xref: /titanic_51/usr/src/cmd/cmd-crypto/pktool/inittoken.c (revision 1d4732077f31ec5965b3e158894b24943186c907)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * This file implements the inittoken operation for this tool.
28  * The basic flow of the process is to load the PKCS#11 module,
29  * find the token to be initialize , login using the SO pin,
30  * and call C_InitToken.
31  */
32 
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <errno.h>
36 #include <string.h>
37 #include <cryptoutil.h>
38 #include <security/cryptoki.h>
39 #include "common.h"
40 
41 int
42 pk_inittoken(int argc, char *argv[])
43 /* ARGSUSED */
44 {
45 	int		opt;
46 	int		rv;
47 	extern int	optind_av;
48 	extern char	*optarg_av;
49 	char		*newlabel = NULL;
50 	char		*currlabel = NULL;
51 	CK_UTF8CHAR_PTR	sopin;
52 	CK_ULONG	sopinlen;
53 	KMF_HANDLE_T	handle;
54 
55 	/* Parse command line options.  Do NOT i18n/l10n. */
56 	while ((opt = getopt_av(argc, argv,
57 		"n:(newlabel)"
58 		"l:(currlabel)")) != EOF) {
59 		switch (opt) {
60 			case 'l':	/* token specifier */
61 				if (currlabel)
62 					return (PK_ERR_USAGE);
63 				currlabel = optarg_av;
64 				break;
65 			case 'n': /* token specifier */
66 				if (newlabel)
67 					return (PK_ERR_USAGE);
68 				newlabel = optarg_av;
69 				break;
70 			default:
71 				return (PK_ERR_USAGE);
72 				break;
73 		}
74 	}
75 
76 	/* No additional args allowed. */
77 	argc -= optind_av;
78 	argv += optind_av;
79 	if (argc != 0)
80 		return (PK_ERR_USAGE);
81 
82 	if ((rv = kmf_initialize(&handle, NULL, NULL)) != KMF_OK)
83 		return (rv);
84 
85 	if ((rv = get_pin(gettext("Enter SO PIN:"), NULL, &sopin, &sopinlen))
86 	    != CKR_OK) {
87 		cryptoerror(LOG_STDERR,
88 		    gettext("Unable to get SO PIN for token"));
89 		return (PK_ERR_SYSTEM);
90 	}
91 	if ((currlabel == NULL || !strlen(currlabel))) {
92 		cryptoerror(LOG_STDERR,
93 		    gettext("The current token is not identified by label."));
94 		return (PK_ERR_SYSTEM);
95 	}
96 
97 	rv = kmf_pk11_init_token(handle, currlabel, newlabel,
98 	    sopin, sopinlen);
99 
100 	(void) kmf_finalize(handle);
101 
102 	free(sopin);
103 
104 	if (rv == KMF_ERR_AUTH_FAILED) {
105 		cryptoerror(LOG_STDERR,
106 		    gettext("Incorrect passphrase."));
107 		return (PK_ERR_SYSTEM);
108 	} else if (rv != CKR_OK) {
109 		cryptoerror(LOG_STDERR,
110 		    gettext("Unable to initialize token."));
111 		return (PK_ERR_SYSTEM);
112 	} else {
113 		(void) fprintf(stdout, gettext("Token %s initialized.\n"),
114 		    (newlabel ? newlabel : currlabel));
115 	}
116 	return (0);
117 }
118