Encrypt and decrypt MAC using token

NSS sample code 3: encryption/decryption and MAC using token object.

Generates encryption/mac keys and uses token for storing.

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

/* NSPR Headers */
#include
#include
#include
#include
#include
#include
#include

/* NSS headers */
#include
#include

/* our samples utilities */
#include "util.h"

#define BUFFERSIZE            80
#define DIGESTSIZE            16
#define PTEXT_MAC_BUFFER_SIZE 96
#define CIPHERSIZE            96
#define BLOCKSIZE             32

#define CIPHER_HEADER         "-----BEGIN CIPHER-----"
#define CIPHER_TRAILER        "-----END CIPHER-----"
#define ENCKEY_HEADER         "-----BEGIN AESKEY CKAID-----"
#define ENCKEY_TRAILER        "-----END AESKEY CKAID-----"
#define MACKEY_HEADER         "-----BEGIN MACKEY CKAID-----"
#define MACKEY_TRAILER        "-----END MACKEY CKAID-----"
#define IV_HEADER             "-----BEGIN IV-----"
#define IV_TRAILER            "-----END IV-----"
#define MAC_HEADER            "-----BEGIN MAC-----"
#define MAC_TRAILER           "-----END MAC-----"
#define PAD_HEADER            "-----BEGIN PAD-----"
#define PAD_TRAILER           "-----END PAD-----"

typedef enum {
    ENCRYPT,
    DECRYPT,
    UNKNOWN
} CommandType;

typedef enum {
   SYMKEY = 0,
   MACKEY = 1,
   IV     = 2,
   MAC    = 3,
   PAD    = 4
} HeaderType;


/*
 * Print usage message and exit
 */
static void
Usage(const char *progName)
{
    fprintf(stderr, "\nUsage:  %s -c  -d  [-z ] "
            "[-p  | -f ] -i  -o \n\n",
            progName);
    fprintf(stderr, "%-20s  Specify 'a' for encrypt operation\n\n",
             "-c ");
    fprintf(stderr, "%-20s  Specify 'b' for decrypt operation\n\n",
             " ");
    fprintf(stderr, "%-20s  Specify db directory path\n\n",
             "-d ");
    fprintf(stderr, "%-20s  Specify db password [optional]\n\n",
             "-p ");
    fprintf(stderr, "%-20s  Specify db password file [optional]\n\n",
             "-f ");
    fprintf(stderr, "%-20s  Specify noise file name [optional]\n\n",
             "-z ");
    fprintf(stderr, "%-21s Specify an input file name\n\n",
             "-i ");
    fprintf(stderr, "%-21s Specify an output file name\n\n",
             "-o ");
    fprintf(stderr, "%-7s For encrypt, it takes  as an input file and produces\n",
             "Note :");
    fprintf(stderr, "%-7s .enc and .header as intermediate output files.\n\n",
             "");
    fprintf(stderr, "%-7s For decrypt, it takes .enc and .header\n",
             "");
    fprintf(stderr, "%-7s as input files and produces  as a final output file.\n\n",
             "");
    exit(-1);
}

/*
 * Gather a CKA_ID
 */
SECStatus
GatherCKA_ID(PK11SymKey* key, SECItem* buf)
{
    SECStatus rv = PK11_ReadRawAttribute(PK11_TypeSymKey, key, CKA_ID, buf);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "PK11_ReadRawAttribute returned (%d)\n", rv);
        PR_fprintf(PR_STDERR, "Could not read SymKey CKA_ID attribute\n");
        return rv;
    }
    return rv;
}

/*
 * Generate a Symmetric Key
 */
PK11SymKey *
GenerateSYMKey(PK11SlotInfo  *slot, CK_MECHANISM_TYPE mechanism,
               int keySize, SECItem *keyID, secuPWData *pwdata)
{
    SECStatus      rv;
    PK11SymKey    *key;

    if (PK11_NeedLogin(slot)) {
        rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "Could not authenticate to token %s.\n",
                       PK11_GetTokenName(slot));
            return NULL;
        }
    }

    /* Generate the symmetric key */
    key = PK11_TokenKeyGen(slot, mechanism,
                           NULL, keySize, keyID, PR_TRUE, pwdata);

    if (!key) {
        PR_fprintf(PR_STDERR, "Symmetric Key Generation Failed \n");
    }

    return key;
}

/*
 * MacInit
 */
SECStatus
MacInit(PK11Context *ctx)
{
    SECStatus rv = PK11_DigestBegin(ctx);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Compute MAC Failed : PK11_DigestBegin()\n");
    }
    return rv;
}

