[apple/security.git] / SecurityTests / cspxutils / asymCompat / asymCompat.c

/* 
 * asymCompat.c - test compatibilty of two different implementations of a
 * RSA and DSA - one in the standard AppleCSP, one in BSAFE.
 */

#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <Security/cssm.h>
#include <Security/cssmapple.h>
#include "cspwrap.h"
#include "common.h"
#include "bsafeUtils.h"
#include <string.h>
#include "cspdlTesting.h"

/*
 * Defaults.
 */
#define OLOOPS_DEF		10		/* outer loops, one set of keys per loop */
#define SIG_LOOPS_DEF	100		/* sig loops */
#define ENC_LOOPS_DEF	100		/* encrypt/decrypt loops */
#define MAX_TEXT_SIZE	1025

#define LOOP_NOTIFY		20

static void usage(char **argv)
{
	printf("usage: %s [options]\n", argv[0]);
	printf("   Options:\n");
	printf("   a=algorithm (r=RSA; d=DSA; default=both)\n");
	printf("   l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF);
	printf("   s=sigLoops (default=%d)\n", SIG_LOOPS_DEF);
	printf("   e=encryptLoops (default=%d)\n", ENC_LOOPS_DEF);
	printf("   k=keySizeInBits; default is random\n");
	printf("   S (sign/verify only)\n");
	printf("   E (encrypt/decrypt only)\n");
	printf("   r (generate ref keys)\n");
	printf("   R (generate public ref keys)\n");
	printf("   p=pauseInterval (default=0, no pause)\n");
	printf("   D (CSP/DL; default = bare CSP)\n");
	printf("   v(erbose)\n");
	printf("   q(uiet)\n");
	printf("   h(elp)\n");
	exit(1);
}

static const char *algToStr(CSSM_ALGORITHMS sigAlg)
{
	switch(sigAlg) {
		case CSSM_ALGID_RSA:			return "RSA";
		case CSSM_ALGID_DSA:			return "DSA";
		case CSSM_ALGID_SHA1WithRSA:	return "SHA1WithRSA";
		case CSSM_ALGID_MD5WithRSA:		return "MD5WithRSA";
		case CSSM_ALGID_SHA1WithDSA:	return "SHA1WithDSA";
		default:
			printf("***Unknown sigAlg\n");
			exit(1);
	}
	/* NOT REACHED */
	return "";
}

/*
 * CDSA private key decrypt with blinding option.
 */
static CSSM_RETURN _cspDecrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc. 
		CSSM_BOOL blinding,
		const CSSM_KEY *key,				// public or session key
		const CSSM_DATA *ctext,
		CSSM_DATA_PTR ptext)				// RETURNED
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	CSSM_SIZE		bytesDecrypted;
	CSSM_DATA		remData = {0, NULL};

	cryptHand = genCryptHandle(cspHand, 
		algorithm, 
		mode, 
		padding,
		key, 
		NULL,		// pubKey, 
		NULL,		// iv,
		0,			// effectiveKeySizeInBits,
		0);			// rounds
	if(cryptHand == 0) {
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(blinding) {
		CSSM_CONTEXT_ATTRIBUTE	newAttr;	
		newAttr.AttributeType     = CSSM_ATTRIBUTE_RSA_BLINDING;
		newAttr.AttributeLength   = sizeof(uint32);
		newAttr.Attribute.Uint32  = 1;
		crtn = CSSM_UpdateContextAttributes(cryptHand, 1, &newAttr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}

	crtn = CSSM_DecryptData(cryptHand,
		ctext,
		1,
		ptext,
		1,
		&bytesDecrypted,
		&remData);
	if(crtn == CSSM_OK) {
		// NOTE: We return the proper length in ptext....
		ptext->Length = bytesDecrypted;
		
