"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/bin/pkcs11/pkcs11-destroy.c" (7 Sep 2020, 7336 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "pkcs11-destroy.c" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) 2009, 2015  Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * Permission to use, copy, modify, and/or distribute this software for any
    5  * purpose with or without fee is hereby granted, provided that the above
    6  * copyright notice and this permission notice appear in all copies.
    7  *
    8  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
    9  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
   10  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
   11  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
   14  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   15  */
   16 
   17 /*
   18  * Portions copyright (c) 2008 Nominet UK.  All rights reserved.
   19  *
   20  * Redistribution and use in source and binary forms, with or without
   21  * modification, are permitted provided that the following conditions
   22  * are met:
   23  * 1. Redistributions of source code must retain the above copyright
   24  *    notice, this list of conditions and the following disclaimer.
   25  * 2. Redistributions in binary form must reproduce the above copyright
   26  *    notice, this list of conditions and the following disclaimer in the
   27  *    documentation and/or other materials provided with the distribution.
   28  *
   29  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   30  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   31  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   32  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   33  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   34  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   35  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   36  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   37  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   38  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   39  */
   40 
   41 
   42 /*
   43  * pkcs11-destroy [-m module] [-s $slot] [-i $id | -l $label]
   44  *                 [-p $pin] [ -w $wait ]
   45  */
   46 
   47 /*! \file */
   48 
   49 #include <config.h>
   50 
   51 #include <stdio.h>
   52 #include <stdlib.h>
   53 #include <fcntl.h>
   54 #include <errno.h>
   55 #include <string.h>
   56 #include <sys/types.h>
   57 
   58 #include <isc/commandline.h>
   59 #include <isc/print.h>
   60 #include <isc/result.h>
   61 #include <isc/types.h>
   62 
   63 #include <pk11/pk11.h>
   64 #include <pk11/result.h>
   65 
   66 #ifdef WIN32
   67 #define sleep(x)    Sleep(x)
   68 #endif
   69 
   70 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
   71 #define getpassphrase(x)    getpass(x)
   72 #endif
   73 
   74 int
   75 main(int argc, char *argv[]) {
   76     isc_result_t result;
   77     CK_RV rv;
   78     CK_SLOT_ID slot = 0;
   79     CK_SESSION_HANDLE hSession;
   80     CK_BYTE attr_id[2];
   81     CK_OBJECT_HANDLE akey[50];
   82     pk11_context_t pctx;
   83     char *lib_name = NULL;
   84     char *label = NULL;
   85     char *pin = NULL;
   86     int error = 0;
   87     unsigned int id = 0, i = 0, wait = 5;
   88     int c, errflg = 0;
   89     CK_ULONG ulObjectCount;
   90     CK_ATTRIBUTE search_template[] = {
   91         {CKA_ID, &attr_id, sizeof(attr_id)}
   92     };
   93     unsigned int j, len;
   94 
   95     while ((c = isc_commandline_parse(argc, argv, ":m:s:i:l:p:w:")) != -1) {
   96         switch (c) {
   97         case 'm':
   98             lib_name = isc_commandline_argument;
   99             break;
  100         case 's':
  101             slot = atoi(isc_commandline_argument);
  102             break;
  103         case 'i':
  104             id = atoi(isc_commandline_argument);
  105             id &= 0xffff;
  106             break;
  107         case 'l':
  108             label = isc_commandline_argument;
  109             break;
  110         case 'p':
  111             pin = isc_commandline_argument;
  112             break;
  113         case 'w':
  114             wait = atoi(isc_commandline_argument);
  115             break;
  116         case ':':
  117             fprintf(stderr,
  118                 "Option -%c requires an operand\n",
  119                 isc_commandline_option);
  120             errflg++;
  121             break;
  122         case '?':
  123         default:
  124             fprintf(stderr, "Unrecognised option: -%c\n",
  125                 isc_commandline_option);
  126             errflg++;
  127         }
  128     }
  129 
  130     if (errflg || (id && (label != NULL))) {
  131         fprintf(stderr, "Usage:\n");
