/* decrypt using private key */
static int rt_decrypt(opParams *op)
{
CSSM_KEY privKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA ctext;
CSSM_RETURN crtn;
switch(op->keyAlg) {
case CSSM_ALGID_RSA:
/* only supported algorithm for decryption */
break;
default:
printf("Can only decrypt with RSA. Aborting.\n");
return 1;
}
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to decrypt.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) {
printf("***Need plainFileName and cipherFileName to decrypt.\n");
return 1;
}
irtn = rt_readKey(op->cspHandle,
op->keyFileName,
CSSM_FALSE, // isPub
op->keyAlg,
&privKey);
if(irtn) {
return irtn;
}
irtn = readFile(op->cipherFileName, &ctext.Data,
(unsigned *)&ctext.Length);
if(irtn) {
printf("***Error reading %s\n", op->cipherFileName);
return irtn;
}
crtn = cdsaDecrypt(op->cspHandle,
&privKey,
&ctext,
&ptext);
if(crtn) {
return 1;
}
irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length);
if(irtn) {
printf("***Error writing %s\n", op->cipherFileName);
}
else {
printf("...wrote %u bytes to %s\n",
(unsigned)ptext.Length, op->plainFileName);
}
cdsaFreeKey(op->cspHandle, &privKey);
free(ctext.Data); // allocd by readFile
free(ptext.Data); // allocd by CSP
return irtn;
}
static int rt_convertPubKey(opParams *op)
{
CSSM_RETURN crtn;
int irtn;
CSSM_KEY pubKeyIn;
CSSM_KEY pubKeyOut;
CSSM_KEY refKey;
char fileName[KEY_FILE_NAME_MAX_LEN];
if((op->keyFileName == NULL) || (op->outKeyFileName == NULL)) {
printf("***I need input and output key file names for public key concersion.\n");
return 1;
}
irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg,
op->pubKeyFormat, &pubKeyIn);
if(irtn) {
return irtn;
}
crtn = cspRawKeyToRef(op->cspHand, &pubKeyIn, &refKey);
if(crtn) {
printf("***Error on NULL unwrap of %s\n", op->keyFileName);
return -1;
}
crtn = nullWrapKey(op->cspHand, &refKey, op->outPubKeyFormat, &pubKeyOut);
if(crtn) {
printf("***Error on NULL wrap\n");
return 1;
}
/* write the blobs */
rtKeyFileName(op->outKeyFileName, CSSM_TRUE, fileName);
irtn = writeFile(fileName, pubKeyOut.KeyData.Data, pubKeyOut.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", pubKeyOut.KeyData.Length, fileName);
}
cspFreeKey(op->cspHand, &pubKeyOut);
free(pubKeyIn.KeyData.Data);
cspFreeKey(op->cspHand, &refKey);
return 0;
}
static int rt_verify(opParams *op)
{
CSSM_KEY pubKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA sig;
CSSM_RETURN crtn;
CSSM_ALGORITHMS alg;
unsigned len;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to verify.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
printf("***Need plainFileName and sigFileName to verify.\n");
return 1;
}
irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg,
op->pubKeyFormat, &pubKey);
if(irtn) {
return irtn;
}
irtn = readFile(op->plainFileName, &ptext.Data, &len);
if(irtn) {
printf("***Error reading %s\n", op->plainFileName);
return irtn;
}
ptext.Length = len;
irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length);
if(irtn) {
printf("***Error reading %s\n", op->sigFileName);
return irtn;
}
switch(op->alg) {
case CSSM_ALGID_RSA:
if(op->rawSign) {
alg = CSSM_ALGID_RSA;
}
else {
alg = CSSM_ALGID_SHA1WithRSA;
}
break;
case CSSM_ALGID_DSA:
alg = CSSM_ALGID_SHA1WithDSA;
break;
case CSSM_ALGID_ECDSA:
if(op->rawSign) {
alg = CSSM_ALGID_ECDSA;
}
else {
alg = CSSM_ALGID_SHA1WithECDSA;
}
break;
default:
printf("Hey! Try another alg!\n");
exit(1);
}
crtn = sigVerify(op->cspHand,
alg,
&pubKey,
&ptext,
&sig,
op->digestAlg,
op->noPad);
if(crtn) {
printError("sigVerify", crtn);
irtn = 1;
}
else if(!op->quiet){
printf("...signature verifies OK\n");
irtn = 0;
}
free(pubKey.KeyData.Data); // allocd by rt_readKey --> readFile
free(ptext.Data); // allocd by readFile
free(sig.Data); // ditto
return irtn;
}
static int rt_sign(opParams *op)
{
CSSM_KEY privKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA sig;
CSSM_RETURN crtn;
