static void
decrypt(char *name)
{
FILE *logfp = NULL, *eifp = NULL;
int r = 0;
char eifname[4096];
if(!strcmp(name, "-")) {
fprintf(stderr, "decrypt mode cannot work on stdin\n");
goto err;
} else {
if((logfp = fopen(name, "r")) == NULL) {
perror(name);
goto err;
}
snprintf(eifname, sizeof(eifname), "%s%s", name, ENCINFO_SUFFIX);
eifname[sizeof(eifname)-1] = '\0';
if((eifp = fopen(eifname, "r")) == NULL) {
perror(eifname);
goto err;
}
if(eiCheckFiletype(eifp) != 0)
goto err;
}
doDecrypt(logfp, eifp, stdout);
fclose(logfp); logfp = NULL;
fclose(eifp); eifp = NULL;
return;
err:
fprintf(stderr, "error %d processing file %s\n", r, name);
if(logfp != NULL)
fclose(logfp);
}
int
main (int argc, char **argv)
{
int retval = 0; /* 0 - test succeeded. -1 - test failed */
SECStatus rv;
PLOptState *optstate;
char *program_name;
char *input_file = NULL; /* read encrypted data from here (or create) */
char *output_file = NULL; /* write new encrypted data here */
char *log_file = NULL; /* write new encrypted data here */
FILE *inFile = stdin;
FILE *outFile = stdout;
FILE *logFile = NULL;
PLOptStatus optstatus;
secuPWData pwdata = { PW_NONE, NULL };
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
optstate = PL_CreateOptState (argc, argv, "Hd:f:i:o:l:p:?");
if (optstate == NULL) {
SECU_PrintError (program_name, "PL_CreateOptState failed");
return 1;
}
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
short_usage (program_name);
return 1;
case 'H':
long_usage (program_name);
return 1;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
input_file = PL_strdup(optstate->value);
break;
case 'o':
output_file = PL_strdup(optstate->value);
break;
case 'l':
log_file = PL_strdup(optstate->value);
break;
case 'f':
pwdata.source = PW_FROMFILE;
pwdata.data = PL_strdup(optstate->value);
break;
case 'p':
pwdata.source = PW_PLAINTEXT;
pwdata.data = PL_strdup(optstate->value);
break;
}
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD) {
short_usage (program_name);
return 1;
}
if (input_file) {
inFile = fopen(input_file,"r");
if (inFile == NULL) {
perror(input_file);
return 1;
}
PR_Free(input_file);
}
if (output_file) {
outFile = fopen(output_file,"w+");
if (outFile == NULL) {
perror(output_file);
return 1;
}
PR_Free(output_file);
}
if (log_file) {
if (log_file[0] == '-')
logFile = stderr;
else
logFile = fopen(log_file,"w+");
if (logFile == NULL) {
perror(log_file);
return 1;
}
PR_Free(log_file);
}
/*
* Initialize the Security libraries.
*/
PK11_SetPasswordFunc(SECU_GetModulePassword);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
SECU_PrintError (program_name, "NSS_Init failed");
retval = 1;
goto prdone;
}
/* Get the encrypted result, either from the input file
* or from encrypting the plaintext value
*/
while (fgets(dataString, sizeof dataString, inFile)) {
unsigned char c = dataString[0];
if (c == 'M' && isBase64(dataString)) {
doDecrypt(dataString, outFile, logFile, &pwdata);
} else if (c == '~' && isBase64(dataString + 1)) {
doDecode(dataString, outFile, logFile);
} else {
fputs(dataString, outFile);
}
}
if (pwdata.data)
PR_Free(pwdata.data);
fclose(outFile);
fclose(inFile);
if (logFile && logFile != stderr) {
fclose(logFile);
}
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError (program_name, "NSS_Shutdown failed");
exit(1);
}
prdone:
PR_Cleanup ();
return retval;
}
int doAsymTests(
CSSM_CSP_HANDLE cspHand,
privAlg palg,
CSSM_BOOL refKeys,
CSSM_BOOL quiet)
{
CSSM_ALGORITHMS keyAlg;
CSSM_ALGORITHMS sigAlg;
CSSM_ALGORITHMS encrAlg;
CSSM_ENCRYPT_MODE encrMode;
CSSM_PADDING encrPad;
uint32 keySizeInBits;
const char *keyAlgStr;
privAlgToCssm(palg, &keyAlg, &sigAlg, &encrAlg, &encrMode,
&encrPad, &keySizeInBits, &keyAlgStr);
CSSM_KEY pubKey;
CSSM_KEY privKey;
int irtn;
CSSM_KEYATTR_FLAGS pubKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
CSSM_KEYATTR_FLAGS privKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
if(refKeys) {
pubKeyAttr |= CSSM_KEYATTR_RETURN_REF;
privKeyAttr |= CSSM_KEYATTR_RETURN_REF;
}
else {
pubKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
privKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
}
if(!quiet) {
printf("...testing %s with %s keys\n", keyAlgStr,
refKeys ? "Ref" : "Raw");
printf(" ...verifying empty Dates\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_FALSE, 0, // no StartDate
CSSM_FALSE, 0); // no EndDate
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypting with empty Key Dates\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadData, quiet);
if(irtn) {
printf("***Failure on decrypting with empty Key Dates\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSM_OK, quiet);
if(irtn) {
printf("***Failure on signing with empty Key Dates\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
KD_VERIFY_FAIL_ERR, quiet);
if(irtn) {
printf("***Failure on verifying with empty Key Dates\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Good Dates\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, 1); // EndDate = tomorrow
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypting with good Key Dates\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadData, quiet);
if(irtn) {
printf("***Failure on decrypting with Good Key Dates\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSM_OK, quiet);
if(irtn) {
printf("***Failure on signing with Good Key Dates\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
KD_VERIFY_FAIL_ERR, quiet);
if(irtn) {
printf("***Failure on verifying with Good Key Dates\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Bad StartDate\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 1, // StartDate = tomorrow
CSSM_TRUE, 1); // EndDate = tomorrow
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on encrypting with bad StartDate\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadStartDate, quiet);
if(irtn) {
printf("***Failure on decrypting with bad StartDate\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on signing with bad StartDate\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on verifying with bad StartDate\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Bad EndDate\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, -1); // EndDate = yesterday
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on encrypting with bad EndDate\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadEndDate, quiet);
if(irtn) {
printf("***Failure on decrypting with bad EndDate\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on signing with bad EndDate\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on verifying with bad EndDate\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
return 0;
}