// ---------------------------------------------------------------------------
// CMccCryptoContextContainer::CreateContext
// ---------------------------------------------------------------------------
//
TInt CMccCryptoContextContainer::CreateContext( const TMccSrtpMasterKey& aMasterKey,
const TMccSrtpMasterSalt& aSaltKey,
TUint32& aContextId,
const TMccSrtpCryptoParams& aCryptoParams )
{
__INTERFACE( "CMccCryptoContextContainer::CreateContext" )
TUint32 contextId( GenerateContextId() );
TMccCryptoContext cryptoContext( contextId,
aMasterKey,
aSaltKey,
aCryptoParams );
TInt error( cryptoContext.ValidateContext() );
if ( KErrNone == error )
{
error = iContextArray.Append( cryptoContext );
aContextId = contextId;
}
return error;
}
//
// Key encryption tests.
//
void keyBlobs()
{
printf("* Keyblob encryption test\n");
CssmAllocator &alloc = CssmAllocator::standard();
ClientSession ss(alloc, alloc);
DLDbIdentifier dbId1(ssuid, "/tmp/one", NULL);
DBParameters initialParams1 = { 3600, false };
// create a new database
DbHandle db = ss.createDb(dbId1, NULL, NULL, initialParams1);
detail("Database created");
// establish an ACL for the key
StringData theAclPassword("Strenge Geheimsache");
AclEntryPrototype initialAcl;
initialAcl.TypedSubject = TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PASSWORD,
new(alloc) ListElement(theAclPassword));
AclEntryInput initialAclInput(initialAcl);
AutoCredentials cred(alloc);
cred += TypedList(alloc, CSSM_SAMPLE_TYPE_PASSWORD,
new(alloc) ListElement(theAclPassword));
// generate a key
const CssmCryptoData seed(StringData("Farmers' day"));
FakeContext genContext(CSSM_ALGCLASS_KEYGEN, CSSM_ALGID_DES,
&::Context::Attr(CSSM_ATTRIBUTE_KEY_LENGTH, 64),
&::Context::Attr(CSSM_ATTRIBUTE_SEED, seed),
NULL);
KeyHandle key;
CssmKey::Header header;
ss.generateKey(db, genContext, CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
/*cred*/NULL, &initialAclInput, key, header);
detail("Key generated");
// encrypt with the key
StringData clearText("Yet another boring cleartext sample string text sequence.");
StringData iv("Aardvark");
CssmKey nullKey; memset(&nullKey, 0, sizeof(nullKey));
FakeContext cryptoContext(CSSM_ALGCLASS_SYMMETRIC, CSSM_ALGID_DES,
&::Context::Attr(CSSM_ATTRIBUTE_KEY, nullKey),
&::Context::Attr(CSSM_ATTRIBUTE_INIT_VECTOR, iv),
&::Context::Attr(CSSM_ATTRIBUTE_MODE, CSSM_ALGMODE_CBC_IV8),
&::Context::Attr(CSSM_ATTRIBUTE_PADDING, CSSM_PADDING_PKCS1),
&::Context::Attr(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, cred),
NULL);
CssmData cipherText;
ss.encrypt(cryptoContext, key, clearText, cipherText);
detail("Plaintext encrypted with original key");
// encode the key and release it
CssmData blob;
ss.encodeKey(key, blob);
ss.releaseKey(key);
detail("Key encoded and released");
// decode it again, re-introducing it
CssmKey::Header decodedHeader;
KeyHandle key2 = ss.decodeKey(db, blob, decodedHeader);
detail("Key decoded");
// decrypt with decoded key
CssmData recovered;
ss.decrypt(cryptoContext, key2, cipherText, recovered);
assert(recovered == clearText);
detail("Decoded key correctly decrypts ciphertext");
// check a few header fields
if (!memcmp(&header, &decodedHeader, sizeof(header))) {
detail("All header fields match");
} else {
assert(header.algorithm() == decodedHeader.algorithm());
assert(header.blobType() == decodedHeader.blobType());
assert(header.blobFormat() == decodedHeader.blobFormat());
assert(header.keyClass() == decodedHeader.keyClass());
assert(header.attributes() == decodedHeader.attributes());
assert(header.usage() == decodedHeader.usage());
printf("Some header fields differ (probably okay)\n");
}
// make sure we need the credentials (destructive)
memset(&cred, 0, sizeof(cred));
try {
ss.decrypt(cryptoContext, key2, cipherText, recovered);
error("RESTORED ACL FAILS TO RESTRICT");
} catch (CssmError &err) {
detail(err, "Restored key restricts access properly");
}
}
