/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * shlibsign creates the checksum (.chk) files for the NSS libraries,
 * libsoftokn3/softokn3 and libfreebl/freebl (platforms can have
 * multiple freebl variants), that contain the NSS cryptograhic boundary.
 *
 * The generated .chk files must be put in the same directory as
 * the NSS libraries they were generated for.
 *
 * When in FIPS 140 mode, the NSS Internal FIPS PKCS #11 Module will
 * compute the checksum for the NSS cryptographic boundary libraries
 * and compare the checksum with the value in .chk file.
 */

#ifdef XP_UNIX
#define USES_LINKS 1
#endif

#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>

#ifdef USES_LINKS
#include <unistd.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#endif

/* nspr headers */
#include "prlink.h"
#include "prprf.h"
#include "prenv.h"
#include "plgetopt.h"
#include "prinit.h"
#include "prmem.h"
#include "plstr.h"
#include "prerror.h"

/* softoken headers */
#include "pkcs11.h"
#include "pkcs11t.h"

/* freebl headers */
#include "shsign.h"

#define NUM_ELEM(array) (sizeof(array) / sizeof(array[0]))
CK_BBOOL true = CK_TRUE;
CK_BBOOL false = CK_FALSE;
static PRBool verbose = PR_FALSE;

static void
usage(const char *program_name)
{
    PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
    PR_fprintf(debug_out,
               "type %s -H for more detail information.\n", program_name);
    PR_fprintf(debug_out,
               "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
               "          [-F] [-p pwd] -[P dbprefix ] "
               "-i shared_library_name\n",
               program_name);
    exit(1);
}

static void
long_usage(const char *program_name)
{
    PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
    PR_fprintf(debug_out, "%s test program usage:\n", program_name);
    PR_fprintf(debug_out, "\t-i <infile>  shared_library_name to process\n");
    PR_fprintf(debug_out, "\t-o <outfile> checksum outfile\n");
    PR_fprintf(debug_out, "\t-d <path>    database path location\n");
    PR_fprintf(debug_out, "\t-P <prefix>  database prefix\n");
    PR_fprintf(debug_out, "\t-f <file>    password File : echo pw > file \n");
    PR_fprintf(debug_out, "\t-F           FIPS mode\n");
    PR_fprintf(debug_out, "\t-p <pwd>     password\n");
    PR_fprintf(debug_out, "\t-v           verbose output\n");
    PR_fprintf(debug_out, "\t-V           perform Verify operations\n");
    PR_fprintf(debug_out, "\t-?           short help message\n");
    PR_fprintf(debug_out, "\t-h           short help message\n");
    PR_fprintf(debug_out, "\t-H           this help message\n");
    PR_fprintf(debug_out, "\n\n\tNote: Use of FIPS mode requires your ");
    PR_fprintf(debug_out, "library path is using \n");
    PR_fprintf(debug_out, "\t      pre-existing libraries with generated ");
    PR_fprintf(debug_out, "checksum files\n");
    PR_fprintf(debug_out, "\t      and database in FIPS mode \n");
    exit(1);
}

static char *
mkoutput(const char *input)
{
    int in_len = strlen(input);
    char *output = PR_Malloc(in_len + sizeof(SGN_SUFFIX));
    int index = in_len + 1 - sizeof("." SHLIB_SUFFIX);

    if ((index > 0) &&
        (PL_strncmp(&input[index],
                    "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
        in_len = index;
    }
    memcpy(output, input, in_len);
    memcpy(&output[in_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
    return output;
}

static void
lperror(const char *string)
{
    PRErrorCode errorcode;

    errorcode = PR_GetError();
    PR_fprintf(PR_STDERR, "%s: %d: %s\n", string, errorcode,
               PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
}

static void
encodeInt(unsigned char *buf, int val)
{
    buf[3] = (val >> 0) & 0xff;
    buf[2] = (val >> 8) & 0xff;
    buf[1] = (val >> 16) & 0xff;
    buf[0] = (val >> 24) & 0xff;
    return;
}

static PRStatus
writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
          CK_ULONG ulValueLen, char *file)
{
    unsigned char buf[4];
    int bytesWritten;
    if (ulValueLen == 0) {
        PR_fprintf(PR_STDERR, "call to writeItem with 0 bytes of data.\n");
        return PR_FAILURE;
    }

    encodeInt(buf, ulValueLen);
    bytesWritten = PR_Write(fd, buf, 4);
    if (bytesWritten != 4) {
        lperror(file);
        return PR_FAILURE;
    }
    bytesWritten = PR_Write(fd, pValue, ulValueLen);
    if (bytesWritten != ulValueLen) {
        lperror(file);
        return PR_FAILURE;
    }
    return PR_SUCCESS;
}

static const unsigned char prime[] = { 0x00,
                                       0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
                                       0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
                                       0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
                                       0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
                                       0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
                                       0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
                                       0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
                                       0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
                                       0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
                                       0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
                                       0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
                                       0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
                                       0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
                                       0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
                                       0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
                                       0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };

static const unsigned char subprime[] = { 0x0,
                                          0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
                                          0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
                                          0x0b, 0x31, 0x24, 0xf1 };

static const unsigned char base[] = {
    0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
    0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
    0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
    0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
    0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
    0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
    0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
    0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
    0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
    0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
    0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
    0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
    0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
    0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
    0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
    0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f
};

/*
 * The constants h, seed, & counter aren't used in the code; they're provided
 * here (commented-out) so that human readers can verify that our our PQG
 * parameters were generated properly.
static const unsigned char h[] = {
    0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
    0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
    0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
    0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
    0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
    0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
    0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
    0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
    0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
    0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
    0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
    0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
    0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
    0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
    0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
    0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };

static const unsigned char seed[] = { 0x00,
    0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
    0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
    0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
    0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
    0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
    0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
    0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
    0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
    0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
    0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
    0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
    0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
    0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
    0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
    0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
    0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };

