1 /* $NetBSD: pkcs11-destroy.c,v 1.7 2014/12/10 04:37:52 christos Exp $ */
4 * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
11 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
13 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
16 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 * Portions copyright (c) 2008 Nominet UK. All rights reserved.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the above copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
31 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
32 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
33 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
34 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
35 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
37 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
38 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
39 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
40 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
43 /* Id: pkcs11-destroy.c,v 1.8 2010/01/13 21:19:52 fdupont Exp */
46 * pkcs11-destroy [-m module] [-s $slot] [-i $id | -l $label]
47 * [-p $pin] [ -w $wait ]
59 #include <sys/types.h>
61 #include <isc/commandline.h>
62 #include <isc/result.h>
63 #include <isc/types.h>
65 #include <pk11/pk11.h>
66 #include <pk11/result.h>
69 #define sleep(x) Sleep(x)
72 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
73 #define getpassphrase(x) getpass(x)
77 main(int argc
, char *argv
[]) {
81 CK_SESSION_HANDLE hSession
;
83 CK_OBJECT_HANDLE akey
[50];
85 char *lib_name
= NULL
;
89 unsigned int id
= 0, i
= 0, wait
= 5;
91 CK_ULONG ulObjectCount
;
92 CK_ATTRIBUTE search_template
[] = {
93 {CKA_ID
, &attr_id
, sizeof(attr_id
)}
97 while ((c
= isc_commandline_parse(argc
, argv
, ":m:s:i:l:p:w:")) != -1) {
100 lib_name
= isc_commandline_argument
;
103 slot
= atoi(isc_commandline_argument
);
106 id
= atoi(isc_commandline_argument
);
110 label
= isc_commandline_argument
;
113 pin
= isc_commandline_argument
;
116 wait
= atoi(isc_commandline_argument
);
120 "Option -%c requires an operand\n",
121 isc_commandline_option
);
126 fprintf(stderr
, "Unrecognised option: -%c\n",
127 isc_commandline_option
);
132 if (errflg
|| (id
&& (label
!= NULL
))) {
133 fprintf(stderr
, "Usage:\n");
134 fprintf(stderr
, "\tpkcs11-destroy [-m module] [-s slot] "
135 "[-i id | -l label] [-p pin] [-w waittime]\n");
140 attr_id
[0] = (id
>> 8) & 0xff;
141 attr_id
[1] = id
& 0xff;
143 search_template
[0].type
= CKA_LABEL
;
144 search_template
[0].pValue
= label
;
145 search_template
[0].ulValueLen
= strlen(label
);
148 pk11_result_register();
150 /* Initialize the CRYPTOKI library */
151 if (lib_name
!= NULL
)
152 pk11_set_lib_name(lib_name
);
155 pin
= getpassphrase("Enter Pin: ");
157 result
= pk11_get_session(&pctx
, OP_ANY
, ISC_FALSE
, ISC_TRUE
,
158 ISC_TRUE
, (const char *) pin
, slot
);
159 if (result
== PK11_R_NORANDOMSERVICE
||
160 result
== PK11_R_NODIGESTSERVICE
||
161 result
== PK11_R_NOAESSERVICE
) {
162 fprintf(stderr
, "Warning: %s\n", isc_result_totext(result
));
163 fprintf(stderr
, "This HSM will not work with BIND 9 "
164 "using native PKCS#11.\n");
165 } else if (result
!= ISC_R_SUCCESS
) {
166 fprintf(stderr
, "Unrecoverable error initializing "
167 "PKCS#11: %s\n", isc_result_totext(result
));
171 memset(pin
, 0, strlen(pin
));
173 hSession
= pctx
.session
;
175 rv
= pkcs_C_FindObjectsInit(hSession
, search_template
,
176 ((id
!= 0) || (label
!= NULL
)) ? 1 : 0);
179 fprintf(stderr
, "C_FindObjectsInit: Error = 0x%.8lX\n", rv
);
184 rv
= pkcs_C_FindObjects(hSession
, akey
, 50, &ulObjectCount
);
186 fprintf(stderr
, "C_FindObjects: Error = 0x%.8lX\n", rv
);
191 if (ulObjectCount
== 0) {
192 printf("No matching key objects found.\n");
195 printf("Key object%s found:\n", ulObjectCount
> 1 ? "s" : "");
197 for (i
= 0; i
< ulObjectCount
; i
++) {
198 CK_OBJECT_CLASS oclass
= 0;
199 CK_BYTE labelbuf
[64 + 1];
201 CK_ATTRIBUTE attr_template
[] = {
202 {CKA_CLASS
, &oclass
, sizeof(oclass
)},
203 {CKA_LABEL
, labelbuf
, sizeof(labelbuf
) - 1},
204 {CKA_ID
, idbuf
, sizeof(idbuf
)}
207 memset(labelbuf
, 0, sizeof(labelbuf
));
208 memset(idbuf
, 0, sizeof(idbuf
));
210 rv
= pkcs_C_GetAttributeValue(hSession
, akey
[i
],
214 "C_GetAttributeValue[%u]: rv = 0x%.8lX\n",
219 len
= attr_template
[2].ulValueLen
;
220 printf(" object[%u]: class %lu, label '%s', id[%lu] ",
221 i
, oclass
, labelbuf
, attr_template
[2].ulValueLen
);
226 for (j
= 0; j
< len
; j
++)
227 printf("%02x", idbuf
[j
]);
228 if (attr_template
[2].ulValueLen
> len
)
235 printf("WARNING: This action is irreversible! "
236 "Destroying key objects in %d seconds\n ", wait
);
237 for (i
= 0; i
< wait
; i
++) {
245 for (i
= 0; i
< ulObjectCount
; i
++) {
246 rv
= pkcs_C_DestroyObject(hSession
, akey
[i
]);
249 "C_DestroyObject[%u] failed: rv = 0x%.8lX\n",
256 printf("Destruction complete.\n");
259 rv
= pkcs_C_FindObjectsFinal(hSession
);
261 fprintf(stderr
, "C_FindObjectsFinal: Error = 0x%.8lX\n", rv
);
266 pk11_return_session(&pctx
);
267 (void) pk11_finalize();