int doAsymTests(
CSSM_CSP_HANDLE cspHand,
privAlg palg,
CSSM_BOOL refKeys,
CSSM_BOOL quiet)
{
CSSM_ALGORITHMS keyAlg;
CSSM_ALGORITHMS sigAlg;
CSSM_ALGORITHMS encrAlg;
CSSM_ENCRYPT_MODE encrMode;
CSSM_PADDING encrPad;
uint32 keySizeInBits;
const char *keyAlgStr;
privAlgToCssm(palg, &keyAlg, &sigAlg, &encrAlg, &encrMode,
&encrPad, &keySizeInBits, &keyAlgStr);
CSSM_KEY pubKey;
CSSM_KEY privKey;
int irtn;
CSSM_KEYATTR_FLAGS pubKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
CSSM_KEYATTR_FLAGS privKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
if(refKeys) {
pubKeyAttr |= CSSM_KEYATTR_RETURN_REF;
privKeyAttr |= CSSM_KEYATTR_RETURN_REF;
}
else {
pubKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
privKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
}
if(!quiet) {
printf("...testing %s with %s keys\n", keyAlgStr,
refKeys ? "Ref" : "Raw");
printf(" ...verifying empty Dates\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_FALSE, 0, // no StartDate
CSSM_FALSE, 0); // no EndDate
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypting with empty Key Dates\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadData, quiet);
if(irtn) {
printf("***Failure on decrypting with empty Key Dates\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSM_OK, quiet);
if(irtn) {
printf("***Failure on signing with empty Key Dates\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
KD_VERIFY_FAIL_ERR, quiet);
if(irtn) {
printf("***Failure on verifying with empty Key Dates\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Good Dates\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, 1); // EndDate = tomorrow
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypting with good Key Dates\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadData, quiet);
if(irtn) {
printf("***Failure on decrypting with Good Key Dates\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSM_OK, quiet);
if(irtn) {
printf("***Failure on signing with Good Key Dates\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
KD_VERIFY_FAIL_ERR, quiet);
if(irtn) {
printf("***Failure on verifying with Good Key Dates\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Bad StartDate\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 1, // StartDate = tomorrow
CSSM_TRUE, 1); // EndDate = tomorrow
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on encrypting with bad StartDate\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadStartDate, quiet);
if(irtn) {
printf("***Failure on decrypting with bad StartDate\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on signing with bad StartDate\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on verifying with bad StartDate\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
if(!quiet) {
printf(" ...verifying Bad EndDate\n");
}
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, -1); // EndDate = yesterday
if(irtn) {
return irtn;
}
irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on encrypting with bad EndDate\n");
return irtn;
}
irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
encrPad, DR_BadEndDate, quiet);
if(irtn) {
printf("***Failure on decrypting with bad EndDate\n");
return irtn;
}
irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on signing with bad EndDate\n");
return irtn;
}
irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on verifying with bad EndDate\n");
return irtn;
}
cspFreeKey(cspHand, &pubKey);
cspFreeKey(cspHand, &privKey);
return 0;
}
int main(int argc, char* argv[]) {
int rounds = DEFAULT_ROUNDS, chrTblIndex = 0, c;
char *outFile = NULL;
char *inFile = NULL;
char *encKey = NULL;
enum ENCTASK encTask = ENC_ENCRYPT;
while ( ( c = getopt(argc, argv, "n:o:t:ved") ) != -1 ) {
switch(c) {
case 'e':
encTask = ENC_ENCRYPT;
break;
case 'd':
encTask = ENC_DECRYPT;
break;
case 'n':
rounds = atoi(optarg);
if (rounds < 1) {
fprintf(stderr, "Rounds need to be a positive number.\n");
exit(1);
}
break;
case 't':
chrTblIndex = atoi(optarg);
if (chrTblIndex < 0) {
fprintf(stderr, "Character table index cannot be a negative number.\n");
exit(1);
}
break;
case 'o':
outFile = (char*) malloc(sizeof(char) * strlen(optarg) + 1);
strncpy(outFile, optarg, strlen(optarg));
break;
case 'v':
verbose = 1;
break;
case ':':
fprintf(stderr, "The option %c requires an argument.\n", optopt);
exit(1);
break;
case '?':
showUsage(argv[0]);
break;
}
}
if (argv[optind] != NULL) {
inFile = (char*) malloc(sizeof(char) * strlen(argv[optind]) + 1);
strncpy(inFile, argv[optind], strlen(argv[optind]));
}
genRandKey(&encKey);
doEncrypt(inFile, outFile, rounds, encKey, encTask);
if (verbose) {
fprintf(stderr, "%s %ld characters out of %ld characters (%ld%%).\n",
(encTask == ENC_ENCRYPT) ? "Encrypted" : "Decrypted", cryptedChrCnt,
totalChrCnt, (cryptedChrCnt * 100) / totalChrCnt);
}
if (outFile != NULL) free(outFile);
if (inFile != NULL) free(inFile);
if (encKey != NULL) free(encKey);
return 0;
}
int doStoreTests(
CSSM_CSP_HANDLE cspHand, // must be CSPDL
CSSM_DL_DB_HANDLE dlDbHand,
privAlg palg,
CSSM_BOOL isAsym,
CSSM_BOOL quiet)
{
CSSM_ALGORITHMS keyAlg;
CSSM_ALGORITHMS signAlg;
CSSM_ALGORITHMS encrAlg;
CSSM_ENCRYPT_MODE encrMode;
CSSM_PADDING encrPad;
uint32 keySizeInBits;
const char *keyAlgStr;
privAlgToCssm(palg, &keyAlg, &signAlg, &encrAlg, &encrMode,
&encrPad, &keySizeInBits, &keyAlgStr);
CSSM_KEY symKey;
CSSM_KEY privKey;