static const unsigned int counter=1496;
 */

static const unsigned char prime2[] = { 0x00,
                                        0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae,
                                        0xa0, 0xb1, 0x47, 0x43, 0xa8, 0x15, 0xee, 0xad,
                                        0xa3, 0x98, 0xa3, 0x29, 0x45, 0xae, 0x5c, 0xd9,
                                        0x12, 0x99, 0x09, 0xdc, 0xef, 0x05, 0xb4, 0x98,
                                        0x05, 0xaa, 0x07, 0xaa, 0x83, 0x89, 0xd7, 0xba,
                                        0xd1, 0x25, 0x56, 0x58, 0xd1, 0x73, 0x3c, 0xd0,
                                        0x91, 0x65, 0xbe, 0x27, 0x92, 0x94, 0x86, 0x95,
                                        0xdb, 0xcf, 0x07, 0x13, 0xa0, 0x85, 0xd6, 0xaa,
                                        0x6c, 0x1d, 0x63, 0xbf, 0xdd, 0xdf, 0xbc, 0x30,
                                        0xeb, 0x42, 0x2f, 0x52, 0x11, 0xec, 0x6e, 0x65,
                                        0xdf, 0x50, 0xbe, 0x28, 0x3d, 0xa4, 0xec, 0x45,
                                        0x19, 0x4c, 0x13, 0x0f, 0x59, 0x74, 0x57, 0x69,
                                        0x99, 0x4f, 0x4a, 0x74, 0x7f, 0x8c, 0x9e, 0xa2,
                                        0xe7, 0x94, 0xc9, 0x70, 0x70, 0xd0, 0xc4, 0xda,
                                        0x49, 0x5b, 0x7a, 0x7d, 0xd9, 0x71, 0x7c, 0x3b,
                                        0xdc, 0xd2, 0x8a, 0x74, 0x5f, 0xce, 0x09, 0xa2,
                                        0xdb, 0xec, 0xa4, 0xba, 0x75, 0xaa, 0x0a, 0x97,
                                        0xa6, 0x82, 0x25, 0x90, 0x90, 0x37, 0xe4, 0x40,
                                        0x05, 0x28, 0x8f, 0x98, 0x8e, 0x68, 0x01, 0xaf,
                                        0x9b, 0x08, 0x2a, 0x9b, 0xd5, 0xb9, 0x8c, 0x14,
                                        0xbf, 0xba, 0xcb, 0x5b, 0xda, 0x4c, 0x95, 0xb8,
                                        0xdf, 0x67, 0xa6, 0x6b, 0x76, 0x8c, 0xad, 0x4f,
                                        0xfd, 0x6a, 0xd6, 0xcc, 0x62, 0x71, 0x30, 0x30,
                                        0xc1, 0x29, 0x84, 0xe4, 0x8e, 0x32, 0x51, 0xb6,
                                        0xea, 0xfa, 0xba, 0x00, 0x99, 0x76, 0xea, 0x86,
                                        0x90, 0xab, 0x2d, 0xe9, 0xfd, 0x1e, 0x8c, 0xcc,
                                        0x3c, 0x2b, 0x5d, 0x13, 0x1b, 0x47, 0xb4, 0xf5,
                                        0x09, 0x74, 0x1d, 0xd4, 0x78, 0xb2, 0x42, 0x19,
                                        0xd6, 0x24, 0xd1, 0x68, 0xbf, 0x11, 0xf1, 0x38,
                                        0xa0, 0x44, 0x9c, 0xc6, 0x51, 0x33, 0xaa, 0x42,
                                        0x93, 0x9e, 0x30, 0x58, 0x9e, 0xc0, 0x70, 0xdf,
                                        0x7e, 0x64, 0xb1, 0xd8, 0x68, 0x75, 0x98, 0xa7 };

static const unsigned char subprime2[] = { 0x00,
                                           0x8e, 0xab, 0xf4, 0xbe, 0x45, 0xeb, 0xa3, 0x58,
                                           0x4e, 0x60, 0x15, 0x66, 0x5a, 0x4b, 0x25, 0xcf,
                                           0x45, 0x77, 0x89, 0x3f, 0x73, 0x34, 0x4a, 0xe0,
                                           0x9e, 0xac, 0xfd, 0xdc, 0xff, 0x9c, 0x8d, 0xe7 };

static const unsigned char base2[] = { 0x00,
                                       0x8d, 0x72, 0x32, 0x46, 0xa6, 0x5c, 0x80, 0xe3,
                                       0x43, 0x0a, 0x9e, 0x94, 0x35, 0x86, 0xd4, 0x58,
                                       0xa1, 0xca, 0x22, 0xb9, 0x73, 0x46, 0x0b, 0xfb,
                                       0x3e, 0x33, 0xf1, 0xd5, 0xd3, 0xb4, 0x26, 0xbf,
                                       0x50, 0xd7, 0xf2, 0x09, 0x33, 0x6e, 0xc0, 0x31,
                                       0x1b, 0x6d, 0x07, 0x70, 0x86, 0xca, 0x57, 0xf7,
                                       0x0b, 0x4a, 0x63, 0xf0, 0x6f, 0xc8, 0x8a, 0xed,
                                       0x50, 0x60, 0xf3, 0x11, 0xc7, 0x44, 0xf3, 0xce,
                                       0x4e, 0x50, 0x42, 0x2d, 0x85, 0x33, 0x54, 0x57,
                                       0x03, 0x8d, 0xdc, 0x66, 0x4d, 0x61, 0x83, 0x17,
                                       0x1c, 0x7b, 0x0d, 0x65, 0xbc, 0x8f, 0x2c, 0x19,
                                       0x86, 0xfc, 0xe2, 0x9f, 0x5d, 0x67, 0xfc, 0xd4,
                                       0xa5, 0xf8, 0x23, 0xa1, 0x1a, 0xa2, 0xe1, 0x11,
                                       0x15, 0x84, 0x32, 0x01, 0xee, 0x88, 0xf1, 0x55,
                                       0x30, 0xe9, 0x74, 0x3c, 0x1a, 0x2b, 0x54, 0x45,
                                       0x2e, 0x39, 0xb9, 0x77, 0xe1, 0x32, 0xaf, 0x2d,
                                       0x97, 0xe0, 0x21, 0xec, 0xf5, 0x58, 0xe1, 0xc7,
                                       0x2e, 0xe0, 0x71, 0x3d, 0x29, 0xa4, 0xd6, 0xe2,
                                       0x5f, 0x85, 0x9c, 0x05, 0x04, 0x46, 0x41, 0x89,
                                       0x03, 0x3c, 0xfa, 0xb2, 0xcf, 0xfa, 0xd5, 0x67,
                                       0xcc, 0xec, 0x68, 0xfc, 0x83, 0xd9, 0x1f, 0x2e,
                                       0x4e, 0x9a, 0x5e, 0x77, 0xa1, 0xff, 0xe6, 0x6f,
                                       0x04, 0x8b, 0xf9, 0x6b, 0x47, 0xc6, 0x49, 0xd2,
                                       0x88, 0x6e, 0x29, 0xa3, 0x1b, 0xae, 0xe0, 0x4f,
                                       0x72, 0x8a, 0x28, 0x94, 0x0c, 0x1d, 0x8c, 0x99,
                                       0xa2, 0x6f, 0xf8, 0xba, 0x99, 0x90, 0xc7, 0xe5,
                                       0xb1, 0x3c, 0x10, 0x34, 0x86, 0x6a, 0x6a, 0x1f,
                                       0x39, 0x63, 0x58, 0xe1, 0x5e, 0x97, 0x95, 0x45,
                                       0x40, 0x38, 0x45, 0x6f, 0x02, 0xb5, 0x86, 0x6e,
                                       0xae, 0x2f, 0x32, 0x7e, 0xa1, 0x3a, 0x34, 0x2c,
                                       0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa,
                                       0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f };

