1 files changed, 37 insertions, 33 deletions

diff --git a/usr/src/cmd/cmd-crypto/decrypt/decrypt.c b/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
index 6fd9e18042..b505390177 100644
--- a/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
+++ b/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
@@ -20,7 +20,7 @@
  */
 /* Portions Copyright 2005 Richard Lowe */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -33,28 +33,30 @@
  *
  * One binary performs both encrypt/decrypt operation.
  *
- * usage:
- *
- *  algorithm - mechanism name without CKM_ prefix. Case
- *              does not matter
- *  keyfile - file containing key data. If not specified user is
- *            prompted to enter key. key length > 0 is required
- *  infile  - input file to encrypt/decrypt. If omitted, stdin used.
- *  outfile - output file to encrypt/decrypt. If omitted, stdout used.
- *            if infile & outfile are same, a temp file is used for
- *            output and infile is replaced with this file after
- *            operation is complete.
+ * Usage:
+ *  -a algorithm mechanism name without CKM_ prefix. Case
+ *               does not matter
+ *  -k keyfile   file containing key data. If not specified user is
+ *               prompted to enter key. key length > 0 is required
+ *  -i infile    input file to encrypt/decrypt. If omitted, stdin used.
+ *  -o outfile   output file to encrypt/decrypt. If omitted, stdout used.
+ *               if infile & outfile are same, a temp file is used for
+ *               output and infile is replaced with this file after
+ *               operation is complete
+ *  -l           Display the list of  algorithms
+ *  -v           Display verbose information
+ *  -T tokenspec Specify a PKCS#11 token (optionally used with -K)
+ *  -K keylabel  Specify the symmetric PKCS#11 token key label
  *
  * Implementation notes:
- *   iv data - It is generated by random bytes equal to one block size.
+ *   IV data - It is generated by random bytes equal to one block size.
  *
- *   encrypted output format -
- *   - Output format version number - 4 bytes in network byte order.
- *   - Iterations used in key gen function, 4 bytes in  network byte order.
- *   - IV ( 'ivlen' bytes)
+ *   Encrypted output format -
+ *   - Output format version number (1) - 4 bytes in network byte order.
+ *   - Iterations used in key gen function, 4 bytes in network byte order.
+ *   - IV ('ivlen' bytes).  Length is algorithm-dependent (see mech_aliases)
  *   - Salt data used in key gen (16 bytes)
- *   - cipher text data.
- *
+ *   - Cipher text data (remainder of the file)
  */
 
 #include <stdio.h>
@@ -165,14 +167,14 @@ static boolean_t iflag = B_FALSE; /* -i <infile> flag, use stdin if absent */
 static boolean_t oflag = B_FALSE; /* -o <outfile> flag, use stdout if absent */
 static boolean_t lflag = B_FALSE; /* -l flag (list) */
 static boolean_t vflag = B_FALSE; /* -v flag (verbose) */
-static boolean_t Tflag = B_FALSE;
-static boolean_t Kflag = B_FALSE;
+static boolean_t Tflag = B_FALSE; /* -T flag (tokenspec) */
+static boolean_t Kflag = B_FALSE; /* -K flag (keylabel) */
 
-static char *keyfile = NULL;	/* name of keyfile */
-static char *inputfile = NULL;	/* name of input file */
-static char *outputfile = NULL;	/* name of output file */
-static char *token_label = NULL;
-static char *key_label = NULL;
+static char *keyfile = NULL;	 /* name of keyfile */
+static char *inputfile = NULL;	 /* name of input file */
+static char *outputfile = NULL;	 /* name of output file */
+static char *token_label = NULL; /* name of PKCS#11 token */
+static char *key_label = NULL;   /* name of PKCS#11 token key label */
 
 static int status_pos = 0; /* current position of progress bar element */
 
@@ -198,7 +200,7 @@ main(int argc, char **argv)
 	boolean_t errflag = B_FALSE;
 
 	(void) setlocale(LC_ALL, "");
-#if !defined(TEXT_DOMAIN)	/* Should be defiend by cc -D */
+#if !defined(TEXT_DOMAIN)	/* Should be defined by cc -D */
 #define	TEXT_DOMAIN "SYS_TEST"	/* Use this only if it weren't */
 #endif
 	(void) textdomain(TEXT_DOMAIN);
@@ -435,10 +437,10 @@ execute_cmd(struct CommandInfo *cmd, char *algo_str)
 	boolean_t inoutsame = B_FALSE;	/* if both input & output are same */
 	CK_BYTE_PTR	pivbuf = NULL_PTR;
 	CK_ULONG	ivlen = 0L;
-	int mech_match = 0;
-	CK_ULONG	iterations = CK_PKCS5_PBKD2_ITERATIONS;
+	int		mech_match = 0;
+	uint32_t	iterations = CK_PKCS5_PBKD2_ITERATIONS;
 	CK_ULONG	keylen;
-	int version = SUNW_ENCRYPT_FILE_VERSION;
+	uint32_t	version = SUNW_ENCRYPT_FILE_VERSION;
 	CK_KEY_TYPE keytype;
 	KMF_RETURN kmfrv;
 	CK_SLOT_ID token_slot_id;
@@ -740,9 +742,11 @@ execute_cmd(struct CommandInfo *cmd, char *algo_str)
 		case 1:
 		/*
 		 * Version 1 output format:
+		 *  - Output format version 1 (4 bytes)
 		 *  - Iterations used in key gen function (4 bytes)
-		 *  - IV ( 'ivlen' bytes)
+		 *  - IV ('ivlen' bytes). The length algorithm-dependent
 		 *  - Salt data used in key gen (16 bytes)
+		 *  - Cipher text data (remainder of the file)
 		 *
 		 * An encrypted file has IV as first block (0 or
 		 * more bytes depending on mechanism) followed
@@ -898,8 +902,8 @@ do_crypto:
 	/* Write the version header encrypt command */
 	if (cmd->type == CKA_ENCRYPT) {
 		/* convert to network order for storage */
-		int netversion = htonl(version);
-		CK_ULONG netiter;
+		uint32_t	netversion = htonl(version);
+		uint32_t	netiter;
 
 		if (write(outfd, &netversion, sizeof (netversion))
 		    != sizeof (netversion)) {