/*
 * MacUpdate
 */
SECStatus
MacUpdate(PK11Context *ctx,
          unsigned char *msg, unsigned int msgLen)
{
    SECStatus rv = PK11_DigestOp(ctx, msg, msgLen);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Compute MAC Failed : DigestOp()\n");
    }
    return rv;
}

/*
 * Finalize MACing
 */
SECStatus
MacFinal(PK11Context *ctx,
         unsigned char *mac, unsigned int *macLen, unsigned int maxLen)
{
    SECStatus rv = PK11_DigestFinal(ctx, mac, macLen, maxLen);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Compute MAC Failed : PK11_DigestFinal()\n");
    }
    return SECSuccess;
}

/*
 * Compute Mac
 */
SECStatus
ComputeMac(PK11Context *ctxmac,
           unsigned char *ptext, unsigned int ptextLen,
           unsigned char *mac, unsigned int *macLen,
           unsigned int maxLen)
{
    SECStatus rv = MacInit(ctxmac);
    if (rv != SECSuccess) return rv;
    rv = MacUpdate(ctxmac, ptext, ptextLen);
    if (rv != SECSuccess) return rv;
    rv = MacFinal(ctxmac, mac, macLen, maxLen);
    return rv;
}

/*
 * WriteToHeaderFile
 */
SECStatus
WriteToHeaderFile(const char *buf, unsigned int len, HeaderType type,
                  PRFileDesc *outFile)
{
    SECStatus      rv;
    char           header[40];
    char           trailer[40];
    char          *outString = NULL;

    switch (type) {
    case SYMKEY:
        strcpy(header, ENCKEY_HEADER);
        strcpy(trailer, ENCKEY_TRAILER);
        break;
    case MACKEY:
        strcpy(header, MACKEY_HEADER);
        strcpy(trailer, MACKEY_TRAILER);
        break;
    case IV:
        strcpy(header, IV_HEADER);
        strcpy(trailer, IV_TRAILER);
        break;
    case MAC:
        strcpy(header, MAC_HEADER);
        strcpy(trailer, MAC_TRAILER);
        break;
    case PAD:
        strcpy(header, PAD_HEADER);
        strcpy(trailer, PAD_TRAILER);
        break;
    }

    PR_fprintf(outFile, "%s\n", header);
    PrintAsHex(outFile, buf, len);
    PR_fprintf(outFile, "%s\n\n", trailer);
    return SECSuccess;
}

/*
 * Initialize for encryption or decryption - common code
 */
PK11Context *
CryptInit(PK11SymKey *key,
          unsigned char *iv, unsigned int ivLen,
          CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation)
{
    SECItem ivItem = { siBuffer, iv, ivLen };
    PK11Context *ctx = NULL;

    SECItem *secParam = PK11_ParamFromIV(CKM_AES_CBC, &ivItem);
    if (secParam == NULL) {
        PR_fprintf(PR_STDERR, "Crypt Failed : secParam NULL\n");
        return NULL;
    }
    ctx = PK11_CreateContextBySymKey(CKM_AES_CBC, operation, key, secParam);
    if (ctx == NULL) {
        PR_fprintf(PR_STDERR, "Crypt Failed : can't create a context\n");
        goto cleanup;

    }
cleanup:
    if (secParam) {
        SECITEM_FreeItem(secParam, PR_TRUE);
    }
    return ctx;
}

/*
 * Common encryption and decryption code
 */
SECStatus
Crypt(PK11Context *ctx,
      unsigned char *out, unsigned int *outLen, unsigned int maxOut,
      unsigned char *in, unsigned int inLen)
{
    SECStatus rv;

    rv = PK11_CipherOp(ctx, out, outLen, maxOut, in, inLen);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Crypt Failed : PK11_CipherOp returned %d\n", rv);
        goto cleanup;
    }

cleanup:
    if (rv != SECSuccess) {
        return rv;
    }
    return SECSuccess;
}

/*
 * Decrypt
 */
SECStatus
Decrypt(PK11Context *ctx,
        unsigned char *out, unsigned int *outLen, unsigned int maxout,
        unsigned char *in, unsigned int inLen)
{
    return Crypt(ctx, out, outLen, maxout, in, inLen);
}

/*
 * Encrypt
 */
SECStatus
Encrypt(PK11Context* ctx,
        unsigned char *out, unsigned int *outLen, unsigned int maxout,
        unsigned char *in, unsigned int inLen)
{
    return Crypt(ctx, out, outLen, maxout, in, inLen);
}

/*
 * EncryptInit
 */
PK11Context *
EncryptInit(PK11SymKey *ek, unsigned char *iv, unsigned int ivLen,
            CK_MECHANISM_TYPE type)
{
    return CryptInit(ek, iv, ivLen, type, CKA_ENCRYPT);
}

