Print this page
6418676 encrypt(1) and decrypt(1) could benefit from being 64-bit programs
@@ -18,45 +18,47 @@
*
* CDDL HEADER END
*/
/* Portions Copyright 2005 Richard Lowe */
/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#pragma ident "@(#)decrypt.c 1.13 07/10/04 SMI"
+#pragma ident "@(#)decrypt.c 1.14 08/04/30 SMI"
/*
* decrypt.c
*
* Implements encrypt(1) and decrypt(1) commands
*
* One binary performs both encrypt/decrypt operation.
*
- * usage:
- *
- * algorithm - mechanism name without CKM_ prefix. Case
+ * Usage:
+ * -a algorithm mechanism name without CKM_ prefix. Case
* does not matter
- * keyfile - file containing key data. If not specified user is
+ * -k keyfile file containing key data. If not specified user is
* prompted to enter key. key length > 0 is required
- * infile - input file to encrypt/decrypt. If omitted, stdin used.
- * outfile - output file to encrypt/decrypt. If omitted, stdout used.
+ * -i infile input file to encrypt/decrypt. If omitted, stdin used.
+ * -o outfile output file to encrypt/decrypt. If omitted, stdout used.
* if infile & outfile are same, a temp file is used for
* output and infile is replaced with this file after
- * operation is complete.
+ * operation is complete
+ * -l Display the list of algorithms
+ * -v Display verbose information
+ * -T tokenspec Specify a PKCS#11 token (optionally used with -K)
+ * -K keylabel Specify the symmetric PKCS#11 token key label
*
* Implementation notes:
- * iv data - It is generated by random bytes equal to one block size.
+ * IV data - It is generated by random bytes equal to one block size.
*
- * encrypted output format -
+ * Encrypted output format -
* - Output format version number - 4 bytes in network byte order.
* - Iterations used in key gen function, 4 bytes in network byte order.
- * - IV ( 'ivlen' bytes)
+ * - IV ('ivlen' bytes). Length is algorithm-dependent (see mech_aliases)
* - Salt data used in key gen (16 bytes)
- * - cipher text data.
- *
+ * - Cipher text data (remainder of the file)
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@@ -163,18 +165,18 @@
static boolean_t kflag = B_FALSE; /* -k <keyfile> flag */
static boolean_t iflag = B_FALSE; /* -i <infile> flag, use stdin if absent */
static boolean_t oflag = B_FALSE; /* -o <outfile> flag, use stdout if absent */
static boolean_t lflag = B_FALSE; /* -l flag (list) */
static boolean_t vflag = B_FALSE; /* -v flag (verbose) */
-static boolean_t Tflag = B_FALSE;
-static boolean_t Kflag = B_FALSE;
+static boolean_t Tflag = B_FALSE; /* -T flag (tokenspec) */
+static boolean_t Kflag = B_FALSE; /* -K flag (keylabel) */
static char *keyfile = NULL; /* name of keyfile */
static char *inputfile = NULL; /* name of input file */
static char *outputfile = NULL; /* name of output file */
-static char *token_label = NULL;
-static char *key_label = NULL;
+static char *token_label = NULL; /* name of PKCS#11 token */
+static char *key_label = NULL; /* name of PKCS#11 token key label */
static int status_pos = 0; /* current position of progress bar element */
/*
* function prototypes
@@ -196,11 +198,11 @@
struct CommandInfo *cmd;
char *cmdname; /* name of command */
boolean_t errflag = B_FALSE;
(void) setlocale(LC_ALL, "");
-#if !defined(TEXT_DOMAIN) /* Should be defiend by cc -D */
+#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
#endif
(void) textdomain(TEXT_DOMAIN);
/*
@@ -434,13 +436,13 @@
boolean_t errflag = B_TRUE;
boolean_t inoutsame = B_FALSE; /* if both input & output are same */
CK_BYTE_PTR pivbuf = NULL_PTR;
CK_ULONG ivlen = 0L;
int mech_match = 0;
- CK_ULONG iterations = CK_PKCS5_PBKD2_ITERATIONS;
+ uint32_t iterations = CK_PKCS5_PBKD2_ITERATIONS;
CK_ULONG keylen;
- int version = SUNW_ENCRYPT_FILE_VERSION;
+ uint32_t version = SUNW_ENCRYPT_FILE_VERSION;
CK_KEY_TYPE keytype;
KMF_RETURN kmfrv;
CK_SLOT_ID token_slot_id;
if (aflag) {
@@ -738,13 +740,15 @@
switch (version) {
case 1:
/*
* Version 1 output format:
+ * - Output format version 1 (4 bytes)
* - Iterations used in key gen function (4 bytes)
- * - IV ( 'ivlen' bytes)
+ * - IV ('ivlen' bytes). The length algorithm-dependent
* - Salt data used in key gen (16 bytes)
+ * - Cipher text data (remainder of the file)
*
* An encrypted file has IV as first block (0 or
* more bytes depending on mechanism) followed
* by cipher text. Get the IV from the encrypted
* file.
@@ -896,12 +900,12 @@
}
/* Write the version header encrypt command */
if (cmd->type == CKA_ENCRYPT) {
/* convert to network order for storage */
- int netversion = htonl(version);
- CK_ULONG netiter;
+ uint32_t netversion = htonl(version);
+ uint32_t netiter;
if (write(outfd, &netversion, sizeof (netversion))
!= sizeof (netversion)) {
cryptoerror(LOG_STDERR, gettext(
"failed to write version number "