		// FIXME - sometimes get mallocd RemData here, but never any valid data
		// there...side effect of CSPFullPluginSession's buffer handling logic;
		// but will we ever actually see valid data in RemData? So far we never
		// have....
		if(remData.Data != NULL) {
			appFree(remData.Data, NULL);
		}
	}
	else {
		printError("CSSM_DecryptData", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/* sign with RSA blinging option */
static CSSM_RETURN _cspSign(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		CSSM_BOOL rsaBlinding,
		CSSM_DATA_PTR sig)					// RETURNED
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	const CSSM_DATA	*ptext;
	CSSM_DATA		digest = {0, NULL};
	CSSM_ALGORITHMS	digestAlg = CSSM_ALGID_NONE;

	/* handle special cases for raw sign */
	switch(algorithm) {
		case CSSM_ALGID_SHA1:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5:
			digestAlg = CSSM_ALGID_MD5;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_DSA:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_DSA;
			break;
		default:
			break;
	}
	if(digestAlg != CSSM_ALGID_NONE) {
		crtn = cspDigest(cspHand,
			digestAlg,
			CSSM_FALSE,			// mallocDigest
			text,
			&digest);
		if(crtn) {
			return crtn;
		}	
		/* sign digest with raw RSA/DSA */
		ptext = &digest;
	}
	else {
		ptext = text;
	}
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
		return crtn;
	}
	if(rsaBlinding) {
		CSSM_CONTEXT_ATTRIBUTE	newAttr;	
		newAttr.AttributeType     = CSSM_ATTRIBUTE_RSA_BLINDING;
		newAttr.AttributeLength   = sizeof(uint32);
		newAttr.Attribute.Uint32  = 1;
		crtn = CSSM_UpdateContextAttributes(sigHand, 1, &newAttr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}
	crtn = CSSM_SignData(sigHand,
		ptext,
		1,
		digestAlg,
		sig);
	if(crtn) {
		printError("CSSM_SignData", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(digest.Data != NULL) {
		CSSM_FREE(digest.Data);
	}
	return ocrtn;
}


/*
 * Sign/verify test.
 *
 * for specified numLoops {
 *		generate random text;
 *		sign with BSAFE priv key, verify with CDSA pub key;
 *		sign with CDSA priv key, verify with BSAFE pub key;
 * }
 */
static int sigTest(
	CSSM_CSP_HANDLE		cspHand,
	unsigned			numLoops,
	
	/* one matched key pair */
	BU_KEY				bsafePrivKey,
	CSSM_KEY_PTR		cdsaPubKey,
	
	/* another matched key pair */
	CSSM_KEY_PTR		cdsaPrivKey,
	BU_KEY				bsafePubKey,
	
	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,	
	CSSM_ALGORITHMS		sigAlg,
	CSSM_BOOL			rsaBlinding,
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_RETURN crtn;
	CSSM_DATA	sig = {0, NULL};
	unsigned	loop;
	uint32		keySizeInBits = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits;
	
	if(!quiet) {
		printf("   ...sig alg %s  keySize %u\n", algToStr(sigAlg), (unsigned)keySizeInBits);
	}
	for(loop=0; loop<numLoops; loop++) {
		simpleGenData(ptext, 1, maxPtextSize);
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("      ...loop %d keySize %u textSize %lu\n", 
					loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits, 
					(unsigned long)ptext->Length);
			}
		}
		
		/* sign with BSAFE, verify with CDSA */
		crtn = buSign(bsafePrivKey,
			sigAlg,
			ptext,
			keySizeInBits,
			&sig);
		if(crtn) {
			return testError(quiet);
		}
		crtn = cspSigVerify(cspHand,
			sigAlg,
			cdsaPubKey,
			ptext,
			&sig,
			CSSM_OK);
		if(crtn) {
			printf("***ERROR: Sign with BSAFE, vfy with CDSA, alg %s\n",
				algToStr(sigAlg));
			if(testError(quiet)) {
				return 1;
			}
		}
		appFreeCssmData(&sig, CSSM_FALSE);
	