/*
 * DecryptInit
 */
PK11Context *
DecryptInit(PK11SymKey *dk, unsigned char *iv, unsigned int ivLen,
            CK_MECHANISM_TYPE type)
{
    return CryptInit(dk, iv, ivLen, type, CKA_DECRYPT);
}

/*
 * Read cryptographic parameters from the header file
 */
SECStatus
ReadFromHeaderFile(const char *fileName, HeaderType type,
                   SECItem *item, PRBool isHexData)
{
    SECStatus      rv;
    PRFileDesc*    file;
    SECItem        filedata;
    SECItem        outbuf;
    unsigned char *nonbody;
    unsigned char *body;
    char           header[40];
    char           trailer[40];

    outbuf.type = siBuffer;
    file = PR_Open(fileName, PR_RDONLY, 0);
    if (!file) {
        PR_fprintf(PR_STDERR, "Failed to open %s\n", fileName);
        return SECFailure;
    }
    switch (type) {
    case SYMKEY:
        strcpy(header, ENCKEY_HEADER);
        strcpy(trailer, ENCKEY_TRAILER);
        break;
    case MACKEY:
        strcpy(header, MACKEY_HEADER);
        strcpy(trailer, MACKEY_TRAILER);
        break;
    case IV:
        strcpy(header, IV_HEADER);
        strcpy(trailer, IV_TRAILER);
        break;
    case MAC:
        strcpy(header, MAC_HEADER);
        strcpy(trailer, MAC_TRAILER);
        break;
    case PAD:
        strcpy(header, PAD_HEADER);
        strcpy(trailer, PAD_TRAILER);
        break;
    }

    rv = FileToItem(&filedata, file);
    nonbody = (char *)filedata.data;
    if (!nonbody) {
        PR_fprintf(PR_STDERR, "unable to read data from input file\n");
        rv = SECFailure;
        goto cleanup;
    }

    /* check for headers and trailers and remove them */
    if ((body = strstr(nonbody, header)) != NULL) {
        char *trail = NULL;
        nonbody = body;
        body = PORT_Strchr(body, '\n');
        if (!body)
            body = PORT_Strchr(nonbody, '\r'); /* maybe this is a MAC file */
        if (body)
            trail = strstr(++body, trailer);
        if (trail != NULL) {
            *trail = '\0';
        } else {
            PR_fprintf(PR_STDERR,  "input has header but no trailer\n");
            PORT_Free(filedata.data);
            return SECFailure;
        }
    } else {
        body = nonbody;
    }

cleanup:
    PR_Close(file);
    HexToBuf(body, item, isHexData);
    return SECSuccess;
}

/*
 * EncryptAndMac
 */
SECStatus
EncryptAndMac(PRFileDesc *inFile,
              PRFileDesc *headerFile,
              PRFileDesc *encFile,
              PK11SymKey *ek,
              PK11SymKey *mk,
              unsigned char *iv, unsigned int ivLen,
              PRBool ascii)
{
    SECStatus      rv;
    unsigned char  ptext[BLOCKSIZE];
    unsigned int   ptextLen;
    unsigned char  mac[DIGESTSIZE];
    unsigned int   macLen;
    unsigned int   nwritten;
    unsigned char  encbuf[BLOCKSIZE];
    unsigned int   encbufLen;
    SECItem        noParams = { siBuffer, NULL, 0 };
    PK11Context   *ctxmac = NULL;
    PK11Context   *ctxenc = NULL;
    unsigned int   pad[1];
    SECItem        padItem;
    unsigned int   paddingLength;

    static unsigned int firstTime = 1;
    int j;

    ctxmac = PK11_CreateContextBySymKey(CKM_MD5_HMAC, CKA_SIGN, mk, &noParams);
    if (ctxmac == NULL) {
        PR_fprintf(PR_STDERR, "Can't create MAC context\n");
        rv = SECFailure;
        goto cleanup;
    }
    rv = MacInit(ctxmac);
    if (rv != SECSuccess) {
        goto cleanup;
    }

    ctxenc = EncryptInit(ek, iv, ivLen, CKM_AES_CBC);

    /* read a buffer of plaintext from input file */
    while ((ptextLen = PR_Read(inFile, ptext, sizeof(ptext))) > 0) {