/*
 * The constants h2, seed2, & counter2 aren't used in the code; they're provided
 * here (commented-out) so that human readers can verify that our our PQG
 * parameters were generated properly.
static const unsigned char h2[] = {
    0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7,
    0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37,
    0xda, 0xc5, 0xe3, 0x47, 0xb5, 0x35, 0x4b, 0xfd,
    0x18, 0xb2, 0x7e, 0x67, 0x1e, 0x92, 0x22, 0xe7,
    0xf5, 0x00, 0x71, 0xc0, 0x86, 0x8d, 0x90, 0x31,
    0x36, 0x3e, 0xd0, 0x94, 0x5d, 0x2f, 0x9a, 0x68,
    0xd2, 0xf8, 0x3d, 0x5e, 0x84, 0x42, 0x35, 0xda,
    0x75, 0xdd, 0x05, 0xf0, 0x03, 0x31, 0x39, 0xe5,
    0xfd, 0x2f, 0x5a, 0x7d, 0x56, 0xd8, 0x26, 0xa0,
    0x51, 0x5e, 0x32, 0xb4, 0xad, 0xee, 0xd4, 0x89,
    0xae, 0x01, 0x7f, 0xac, 0x86, 0x98, 0x77, 0x26,
    0x5c, 0x31, 0xd2, 0x5e, 0xbb, 0x7f, 0xf5, 0x4c,
    0x9b, 0xf0, 0xa6, 0x37, 0x34, 0x08, 0x86, 0x6b,
    0xce, 0xeb, 0x85, 0x66, 0x0a, 0x26, 0x8a, 0x14,
    0x92, 0x12, 0x74, 0xf4, 0xf0, 0xcb, 0xb5, 0xfc,
    0x38, 0xd5, 0x1e, 0xa1, 0x2f, 0x4a, 0x1a, 0xca,
    0x66, 0xde, 0x6e, 0xe6, 0x6e, 0x1c, 0xef, 0x50,
    0x41, 0x31, 0x09, 0xe7, 0x4a, 0xb8, 0xa3, 0xaa,
    0x5a, 0x22, 0xbd, 0x63, 0x0f, 0xe9, 0x0e, 0xdb,
    0xb3, 0xca, 0x7e, 0x8d, 0x40, 0xb3, 0x3e, 0x0b,
    0x12, 0x8b, 0xb0, 0x80, 0x4d, 0x6d, 0xb0, 0x54,
    0xbb, 0x4c, 0x1d, 0x6c, 0xa0, 0x5c, 0x9d, 0x91,
    0xb3, 0xbb, 0xd9, 0xfc, 0x60, 0xec, 0xc1, 0xbc,
    0xae, 0x72, 0x3f, 0xa5, 0x4f, 0x36, 0x2d, 0x2c,
    0x81, 0x03, 0x86, 0xa2, 0x03, 0x38, 0x36, 0x8e,
    0xad, 0x1d, 0x53, 0xc6, 0xc5, 0x9e, 0xda, 0x08,
    0x35, 0x4f, 0xb2, 0x78, 0xba, 0xd1, 0x22, 0xde,
    0xc4, 0x6b, 0xbe, 0x83, 0x71, 0x0f, 0xee, 0x38,
    0x4a, 0x9f, 0xda, 0x90, 0x93, 0x6b, 0x9a, 0xf2,
    0xeb, 0x23, 0xfe, 0x41, 0x3f, 0xf1, 0xfc, 0xee,
    0x7f, 0x67, 0xa7, 0xb8, 0xab, 0x29, 0xf4, 0x75,
    0x1c, 0xe9, 0xd1, 0x47, 0x7d, 0x86, 0x44, 0xe2 };

static const unsigned char seed2[] = { 0x00,
    0xbc, 0xae, 0xc4, 0xea, 0x4e, 0xd2, 0xed, 0x1c,
    0x8d, 0x48, 0xed, 0xf2, 0xa5, 0xb4, 0x18, 0xba,
    0x00, 0xcb, 0x9c, 0x75, 0x8a, 0x39, 0x94, 0x3b,
    0xd0, 0xd6, 0x01, 0xf7, 0xc1, 0xf5, 0x9d, 0xe5,
    0xe3, 0xb4, 0x1d, 0xf5, 0x30, 0xfe, 0x99, 0xe4,
    0x01, 0xab, 0xc0, 0x88, 0x4e, 0x67, 0x8f, 0xc6,
    0x72, 0x39, 0x2e, 0xac, 0x51, 0xec, 0x91, 0x41,
    0x47, 0x71, 0x14, 0x8a, 0x1d, 0xca, 0x88, 0x15,
    0xea, 0xc9, 0x48, 0x9a, 0x71, 0x50, 0x19, 0x38,
    0xdb, 0x4e, 0x65, 0xd5, 0x13, 0xd8, 0x2a, 0xc4,
    0xcd, 0xfd, 0x0c, 0xe3, 0xc3, 0x60, 0xae, 0x6d,
    0x88, 0xf2, 0x3a, 0xd0, 0x64, 0x73, 0x32, 0x89,
    0xcd, 0x0b, 0xb8, 0xc7, 0xa5, 0x27, 0x84, 0xd5,
    0x83, 0x3f, 0x0e, 0x10, 0x63, 0x10, 0x78, 0xac,
    0x6b, 0x56, 0xb2, 0x62, 0x3a, 0x44, 0x56, 0xc0,
    0xe4, 0x33, 0xd7, 0x63, 0x4c, 0xc9, 0x6b, 0xae,
    0xfb, 0xe2, 0x9b, 0xf4, 0x96, 0xc7, 0xf0, 0x2a,
    0x50, 0xde, 0x86, 0x69, 0x4f, 0x42, 0x4b, 0x1c,
    0x7c, 0xa8, 0x6a, 0xfb, 0x54, 0x47, 0x1b, 0x41,
    0x31, 0x9e, 0x0a, 0xc6, 0xc0, 0xbc, 0x88, 0x7f,
    0x5a, 0x42, 0xa9, 0x82, 0x58, 0x32, 0xb3, 0xeb,
    0x54, 0x83, 0x84, 0x26, 0x92, 0xa6, 0xc0, 0x6e,
    0x2b, 0xa6, 0x82, 0x82, 0x43, 0x58, 0x84, 0x53,
    0x31, 0xcf, 0xd0, 0x0a, 0x11, 0x09, 0x44, 0xc8,
    0x11, 0x36, 0xe0, 0x04, 0x85, 0x2e, 0xd1, 0x29,
    0x6b, 0x7b, 0x00, 0x71, 0x5f, 0xef, 0x7b, 0x7a,
    0x2d, 0x91, 0xf9, 0x84, 0x45, 0x4d, 0xc7, 0xe1,
    0xee, 0xd4, 0xb8, 0x61, 0x3b, 0x13, 0xb7, 0xba,
    0x95, 0x39, 0xf6, 0x3d, 0x89, 0xbd, 0xa5, 0x80,
    0x93, 0xf7, 0xe5, 0x17, 0x05, 0xc5, 0x65, 0xb7,
    0xde, 0xc9, 0x9f, 0x04, 0x87, 0xcf, 0x4f, 0x86,
    0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde };

