1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012 Milan Jurik. All rights reserved.
25 */
26
27 /*
28 * This file implements the inittoken operation for this tool.
29 * The basic flow of the process is to load the PKCS#11 module,
30 * find the token to be initialize , login using the SO pin,
31 * and call C_InitToken.
32 */
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <errno.h>
37 #include <string.h>
38 #include <cryptoutil.h>
39 #include <security/cryptoki.h>
40 #include "common.h"
41
42 int
pk_inittoken(int argc,char * argv[])43 pk_inittoken(int argc, char *argv[])
44 /* ARGSUSED */
45 {
46 int opt;
47 int rv;
48 extern int optind_av;
49 extern char *optarg_av;
50 char *newlabel = NULL;
51 char *currlabel = NULL;
52 CK_UTF8CHAR_PTR sopin;
53 CK_ULONG sopinlen;
54 KMF_HANDLE_T handle;
55
56 /* Parse command line options. Do NOT i18n/l10n. */
57 while ((opt = getopt_av(argc, argv,
58 "n:(newlabel)"
59 "l:(currlabel)")) != EOF) {
60 switch (opt) {
61 case 'l': /* token specifier */
62 if (currlabel)
63 return (PK_ERR_USAGE);
64 currlabel = optarg_av;
65 break;
66 case 'n': /* token specifier */
67 if (newlabel)
68 return (PK_ERR_USAGE);
69 newlabel = optarg_av;
70 break;
71 default:
72 return (PK_ERR_USAGE);
73 }
74 }
75
76 /* No additional args allowed. */
77 argc -= optind_av;
78 argv += optind_av;
79 if (argc != 0)
80 return (PK_ERR_USAGE);
81
82 if ((rv = kmf_initialize(&handle, NULL, NULL)) != KMF_OK)
83 return (rv);
84
85 if ((rv = get_pin(gettext("Enter SO PIN:"), NULL, &sopin, &sopinlen))
86 != CKR_OK) {
87 cryptoerror(LOG_STDERR,
88 gettext("Unable to get SO PIN for token"));
89 return (PK_ERR_SYSTEM);
90 }
91 if ((currlabel == NULL || !strlen(currlabel))) {
92 cryptoerror(LOG_STDERR,
93 gettext("The current token is not identified by label."));
94 return (PK_ERR_SYSTEM);
95 }
96
97 rv = kmf_pk11_init_token(handle, currlabel, newlabel,
98 sopin, sopinlen);
99
100 (void) kmf_finalize(handle);
101
102 free(sopin);
103
104 if (rv == KMF_ERR_AUTH_FAILED) {
105 cryptoerror(LOG_STDERR,
106 gettext("Incorrect passphrase."));
107 return (PK_ERR_SYSTEM);
108 } else if (rv != CKR_OK) {
109 cryptoerror(LOG_STDERR,
110 gettext("Unable to initialize token."));
111 return (PK_ERR_SYSTEM);
112 } else {
113 (void) fprintf(stdout, gettext("Token %s initialized.\n"),
114 (newlabel ? newlabel : currlabel));
115 }
116 return (0);
117 }
118