if (PK11_IsFIPS() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS HMAC integrity verification test failed.\n");
exit(1);
}
#endif
if (PK11_IsFIPS() && password == NULL) {
fprintf(stderr,
"%s: On FIPS mode a password is required\n",
me);
exit(1);
}
/* Good for now but someone may want to use a hardware token */
slot = PK11_GetInternalKeySlot();
/* In which case this may be better */
/* slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, password ? &pwdata : NULL); */
/* or the user may specify the name of a token. */
#if 0
if (PK11_IsFIPS() || !PK11_IsInternal(slot)) {
rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
if (rv != SECSuccess) {
fprintf(stderr, "%s: could not authenticate to token '%s'\n",
me, PK11_GetTokenName(slot));
return;
}
}
#endif /* 0 */
/* Do some random-number initialization. */
UpdateNSS_RNG(seedbits);
/* Log in to the token */
if (password != NULL) {
rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
if (rv != SECSuccess) {
fprintf(stderr,
"%s: could not authenticate to token '%s'\n",
me, PK11_GetTokenName(slot));
return;
}
}
privkey = PK11_GenerateKeyPair(slot,
CKM_RSA_PKCS_KEY_PAIR_GEN,
&rsaparams, &pubkey,
PR_TRUE,
password != NULL? PR_TRUE : PR_FALSE,
&pwdata);
/* inTheToken, isSensitive, passwordCallbackFunction */
if (privkey == NULL) {
fprintf(stderr,
"%s: key pair generation failed: \"%d\"\n", me,
PORT_GetError());
return;
}
chunk_t public_modulus = {
.ptr = pubkey->u.rsa.modulus.data,
.len = pubkey->u.rsa.modulus.len,
};
chunk_t public_exponent = {
.ptr = pubkey->u.rsa.publicExponent.data,
.len = pubkey->u.rsa.publicExponent.len,
};
char *hex_ckaid;
{
SECItem *ckaid = PK11_GetLowLevelKeyIDForPrivateKey(privkey);
if (ckaid == NULL) {
fprintf(stderr, "%s: 'CKAID' calculation failed\n", me);
exit(1);
}
hex_ckaid = strdup(conv(ckaid->data, ckaid->len, 16));
SECITEM_FreeItem(ckaid, PR_TRUE);
}
/*privkey->wincx = &pwdata;*/
PORT_Assert(pubkey != NULL);
fprintf(stderr, "Generated RSA key pair with CKAID %s was stored in the NSS database\n",
hex_ckaid);
/* and the output */
report("output...\n"); /* deliberate extra newline */
printf("\t# RSA %d bits %s %s", nbits, outputhostname,
ctime(&now.real_secs));
/* ctime provides \n */
printf("\t# for signatures only, UNSAFE FOR ENCRYPTION\n");
printf("\t#ckaid=%s\n", hex_ckaid);
/* RFC2537/RFC3110-ish format */
{
char *bundle = base64_bundle(E, public_modulus);
printf("\t#pubkey=%s\n", bundle);
pfree(bundle);
}
printf("\tModulus: 0x%s\n", conv(public_modulus.ptr, public_modulus.len, 16));
printf("\tPublicExponent: 0x%s\n", conv(public_exponent.ptr, public_exponent.len, 16));
if (hex_ckaid != NULL)
free(hex_ckaid);
if (privkey != NULL)
SECKEY_DestroyPrivateKey(privkey);
if (pubkey != NULL)
SECKEY_DestroyPublicKey(pubkey);
lsw_nss_shutdown(LSW_NSS_CLEANUP);
}
/*
* getrandom - get some random bytes from /dev/random (or wherever)
* NOTE: This is only used for additional seeding of the NSS RNG
*/
void getrandom(size_t nbytes, unsigned char *buf)
{
size_t ndone;
int dev;
ssize_t got;
dev = open(device, 0);
if (dev < 0) {
fprintf(stderr, "%s: could not open %s (%s)\n", me,
device, strerror(errno));
exit(1);
}
ndone = 0;
if (verbose) {
fprintf(stderr, "getting %d random seed bytes for NSS from %s...\n",
(int) nbytes * BITS_PER_BYTE,
device);
}
while (ndone < nbytes) {
got = read(dev, buf + ndone, nbytes - ndone);
if (got < 0) {
fprintf(stderr, "%s: read error on %s (%s)\n", me,