  132         fprintf(stderr, "\tpkcs11-destroy [-m module] [-s slot] "
  133                 "{-i id | -l label} [-p pin] [-w waittime]\n");
  134         exit(1);
  135     }
  136 
  137     if (id) {
  138         attr_id[0] = (id >> 8) & 0xff;
  139         attr_id[1] = id & 0xff;
  140     } else if (label) {
  141         search_template[0].type = CKA_LABEL;
  142         search_template[0].pValue = label;
  143         search_template[0].ulValueLen = strlen(label);
  144     }
  145 
  146     pk11_result_register();
  147 
  148     /* Initialize the CRYPTOKI library */
  149     if (lib_name != NULL)
  150         pk11_set_lib_name(lib_name);
  151 
  152     if (pin == NULL)
  153         pin = getpassphrase("Enter Pin: ");
  154 
  155     result = pk11_get_session(&pctx, OP_ANY, false, true,
  156                   true, (const char *) pin, slot);
  157     if (result == PK11_R_NORANDOMSERVICE ||
  158         result == PK11_R_NODIGESTSERVICE ||
  159         result == PK11_R_NOAESSERVICE) {
  160         fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
  161         fprintf(stderr, "This HSM will not work with BIND 9 "
  162                 "using native PKCS#11.\n");
  163     } else if (result != ISC_R_SUCCESS) {
  164         fprintf(stderr, "Unrecoverable error initializing "
  165                 "PKCS#11: %s\n", isc_result_totext(result));
  166         exit(1);
  167     }
  168 
  169     memset(pin, 0, strlen(pin));
  170 
  171     hSession = pctx.session;
  172 
  173     rv = pkcs_C_FindObjectsInit(hSession, search_template,
  174                     ((id != 0) || (label != NULL)) ? 1 : 0); 
  175 
  176     if (rv != CKR_OK) {
  177         fprintf(stderr, "C_FindObjectsInit: Error = 0x%.8lX\n", rv);
  178         error = 1;
  179         goto exit_session;
  180     }
  181     
  182     rv = pkcs_C_FindObjects(hSession, akey, 50, &ulObjectCount);
  183     if (rv != CKR_OK) {
  184         fprintf(stderr, "C_FindObjects: Error = 0x%.8lX\n", rv);
  185         error = 1;
  186         goto exit_search;
  187     }
  188 
  189     if (ulObjectCount == 0) {
  190         printf("No matching key objects found.\n");
  191         goto exit_search;
  192     } else
  193         printf("Key object%s found:\n", ulObjectCount > 1 ? "s" : "");
  194 
  195     for (i = 0; i < ulObjectCount; i++) {
  196         CK_OBJECT_CLASS oclass = 0;
  197         CK_BYTE labelbuf[64 + 1];
  198         CK_BYTE idbuf[64];
  199         CK_ATTRIBUTE attr_template[] = {
  200             {CKA_CLASS, &oclass, sizeof(oclass)},
  201             {CKA_LABEL, labelbuf, sizeof(labelbuf) - 1},
  202             {CKA_ID, idbuf, sizeof(idbuf)}
  203         };
  204 
  205         memset(labelbuf, 0, sizeof(labelbuf));
  206         memset(idbuf, 0, sizeof(idbuf));
  207 
  208         rv = pkcs_C_GetAttributeValue(hSession, akey[i],
  209                           attr_template, 3);
  210         if (rv != CKR_OK) {
  211             fprintf(stderr,
  212                 "C_GetAttributeValue[%u]: rv = 0x%.8lX\n",
  213                 i, rv);
  214             error = 1;
  215             goto exit_search;
  216         }
  217         len = attr_template[2].ulValueLen;
  218         printf("  object[%u]: class %lu, label '%s', id[%lu] ",
  219                i, oclass, labelbuf, attr_template[2].ulValueLen);
  220         if (len > 4)
  221             len = 4;
  222         if (len > 0)
  223             printf("0x");
  224         for (j = 0; j < len; j++)
  225             printf("%02x", idbuf[j]);
  226         if (attr_template[2].ulValueLen > len)
  227             printf("...\n");
  228         else
  229             printf("\n");
  230     }
  231 
  232     if (wait != 0) {
  233         printf("WARNING: This action is irreversible! "
  234                "Destroying key objects in %u seconds\n  ", wait);
  235         for (i = 0; i < wait; i++) {
  236             printf(".");
  237             fflush(stdout);
  238             sleep(1);
  239         }
  240         printf("\n");
  241     }
  242 
  243     for (i = 0; i < ulObjectCount; i++) {
  244         rv = pkcs_C_DestroyObject(hSession, akey[i]);
  245         if (rv != CKR_OK) {
  246             fprintf(stderr,
  247                 "C_DestroyObject[%u] failed: rv = 0x%.8lX\n",
  248                 i, rv);
  249             error = 1;
  250         }
  251     }
  252 
  253     if (error == 0)
  254         printf("Destruction complete.\n");
  255 
  256  exit_search:
  257     rv = pkcs_C_FindObjectsFinal(hSession);
  258     if (rv != CKR_OK) {
  259         fprintf(stderr, "C_FindObjectsFinal: Error = 0x%.8lX\n", rv);
  260         error = 1;
  261     }
  262 
  263  exit_session:
  264     pk11_return_session(&pctx);
  265     (void) pk11_finalize();
  266 
  267     exit(error);
  268 }