static const unsigned int counter2=210;
 */

struct tuple_str {
    CK_RV errNum;
    const char *errString;
};

typedef struct tuple_str tuple_str;

static const tuple_str errStrings[] = {
    { CKR_OK, "CKR_OK                              " },
    { CKR_CANCEL, "CKR_CANCEL                          " },
    { CKR_HOST_MEMORY, "CKR_HOST_MEMORY                     " },
    { CKR_SLOT_ID_INVALID, "CKR_SLOT_ID_INVALID                 " },
    { CKR_GENERAL_ERROR, "CKR_GENERAL_ERROR                   " },
    { CKR_FUNCTION_FAILED, "CKR_FUNCTION_FAILED                 " },
    { CKR_ARGUMENTS_BAD, "CKR_ARGUMENTS_BAD                   " },
    { CKR_NO_EVENT, "CKR_NO_EVENT                        " },
    { CKR_NEED_TO_CREATE_THREADS, "CKR_NEED_TO_CREATE_THREADS          " },
    { CKR_CANT_LOCK, "CKR_CANT_LOCK                       " },
    { CKR_ATTRIBUTE_READ_ONLY, "CKR_ATTRIBUTE_READ_ONLY             " },
    { CKR_ATTRIBUTE_SENSITIVE, "CKR_ATTRIBUTE_SENSITIVE             " },
    { CKR_ATTRIBUTE_TYPE_INVALID, "CKR_ATTRIBUTE_TYPE_INVALID          " },
    { CKR_ATTRIBUTE_VALUE_INVALID, "CKR_ATTRIBUTE_VALUE_INVALID         " },
    { CKR_DATA_INVALID, "CKR_DATA_INVALID                    " },
    { CKR_DATA_LEN_RANGE, "CKR_DATA_LEN_RANGE                  " },
    { CKR_DEVICE_ERROR, "CKR_DEVICE_ERROR                    " },
    { CKR_DEVICE_MEMORY, "CKR_DEVICE_MEMORY                   " },
    { CKR_DEVICE_REMOVED, "CKR_DEVICE_REMOVED                  " },
    { CKR_ENCRYPTED_DATA_INVALID, "CKR_ENCRYPTED_DATA_INVALID          " },
    { CKR_ENCRYPTED_DATA_LEN_RANGE, "CKR_ENCRYPTED_DATA_LEN_RANGE        " },
    { CKR_FUNCTION_CANCELED, "CKR_FUNCTION_CANCELED               " },
    { CKR_FUNCTION_NOT_PARALLEL, "CKR_FUNCTION_NOT_PARALLEL           " },
    { CKR_FUNCTION_NOT_SUPPORTED, "CKR_FUNCTION_NOT_SUPPORTED          " },
    { CKR_KEY_HANDLE_INVALID, "CKR_KEY_HANDLE_INVALID              " },
    { CKR_KEY_SIZE_RANGE, "CKR_KEY_SIZE_RANGE                  " },
    { CKR_KEY_TYPE_INCONSISTENT, "CKR_KEY_TYPE_INCONSISTENT           " },
    { CKR_KEY_NOT_NEEDED, "CKR_KEY_NOT_NEEDED                  " },
    { CKR_KEY_CHANGED, "CKR_KEY_CHANGED                     " },
    { CKR_KEY_NEEDED, "CKR_KEY_NEEDED                      " },
    { CKR_KEY_INDIGESTIBLE, "CKR_KEY_INDIGESTIBLE                " },
    { CKR_KEY_FUNCTION_NOT_PERMITTED, "CKR_KEY_FUNCTION_NOT_PERMITTED      " },
    { CKR_KEY_NOT_WRAPPABLE, "CKR_KEY_NOT_WRAPPABLE               " },
    { CKR_KEY_UNEXTRACTABLE, "CKR_KEY_UNEXTRACTABLE               " },
    { CKR_MECHANISM_INVALID, "CKR_MECHANISM_INVALID               " },
    { CKR_MECHANISM_PARAM_INVALID, "CKR_MECHANISM_PARAM_INVALID         " },
    { CKR_OBJECT_HANDLE_INVALID, "CKR_OBJECT_HANDLE_INVALID           " },
    { CKR_OPERATION_ACTIVE, "CKR_OPERATION_ACTIVE                " },
    { CKR_OPERATION_NOT_INITIALIZED, "CKR_OPERATION_NOT_INITIALIZED       " },
    { CKR_PIN_INCORRECT, "CKR_PIN_INCORRECT                   " },
    { CKR_PIN_INVALID, "CKR_PIN_INVALID                     " },
    { CKR_PIN_LEN_RANGE, "CKR_PIN_LEN_RANGE                   " },
    { CKR_PIN_EXPIRED, "CKR_PIN_EXPIRED                     " },
    { CKR_PIN_LOCKED, "CKR_PIN_LOCKED                      " },
    { CKR_SESSION_CLOSED, "CKR_SESSION_CLOSED                  " },
    { CKR_SESSION_COUNT, "CKR_SESSION_COUNT                   " },
    { CKR_SESSION_HANDLE_INVALID, "CKR_SESSION_HANDLE_INVALID          " },
    { CKR_SESSION_PARALLEL_NOT_SUPPORTED, "CKR_SESSION_PARALLEL_NOT_SUPPORTED  " },
    { CKR_SESSION_READ_ONLY, "CKR_SESSION_READ_ONLY               " },
    { CKR_SESSION_EXISTS, "CKR_SESSION_EXISTS                  " },
    { CKR_SESSION_READ_ONLY_EXISTS, "CKR_SESSION_READ_ONLY_EXISTS        " },
    { CKR_SESSION_READ_WRITE_SO_EXISTS, "CKR_SESSION_READ_WRITE_SO_EXISTS    " },
    { CKR_SIGNATURE_INVALID, "CKR_SIGNATURE_INVALID               " },
    { CKR_SIGNATURE_LEN_RANGE, "CKR_SIGNATURE_LEN_RANGE             " },
    { CKR_TEMPLATE_INCOMPLETE, "CKR_TEMPLATE_INCOMPLETE             " },
    { CKR_TEMPLATE_INCONSISTENT, "CKR_TEMPLATE_INCONSISTENT           " },
    { CKR_TOKEN_NOT_PRESENT, "CKR_TOKEN_NOT_PRESENT               " },
    { CKR_TOKEN_NOT_RECOGNIZED, "CKR_TOKEN_NOT_RECOGNIZED            " },
    { CKR_TOKEN_WRITE_PROTECTED, "CKR_TOKEN_WRITE_PROTECTED           " },
    { CKR_UNWRAPPING_KEY_HANDLE_INVALID, "CKR_UNWRAPPING_KEY_HANDLE_INVALID   " },
    { CKR_UNWRAPPING_KEY_SIZE_RANGE, "CKR_UNWRAPPING_KEY_SIZE_RANGE       " },
    { CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT" },
    { CKR_USER_ALREADY_LOGGED_IN, "CKR_USER_ALREADY_LOGGED_IN          " },
    { CKR_USER_NOT_LOGGED_IN, "CKR_USER_NOT_LOGGED_IN              " },
    { CKR_USER_PIN_NOT_INITIALIZED, "CKR_USER_PIN_NOT_INITIALIZED        " },
    { CKR_USER_TYPE_INVALID, "CKR_USER_TYPE_INVALID               " },
    { CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "CKR_USER_ANOTHER_ALREADY_LOGGED_IN  " },
    { CKR_USER_TOO_MANY_TYPES, "CKR_USER_TOO_MANY_TYPES             " },
    { CKR_WRAPPED_KEY_INVALID, "CKR_WRAPPED_KEY_INVALID             " },
    { CKR_WRAPPED_KEY_LEN_RANGE, "CKR_WRAPPED_KEY_LEN_RANGE           " },
    { CKR_WRAPPING_KEY_HANDLE_INVALID, "CKR_WRAPPING_KEY_HANDLE_INVALID     " },
    { CKR_WRAPPING_KEY_SIZE_RANGE, "CKR_WRAPPING_KEY_SIZE_RANGE         " },
    { CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "CKR_WRAPPING_KEY_TYPE_INCONSISTENT  " },
    { CKR_RANDOM_SEED_NOT_SUPPORTED, "CKR_RANDOM_SEED_NOT_SUPPORTED       " },
    { CKR_RANDOM_NO_RNG, "CKR_RANDOM_NO_RNG                   " },
    { CKR_DOMAIN_PARAMS_INVALID, "CKR_DOMAIN_PARAMS_INVALID           " },
    { CKR_BUFFER_TOO_SMALL, "CKR_BUFFER_TOO_SMALL                " },
    { CKR_SAVED_STATE_INVALID, "CKR_SAVED_STATE_INVALID             " },
    { CKR_INFORMATION_SENSITIVE, "CKR_INFORMATION_SENSITIVE           " },
    { CKR_STATE_UNSAVEABLE, "CKR_STATE_UNSAVEABLE                " },
    { CKR_CRYPTOKI_NOT_INITIALIZED, "CKR_CRYPTOKI_NOT_INITIALIZED        " },
    { CKR_CRYPTOKI_ALREADY_INITIALIZED, "CKR_CRYPTOKI_ALREADY_INITIALIZED    " },
    { CKR_MUTEX_BAD, "CKR_MUTEX_BAD                       " },
    { CKR_MUTEX_NOT_LOCKED, "CKR_MUTEX_NOT_LOCKED                " },
    { CKR_FUNCTION_REJECTED, "CKR_FUNCTION_REJECTED               " },
    { CKR_VENDOR_DEFINED, "CKR_VENDOR_DEFINED                  " },
    { 0xCE534351, "CKR_NETSCAPE_CERTDB_FAILED          " },
    { 0xCE534352, "CKR_NETSCAPE_KEYDB_FAILED           " }