CSSM_ALGORITHMS alg;
unsigned len;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to sign.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
printf("***Need plainFileName and sigFileName to sign.\n");
return 1;
}
irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_FALSE, op->alg,
op->privKeyFormat, &privKey);
if(irtn) {
return irtn;
}
irtn = readFile(op->plainFileName, &ptext.Data, &len);
if(irtn) {
printf("***Error reading %s\n", op->plainFileName);
return irtn;
}
ptext.Length = len;
sig.Data = NULL;
sig.Length = 0;
switch(op->alg) {
case CSSM_ALGID_RSA:
if(op->rawSign) {
alg = CSSM_ALGID_RSA;
}
else {
alg = CSSM_ALGID_SHA1WithRSA;
}
break;
case CSSM_ALGID_DSA:
alg = CSSM_ALGID_SHA1WithDSA;
break;
case CSSM_ALGID_ECDSA:
if(op->rawSign) {
alg = CSSM_ALGID_ECDSA;
}
else {
alg = CSSM_ALGID_SHA1WithECDSA;
}
break;
default:
printf("Hey! Try another alg!\n");
exit(1);
}
crtn = sigSign(op->cspHand,
alg,
&privKey,
&ptext,
&sig,
op->digestAlg,
op->noPad);
if(crtn) {
printError("cspSign", crtn);
return 1;
}
irtn = writeFile(op->sigFileName, sig.Data, sig.Length);
if(irtn) {
printf("***Error writing %s\n", op->sigFileName);
}
else if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", sig.Length, op->sigFileName);
}
free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile
free(ptext.Data); // allocd by readFile
appFreeCssmData(&sig, CSSM_FALSE); // by CSP
return irtn;
}
/* decrypt using private key */
static int rt_decrypt(opParams *op)
{
CSSM_KEY privKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA ctext;
CSSM_RETURN crtn;
CSSM_BOOL isPub;
CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE;
CSSM_KEYBLOB_FORMAT format = op->privKeyFormat;
unsigned len;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to decrypt.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) {
printf("***Need plainFileName and cipherFileName to decrypt.\n");
return 1;
}
if(op->swapKeyClass) {
isPub = CSSM_TRUE;
mode = CSSM_ALGMODE_PUBLIC_KEY;
format = op->pubKeyFormat;
}
else {
isPub = CSSM_FALSE;
}
irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg,
format, &privKey);
if(irtn) {
return irtn;
}
irtn = readFile(op->cipherFileName, &ctext.Data, &len);
if(irtn) {
printf("***Error reading %s\n", op->cipherFileName);
return irtn;
}
ctext.Length = len;
ptext.Data = NULL;
ptext.Length = 0;
crtn = cspDecrypt(op->cspHand,
op->alg,
mode,
op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1,
&privKey,
NULL,
0, // effectiveKeySize
0, // rounds
NULL, // initVector
&ctext,
&ptext,
CSSM_FALSE); // mallocCtext
if(crtn) {
return 1;
}
irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length);
if(irtn) {
printf("***Error writing %s\n", op->cipherFileName);
}
else {
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", ptext.Length, op->plainFileName);
}
}
free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile
free(ctext.Data); // allocd by readFile
appFreeCssmData(&ptext, CSSM_FALSE); // by CSP
return irtn;
}
static int rt_stagedVerify(opParams *op)
{
CSSM_KEY pubKey;
int irtn;
unsigned char inBuf[IN_BUF_SIZE]; // raw infile data
CSSM_DATA inData;
CSSM_DATA sig;
CSSM_RETURN crtn;
CSSM_ALGORITHMS sigAlg;
ssize_t thisMove;
CSSM_CC_HANDLE ccHandle;
if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
printf("***Need plainFileName and sigFileName to verify.\n");
return 1;
}
/* get public key for signing */
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to verify.\n");
return 1;
}
irtn = rt_readKey(op->cspHandle,
op->keyFileName,
CSSM_TRUE, // isPub - sign with private key
op->keyAlg,
&pubKey);
if(irtn) {
return irtn;
}
/* get existing signature from file */
irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length);
if(irtn) {
printf("***Error reading %s\n", op->sigFileName);
return irtn;
}
/* open plainFileName for reading */
int inFileFd = open(op->plainFileName, O_RDONLY, 0);
if(inFileFd <= 0) {
perror(op->plainFileName);