        /* Encrypt using it using CBC, using previously created IV */
        if (ptextLen != BLOCKSIZE) {
            paddingLength = BLOCKSIZE - ptextLen;
            for ( j=0; j < paddingLength; j++) {
                ptext[ptextLen+j] = (unsigned char)paddingLength;
            }
            ptextLen = BLOCKSIZE;
        }
        rv  = Encrypt(ctxenc,
                encbuf, &encbufLen, sizeof(encbuf),
                ptext, ptextLen);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "Encrypt Failure\n");
            goto cleanup;
        }

        /* save the last block of ciphertext as the next IV */
        iv = encbuf;
        ivLen = encbufLen;

        /* write the cipher text to intermediate file */
        nwritten = PR_Write(encFile, encbuf, encbufLen);
        /*PR_Assert(nwritten == encbufLen);*/

        rv = MacUpdate(ctxmac, ptext, ptextLen);
    }

    rv = MacFinal(ctxmac, mac, &macLen, DIGESTSIZE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "MacFinal Failure\n");
        goto cleanup;
    }
    if (macLen == 0) {
        PR_fprintf(PR_STDERR, "Bad MAC length\n");
        rv = SECFailure;
        goto cleanup;
    }
    WriteToHeaderFile(mac, macLen, MAC, headerFile);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Write MAC Failure\n");
        goto cleanup;
    }

    pad[0] = paddingLength;
    padItem.type = siBuffer;
    padItem.data = (unsigned char *)pad;
    padItem.len  = sizeof(pad[0]);

    WriteToHeaderFile(padItem.data, padItem.len, PAD, headerFile);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Write PAD Failure\n");
        goto cleanup;
    }

    rv = SECSuccess;

cleanup:
    if (ctxmac != NULL) {
        PK11_DestroyContext(ctxmac, PR_TRUE);
    }
    if (ctxenc != NULL) {
        PK11_DestroyContext(ctxenc, PR_TRUE);
    }

    return rv;
}

/*
 * Find the Key for the given mechanism
 */
PK11SymKey*
FindKey(PK11SlotInfo *slot,
        CK_MECHANISM_TYPE mechanism,
        SECItem *keyBuf, secuPWData *pwdata)
{
    SECStatus      rv;
    PK11SymKey    *key;

    if (PK11_NeedLogin(slot)) {
        rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR,
                       "Could not authenticate to token %s.\n",
                       PK11_GetTokenName(slot));
            if (slot) {
                PK11_FreeSlot(slot);
            }
            return NULL;
        }
    }

    key = PK11_FindFixedKey(slot, mechanism, keyBuf, 0);
    if (!key) {
        PR_fprintf(PR_STDERR,
                   "PK11_FindFixedKey failed (err %d)\n",
                   PR_GetError());
        PK11_FreeSlot(slot);
        return NULL;
    }
    return key;
}

/*
 * Decrypt and Verify MAC
 */
SECStatus
DecryptAndVerifyMac(const char* outFileName,
    char *encryptedFileName,
    SECItem *cItem, SECItem *macItem,
    PK11SymKey* ek, PK11SymKey* mk, SECItem *ivItem, SECItem *padItem)
{
    SECStatus      rv;
    PRFileDesc*    inFile;
    PRFileDesc*    outFile;

    unsigned char  decbuf[64];
    unsigned int   decbufLen;

    unsigned char  ptext[BLOCKSIZE];
    unsigned int   ptextLen = 0;
    unsigned char  ctext[64];
    unsigned int   ctextLen;
    unsigned char  newmac[DIGESTSIZE];
    unsigned int   newmacLen                 = 0;
    unsigned int   newptextLen               = 0;
    unsigned int   count                     = 0;
    unsigned int   temp                      = 0;
    unsigned int   blockNumber               = 0;
    SECItem        noParams = { siBuffer, NULL, 0 };
    PK11Context   *ctxmac = NULL;
    PK11Context   *ctxenc = NULL;

    unsigned char iv[BLOCKSIZE];
    unsigned int ivLen = ivItem->len;
    unsigned int fileLength;
    unsigned int paddingLength;
    int j;

    memcpy(iv, ivItem->data, ivItem->len);
    paddingLength = (unsigned int)padItem->data[0];

    ctxmac = PK11_CreateContextBySymKey(CKM_MD5_HMAC, CKA_SIGN, mk, &noParams);
    if (ctxmac == NULL) {
        PR_fprintf(PR_STDERR, "Can't create MAC context\n");
        rv = SECFailure;
        goto cleanup;
    }