device, strerror(errno));
exit(1);
}
if (got == 0) {
fprintf(stderr, "%s: eof on %s!?!\n", me, device);
exit(1);
}
ndone += got;
}
close(dev);
}
/*
- conv - convert bits to output in specified datatot format
* NOTE: result points into a STATIC buffer
*/
static const char *conv(const unsigned char *bits, size_t nbytes, int format)
{
static char convbuf[MAXBITS / 4 + 50]; /* enough for hex */
size_t n;
n = datatot(bits, nbytes, format, convbuf, sizeof(convbuf));
if (n == 0) {
fprintf(stderr, "%s: can't-happen convert error\n", me);
exit(1);
}
if (n > sizeof(convbuf)) {
fprintf(stderr,
"%s: can't-happen convert overflow (need %d)\n",
me, (int) n);
exit(1);
}
return convbuf;
}
/*
- report - report progress, if indicated
*/
void report(msg)
char *msg;
{
if (!verbose)
return;
fprintf(stderr, "%s\n", msg);
}
/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
const struct lsw_conf_options *oco = lsw_init_options();
int opt;
int nbits = 0;
int seedbits = DEFAULT_SEED_BITS;
char *configdir = oco->confddir; /* where the NSS databases reside */
char *password = NULL; /* password for token authentication */
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'n':
case 'p':
fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n",
me);
break;
case 'v': /* verbose description */
verbose = 1;
break;
case 'r':
fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material",
me);
/* FALLTHROUGH */
case 'S': /* nonstandard random device for seed */
device = optarg;
break;
case 'H': /* set hostname for output */
{
size_t full_len = strlen(optarg);
bool oflow = sizeof(outputhostname) - 1 < full_len;
size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
memcpy(outputhostname, optarg, copy_len);
outputhostname[copy_len] = '\0';
}
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", me, ipsec_version_code());
exit(0);
break;
case 'c': /* nss configuration directory */
case 'd': /* -d is used for configdir with nss tools */
configdir = optarg;
break;
case 'P': /* token authentication password */
password = optarg;
break;
case 's': /* seed bits */
seedbits = atoi(optarg);
if (PK11_IsFIPS()) {
if (seedbits < DEFAULT_SEED_BITS) {
fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n",
me, DEFAULT_SEED_BITS);
exit(1);
}
}
break;
case '?':
default:
printf("Usage:\t%s\n", usage);
exit(2);
}
if (outputhostname[0] == '\0') {
if (gethostname(outputhostname, sizeof(outputhostname)) < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
me,
strerror(errno));
exit(1);
}
}
if (argv[optind] == NULL) {
/* default: spread bits between 3072 - 4096 in multiple's of 16 */
srand(time(NULL));
nbits = 3072 + 16 * (rand() % 64);
} else {
unsigned long u;
err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr, "%s: keysize specification is malformed: %s\n",
me, ugh);
exit(1);
}
nbits = u;
}
if (nbits < MIN_KEYBIT ) {
fprintf(stderr, "%s: requested RSA key size of %d is too small - use %d or more\n",
me, nbits, MIN_KEYBIT);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr, "%s: overlarge bit count (max %d)\n", me,
MAXBITS);
exit(1);
} else if (nbits % (BITS_PER_BYTE * 2) != 0) {
fprintf(stderr, "%s: bit count (%d) not multiple of %d\n", me,
nbits, (int)BITS_PER_BYTE * 2);
exit(1);
}
rsasigkey(nbits, seedbits, configdir, password);
exit(0);
}
// nsPKCS12Blob::ExportToFile
//
// Having already loaded the certs, form them into a blob (loading the keys
// also), encode the blob, and stuff it into the file.