};

static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str);

/* Returns constant error string for "CRV".
 * Returns "unknown error" if errNum is unknown.
 */
static const char *
CK_RVtoStr(CK_RV errNum)
{
    CK_ULONG low = 1;
    CK_ULONG high = numStrings - 1;
    CK_ULONG i;
    CK_RV num;
    static int initDone;

    /* make sure table is in  ascending order.
     * binary search depends on it.
     */
    if (!initDone) {
        CK_RV lastNum = CKR_OK;
        for (i = low; i <= high; ++i) {
            num = errStrings[i].errNum;
            if (num <= lastNum) {
                PR_fprintf(PR_STDERR,
                           "sequence error in error strings at item %d\n"
                           "error %d (%s)\n"
                           "should come after \n"
                           "error %d (%s)\n",
                           (int)i, (int)lastNum, errStrings[i - 1].errString,
                           (int)num, errStrings[i].errString);
            }
            lastNum = num;
        }
        initDone = 1;
    }

    /* Do binary search of table. */
    while (low + 1 < high) {
        i = low + (high - low) / 2;
        num = errStrings[i].errNum;
        if (errNum == num)
            return errStrings[i].errString;
        if (errNum < num)
            high = i;
        else
            low = i;
    }
    if (errNum == errStrings[low].errNum)
        return errStrings[low].errString;
    if (errNum == errStrings[high].errNum)
        return errStrings[high].errString;
    return "unknown error";
}

static void
pk11error(const char *string, CK_RV crv)
{
    PRErrorCode errorcode;

    PR_fprintf(PR_STDERR, "%s: 0x%08lX, %-26s\n", string, crv, CK_RVtoStr(crv));

    errorcode = PR_GetError();
    if (errorcode) {
        PR_fprintf(PR_STDERR, "NSPR error code: %d: %s\n", errorcode,
                   PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
    }
}

static void
logIt(const char *fmt, ...)
{
    va_list args;

    if (verbose) {
        va_start(args, fmt);
        vprintf(fmt, args);
        va_end(args);
    }
}

static CK_RV
softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char *configDir,
             const char *dbPrefix)
{

    CK_RV crv = CKR_OK;
    CK_C_INITIALIZE_ARGS initArgs;
    char *moduleSpec = NULL;

    initArgs.CreateMutex = NULL;
    initArgs.DestroyMutex = NULL;
    initArgs.LockMutex = NULL;
    initArgs.UnlockMutex = NULL;
    initArgs.flags = CKF_OS_LOCKING_OK;
    if (configDir) {
        moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
                                 "keyPrefix='%s' secmod='secmod.db' flags=ReadOnly ",
                                 configDir, dbPrefix, dbPrefix);
    } else {
        moduleSpec = PR_smprintf("configdir='' certPrefix='' keyPrefix='' "
                                 "secmod='' flags=noCertDB, noModDB");
    }
    if (!moduleSpec) {
        PR_fprintf(PR_STDERR, "softokn_Init: out of memory error\n");
        return CKR_HOST_MEMORY;
    }
    logIt("moduleSpec %s\n", moduleSpec);
    initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
    initArgs.pReserved = NULL;

    crv = pFunctionList->C_Initialize(&initArgs);
    if (crv != CKR_OK) {
        pk11error("C_Initialize failed", crv);
        goto cleanup;
    }

cleanup:
    if (moduleSpec) {
        PR_smprintf_free(moduleSpec);
    }

    return crv;
}

static char *
filePasswd(char *pwFile)
{
    unsigned char phrase[200];
    PRFileDesc *fd;
    PRInt32 nb;
    int i;

    if (!pwFile)
        return 0;

    fd = PR_Open(pwFile, PR_RDONLY, 0);
    if (!fd) {
        lperror(pwFile);
        return NULL;
    }

    nb = PR_Read(fd, phrase, sizeof(phrase));

    PR_Close(fd);
    /* handle the Windows EOL case */
    i = 0;
    while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
        i++;
    phrase[i] = '\0';
    if (nb == 0) {
        PR_fprintf(PR_STDERR, "password file contains no data\n");
        return NULL;
    }
    return (char *)PL_strdup((char *)phrase);
}

static void
checkPath(char *string)
{
    char *src;
    char *dest;

