/* decrypt using private key */ static int rt_decrypt(opParams *op) { CSSM_KEY privKey; int irtn; CSSM_DATA ptext; CSSM_DATA ctext; CSSM_RETURN crtn; switch(op->keyAlg) { case CSSM_ALGID_RSA: /* only supported algorithm for decryption */ break; default: printf("Can only decrypt with RSA. Aborting.\n"); return 1; } if(op->keyFileName == NULL) { printf("***Need a keyFileName to decrypt.\n"); return 1; } if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) { printf("***Need plainFileName and cipherFileName to decrypt.\n"); return 1; } irtn = rt_readKey(op->cspHandle, op->keyFileName, CSSM_FALSE, // isPub op->keyAlg, &privKey); if(irtn) { return irtn; } irtn = readFile(op->cipherFileName, &ctext.Data, (unsigned *)&ctext.Length); if(irtn) { printf("***Error reading %s\n", op->cipherFileName); return irtn; } crtn = cdsaDecrypt(op->cspHandle, &privKey, &ctext, &ptext); if(crtn) { return 1; } irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length); if(irtn) { printf("***Error writing %s\n", op->cipherFileName); } else { printf("...wrote %u bytes to %s\n", (unsigned)ptext.Length, op->plainFileName); } cdsaFreeKey(op->cspHandle, &privKey); free(ctext.Data); // allocd by readFile free(ptext.Data); // allocd by CSP return irtn; }
static int rt_convertPubKey(opParams *op) { CSSM_RETURN crtn; int irtn; CSSM_KEY pubKeyIn; CSSM_KEY pubKeyOut; CSSM_KEY refKey; char fileName[KEY_FILE_NAME_MAX_LEN]; if((op->keyFileName == NULL) || (op->outKeyFileName == NULL)) { printf("***I need input and output key file names for public key concersion.\n"); return 1; } irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, op->pubKeyFormat, &pubKeyIn); if(irtn) { return irtn; } crtn = cspRawKeyToRef(op->cspHand, &pubKeyIn, &refKey); if(crtn) { printf("***Error on NULL unwrap of %s\n", op->keyFileName); return -1; } crtn = nullWrapKey(op->cspHand, &refKey, op->outPubKeyFormat, &pubKeyOut); if(crtn) { printf("***Error on NULL wrap\n"); return 1; } /* write the blobs */ rtKeyFileName(op->outKeyFileName, CSSM_TRUE, fileName); irtn = writeFile(fileName, pubKeyOut.KeyData.Data, pubKeyOut.KeyData.Length); if(irtn) { printf("***Error %d writing to %s\n", irtn, fileName); return irtn; } if(!op->quiet) { printf("...wrote %lu bytes to %s\n", pubKeyOut.KeyData.Length, fileName); } cspFreeKey(op->cspHand, &pubKeyOut); free(pubKeyIn.KeyData.Data); cspFreeKey(op->cspHand, &refKey); return 0; }
static int rt_verify(opParams *op) { CSSM_KEY pubKey; int irtn; CSSM_DATA ptext; CSSM_DATA sig; CSSM_RETURN crtn; CSSM_ALGORITHMS alg; unsigned len; if(op->keyFileName == NULL) { printf("***Need a keyFileName to verify.\n"); return 1; } if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { printf("***Need plainFileName and sigFileName to verify.\n"); return 1; } irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, op->pubKeyFormat, &pubKey); if(irtn) { return irtn; } irtn = readFile(op->plainFileName, &ptext.Data, &len); if(irtn) { printf("***Error reading %s\n", op->plainFileName); return irtn; } ptext.Length = len; irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length); if(irtn) { printf("***Error reading %s\n", op->sigFileName); return irtn; } switch(op->alg) { case CSSM_ALGID_RSA: if(op->rawSign) { alg = CSSM_ALGID_RSA; } else { alg = CSSM_ALGID_SHA1WithRSA; } break; case CSSM_ALGID_DSA: alg = CSSM_ALGID_SHA1WithDSA; break; case CSSM_ALGID_ECDSA: if(op->rawSign) { alg = CSSM_ALGID_ECDSA; } else { alg = CSSM_ALGID_SHA1WithECDSA; } break; default: printf("Hey! Try another alg!\n"); exit(1); } crtn = sigVerify(op->cspHand, alg, &pubKey, &ptext, &sig, op->digestAlg, op->noPad); if(crtn) { printError("sigVerify", crtn); irtn = 1; } else if(!op->quiet){ printf("...signature verifies OK\n"); irtn = 0; } free(pubKey.KeyData.Data); // allocd by rt_readKey --> readFile free(ptext.Data); // allocd by readFile free(sig.Data); // ditto return irtn; }