return 1;
}
irtn = lseek(inFileFd, 0, SEEK_SET);
if(irtn < 0) {
perror(op->plainFileName);
return 1;
}
/* infer signature algorithm from key alg */
switch(op->keyAlg) {
case CSSM_ALGID_RSA:
sigAlg = CSSM_ALGID_SHA1WithRSA;
break;
case CSSM_ALGID_DSA:
sigAlg = CSSM_ALGID_SHA1WithDSA;
break;
default:
printf("Hey! Try another alg!\n");
exit(1);
}
/* obtain a signature context */
crtn = cdsaStagedSignVerifyInit(op->cspHandle,
&pubKey,
sigAlg,
SO_Verify,
&ccHandle);
if(crtn) {
cssmPerror("cdsaStagedSignVerifyInit", crtn);
return -1;
}
for(;;) {
/* read up to IN_BUF_SUZE bytes */
thisMove = read(inFileFd, inBuf, IN_BUF_SIZE);
if(thisMove < 0) {
perror("read");
return 1;
}
inData.Data = inBuf;
inData.Length = thisMove;
/* Assume "final" if we read less than we asked for */
CSSM_DATA_PTR sigPtr = (thisMove == IN_BUF_SIZE) ? NULL : &sig;
crtn = cdsaStagedVerify(ccHandle,
&inData,
sigPtr);
if(sigPtr) {
/* note we don't display possible sig verify error here */
break;
}
if(crtn) {
cssmPerror("cdsaStagedVerify", crtn);
return 1;
}
}
close(inFileFd);
if(crtn) {
cssmPerror("sigVerify", crtn);
irtn = 1;
}
else {
printf("...signature verifies OK\n");
irtn = 0;
}
cdsaFreeKey(op->cspHandle, &pubKey);
free(sig.Data); // allocd by readFile
return irtn;
}
static int rt_verify(opParams *op)
{
CSSM_KEY pubKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA sig;
CSSM_RETURN crtn;
CSSM_ALGORITHMS sigAlg;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to verify.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
printf("***Need plainFileName and sigFileName to verify.\n");
return 1;
}
irtn = rt_readKey(op->cspHandle,
op->keyFileName,
CSSM_TRUE, // isPub - verify with public key
op->keyAlg,
&pubKey);
if(irtn) {
return irtn;
}
/* obtain text to verify and signature */
irtn = readFile(op->plainFileName, &ptext.Data,
(unsigned *)&ptext.Length);
if(irtn) {
printf("***Error reading %s\n", op->plainFileName);
return irtn;
}
irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length);
if(irtn) {
printf("***Error reading %s\n", op->sigFileName);
return irtn;
}
switch(op->keyAlg) {
case CSSM_ALGID_RSA:
sigAlg = CSSM_ALGID_SHA1WithRSA;
break;
case CSSM_ALGID_DSA:
sigAlg = CSSM_ALGID_SHA1WithDSA;
break;
default:
printf("Hey! Try another alg!\n");
exit(1);
}
crtn = cdsaVerify(op->cspHandle,
&pubKey,
sigAlg,
&ptext,
&sig);
if(crtn) {
cssmPerror("sigVerify", crtn);
return 1;
}
else {
printf("...signature verifies OK\n");
irtn = 0;
}
cdsaFreeKey(op->cspHandle, &pubKey);
free(ptext.Data); // allocd by readFile
free(sig.Data); // ditto
return irtn;
}
static int rt_sign(opParams *op)
{
CSSM_KEY privKey;
int irtn;
CSSM_DATA ptext;
CSSM_DATA sig;
CSSM_RETURN crtn;
CSSM_ALGORITHMS sigAlg;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to sign.\n");
return 1;
}
if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
printf("***Need plainFileName and sigFileName to sign.\n");
return 1;
}
irtn = rt_readKey(op->cspHandle,
op->keyFileName,
CSSM_FALSE, // isPub - sign with private key
op->keyAlg,
&privKey);
if(irtn) {
return irtn;
}
irtn = readFile(op->plainFileName, &ptext.Data,
(unsigned *)&ptext.Length);
if(irtn) {
printf("***Error reading %s\n", op->plainFileName);
return irtn;
}
sig.Data = NULL;
sig.Length = 0;
switch(op->keyAlg) {
case CSSM_ALGID_RSA:
sigAlg = CSSM_ALGID_SHA1WithRSA;
break;
case CSSM_ALGID_DSA:
sigAlg = CSSM_ALGID_SHA1WithDSA;
break;
default:
printf("Hey! Try another alg!\n");
exit(1);
}
crtn = cdsaSign(op->cspHandle,
&privKey,
sigAlg,
&ptext,
&sig);
if(crtn) {
cssmPerror("cdsaSign", crtn);
return 1;
}
irtn = writeFile(op->sigFileName, sig.Data, sig.Length);
if(irtn) {
printf("***Error writing %s\n", op->sigFileName);
}
else {
printf("...wrote %u bytes to %s\n",
(unsigned)sig.Length, op->sigFileName);
}
cdsaFreeKey(op->cspHandle, &privKey);
free(ptext.Data); // allocd by readFile
free(sig.Data); // allocd by CSP
return irtn;
}