    /*
     * windows support convert any back slashes to
     * forward slashes.
     */
    for (src = string, dest = string; *src; src++, dest++) {
        if (*src == '\\') {
            *dest = '/';
        }
    }
    dest--;
    /* if the last char is a / set it to 0 */
    if (*dest == '/')
        *dest = 0;
}

static CK_SLOT_ID *
getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
            CK_ULONG slotIndex)
{
    CK_RV crv = CKR_OK;
    CK_SLOT_ID *pSlotList = NULL;
    CK_ULONG slotCount;

    /* Get slot list */
    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
                                       NULL, &slotCount);
    if (crv != CKR_OK) {
        pk11error("C_GetSlotList failed", crv);
        return NULL;
    }

    if (slotIndex >= slotCount) {
        PR_fprintf(PR_STDERR, "provided slotIndex is greater than the slot count.");
        return NULL;
    }

    pSlotList = (CK_SLOT_ID *)PR_Malloc(slotCount * sizeof(CK_SLOT_ID));
    if (!pSlotList) {
        lperror("failed to allocate slot list");
        return NULL;
    }
    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
                                       pSlotList, &slotCount);
    if (crv != CKR_OK) {
        pk11error("C_GetSlotList failed", crv);
        if (pSlotList)
            PR_Free(pSlotList);
        return NULL;
    }
    return pSlotList;
}

int
main(int argc, char **argv)
{
    PLOptState *optstate;
    char *program_name;
    char *libname = NULL;
    PRLibrary *lib = NULL;
    PRFileDesc *fd;
    PRStatus rv = PR_SUCCESS;
    const char *input_file = NULL; /* read/create encrypted data from here */
    char *output_file = NULL;      /* write new encrypted data here */
    int bytesRead;
    int bytesWritten;
    unsigned char file_buf[512];
    int count = 0;
    unsigned int keySize = 0;
    int i;
    PRBool verify = PR_FALSE;
    static PRBool FIPSMODE = PR_FALSE;
    PRBool successful = PR_FALSE;

#ifdef USES_LINKS
    int ret;
    struct stat stat_buf;
    char link_buf[MAXPATHLEN + 1];
    char *link_file = NULL;
#endif

    char *pwd = NULL;
    char *configDir = NULL;
    char *dbPrefix = NULL;
    char *disableUnload = NULL;

    CK_C_GetFunctionList pC_GetFunctionList;
    CK_TOKEN_INFO tokenInfo;
    CK_FUNCTION_LIST_PTR pFunctionList = NULL;
    CK_RV crv = CKR_OK;
    CK_SESSION_HANDLE hRwSession;
    CK_SLOT_ID *pSlotList = NULL;
    CK_ULONG slotIndex = 0;
    CK_MECHANISM digestmech;
    CK_ULONG digestLen = 0;
    CK_BYTE digest[32]; /* SHA256_LENGTH */
    CK_BYTE sign[64];   /* DSA SIGNATURE LENGTH */
    CK_ULONG signLen = 0;
    CK_MECHANISM signMech = {
        CKM_DSA, NULL, 0
    };

    /*** DSA Key ***/

    CK_MECHANISM dsaKeyPairGenMech;
    CK_ATTRIBUTE dsaPubKeyTemplate[5];
    CK_ATTRIBUTE dsaPrivKeyTemplate[5];
    CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
    CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;

    CK_BYTE dsaPubKey[384];
    CK_ATTRIBUTE dsaPubKeyValue;

    program_name = strrchr(argv[0], '/');
    program_name = program_name ? (program_name + 1) : argv[0];
    optstate = PL_CreateOptState(argc, argv, "i:o:f:Fd:hH?k:p:P:vVs:");
    if (optstate == NULL) {
        lperror("PL_CreateOptState failed");
        return 1;
    }

    while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
        switch (optstate->option) {

            case 'd':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                configDir = PL_strdup(optstate->value);
                checkPath(configDir);
                break;

            case 'i':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                input_file = optstate->value;
                break;

            case 'o':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                output_file = PL_strdup(optstate->value);
                break;

            case 'k':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                keySize = atoi(optstate->value);
                break;

            case 'f':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                pwd = filePasswd((char *)optstate->value);
                if (!pwd)
                    usage(program_name);
                break;

            case 'F':
                FIPSMODE = PR_TRUE;
                break;

            case 'p':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                pwd = PL_strdup(optstate->value);
                break;

            case 'P':
                if (!optstate->value) {
                    PL_DestroyOptState(optstate);
                    usage(program_name);
                }
                dbPrefix = PL_strdup(optstate->value);
                break;

            case 'v':
                verbose = PR_TRUE;
                break;

            case 'V':
                verify = PR_TRUE;
                break;

            case 'H':
                PL_DestroyOptState(optstate);
                long_usage(program_name);
                return 1;
                break;

            case 'h':
            case '?':
            default:
                PL_DestroyOptState(optstate);
                usage(program_name);
                return 1;
                break;
        }
    }
    PL_DestroyOptState(optstate);

    if (!input_file) {
        usage(program_name);
        return 1;
    }

    /* Get the platform-dependent library name of the
     * NSS cryptographic module.
     */
    libname = PR_GetLibraryName(NULL, "softokn3");
    assert(libname != NULL);
    if (!libname) {
        PR_fprintf(PR_STDERR, "getting softokn3 failed");
        goto cleanup;
    }
    lib = PR_LoadLibrary(libname);
    assert(lib != NULL);
    if (!lib) {
        PR_fprintf(PR_STDERR, "loading softokn3 failed");
        goto cleanup;
    }
    PR_FreeLibraryName(libname);

    if (FIPSMODE) {
        /* FIPSMODE == FC_GetFunctionList */
        /* library path must be set to an already signed softokn3/freebl */
        pC_GetFunctionList = (CK_C_GetFunctionList)
            PR_FindFunctionSymbol(lib, "FC_GetFunctionList");
    } else {
        /* NON FIPS mode  == C_GetFunctionList */
        pC_GetFunctionList = (CK_C_GetFunctionList)
            PR_FindFunctionSymbol(lib, "C_GetFunctionList");
    }
    assert(pC_GetFunctionList != NULL);
    if (!pC_GetFunctionList) {
        PR_fprintf(PR_STDERR, "getting function list failed");
        goto cleanup;
    }

    crv = (*pC_GetFunctionList)(&pFunctionList);
    assert(crv == CKR_OK);
    if (crv != CKR_OK) {
        PR_fprintf(PR_STDERR, "loading function list failed");
        goto cleanup;
    }

    if (configDir) {
        if (!dbPrefix) {
            dbPrefix = PL_strdup("");
        }
        crv = softokn_Init(pFunctionList, configDir, dbPrefix);
        if (crv != CKR_OK) {
            logIt("Failed to use provided database directory "
                  "will just initialize the volatile certdb.\n");
            crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
        }
    } else {
        crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
    }

    if (crv != CKR_OK) {
        pk11error("Initiailzing softoken failed", crv);
        goto cleanup;
    }

    pSlotList = getSlotList(pFunctionList, slotIndex);
    if (pSlotList == NULL) {
        PR_fprintf(PR_STDERR, "getSlotList failed");
        goto cleanup;
    }

    if ((keySize == 0) || (keySize > 1024)) {
        CK_MECHANISM_INFO mechInfo;
        crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotIndex],
                                                CKM_DSA, &mechInfo);
        if (crv != CKR_OK) {
            pk11error("Couldn't get mechanism info for DSA", crv);
            goto cleanup;
        }

        if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
            PR_fprintf(PR_STDERR,
                       "token doesn't support DSA2 (Max key size=%d)\n",
                       mechInfo.ulMaxKeySize);
            goto cleanup;
        }

        if ((keySize == 0) && mechInfo.ulMaxKeySize >= 2048) {
            keySize = 2048;
        } else {
            keySize = 1024;
        }
    }

