xref: /illumos-gate/usr/src/cmd/cmd-crypto/pktool/inittoken.c (revision 66582b606a8194f7f3ba5b3a3a6dca5b0d346361)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2012 Milan Jurik. All rights reserved.
25  */
26 
27 /*
28  * This file implements the inittoken operation for this tool.
29  * The basic flow of the process is to load the PKCS#11 module,
30  * find the token to be initialize , login using the SO pin,
31  * and call C_InitToken.
32  */
33 
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <errno.h>
37 #include <string.h>
38 #include <cryptoutil.h>
39 #include <security/cryptoki.h>
40 #include "common.h"
41 
42 int
43 pk_inittoken(int argc, char *argv[])
44 /* ARGSUSED */
45 {
46 	int		opt;
47 	int		rv;
48 	extern int	optind_av;
49 	extern char	*optarg_av;
50 	char		*newlabel = NULL;
51 	char		*currlabel = NULL;
52 	CK_UTF8CHAR_PTR	sopin;
53 	CK_ULONG	sopinlen;
54 	KMF_HANDLE_T	handle;
55 
56 	/* Parse command line options.  Do NOT i18n/l10n. */
57 	while ((opt = getopt_av(argc, argv,
58 		"n:(newlabel)"
59 		"l:(currlabel)")) != EOF) {
60 		switch (opt) {
61 			case 'l':	/* token specifier */
62 				if (currlabel)
63 					return (PK_ERR_USAGE);
64 				currlabel = optarg_av;
65 				break;
66 			case 'n': /* token specifier */
67 				if (newlabel)
68 					return (PK_ERR_USAGE);
69 				newlabel = optarg_av;
70 				break;
71 			default:
72 				return (PK_ERR_USAGE);
73 		}
74 	}
75 
76 	/* No additional args allowed. */
77 	argc -= optind_av;
78 	argv += optind_av;
79 	if (argc != 0)
80 		return (PK_ERR_USAGE);
81 
82 	if ((rv = kmf_initialize(&handle, NULL, NULL)) != KMF_OK)
83 		return (rv);
84 
85 	if ((rv = get_pin(gettext("Enter SO PIN:"), NULL, &sopin, &sopinlen))
86 	    != CKR_OK) {
87 		cryptoerror(LOG_STDERR,
88 		    gettext("Unable to get SO PIN for token"));
89 		return (PK_ERR_SYSTEM);
90 	}
91 	if ((currlabel == NULL || !strlen(currlabel))) {
92 		cryptoerror(LOG_STDERR,
93 		    gettext("The current token is not identified by label."));
94 		return (PK_ERR_SYSTEM);
95 	}
96 
97 	rv = kmf_pk11_init_token(handle, currlabel, newlabel,
98 	    sopin, sopinlen);
99 
100 	(void) kmf_finalize(handle);
101 
102 	free(sopin);
103 
104 	if (rv == KMF_ERR_AUTH_FAILED) {
105 		cryptoerror(LOG_STDERR,
106 		    gettext("Incorrect passphrase."));
107 		return (PK_ERR_SYSTEM);
108 	} else if (rv != CKR_OK) {
109 		cryptoerror(LOG_STDERR,
110 		    gettext("Unable to initialize token."));
111 		return (PK_ERR_SYSTEM);
112 	} else {
113 		(void) fprintf(stdout, gettext("Token %s initialized.\n"),
114 		    (newlabel ? newlabel : currlabel));
115 	}
116 	return (0);
117 }
118