//
// TODO: handle slots correctly
// mirror "slotToUse" behavior from PSM 1.x
// verify the cert array to start off with?
// open output file as nsIFileStream object?
// set appropriate error codes
nsresult
nsPKCS12Blob::ExportToFile(nsILocalFile *file,
nsIX509Cert **certs, int numCerts)
{
nsNSSShutDownPreventionLock locker;
nsresult rv;
SECStatus srv = SECSuccess;
SEC_PKCS12ExportContext *ecx = NULL;
SEC_PKCS12SafeInfo *certSafe = NULL, *keySafe = NULL;
SECItem unicodePw;
nsAutoString filePath;
int i;
nsCOMPtr<nsILocalFile> localFileRef;
NS_ASSERTION(mToken, "Need to set the token before exporting");
// init slot
bool InformedUserNoSmartcardBackup = false;
int numCertsExported = 0;
rv = mToken->Login(true);
if (NS_FAILED(rv)) goto finish;
// get file password (unicode)
unicodePw.data = NULL;
rv = newPKCS12FilePassword(&unicodePw);
if (NS_FAILED(rv)) goto finish;
if (unicodePw.data == NULL) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
// what about slotToUse in psm 1.x ???
// create export context
ecx = SEC_PKCS12CreateExportContext(NULL, NULL, NULL /*slot*/, NULL);
if (!ecx) {
srv = SECFailure;
goto finish;
}
// add password integrity
srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
if (srv) goto finish;
#if 0
// count the number of certs to export
nrv = mCertArray->Count(&numCerts);
if (NS_FAILED(nrv)) goto finish;
// loop over the certs
for (i=0; i<numCerts; i++) {
nsCOMPtr<nsIX509Cert> cert;
nrv = mCertArray->GetElementAt(i, getter_AddRefs(cert));
if (NS_FAILED(nrv)) goto finish;
#endif
for (i=0; i<numCerts; i++) {
// nsNSSCertificate *cert = reinterpret_cast<nsNSSCertificate *>(certs[i]);
nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
// get it as a CERTCertificate XXX
CERTCertificate *nssCert = NULL;
CERTCertificateCleaner nssCertCleaner(nssCert);
nssCert = cert->GetCert();
if (!nssCert) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// We can only successfully export certs that are on
// internal token. Most, if not all, smart card vendors
// won't let you extract the private key (in any way
// shape or form) from the card. So let's punt if
// the cert is not in the internal db.
if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
// we aren't the internal token, see if the key is extractable.
SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot,
nssCert, this);
if (privKey) {
bool privKeyIsExtractable = isExtractable(privKey);
SECKEY_DestroyPrivateKey(privKey);
if (!privKeyIsExtractable) {
if (!InformedUserNoSmartcardBackup) {
InformedUserNoSmartcardBackup = true;
handleError(PIP_PKCS12_NOSMARTCARD_EXPORT);
}
continue;
}
}
}
// XXX this is why, to verify the slot is the same
// PK11_FindObjectForCert(nssCert, NULL, slot);
// create the cert and key safes
keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
certSafe = keySafe;
} else {
certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
}
if (!certSafe || !keySafe) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// add the cert and key to the blob
srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, NULL, nssCert,
CERT_GetDefaultCertDB(), // XXX
keySafe, NULL, true, &unicodePw,
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
if (srv) goto finish;
// cert was dup'ed, so release it
++numCertsExported;
}
if (!numCertsExported) goto finish;
// prepare the instance to write to an export file
this->mTmpFile = NULL;
file->GetPath(filePath);
// Use the nsCOMPtr var localFileRef so that
// the reference to the nsILocalFile we create gets released as soon as
// we're out of scope, ie when this function exits.