    /* DSA key init */
    if (keySize == 1024) {
        dsaPubKeyTemplate[0].type = CKA_PRIME;
        dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime;
        dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
        dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
        dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime;
        dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
        dsaPubKeyTemplate[2].type = CKA_BASE;
        dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base;
        dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
        digestmech.mechanism = CKM_SHA_1;
        digestmech.pParameter = NULL;
        digestmech.ulParameterLen = 0;
    } else if (keySize == 2048) {
        dsaPubKeyTemplate[0].type = CKA_PRIME;
        dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime2;
        dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
        dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
        dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime2;
        dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
        dsaPubKeyTemplate[2].type = CKA_BASE;
        dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base2;
        dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
        digestmech.mechanism = CKM_SHA256;
        digestmech.pParameter = NULL;
        digestmech.ulParameterLen = 0;
    } else {
        /* future - generate pqg */
        PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported");
        goto cleanup;
    }
    dsaPubKeyTemplate[3].type = CKA_TOKEN;
    dsaPubKeyTemplate[3].pValue = &false; /* session object */
    dsaPubKeyTemplate[3].ulValueLen = sizeof(false);
    dsaPubKeyTemplate[4].type = CKA_VERIFY;
    dsaPubKeyTemplate[4].pValue = &true;
    dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
    dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
    dsaKeyPairGenMech.pParameter = NULL;
    dsaKeyPairGenMech.ulParameterLen = 0;
    dsaPrivKeyTemplate[0].type = CKA_TOKEN;
    dsaPrivKeyTemplate[0].pValue = &false; /* session object */
    dsaPrivKeyTemplate[0].ulValueLen = sizeof(false);
    dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
    dsaPrivKeyTemplate[1].pValue = &true;
    dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
    dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
    dsaPrivKeyTemplate[2].pValue = &true;
    dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
    dsaPrivKeyTemplate[3].type = CKA_SIGN,
    dsaPrivKeyTemplate[3].pValue = &true;
    dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
    dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
    dsaPrivKeyTemplate[4].pValue = &false;
    dsaPrivKeyTemplate[4].ulValueLen = sizeof(false);

    crv = pFunctionList->C_OpenSession(pSlotList[slotIndex],
                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
                                       NULL, NULL, &hRwSession);
    if (crv != CKR_OK) {
        pk11error("Opening a read/write session failed", crv);
        goto cleanup;
    }

    /* check if a password is needed */
    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotIndex], &tokenInfo);
    if (crv != CKR_OK) {
        pk11error("C_GetTokenInfo failed", crv);
        goto cleanup;
    }
    if (tokenInfo.flags & CKF_LOGIN_REQUIRED) {
        if (pwd) {
            int pwdLen = strlen((const char *)pwd);
            crv = pFunctionList->C_Login(hRwSession, CKU_USER,
                                         (CK_UTF8CHAR_PTR)pwd, (CK_ULONG)pwdLen);
            if (crv != CKR_OK) {
                pk11error("C_Login failed", crv);
                goto cleanup;
            }
        } else {
            PR_fprintf(PR_STDERR, "Please provide the password for the token");
            goto cleanup;
        }
    } else if (pwd) {
        logIt("A password was provided but the password was not used.\n");
    }

    /* Generate a DSA key pair */
    logIt("Generate a DSA key pair ... \n");
    crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
                                           dsaPubKeyTemplate,
                                           NUM_ELEM(dsaPubKeyTemplate),
                                           dsaPrivKeyTemplate,
                                           NUM_ELEM(dsaPrivKeyTemplate),
                                           &hDSApubKey, &hDSAprivKey);
    if (crv != CKR_OK) {
        pk11error("DSA key pair generation failed", crv);
        goto cleanup;
    }

    /* open the shared library */
    fd = PR_OpenFile(input_file, PR_RDONLY, 0);
    if (fd == NULL) {
        lperror(input_file);
        goto cleanup;
    }
#ifdef USES_LINKS
    ret = lstat(input_file, &stat_buf);
    if (ret < 0) {
        perror(input_file);
        goto cleanup;
    }
    if (S_ISLNK(stat_buf.st_mode)) {
        char *dirpath, *dirend;
        ret = readlink(input_file, link_buf, sizeof(link_buf) - 1);
        if (ret < 0) {
            perror(input_file);
            goto cleanup;
        }
        link_buf[ret] = 0;
        link_file = mkoutput(input_file);
        /* get the dirname of input_file */
        dirpath = PL_strdup(input_file);
        dirend = strrchr(dirpath, '/');
        if (dirend) {
            *dirend = '\0';
            ret = chdir(dirpath);
            if (ret < 0) {
                perror(dirpath);
                goto cleanup;
            }
        }
        PL_strfree(dirpath);
        input_file = link_buf;
        /* get the basename of link_file */
        dirend = strrchr(link_file, '/');
        if (dirend) {
            char *tmp_file = NULL;
            tmp_file = PL_strdup(dirend + 1);
            PL_strfree(link_file);
            link_file = tmp_file;
        }
    }
#endif
    if (output_file == NULL) {
        output_file = mkoutput(input_file);
    }

    /* compute the digest */
    memset(digest, 0, sizeof(digest));
    crv = pFunctionList->C_DigestInit(hRwSession, &digestmech);
    if (crv != CKR_OK) {
        pk11error("C_DigestInit failed", crv);
        goto cleanup;
    }

    /* Digest the file */
    while ((bytesRead = PR_Read(fd, file_buf, sizeof(file_buf))) > 0) {
        crv = pFunctionList->C_DigestUpdate(hRwSession, (CK_BYTE_PTR)file_buf,
                                            bytesRead);
        if (crv != CKR_OK) {
            pk11error("C_DigestUpdate failed", crv);
            goto cleanup;
        }
        count += bytesRead;
    }