CSSM_KEY pubKey;
int irtn;
CSSM_KEY_PTR lookupKey = NULL; // obtained from DB
CSSM_KEY_PTR compareKey; // &symKey or &pubKey
CT_KeyType lookupType;
CSSM_KEYATTR_FLAGS pubKeyAttr =
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE |
CSSM_KEYATTR_PERMANENT;
CSSM_KEYATTR_FLAGS privKeyAttr =
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT;
if(!quiet) {
printf("...testing %s key storage\n", keyAlgStr);
printf(" ...verifying empty Dates\n");
}
if(isAsym) {
lookupType = CKT_Public;
compareKey = &pubKey;
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_FALSE, 0, // no StartDate
CSSM_FALSE, 0, // no EndDate
&dlDbHand);
}
else {
lookupType = CKT_Session;
compareKey = &symKey;
irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
keySizeInBits,
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
CSSM_KEYUSE_ANY, quiet,
CSSM_FALSE, 0, // no StartDate
CSSM_FALSE, 0, // no EndDate
&dlDbHand);
}
if(irtn) {
return irtn;
}
/*
* fetch stored key from DB, ensure it has same start/end date
*/
if(fetchStoredKey(dlDbHand, lookupType,
compareKey, "Store key with empty Dates", quiet,
&lookupKey)) {
return 1;
}
/* quickie test, use it for encrypt */
irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypt, lookup with empty Key Dates\n");
return irtn;
}
/* free and delete everything */
if(isAsym) {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &pubKey);
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &privKey);
}
else {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &symKey);
}
cspFreeKey(cspHand, lookupKey);
/*********************/
if(!quiet) {
printf(" ...verifying Good Dates\n");
}
if(isAsym) {
lookupType = CKT_Public;
compareKey = &pubKey;
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, 1, // EndDate = tomorrow
&dlDbHand);
}
else {
lookupType = CKT_Session;
compareKey = &symKey;
irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
keySizeInBits,
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
CSSM_KEYUSE_ANY, quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, 1, // EndDate = tomorrow
&dlDbHand);
}
if(irtn) {
return irtn;
}
/*
* fetch stored key from DB, ensure it has same start/end date
*/
if(fetchStoredKey(dlDbHand, lookupType,
compareKey, "Store key with Good Dates", quiet,
&lookupKey)) {
return 1;
}
/* quickie test, use it for encrypt */
irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
encrPad, CSSM_OK, quiet);
if(irtn) {
printf("***Failure on encrypt, lookup with Good Key Dates\n");
return irtn;
}
/* free and delete everything */
if(isAsym) {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &pubKey);
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &privKey);
}
else {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &symKey);
}
cspFreeKey(cspHand, lookupKey);
/*********************/
if(!quiet) {
printf(" ...verifying Bad StartDate\n");
}
if(isAsym) {
lookupType = CKT_Public;
compareKey = &pubKey;
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 1, // StartDate = tomorrow
CSSM_TRUE, 1, // EndDate = tomorrow
&dlDbHand);
}
else {
lookupType = CKT_Session;
compareKey = &symKey;
irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
keySizeInBits,
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
CSSM_KEYUSE_ANY, quiet,
CSSM_TRUE, 1, // StartDate = tomorrow
CSSM_TRUE, 1, // EndDate = tomorrow
&dlDbHand);
}
if(irtn) {
return irtn;
}
/*
* fetch stored key from DB, ensure it has same start/end date
*/
if(fetchStoredKey(dlDbHand, lookupType,
compareKey, "Store key with Bad StartDate", quiet,
&lookupKey)) {
return 1;
}
/* quickie test, use it for encrypt */
irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
if(irtn) {
printf("***Failure on encrypt, lookup with Bad Start Dates\n");
return irtn;
}
/* free and delete everything */
if(isAsym) {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &pubKey);
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &privKey);
}
else {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &symKey);
}
cspFreeKey(cspHand, lookupKey);
/*********************/
if(!quiet) {
printf(" ...verifying Bad EndDate\n");
}
if(isAsym) {
lookupType = CKT_Public;
compareKey = &pubKey;
irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
&pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
&privKey, privKeyAttr, CSSM_KEYUSE_ANY,
quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, -1, // EndDate = yesterday
&dlDbHand);
}
else {
lookupType = CKT_Session;
compareKey = &symKey;
irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
keySizeInBits,
CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
CSSM_KEYUSE_ANY, quiet,
CSSM_TRUE, 0, // StartDate = today
CSSM_TRUE, -1, // EndDate = yesterday
&dlDbHand);
}
if(irtn) {
return irtn;
}
/*
* fetch stored key from DB, ensure it has same start/end date
*/
if(fetchStoredKey(dlDbHand, lookupType,
compareKey, "Store key with Bad EndDate", quiet,
&lookupKey)) {
return 1;
}
/* quickie test, use it for encrypt */
irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
if(irtn) {
printf("***Failure on encrypt, lookup with Bad End Dates\n");
return irtn;
}
/* free and delete everything */
if(isAsym) {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &pubKey);
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &privKey);
}
else {
cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
&keyLabelData, &symKey);
}
cspFreeKey(cspHand, lookupKey);
return 0;
}