    /*  Open the input file.  */
    inFile = PR_Open(encryptedFileName, PR_RDONLY , 0);
    if (!inFile) {
        PR_fprintf(PR_STDERR,
                   "Unable to open \"%s\" for writing.\n",
                   encryptedFileName);
        return SECFailure;
    }
    /*  Open the output file.  */
    outFile = PR_Open(outFileName,
                      PR_CREATE_FILE | PR_TRUNCATE | PR_RDWR , 00660);
    if (!outFile) {
        PR_fprintf(PR_STDERR,
                   "Unable to open \"%s\" for writing.\n",
                   outFileName);
        return SECFailure;
    }

    rv = MacInit(ctxmac);
    if (rv != SECSuccess) goto cleanup;

    ctxenc = DecryptInit(ek, iv, ivLen, CKM_AES_CBC);
    fileLength = FileSize(encryptedFileName);

    while ((ctextLen = PR_Read(inFile, ctext, sizeof(ctext))) > 0) {

        count += ctextLen;

        /* decrypt cipher text buffer using CBC and IV */

        rv = Decrypt(ctxenc, decbuf, &decbufLen, sizeof(decbuf),
                     ctext, ctextLen);

        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "Decrypt Failure\n");
            goto cleanup;
        }

        if (decbufLen == 0) break;

        rv = MacUpdate(ctxmac, decbuf, decbufLen);
        if (rv != SECSuccess) { goto cleanup; }
        if (count == fileLength) {
            decbufLen = decbufLen-paddingLength;
        }

        /* write the plain text to out file */
        temp = PR_Write(outFile, decbuf, decbufLen);
        if (temp != decbufLen) {
            PR_fprintf(PR_STDERR, "write error\n");
            rv = SECFailure;
            break;
        }

        /* save last block of ciphertext */
        memcpy(iv, decbuf, decbufLen);
        ivLen = decbufLen;
        blockNumber++;
    }

    if (rv != SECSuccess) { goto cleanup; }

    rv = MacFinal(ctxmac, newmac, &newmacLen, sizeof(newmac));
    if (rv != SECSuccess) { goto cleanup; }

    if (PORT_Memcmp(macItem->data, newmac, newmacLen) == 0) {
        rv = SECSuccess;
    } else {
        PR_fprintf(PR_STDERR, "Check MAC : Failure\n");
        PR_fprintf(PR_STDERR, "Extracted : ");
        PrintAsHex(PR_STDERR, macItem->data, macItem->len);
        PR_fprintf(PR_STDERR, "Computed  : ");
        PrintAsHex(PR_STDERR, newmac, newmacLen);
        rv = SECFailure;
    }
cleanup:
    if (ctxmac) {
        PK11_DestroyContext(ctxmac, PR_TRUE);
    }
    if (ctxenc) {
        PK11_DestroyContext(ctxenc, PR_TRUE);
    }
    if (outFile) {
        PR_Close(outFile);
    }

    return rv;
}

/*
 * Gets IV and CKAIDS From Header File
 */
SECStatus
GetIVandCKAIDSFromHeader(const char *cipherFileName,
            SECItem *ivItem, SECItem *encKeyItem, SECItem *macKeyItem)
{
    SECStatus      rv;

    /* open intermediate file, read in header, get IV and CKA_IDs of two keys
     * from it
     */
    rv = ReadFromHeaderFile(cipherFileName, IV, ivItem, PR_TRUE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Could not retrieve IV from cipher file\n");
        goto cleanup;
    }

    rv = ReadFromHeaderFile(cipherFileName, SYMKEY, encKeyItem, PR_TRUE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR,
        "Could not retrieve AES CKA_ID from cipher file\n");
        goto cleanup;
    }
    rv = ReadFromHeaderFile(cipherFileName, MACKEY, macKeyItem, PR_TRUE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR,
                   "Could not retrieve MAC CKA_ID from cipher file\n");
        goto cleanup;
    }
cleanup:
    return rv;
}

/*
 * DecryptFile
 */
SECStatus
DecryptFile(PK11SlotInfo *slot,
             const char   *dbdir,
             const char   *outFileName,
             const char   *headerFileName,
             char         *encryptedFileName,
             secuPWData   *pwdata,
             PRBool       ascii)
{
    /*
     * The DB is open read only and we have authenticated to it
     * open input file, read in header, get IV and CKA_IDs of two keys from it
     * find those keys in the DB token
     * Open output file
     * loop until EOF(input):
     *     read a buffer of ciphertext from input file,
     *     Save last block of ciphertext
     *     decrypt ciphertext buffer using CBC and IV,
     *     compute and check MAC, then remove MAC from plaintext
     *     replace IV with saved last block of ciphertext
     *     write the plain text to output file
     * close files
     * report success
     */

    SECStatus           rv;
    SECItem             ivItem;
    SECItem             encKeyItem;
    SECItem             macKeyItem;
    SECItem             cipherItem;
    SECItem             macItem;
    SECItem             padItem;
    PK11SymKey         *encKey              = NULL;
    PK11SymKey         *macKey              = NULL;