    /* close the input_File */
    PR_Close(fd);
    fd = NULL;
    if (bytesRead < 0) {
        lperror("0 bytes read from input file");
        goto cleanup;
    }

    digestLen = sizeof(digest);
    crv = pFunctionList->C_DigestFinal(hRwSession, (CK_BYTE_PTR)digest,
                                       &digestLen);
    if (crv != CKR_OK) {
        pk11error("C_DigestFinal failed", crv);
        goto cleanup;
    }

    if (digestLen != sizeof(digest)) {
        PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
                              "it should be %lu \n",
                   digestLen, sizeof(digest));
        goto cleanup;
    }

    /* sign the hash */
    memset(sign, 0, sizeof(sign));
    /* SignUpdate  */
    crv = pFunctionList->C_SignInit(hRwSession, &signMech, hDSAprivKey);
    if (crv != CKR_OK) {
        pk11error("C_SignInit failed", crv);
        goto cleanup;
    }

    signLen = sizeof(sign);
    crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)digest, digestLen,
                                sign, &signLen);
    if (crv != CKR_OK) {
        pk11error("C_Sign failed", crv);
        goto cleanup;
    }

    if (signLen != sizeof(sign)) {
        PR_fprintf(PR_STDERR, "signLen has incorrect length %lu "
                              "it should be %lu \n",
                   signLen, sizeof(sign));
        goto cleanup;
    }

    if (verify) {
        crv = pFunctionList->C_VerifyInit(hRwSession, &signMech, hDSApubKey);
        if (crv != CKR_OK) {
            pk11error("C_VerifyInit failed", crv);
            goto cleanup;
        }
        crv = pFunctionList->C_Verify(hRwSession, digest, digestLen,
                                      sign, signLen);
        if (crv != CKR_OK) {
            pk11error("C_Verify failed", crv);
            goto cleanup;
        }
    }

    if (verbose) {
        int j;
        PR_fprintf(PR_STDERR, "Library File: %s %d bytes\n", input_file, count);
        PR_fprintf(PR_STDERR, "Check File: %s\n", output_file);
#ifdef USES_LINKS
        if (link_file) {
            PR_fprintf(PR_STDERR, "Link: %s\n", link_file);
        }
#endif
        PR_fprintf(PR_STDERR, "  hash: %lu bytes\n", digestLen);
#define STEP 10
        for (i = 0; i < (int)digestLen; i += STEP) {
            PR_fprintf(PR_STDERR, "   ");
            for (j = 0; j < STEP && (i + j) < (int)digestLen; j++) {
                PR_fprintf(PR_STDERR, " %02x", digest[i + j]);
            }
            PR_fprintf(PR_STDERR, "\n");
        }
        PR_fprintf(PR_STDERR, "  signature: %lu bytes\n", signLen);
        for (i = 0; i < (int)signLen; i += STEP) {
            PR_fprintf(PR_STDERR, "   ");
            for (j = 0; j < STEP && (i + j) < (int)signLen; j++) {
                PR_fprintf(PR_STDERR, " %02x", sign[i + j]);
            }
            PR_fprintf(PR_STDERR, "\n");
        }
    }

    /* open the target signature file */
    fd = PR_Open(output_file, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666);
    if (fd == NULL) {
        lperror(output_file);
        goto cleanup;
    }

    /*
     * we write the key out in a straight binary format because very
     * low level libraries need to read an parse this file. Ideally we should
     * just derEncode the public key (which would be pretty simple, and be
     * more general), but then we'd need to link the ASN.1 decoder with the
     * freebl libraries.
     */

    file_buf[0] = NSS_SIGN_CHK_MAGIC1;
    file_buf[1] = NSS_SIGN_CHK_MAGIC2;
    file_buf[2] = NSS_SIGN_CHK_MAJOR_VERSION;
    file_buf[3] = NSS_SIGN_CHK_MINOR_VERSION;
    encodeInt(&file_buf[4], 12); /* offset to data start */
    encodeInt(&file_buf[8], CKK_DSA);
    bytesWritten = PR_Write(fd, file_buf, 12);
    if (bytesWritten != 12) {
        lperror(output_file);
        goto cleanup;
    }

    /* get DSA Public KeyValue */
    memset(dsaPubKey, 0, sizeof(dsaPubKey));
    dsaPubKeyValue.type = CKA_VALUE;
    dsaPubKeyValue.pValue = (CK_VOID_PTR)&dsaPubKey;
    dsaPubKeyValue.ulValueLen = sizeof(dsaPubKey);

    crv = pFunctionList->C_GetAttributeValue(hRwSession, hDSApubKey,
                                             &dsaPubKeyValue, 1);
    if (crv != CKR_OK && crv != CKR_ATTRIBUTE_TYPE_INVALID) {
        pk11error("C_GetAttributeValue failed", crv);
        goto cleanup;
    }

    /* CKA_PRIME */
    rv = writeItem(fd, dsaPubKeyTemplate[0].pValue,
                   dsaPubKeyTemplate[0].ulValueLen, output_file);
    if (rv != PR_SUCCESS)
        goto cleanup;
    /* CKA_SUBPRIME */
    rv = writeItem(fd, dsaPubKeyTemplate[1].pValue,
                   dsaPubKeyTemplate[1].ulValueLen, output_file);
    if (rv != PR_SUCCESS)
        goto cleanup;
    /* CKA_BASE */
    rv = writeItem(fd, dsaPubKeyTemplate[2].pValue,
                   dsaPubKeyTemplate[2].ulValueLen, output_file);
    if (rv != PR_SUCCESS)
        goto cleanup;
    /* DSA Public Key value */
    rv = writeItem(fd, dsaPubKeyValue.pValue,
                   dsaPubKeyValue.ulValueLen, output_file);
    if (rv != PR_SUCCESS)
        goto cleanup;
    /* DSA SIGNATURE */
    rv = writeItem(fd, &sign, signLen, output_file);
    if (rv != PR_SUCCESS)
        goto cleanup;
    PR_Close(fd);

#ifdef USES_LINKS
    if (link_file) {
        (void)unlink(link_file);
        ret = symlink(output_file, link_file);
        if (ret < 0) {
            perror(link_file);
            goto cleanup;
        }
    }
#endif

    successful = PR_TRUE;

cleanup:
    if (pFunctionList) {
        /* C_Finalize will automatically logout, close session, */
        /* and delete the temp objects on the token */
        crv = pFunctionList->C_Finalize(NULL);
        if (crv != CKR_OK) {
            pk11error("C_Finalize failed", crv);
        }
    }
    if (pSlotList) {
        PR_Free(pSlotList);
    }
    if (pwd) {
        PL_strfree(pwd);
    }
    if (configDir) {
        PL_strfree(configDir);
    }
    if (dbPrefix) {
        PL_strfree(dbPrefix);
    }
    if (output_file) { /* allocated by mkoutput function */
        PL_strfree(output_file);
    }
#ifdef USES_LINKS
    if (link_file) { /* allocated by mkoutput function */
        PL_strfree(link_file);
    }
#endif

    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
    if (!disableUnload && lib) {
        PR_UnloadLibrary(lib);
    }
    PR_Cleanup();

    if (crv != CKR_OK)
        return crv;

    return (successful) ? 0 : 1;
}