if (filePath.RFind(".p12", true, -1, 4) < 0) {
// We're going to add the .p12 extension to the file name just like
// Communicator used to. We create a new nsILocalFile and initialize
// it with the new patch.
filePath.AppendLiteral(".p12");
localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
if (NS_FAILED(rv)) goto finish;
localFileRef->InitWithPath(filePath);
file = localFileRef;
}
rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664,
&mTmpFile);
if (NS_FAILED(rv) || !this->mTmpFile) goto finish;
// encode and write
srv = SEC_PKCS12Encode(ecx, write_export_file, this);
if (srv) goto finish;
handleError(PIP_PKCS12_BACKUP_OK);
finish:
if (NS_FAILED(rv) || srv != SECSuccess) {
handleError(PIP_PKCS12_BACKUP_FAILED);
}
if (ecx)
SEC_PKCS12DestroyExportContext(ecx);
if (this->mTmpFile) {
PR_Close(this->mTmpFile);
this->mTmpFile = NULL;
}
SECITEM_ZfreeItem(&unicodePw, false);
return rv;
}
///////////////////////////////////////////////////////////////////////
//
// private members
//
///////////////////////////////////////////////////////////////////////
// unicodeToItem
//
// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to
// a buffer of octets. Must handle byte order correctly.
// TODO: Is there a mozilla way to do this? In the string lib?
void
nsPKCS12Blob::unicodeToItem(const PRUnichar *uni, SECItem *item)
{
int len = 0;
while (uni[len++] != 0);
SECITEM_AllocItem(NULL, item, sizeof(PRUnichar) * len);
#ifdef IS_LITTLE_ENDIAN
int i = 0;
for (i=0; i<len; i++) {
item->data[2*i ] = (unsigned char )(uni[i] << 8);
item->data[2*i+1] = (unsigned char )(uni[i]);
}
#else
memcpy(item->data, uni, item->len);
#endif
}
int main(int argc, char ** argv)
{
SECStatus rv;
PRFileDesc *in;
PRFileDesc *out;
PRPollDesc pd;
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
char buf[1024];
PRInt32 nBytes;
char * command;
char * tokenName;
char * tokenpw;
int fipsmode = 0;
int semid = 0;
union semun semarg;
if (argc < 4 || argc > 5) {
fprintf(stderr, "Usage: nss_pcache <semid> <fips on/off> <directory> [prefix]\n");
exit(1);
}
signal(SIGHUP, SIG_IGN);
semid = strtol(argv[1], NULL, 10);
if (!strcasecmp(argv[2], "on"))
fipsmode = 1;
/* Initialize NSPR */
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
/* Set the PKCS #11 strings for the internal token. */
PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1);
/* Initialize NSS and open the certificate database read-only. */
rv = NSS_Initialize(argv[3], argc == 5 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY);
if (rv != SECSuccess) {
fprintf(stderr, "Unable to initialize NSS database: %d\n", rv);
exit(1);
}
if (fipsmode) {
if (!PK11_IsFIPS()) {
char * internal_name = PR_smprintf("%s",
SECMOD_GetInternalModule()->commonName);