    /* open intermediate file, read in header, get IV and CKA_IDs of two keys
     * from it
     */
    rv = GetIVandCKAIDSFromHeader(headerFileName,
               &ivItem, &encKeyItem, &macKeyItem);
    if (rv != SECSuccess) {
        goto cleanup;
    }

    /* find those keys in the DB token */
    encKey = FindKey(slot, CKM_AES_CBC, &encKeyItem, pwdata);
    if (encKey == NULL) {
        PR_fprintf(PR_STDERR, "Can't find the encryption key\n");
        rv = SECFailure;
        goto cleanup;
    }
    /* CKM_MD5_HMAC or CKM_EXTRACT_KEY_FROM_KEY */
    macKey = FindKey(slot, CKM_MD5_HMAC, &macKeyItem, pwdata);
    if (macKey == NULL) {
        rv = SECFailure;
        goto cleanup;
    }

    /* Read in the Mac into item from the intermediate file */
    rv = ReadFromHeaderFile(headerFileName, MAC, &macItem, PR_TRUE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR,
                   "Could not retrieve MAC from cipher file\n");
        goto cleanup;
    }
    if (macItem.data == NULL) {
        PR_fprintf(PR_STDERR, "MAC has NULL data\n");
        rv = SECFailure;
        goto cleanup;
    }
    if (macItem.len == 0) {
        PR_fprintf(PR_STDERR, "MAC has data has 0 length\n");
        /*rv = SECFailure;
        goto cleanup;*/
    }

    rv = ReadFromHeaderFile(headerFileName, PAD, &padItem, PR_TRUE);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR,
                   "Could not retrieve PAD detail from header file\n");
        goto cleanup;
    }

    if (rv == SECSuccess) {
        /* Decrypt and Remove Mac */
        rv = DecryptAndVerifyMac(outFileName, encryptedFileName,
                &cipherItem, &macItem, encKey, macKey, &ivItem, &padItem);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "Failed while decrypting and removing MAC\n");
        }
    }

cleanup:
    if (slot) {
        PK11_FreeSlot(slot);
    }
    if (encKey) {
        PK11_FreeSymKey(encKey);
    }
    if (macKey) {
        PK11_FreeSymKey(macKey);
    }

    return rv;
}

/*
 * EncryptFile
 */
SECStatus
EncryptFile(PK11SlotInfo *slot,
             const char   *dbdir,
             const char   *inFileName,
             const char   *headerFileName,
             const char   *encryptedFileName,
             const char   *noiseFileName,
             secuPWData   *pwdata,
             PRBool       ascii)
{
    /*
     * The DB is open for read/write and we have authenticated to it.
     * generate a symmetric AES key as a token object.
     * generate a second key to use for MACing, also a token object.
     * get their  CKA_IDs
     * generate a random value to use as IV for AES CBC
     * open an input file and an output file,
     * write a header to the output that identifies the two keys by
     *  their CKA_IDs, May include original file name and length.
     * loop until EOF(input)
     *    read a buffer of plaintext from input file,
     *    MAC it, append the MAC to the plaintext
     *    encrypt it using CBC, using previously created IV,
     *    store the last block of ciphertext as the new IV,
     *    write the cipher text to intermediate file
     *    close files
     *    report success
     */
    SECStatus           rv;
    PRFileDesc         *inFile;
    PRFileDesc         *headerFile;
    PRFileDesc         *encFile;

    unsigned char      *encKeyId = (unsigned char *) "Encrypt Key";
    unsigned char      *macKeyId = (unsigned char *) "MAC Key";
    SECItem encKeyID = { siAsciiString, encKeyId, PL_strlen(encKeyId) };
    SECItem macKeyID = { siAsciiString, macKeyId, PL_strlen(macKeyId) };

    SECItem             encCKAID;
    SECItem             macCKAID;
    unsigned char       iv[BLOCKSIZE];
    SECItem             ivItem;
    PK11SymKey         *encKey = NULL;
    PK11SymKey         *macKey = NULL;
    SECItem             temp;
    unsigned char       c;

    /* generate a symmetric AES key as a token object. */
    encKey = GenerateSYMKey(slot, CKM_AES_KEY_GEN, 128/8, &encKeyID, pwdata);
    if (encKey == NULL) {
        PR_fprintf(PR_STDERR, "GenerateSYMKey for AES returned NULL.\n");
        rv = SECFailure;
        goto cleanup;
    }

