Example #1
0
static void
decrypt(char *name)
{
	FILE *logfp = NULL, *eifp = NULL;
	int r = 0;
	char eifname[4096];
	
	if(!strcmp(name, "-")) {
		fprintf(stderr, "decrypt mode cannot work on stdin\n");
		goto err;
	} else {
		if((logfp = fopen(name, "r")) == NULL) {
			perror(name);
			goto err;
		}
		snprintf(eifname, sizeof(eifname), "%s%s", name, ENCINFO_SUFFIX);
		eifname[sizeof(eifname)-1] = '\0';
		if((eifp = fopen(eifname, "r")) == NULL) {
			perror(eifname);
			goto err;
		}
		if(eiCheckFiletype(eifp) != 0)
			goto err;
	}

	doDecrypt(logfp, eifp, stdout);

	fclose(logfp); logfp = NULL;
	fclose(eifp); eifp = NULL;
	return;

err:
	fprintf(stderr, "error %d processing file %s\n", r, name);
	if(logfp != NULL)
		fclose(logfp);
}
Example #2
0
int
main (int argc, char **argv)
{
    int		 retval = 0;  /* 0 - test succeeded.  -1 - test failed */
    SECStatus	 rv;
    PLOptState	*optstate;
    char	*program_name;
    char  *input_file = NULL; 	/* read encrypted data from here (or create) */
    char  *output_file = NULL;	/* write new encrypted data here */
    char  *log_file = NULL;	/* write new encrypted data here */
    FILE	*inFile = stdin;
    FILE	*outFile = stdout;
    FILE	*logFile = NULL;
    PLOptStatus optstatus;
    secuPWData  pwdata = { PW_NONE, NULL };


    program_name = PL_strrchr(argv[0], '/');
    program_name = program_name ? (program_name + 1) : argv[0];

    optstate = PL_CreateOptState (argc, argv, "Hd:f:i:o:l:p:?");
    if (optstate == NULL) {
	SECU_PrintError (program_name, "PL_CreateOptState failed");
	return 1;
    }

    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
	switch (optstate->option) {
	  case '?':
	    short_usage (program_name);
	    return 1;

	  case 'H':
	    long_usage (program_name);
	    return 1;

	  case 'd':
	    SECU_ConfigDirectory(optstate->value);
	    break;

          case 'i':
            input_file = PL_strdup(optstate->value);
            break;

          case 'o':
            output_file = PL_strdup(optstate->value);
            break;

          case 'l':
            log_file = PL_strdup(optstate->value);
            break;

          case 'f':
            pwdata.source = PW_FROMFILE;
            pwdata.data = PL_strdup(optstate->value);
            break;

          case 'p':
            pwdata.source = PW_PLAINTEXT;
            pwdata.data = PL_strdup(optstate->value);
            break;

	}
    }
    PL_DestroyOptState(optstate);
    if (optstatus == PL_OPT_BAD) {
	short_usage (program_name);
	return 1;
    }

    if (input_file) {
        inFile = fopen(input_file,"r");
        if (inFile == NULL) {
	    perror(input_file);
	    return 1;
        }
        PR_Free(input_file);
    }
    if (output_file) {
        outFile = fopen(output_file,"w+");
        if (outFile == NULL) {
	    perror(output_file);
	    return 1;
        }
        PR_Free(output_file);
    }
    if (log_file) {
	if (log_file[0] == '-')
	    logFile = stderr;
	else
	    logFile = fopen(log_file,"w+");
	if (logFile == NULL) {
	    perror(log_file);
	    return 1;
	}
        PR_Free(log_file);
    }

    /*
     * Initialize the Security libraries.
     */
    PK11_SetPasswordFunc(SECU_GetModulePassword);
    rv = NSS_Init(SECU_ConfigDirectory(NULL));
    if (rv != SECSuccess) {
	SECU_PrintError (program_name, "NSS_Init failed");
	retval = 1;
	goto prdone;
    }

    /* Get the encrypted result, either from the input file
     * or from encrypting the plaintext value
     */
    while (fgets(dataString, sizeof dataString, inFile)) {
	unsigned char c = dataString[0];

	if (c == 'M' && isBase64(dataString)) {
	    doDecrypt(dataString, outFile, logFile, &pwdata);
        } else if (c == '~' && isBase64(dataString + 1)) {
	    doDecode(dataString, outFile, logFile);
	} else {
	    fputs(dataString, outFile);
	}
    }
    if (pwdata.data)
    	PR_Free(pwdata.data);

    fclose(outFile);
    fclose(inFile);
    if (logFile && logFile != stderr) {
	fclose(logFile);
    }

    if (NSS_Shutdown() != SECSuccess) {
	SECU_PrintError (program_name, "NSS_Shutdown failed");
        exit(1);
    }

prdone:
    PR_Cleanup ();
    return retval;
}
int doAsymTests(
	CSSM_CSP_HANDLE cspHand, 
	privAlg palg,
	CSSM_BOOL refKeys,
	CSSM_BOOL quiet)
{
	CSSM_ALGORITHMS		keyAlg;
	CSSM_ALGORITHMS 	sigAlg;
	CSSM_ALGORITHMS		encrAlg;
	CSSM_ENCRYPT_MODE	encrMode;
	CSSM_PADDING		encrPad;
	uint32				keySizeInBits;
	const char			*keyAlgStr;

	privAlgToCssm(palg, &keyAlg, &sigAlg, &encrAlg, &encrMode, 
		&encrPad, &keySizeInBits, &keyAlgStr);

