SECStatus InitPKCS11(void) { PK11SlotInfo *keySlot; PK11_SetPasswordFunc(SECU_GetModulePassword); keySlot = PK11_GetInternalKeySlot(); if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) { if (SECU_ChangePW(keySlot, NULL, NULL) != SECSuccess) { printf ("Initializing the PINs failed.\n"); return SECFailure; } } PK11_FreeSlot(keySlot); return SECSuccess; }
int main (int argc, char **argv) { int retval = 0; /* 0 - test succeeded. -1 - test failed */ SECStatus rv; PLOptState *optstate; PLOptStatus optstatus; char *program_name; const char *input_file = NULL; /* read encrypted data from here (or create) */ const char *output_file = NULL; /* write new encrypted data here */ const char *value = default_value; /* Use this for plaintext */ SECItem data; SECItem result = {0, 0, 0}; SECItem text; PRBool ascii = PR_FALSE; secuPWData pwdata = { PW_NONE, 0 }; pr_stderr = PR_STDERR; result.data = 0; text.data = 0; text.len = 0; program_name = PL_strrchr(argv[0], '/'); program_name = program_name ? (program_name + 1) : argv[0]; optstate = PL_CreateOptState (argc, argv, "?Had:i:o:t:vf:p:"); if (optstate == NULL) { SECU_PrintError (program_name, "PL_CreateOptState failed"); return -1; } while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': short_usage (program_name); return retval; case 'H': long_usage (program_name); return retval; case 'a': ascii = PR_TRUE; break; case 'd': SECU_ConfigDirectory(optstate->value); break; case 'i': input_file = optstate->value; break; case 'o': output_file = optstate->value; break; case 't': value = optstate->value; break; case 'f': if (pwdata.data) { PORT_Free(pwdata.data); short_usage(program_name); return -1; } pwdata.source = PW_FROMFILE; pwdata.data = PORT_Strdup(optstate->value); break; case 'p': if (pwdata.data) { PORT_Free(pwdata.data); short_usage(program_name); return -1; } pwdata.source = PW_PLAINTEXT; pwdata.data = PORT_Strdup(optstate->value); break; case 'v': verbose = PR_TRUE; break; } } PL_DestroyOptState(optstate); if (optstatus == PL_OPT_BAD) { short_usage (program_name); return -1; } if (!output_file && !input_file && value == default_value) { short_usage (program_name); PR_fprintf (pr_stderr, "Must specify at least one of -t, -i or -o \n"); return -1; } /* * Initialize the Security libraries. */ PK11_SetPasswordFunc(SECU_GetModulePassword); if (output_file) { rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL)); } else { rv = NSS_Init(SECU_ConfigDirectory(NULL)); } if (rv != SECSuccess) { SECU_PrintError(program_name, "NSS_Init failed"); retval = -1; goto prdone; } /* Convert value into an item */ data.data = (unsigned char *)value; data.len = strlen(value); /* Get the encrypted result, either from the input file * or from encrypting the plaintext value */ if (input_file) { if (verbose) printf("Reading data from %s\n", input_file); if (!strcmp(input_file, "-")) { retval = readStdin(&result); ascii = PR_TRUE; } else { retval = readInputFile(input_file, &result); } if (retval != 0) goto loser; if (ascii) { /* input was base64 encoded. Decode it. */ SECItem newResult = {0, 0, 0}; SECItem *ok = NSSBase64_DecodeBuffer(NULL, &newResult, (const char *)result.data, result.len); if (!ok) { SECU_PrintError(program_name, "Base 64 decode failed"); retval = -1; goto loser; } SECITEM_ZfreeItem(&result, PR_FALSE); result = *ok; } } else { SECItem keyid = { 0, 0, 0 }; SECItem outBuf = { 0, 0, 0 }; PK11SlotInfo *slot = NULL; /* sigh, initialize the key database */ slot = PK11_GetInternalKeySlot(); if (slot && PK11_NeedUserInit(slot)) { switch (pwdata.source) { case PW_FROMFILE: rv = SECU_ChangePW(slot, 0, pwdata.data); break; case PW_PLAINTEXT: rv = SECU_ChangePW(slot, pwdata.data, 0); break; default: rv = SECU_ChangePW(slot, "", 0); break; } if (rv != SECSuccess) { SECU_PrintError(program_name, "Failed to initialize slot \"%s\"", PK11_GetSlotName(slot)); return SECFailure; } } if (slot) { PK11_FreeSlot(slot); } rv = PK11SDR_Encrypt(&keyid, &data, &result, &pwdata); if (rv != SECSuccess) { if (verbose) SECU_PrintError(program_name, "Encrypt operation failed\n"); retval = -1; goto loser; } if (verbose) printf("Encrypted result is %d bytes long\n", result.len); if (!strcmp(output_file, "-")) { ascii = PR_TRUE; } if (ascii) { /* base64 encode output. */ char * newResult = NSSBase64_EncodeItem(NULL, NULL, 0, &result); if (!newResult) { SECU_PrintError(program_name, "Base 64 encode failed\n"); retval = -1; goto loser; } outBuf.data = (unsigned char *)newResult; outBuf.len = strlen(newResult); if (verbose) printf("Base 64 encoded result is %d bytes long\n", outBuf.len); } else { outBuf = result; } /* -v printf("Result is %.*s\n", text.len, text.data); */ if (output_file) { PRFileDesc *file; PRInt32 count; if (verbose) printf("Writing result to %s\n", output_file); if (!strcmp(output_file, "-")) { file = PR_STDOUT; } else { /* Write to file */ file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666); } if (!file) { if (verbose) SECU_PrintError(program_name, "Open of output file %s failed\n", output_file); retval = -1; goto loser; } count = PR_Write(file, outBuf.data, outBuf.len); if (file == PR_STDOUT) { puts(""); } else { PR_Close(file); } if (count != outBuf.len) { if (verbose) SECU_PrintError(program_name, "Write failed\n"); retval = -1; goto loser; } if (ascii) { free(outBuf.data); } } } /* Decrypt the value */ rv = PK11SDR_Decrypt(&result, &text, &pwdata); if (rv != SECSuccess) { if (verbose) SECU_PrintError(program_name, "Decrypt operation failed\n"); retval = -1; goto loser; } if (verbose) printf("Decrypted result is \"%.*s\"\n", text.len, text.data); /* Compare to required value */ if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0) { if (verbose) PR_fprintf(pr_stderr, "Comparison failed\n"); retval = -1; goto loser; } loser: if (text.data) SECITEM_ZfreeItem(&text, PR_FALSE); if (result.data) SECITEM_ZfreeItem(&result, PR_FALSE); if (NSS_Shutdown() != SECSuccess) { exit(1); } prdone: PR_Cleanup (); if (pwdata.data) { PORT_Free(pwdata.data); } return retval; }