if ((SECMOD_DeleteInternalModule(internal_name) != SECSuccess) ||
!PK11_IsFIPS()) {
NSS_Shutdown();
fprintf(stderr,
"Unable to enable FIPS mode");
exit(1);
}
PR_smprintf_free(internal_name);
}
}
in = PR_GetSpecialFD(PR_StandardInput);
out = PR_GetSpecialFD(PR_StandardOutput);
if (in == NULL || out == NULL) {
fprintf(stderr, "PR_GetInheritedFD failed\n");
exit(1);
}
pd.fd = in;
pd.in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
while (1) {
rv = PR_Poll(&pd, 1, timeout);
if (rv == -1) { /* PR_Poll failed */
break;
}
if (pd.out_flags & (PR_POLL_HUP | PR_POLL_ERR | PR_POLL_NVAL | PR_POLL_EXCEPT)) {
break;
}
if (pd.out_flags & PR_POLL_READ) {
memset(buf, 0, sizeof(buf));
nBytes = PR_Read(in, buf, sizeof(buf));
if (nBytes == -1 || nBytes == 0) {
break;
}
command = getstr(buf, 0);
tokenName = getstr(buf, 1);
tokenpw = getstr(buf, 2);
if (command && !strcmp(command, "QUIT")) {
break;
} else if (command && !strcmp(command, "STOR")) {
PRInt32 err = PIN_SUCCESS;
Node *node = NULL;
if (tokenName && tokenpw) {
node = (Node*)malloc(sizeof (Node));
if (!node) { err = PIN_NOMEMORY; }
node->tokenName = strdup(tokenName);
node->store = 0;
node->next = 0;
if (err == PIN_SUCCESS)
err = CreatePk11PinStore(&node->store, tokenName, tokenpw);
memset(tokenpw, 0, strlen(tokenpw));
} else
err = PIN_SYSTEMERROR;
sprintf(buf, "%d", err);
PR_Write(out, buf, 1);
if (err == PIN_SUCCESS) {
if (pinList)
node->next = pinList;
pinList = node;
}
/* Now clean things up */
if (command) free(command);
if (tokenName) free(tokenName);
if (tokenpw) free(tokenpw);
} else if (command && !strcmp(command, "RETR")) {
Node *node;
char *pin = 0;
PRBool found = PR_FALSE;
for (node = pinList; node != NULL; node = node->next) {
if (!strcmp(node->tokenName, tokenName)) {
if (Pk11StoreGetPin(&pin, node->store) == SECSuccess) {
if (strlen(pin) == 0)
PR_Write(out, "", 1);
else
PR_Write(out, pin, strlen(pin));
memset(pin, 0, strlen(pin));
free(pin);
found = PR_TRUE;
break;
}
}
}
if (found != PR_TRUE)
PR_Write(out, "", 1);
free(command);
free(tokenName);
} else {
; /* ack, unknown command */
}
}
}
freeList(pinList);
PR_Close(in);
/* Remove the semaphore used for locking here. This is because this
* program only goes away when Apache shuts down so we don't have to
* worry about reloads.
*/
semctl(semid, 0, IPC_RMID, semarg);
return 0;
}
/* readonly attribute boolean isFIPSEnabled; */
NS_IMETHODIMP nsPKCS11ModuleDB::GetIsFIPSEnabled(bool *aIsFIPSEnabled)
{
nsNSSShutDownPreventionLock locker;
*aIsFIPSEnabled = PK11_IsFIPS();
return NS_OK;
}
/*
* generate an RSA signature key
*
* e is fixed at 3, without discussion. That would not be wise if these
* keys were to be used for encryption, but for signatures there are some
* real speed advantages.