	CSSM_KEY pubKey;
	CSSM_KEY privKey;
	int irtn;
	CSSM_KEYATTR_FLAGS pubKeyAttr  = CSSM_KEYATTR_EXTRACTABLE;
	CSSM_KEYATTR_FLAGS privKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
	if(refKeys) {
		pubKeyAttr  |= CSSM_KEYATTR_RETURN_REF;
		privKeyAttr |= CSSM_KEYATTR_RETURN_REF;
	}
	else {
		pubKeyAttr  |= CSSM_KEYATTR_RETURN_DATA;
		privKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
	}

	if(!quiet) {
		printf("...testing %s with %s keys\n", keyAlgStr,
			refKeys ? "Ref" : "Raw");
		printf("   ...verifying empty Dates\n");
	}
	irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
		&pubKey,  pubKeyAttr, CSSM_KEYUSE_ANY,
		&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
		quiet,
		CSSM_FALSE, 0,		// no StartDate
		CSSM_FALSE, 0);		// no EndDate
	if(irtn) {
		return irtn;
	}
	irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
		encrPad, CSSM_OK, quiet);
	if(irtn) {
		printf("***Failure on encrypting with empty Key Dates\n");
		return irtn;
	}
	irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
		encrPad, DR_BadData, quiet);
	if(irtn) {
		printf("***Failure on decrypting with empty Key Dates\n");
		return irtn;
	}
	irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
		CSSM_OK, quiet);
	if(irtn) {
		printf("***Failure on signing with empty Key Dates\n");
		return irtn;
	}
	irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
		KD_VERIFY_FAIL_ERR, quiet);
	if(irtn) {
		printf("***Failure on verifying with empty Key Dates\n");
		return irtn;
	}
	cspFreeKey(cspHand, &pubKey);
	cspFreeKey(cspHand, &privKey);
	
	if(!quiet) {
		printf("   ...verifying Good Dates\n");
	}
	irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
		&pubKey,  pubKeyAttr, CSSM_KEYUSE_ANY,
		&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
		quiet,
		CSSM_TRUE, 0,		// StartDate = today
		CSSM_TRUE, 1);		// EndDate = tomorrow
	if(irtn) {
		return irtn;
	}
	irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
		encrPad, CSSM_OK, quiet);
	if(irtn) {
		printf("***Failure on encrypting with good Key Dates\n");
		return irtn;
	}
	irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
		encrPad, DR_BadData, quiet);
	if(irtn) {
		printf("***Failure on decrypting with Good Key Dates\n");
		return irtn;
	}
	irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
		CSSM_OK, quiet);
	if(irtn) {
		printf("***Failure on signing with Good Key Dates\n");
		return irtn;
	}
	irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
		KD_VERIFY_FAIL_ERR, quiet);
	if(irtn) {
		printf("***Failure on verifying with Good Key Dates\n");
		return irtn;
	}
	cspFreeKey(cspHand, &pubKey);
	cspFreeKey(cspHand, &privKey);
	
	if(!quiet) {
		printf("   ...verifying Bad StartDate\n");
	}
	irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
		&pubKey,  pubKeyAttr, CSSM_KEYUSE_ANY,
		&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
		quiet,
		CSSM_TRUE, 1,		// StartDate = tomorrow
		CSSM_TRUE, 1);		// EndDate = tomorrow
	if(irtn) {
		return irtn;
	}
	irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
		encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
	if(irtn) {
		printf("***Failure on encrypting with bad StartDate\n");
		return irtn;
	}
	irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
		encrPad, DR_BadStartDate, quiet);
	if(irtn) {
		printf("***Failure on decrypting with bad StartDate\n");
		return irtn;
	}
	irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
		CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
	if(irtn) {
		printf("***Failure on signing with bad StartDate\n");
		return irtn;
	}
	irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
		CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
	if(irtn) {
		printf("***Failure on verifying with bad StartDate\n");
		return irtn;
	}
	cspFreeKey(cspHand, &pubKey);
	cspFreeKey(cspHand, &privKey);

	if(!quiet) {
		printf("   ...verifying Bad EndDate\n");
	}
	irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
		&pubKey,  pubKeyAttr, CSSM_KEYUSE_ANY,
		&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
		quiet,
		CSSM_TRUE, 0,		// StartDate = today
		CSSM_TRUE, -1);		// EndDate = yesterday
	if(irtn) {
		return irtn;
	}
	irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
		encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
	if(irtn) {
		printf("***Failure on encrypting with bad EndDate\n");
		return irtn;
	}
	irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
		encrPad, DR_BadEndDate, quiet);
	if(irtn) {
		printf("***Failure on decrypting with bad EndDate\n");
		return irtn;
	}
	irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
		CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
	if(irtn) {
		printf("***Failure on signing with bad EndDate\n");
		return irtn;
	}
	irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
		CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
	if(irtn) {
		printf("***Failure on verifying with bad EndDate\n");
		return irtn;
	}
	cspFreeKey(cspHand, &pubKey);
	cspFreeKey(cspHand, &privKey);

	return 0;
}