    /* generate a second key to use for MACing, also a token object. */
    macKey = GenerateSYMKey(slot, CKM_GENERIC_SECRET_KEY_GEN, 160/8,
                            &macKeyID, pwdata);
    if (macKey == NULL) {
        PR_fprintf(PR_STDERR, "GenerateSYMKey for MACing returned NULL.\n");
        rv = SECFailure;
        goto cleanup;
    }

    /* get the encrypt key CKA_ID */
    rv = GatherCKA_ID(encKey, &encCKAID);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Error while wrapping encrypt key\n");
        goto cleanup;
    }

    /* get the MAC key CKA_ID */
    rv = GatherCKA_ID(macKey, &macCKAID);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Can't get the MAC key CKA_ID.\n");
        goto cleanup;
    }

    if (noiseFileName) {
        rv = SeedFromNoiseFile(noiseFileName);
        if (rv != SECSuccess) {
            PORT_SetError(PR_END_OF_FILE_ERROR);
            return SECFailure;
        }
        rv = PK11_GenerateRandom(iv, BLOCKSIZE);
        if (rv != SECSuccess) {
            goto cleanup;
        }

    } else {
        /* generate a random value to use as IV for AES CBC */
        GenerateRandom(iv, BLOCKSIZE);
    }

    headerFile = PR_Open(headerFileName,
                         PR_CREATE_FILE | PR_TRUNCATE | PR_RDWR, 00660);
    if (!headerFile) {
        PR_fprintf(PR_STDERR,
                   "Unable to open \"%s\" for writing.\n",
                   headerFileName);
        return SECFailure;
    }
    encFile = PR_Open(encryptedFileName,
                      PR_CREATE_FILE | PR_TRUNCATE | PR_RDWR, 00660);
    if (!encFile) {
        PR_fprintf(PR_STDERR,
                   "Unable to open \"%s\" for writing.\n",
                   encryptedFileName);
        return SECFailure;
    }
    /* write to a header file the IV and the CKA_IDs
     * identifying the two keys
     */
    ivItem.type = siBuffer;
    ivItem.data = iv;
    ivItem.len = BLOCKSIZE;

    rv = WriteToHeaderFile(iv, BLOCKSIZE, IV, headerFile);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Error writing IV to cipher file - %s\n",
                   headerFileName);
        goto cleanup;
    }

    rv = WriteToHeaderFile(encCKAID.data, encCKAID.len, SYMKEY, headerFile);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Error writing AES CKA_ID to cipher file - %s\n",
        encryptedFileName);
        goto cleanup;
    }
    rv = WriteToHeaderFile(macCKAID.data, macCKAID.len, MACKEY, headerFile);
    if (rv != SECSuccess) {
        PR_fprintf(PR_STDERR, "Error writing MAC CKA_ID to cipher file - %s\n",
                   headerFileName);
        goto cleanup;
    }

    /*  Open the input file.  */
    inFile = PR_Open(inFileName, PR_RDONLY, 0);
    if (!inFile) {
        PR_fprintf(PR_STDERR, "Unable to open \"%s\" for reading.\n",
                   inFileName);
        return SECFailure;
    }

    /* Macing and Encryption */
    if (rv == SECSuccess) {
        rv = EncryptAndMac(inFile, headerFile, encFile,
                           encKey, macKey, ivItem.data, ivItem.len, ascii);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "Failed : Macing and Encryption\n");
            goto cleanup;
        }
    }

cleanup:
    if (inFile) {
        PR_Close(inFile);
    }
    if (headerFile) {
        PR_Close(headerFile);
    }
    if (encFile) {
        PR_Close(encFile);
    }
    if (slot) {
        PK11_FreeSlot(slot);
    }
    if (encKey) {
        PK11_FreeSymKey(encKey);
    }
    if (macKey) {
        PK11_FreeSymKey(macKey);
    }

    return rv;
}

/*
 * This example illustrates basic encryption/decryption and MACing
 * Generates the encryption/mac keys and uses token for storing.
 * Encrypts the input file and appends MAC before storing in intermediate
 * header file.
 * Writes the CKA_IDs of the encryption keys into intermediate header file.
 * Reads the intermediate headerfile for CKA_IDs and encrypted
 * contents and decrypts into output file.
 */
int
main(int argc, char **argv)
{
    SECStatus           rv;
    SECStatus           rvShutdown;
    PK11SlotInfo        *slot = NULL;
    PLOptState          *optstate;
    PLOptStatus         status;
    char                headerFileName[50];
    char                encryptedFileName[50];
    PRFileDesc         *inFile;
    PRFileDesc         *outFile;
    PRBool              ascii = PR_FALSE;
    CommandType         cmd = UNKNOWN;
    const char         *command             = NULL;
    const char         *dbdir               = NULL;
    const char         *inFileName          = NULL;
    const char         *outFileName         = NULL;
    const char         *noiseFileName       = NULL;
    secuPWData          pwdata              = { PW_NONE, 0 };

    char * progName = strrchr(argv[0], '/');
    progName = progName ? progName + 1 : argv[0];