* See also: https://www.imperialviolet.org/2012/03/16/rsae.html
*/
void rsasigkey(int nbits, char *configdir, char *password)
{
SECStatus rv;
PK11RSAGenParams rsaparams = { nbits, (long) E };
secuPWData pwdata = { PW_NONE, NULL };
PK11SlotInfo *slot = NULL;
SECKEYPrivateKey *privkey = NULL;
SECKEYPublicKey *pubkey = NULL;
unsigned char *bundp = NULL;
mpz_t n;
mpz_t e;
size_t bs;
char n_str[3 + MAXBITS / 4 + 1];
realtime_t now = realnow();
mpz_init(n);
mpz_init(e);
if (password == NULL) {
pwdata.source = PW_NONE;
} else {
/* check if passwd == configdir/nsspassword */
size_t cdl = strlen(configdir);
size_t pwl = strlen(password);
static const char suf[] = "/nsspassword";
if (pwl == cdl + sizeof(suf) - 1 &&
memeq(password, configdir, cdl) &&
memeq(password + cdl, suf, sizeof(suf)))
pwdata.source = PW_FROMFILE;
else
pwdata.source = PW_PLAINTEXT;
}
pwdata.data = password;
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_InitReadWrite(configdir);
if (rv != SECSuccess) {
fprintf(stderr, "%s: NSS_InitReadWrite(%s) returned %d\n",
me, configdir, PR_GetError());
exit(1);
}
#ifdef FIPS_CHECK
if (PK11_IsFIPS() && !FIPSCHECK_verify(NULL, NULL)) {
fprintf(stderr,
"FIPS HMAC integrity verification test failed.\n");
exit(1);
}
#endif
if (PK11_IsFIPS() && !password) {
fprintf(stderr,
"%s: On FIPS mode a password is required\n",
me);
exit(1);
}
PK11_SetPasswordFunc(GetModulePassword);
/* Good for now but someone may want to use a hardware token */
slot = PK11_GetInternalKeySlot();
/* In which case this may be better */
/* slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, password ? &pwdata : NULL); */
/* or the user may specify the name of a token. */
#if 0
if (PK11_IsFIPS() || !PK11_IsInternal(slot)) {
rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
if (rv != SECSuccess) {
fprintf(stderr, "%s: could not authenticate to token '%s'\n",
me, PK11_GetTokenName(slot));
return;
}
}
#endif /* 0 */
/* Do some random-number initialization. */
UpdateNSS_RNG();
/* Log in to the token */
if (password) {
rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
if (rv != SECSuccess) {
fprintf(stderr,
"%s: could not authenticate to token '%s'\n",
me, PK11_GetTokenName(slot));
return;
}
}
privkey = PK11_GenerateKeyPair(slot,
CKM_RSA_PKCS_KEY_PAIR_GEN,
&rsaparams, &pubkey,
PR_TRUE,
password ? PR_TRUE : PR_FALSE,
&pwdata);
/* inTheToken, isSensitive, passwordCallbackFunction */
if (!privkey) {
fprintf(stderr,
"%s: key pair generation failed: \"%d\"\n", me,
PORT_GetError());
return;
}
/*privkey->wincx = &pwdata;*/
PORT_Assert(pubkey != NULL);
fprintf(stderr,
"Generated RSA key pair using the NSS database\n");
SECItemToHex(getModulus(pubkey), n_str);
assert(!mpz_set_str(n, n_str, 16));
/* and the output */
report("output...\n"); /* deliberate extra newline */
printf("\t# RSA %d bits %s %s", nbits, outputhostname,
ctime(&now.real_secs));
/* ctime provides \n */
printf("\t# for signatures only, UNSAFE FOR ENCRYPTION\n");
bundp = bundle(E, n, &bs);
printf("\t#pubkey=%s\n", conv(bundp, bs, 's')); /* RFC2537ish format */
printf("\tModulus: %s\n", hexOut(getModulus(pubkey)));
printf("\tPublicExponent: %s\n",
hexOut(getPublicExponent(pubkey)));
SECItem *ckaID = PK11_MakeIDFromPubKey(getModulus(pubkey));
if (ckaID != NULL) {
printf("\t# everything after this point is CKA_ID in hex format - not the real values \n");
printf("\tPrivateExponent: %s\n", hexOut(ckaID));
printf("\tPrime1: %s\n", hexOut(ckaID));
printf("\tPrime2: %s\n", hexOut(ckaID));
printf("\tExponent1: %s\n", hexOut(ckaID));
printf("\tExponent2: %s\n", hexOut(ckaID));
printf("\tCoefficient: %s\n", hexOut(ckaID));
printf("\tCKAIDNSS: %s\n", hexOut(ckaID));
SECITEM_FreeItem(ckaID, PR_TRUE);
}
if (privkey)
SECKEY_DestroyPrivateKey(privkey);
if (pubkey)
SECKEY_DestroyPublicKey(pubkey);
(void) NSS_Shutdown();
(void) PR_Cleanup();
}