static int rt_sign(opParams *op) { CSSM_KEY privKey; int irtn; CSSM_DATA ptext; CSSM_DATA sig; CSSM_RETURN crtn; CSSM_ALGORITHMS alg; unsigned len; if(op->keyFileName == NULL) { printf("***Need a keyFileName to sign.\n"); return 1; } if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { printf("***Need plainFileName and sigFileName to sign.\n"); return 1; } irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_FALSE, op->alg, op->privKeyFormat, &privKey); if(irtn) { return irtn; } irtn = readFile(op->plainFileName, &ptext.Data, &len); if(irtn) { printf("***Error reading %s\n", op->plainFileName); return irtn; } ptext.Length = len; sig.Data = NULL; sig.Length = 0; switch(op->alg) { case CSSM_ALGID_RSA: if(op->rawSign) { alg = CSSM_ALGID_RSA; } else { alg = CSSM_ALGID_SHA1WithRSA; } break; case CSSM_ALGID_DSA: alg = CSSM_ALGID_SHA1WithDSA; break; case CSSM_ALGID_ECDSA: if(op->rawSign) { alg = CSSM_ALGID_ECDSA; } else { alg = CSSM_ALGID_SHA1WithECDSA; } break; default: printf("Hey! Try another alg!\n"); exit(1); } crtn = sigSign(op->cspHand, alg, &privKey, &ptext, &sig, op->digestAlg, op->noPad); if(crtn) { printError("cspSign", crtn); return 1; } irtn = writeFile(op->sigFileName, sig.Data, sig.Length); if(irtn) { printf("***Error writing %s\n", op->sigFileName); } else if(!op->quiet) { printf("...wrote %lu bytes to %s\n", sig.Length, op->sigFileName); } free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile free(ptext.Data); // allocd by readFile appFreeCssmData(&sig, CSSM_FALSE); // by CSP return irtn; }
/* decrypt using private key */ static int rt_decrypt(opParams *op) { CSSM_KEY privKey; int irtn; CSSM_DATA ptext; CSSM_DATA ctext; CSSM_RETURN crtn; CSSM_BOOL isPub; CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE; CSSM_KEYBLOB_FORMAT format = op->privKeyFormat; unsigned len; if(op->keyFileName == NULL) { printf("***Need a keyFileName to decrypt.\n"); return 1; } if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) { printf("***Need plainFileName and cipherFileName to decrypt.\n"); return 1; } if(op->swapKeyClass) { isPub = CSSM_TRUE; mode = CSSM_ALGMODE_PUBLIC_KEY; format = op->pubKeyFormat; } else { isPub = CSSM_FALSE; } irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg, format, &privKey); if(irtn) { return irtn; } irtn = readFile(op->cipherFileName, &ctext.Data, &len); if(irtn) { printf("***Error reading %s\n", op->cipherFileName); return irtn; } ctext.Length = len; ptext.Data = NULL; ptext.Length = 0; crtn = cspDecrypt(op->cspHand, op->alg, mode, op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1, &privKey, NULL, 0, // effectiveKeySize 0, // rounds NULL, // initVector &ctext, &ptext, CSSM_FALSE); // mallocCtext if(crtn) { return 1; } irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length); if(irtn) { printf("***Error writing %s\n", op->cipherFileName); } else { if(!op->quiet) { printf("...wrote %lu bytes to %s\n", ptext.Length, op->plainFileName); } } free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile free(ctext.Data); // allocd by readFile appFreeCssmData(&ptext, CSSM_FALSE); // by CSP return irtn; }
static int rt_stagedVerify(opParams *op) { CSSM_KEY pubKey; int irtn; unsigned char inBuf[IN_BUF_SIZE]; // raw infile data CSSM_DATA inData; CSSM_DATA sig; CSSM_RETURN crtn; CSSM_ALGORITHMS sigAlg; ssize_t thisMove; CSSM_CC_HANDLE ccHandle; if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { printf("***Need plainFileName and sigFileName to verify.\n"); return 1; } /* get public key for signing */ if(op->keyFileName == NULL) { printf("***Need a keyFileName to verify.\n"); return 1; } irtn = rt_readKey(op->cspHandle, op->keyFileName, CSSM_TRUE, // isPub - sign with private key op->keyAlg, &pubKey); if(irtn) { return irtn; } /* get existing signature from file */ irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length); if(irtn) { printf("***Error reading %s\n", op->sigFileName); return irtn; } /* open plainFileName for reading */ int inFileFd = open(op->plainFileName, O_RDONLY, 0); if(inFileFd <= 0) { perror(op->plainFileName); return 1; } irtn = lseek(inFileFd, 0, SEEK_SET); if(irtn < 0) { perror(op->plainFileName); return 1; } /* infer signature algorithm from key alg */ switch(op->keyAlg) { case CSSM_ALGID_RSA: sigAlg = CSSM_ALGID_SHA1WithRSA; break; case CSSM_ALGID_DSA: sigAlg = CSSM_ALGID_SHA1WithDSA; break; default: printf("Hey! Try another alg!