    /* Parse command line arguments */
    optstate = PL_CreateOptState(argc, argv, "c:d:i:o:f:p:z:a");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
        switch (optstate->option) {
        case 'a':
            ascii = PR_TRUE;
            break;
        case 'c':
            command = strdup(optstate->value);
            break;
        case 'd':
            dbdir = strdup(optstate->value);
            break;
        case 'f':
            pwdata.source = PW_FROMFILE;
            pwdata.data = strdup(optstate->value);
            break;
        case 'p':
            pwdata.source = PW_PLAINTEXT;
            pwdata.data = strdup(optstate->value);
            break;
        case 'i':
            inFileName = strdup(optstate->value);
            break;
        case 'o':
            outFileName = strdup(optstate->value);
            break;
        case 'z':
            noiseFileName = strdup(optstate->value);
            break;
        default:
            Usage(progName);
            break;
        }
    }
    PL_DestroyOptState(optstate);

    if (!command || !dbdir || !inFileName || !outFileName)
        Usage(progName);
    if (PL_strlen(command)==0)
        Usage(progName);

    cmd = command[0] == 'a' ? ENCRYPT : command[0] == 'b' ? DECRYPT : UNKNOWN;

    /*  Open the input file.  */
    inFile = PR_Open(inFileName, PR_RDONLY, 0);
    if (!inFile) {
        PR_fprintf(PR_STDERR, "Unable to open \"%s\" for reading.\n",
                   inFileName);
        return SECFailure;
    }
    PR_Close(inFile);

    /* For intermediate header file, choose filename as inputfile name
       with extension ".header" */
    strcpy(headerFileName, inFileName);
    strcat(headerFileName, ".header");

    /* For intermediate encrypted file, choose filename as inputfile name
       with extension ".enc" */
    strcpy(encryptedFileName, inFileName);
    strcat(encryptedFileName, ".enc");

    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);

    switch (cmd) {
    case ENCRYPT:
        /* If the intermediate header file already exists, delete it */
        if (PR_Access(headerFileName, PR_ACCESS_EXISTS) == PR_SUCCESS) {
            PR_Delete(headerFileName);
        }
        /* If the intermediate encrypted  already exists, delete it */
        if (PR_Access(encryptedFileName, PR_ACCESS_EXISTS) == PR_SUCCESS) {
            PR_Delete(encryptedFileName);
        }

        /* Open DB for read/write and authenticate to it. */
        rv = NSS_InitReadWrite(dbdir);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "NSS_InitReadWrite Failed\n");
            goto cleanup;
        }

        PK11_SetPasswordFunc(GetModulePassword);
        slot = PK11_GetInternalKeySlot();
        if (PK11_NeedLogin(slot)) {
            rv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
            if (rv != SECSuccess) {
                PR_fprintf(PR_STDERR, "Could not authenticate to token %s.\n",
                           PK11_GetTokenName(slot));
                goto cleanup;
            }
        }
        rv = EncryptFile(slot, dbdir,
                          inFileName, headerFileName, encryptedFileName,
                          noiseFileName, &pwdata, ascii);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "EncryptFile : Failed\n");
            return SECFailure;
        }
        break;
    case DECRYPT:
        /* Open DB read only, authenticate to it */
        PK11_SetPasswordFunc(GetModulePassword);

        rv = NSS_Init(dbdir);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "NSS_Init Failed\n");
            return SECFailure;
        }

        slot = PK11_GetInternalKeySlot();
        if (PK11_NeedLogin(slot)) {
            rv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
            if (rv != SECSuccess) {
                PR_fprintf(PR_STDERR, "Could not authenticate to token %s.\n",
                           PK11_GetTokenName(slot));
                goto cleanup;
            }
        }

        rv = DecryptFile(slot, dbdir,
                         outFileName, headerFileName,
                         encryptedFileName, &pwdata, ascii);
        if (rv != SECSuccess) {
            PR_fprintf(PR_STDERR, "DecryptFile : Failed\n");
            return SECFailure;
        }
        break;
    }

cleanup:
    rvShutdown = NSS_Shutdown();
    if (rvShutdown != SECSuccess) {
        PR_fprintf(PR_STDERR, "Failed : NSS_Shutdown()\n");
        rv = SECFailure;
    }

    PR_Cleanup();

    return rv;
}