\n"); exit(1); } /* obtain a signature context */ crtn = cdsaStagedSignVerifyInit(op->cspHandle, &pubKey, sigAlg, SO_Verify, &ccHandle); if(crtn) { cssmPerror("cdsaStagedSignVerifyInit", crtn); return -1; } for(;;) { /* read up to IN_BUF_SUZE bytes */ thisMove = read(inFileFd, inBuf, IN_BUF_SIZE); if(thisMove < 0) { perror("read"); return 1; } inData.Data = inBuf; inData.Length = thisMove; /* Assume "final" if we read less than we asked for */ CSSM_DATA_PTR sigPtr = (thisMove == IN_BUF_SIZE) ? NULL : &sig; crtn = cdsaStagedVerify(ccHandle, &inData, sigPtr); if(sigPtr) { /* note we don't display possible sig verify error here */ break; } if(crtn) { cssmPerror("cdsaStagedVerify", crtn); return 1; } } close(inFileFd); if(crtn) { cssmPerror("sigVerify", crtn); irtn = 1; } else { printf("...signature verifies OK\n"); irtn = 0; } cdsaFreeKey(op->cspHandle, &pubKey); free(sig.Data); // allocd by readFile return irtn; }
static int rt_verify(opParams *op) { CSSM_KEY pubKey; int irtn; CSSM_DATA ptext; CSSM_DATA sig; CSSM_RETURN crtn; CSSM_ALGORITHMS sigAlg; if(op->keyFileName == NULL) { printf("***Need a keyFileName to verify.\n"); return 1; } if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { printf("***Need plainFileName and sigFileName to verify.\n"); return 1; } irtn = rt_readKey(op->cspHandle, op->keyFileName, CSSM_TRUE, // isPub - verify with public key op->keyAlg, &pubKey); if(irtn) { return irtn; } /* obtain text to verify and signature */ irtn = readFile(op->plainFileName, &ptext.Data, (unsigned *)&ptext.Length); if(irtn) { printf("***Error reading %s\n", op->plainFileName); return irtn; } irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length); if(irtn) { printf("***Error reading %s\n", op->sigFileName); return irtn; } switch(op->keyAlg) { case CSSM_ALGID_RSA: sigAlg = CSSM_ALGID_SHA1WithRSA; break; case CSSM_ALGID_DSA: sigAlg = CSSM_ALGID_SHA1WithDSA; break; default: printf("Hey! Try another alg!\n"); exit(1); } crtn = cdsaVerify(op->cspHandle, &pubKey, sigAlg, &ptext, &sig); if(crtn) { cssmPerror("sigVerify", crtn); return 1; } else { printf("...signature verifies OK\n"); irtn = 0; } cdsaFreeKey(op->cspHandle, &pubKey); free(ptext.Data); // allocd by readFile free(sig.Data); // ditto return irtn; }
static int rt_sign(opParams *op) { CSSM_KEY privKey; int irtn; CSSM_DATA ptext; CSSM_DATA sig; CSSM_RETURN crtn; CSSM_ALGORITHMS sigAlg; if(op->keyFileName == NULL) { printf("***Need a keyFileName to sign.\n"); return 1; } if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { printf("***Need plainFileName and sigFileName to sign.\n"); return 1; } irtn = rt_readKey(op->cspHandle, op->keyFileName, CSSM_FALSE, // isPub - sign with private key op->keyAlg, &privKey); if(irtn) { return irtn; } irtn = readFile(op->plainFileName, &ptext.Data, (unsigned *)&ptext.Length); if(irtn) { printf("***Error reading %s\n", op->plainFileName); return irtn; } sig.Data = NULL; sig.Length = 0; switch(op->keyAlg) { case CSSM_ALGID_RSA: sigAlg = CSSM_ALGID_SHA1WithRSA; break; case CSSM_ALGID_DSA: sigAlg = CSSM_ALGID_SHA1WithDSA; break; default: printf("Hey! Try another alg!\n"); exit(1); } crtn = cdsaSign(op->cspHandle, &privKey, sigAlg, &ptext, &sig); if(crtn) { cssmPerror("cdsaSign", crtn); return 1; } irtn = writeFile(op->sigFileName, sig.Data, sig.Length); if(irtn) { printf("***Error writing %s\n", op->sigFileName); } else { printf("...wrote %u bytes to %s\n", (unsigned)sig.Length, op->sigFileName); } cdsaFreeKey(op->cspHandle, &privKey); free(ptext.Data); // allocd by readFile free(sig.Data); // allocd by CSP return irtn; }