		/* sign with CDSA, verify with BSAFE */
		crtn = _cspSign(cspHand,
			sigAlg,
			cdsaPrivKey,
			ptext,
			rsaBlinding,
			&sig);
		if(crtn) {
			return testError(quiet);
		}
		crtn = buVerify(bsafePubKey,
			sigAlg,
			ptext,
			&sig);
		if(crtn) {
			printf("***ERROR: Sign with CDSA, vfy with BSAFE, alg %s\n",
				algToStr(sigAlg));
			if(testError(quiet)) {
				return 1;
			}
		}
		appFreeCssmData(&sig, CSSM_FALSE);
	}
	return CSSM_OK;
}

/*
 * RSA Encrypt/decrypt test.
 *
 * for specified numLoops {
 *		generate random text;
 *		encrypt with BSAFE pub key, decrypt with CDSA priv key, verify;
 *		encrypt with CDSA pub key, decrypt with BSAFE priv key, verify;
 * }
 */
static int encryptTest(
	CSSM_CSP_HANDLE		cspHand,
	unsigned			numLoops,
	
	/* one matched key pair */
	BU_KEY				bsafePrivKey,
	CSSM_KEY_PTR		cdsaPubKey,
	
	/* another matched key pair */
	CSSM_KEY_PTR		cdsaPrivKey,
	BU_KEY				bsafePubKey,
	
	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,	
	CSSM_BOOL			rsaBlinding,
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_RETURN crtn;
	CSSM_DATA	ctext = {0, NULL};
	CSSM_DATA	rptext = {0, NULL};
	unsigned	loop;
	unsigned	actKeySizeBytes;
	
	actKeySizeBytes = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits / 8;
	if(actKeySizeBytes < 12) {
		printf("***Key with %u key bits is too small for RSA encrypt\n",
			(unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits);
		return 1;
	}
	if(maxPtextSize > (actKeySizeBytes - 11)) {
		maxPtextSize = actKeySizeBytes - 11;
	}
	if(!quiet) {
		printf("   ...encr alg RSA\n");
	}
	for(loop=0; loop<numLoops; loop++) {
		simpleGenData(ptext, 1, maxPtextSize);
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("      ...loop %d keySize %u textSize %lu\n", 
					loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits, 
					(unsigned long)ptext->Length);
			}
		}
		
		/* encrypt with BSAFE, decrypt with CDSA */
		crtn = buEncryptDecrypt(bsafePubKey,
			CSSM_TRUE,		// encrypt
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			NULL,			// iv
			cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,	
			0,				// rounds
			ptext,
			&ctext);
		if(crtn) {
			return testError(quiet);
		}
		crtn = _cspDecrypt(cspHand,
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			CSSM_PADDING_PKCS1,
			rsaBlinding,
			cdsaPrivKey,
			&ctext,
			&rptext);
		if(crtn) {
			printf("***ERROR: encrypt with BSAFE, decrypt with CDSA\n");
			return testError(quiet);
		}
		if(!appCompareCssmData(ptext, &rptext)) {
			printf("***DATA MISCOMPARE: encrypt with BSAFE, decrypt with CDSA\n");
			return testError(quiet);
		}
		appFreeCssmData(&ctext, CSSM_FALSE);
		appFreeCssmData(&rptext, CSSM_FALSE);
	
		/* encrypt with CDSA, decrypt with BSAFE */
		crtn = cspEncrypt(cspHand,
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			CSSM_PADDING_PKCS1,
			cdsaPubKey,
			NULL,					// (FEE) pub key
			0,						// effectiveKeyBits
			0,						// rounds
			NULL,					// IV
			ptext,
			&ctext,
			CSSM_FALSE);			// mallocCtext
		if(crtn) {
			return testError(quiet);
		}
		crtn = buEncryptDecrypt(bsafePrivKey,
			CSSM_FALSE,		// encrypt
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			NULL,			// iv
			cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,	
			0,				// rounds
			&ctext,
			&rptext);
		if(crtn) {
			printf("***ERROR: encrypt with CDSA, decrypt with BSAFE\n");
			return testError(quiet);
		}
		if(!appCompareCssmData(ptext, &rptext)) {
			printf("***DATA MISCOMPARE: encrypt with CDSA, decrypt with BSAFE\n");
			return testError(quiet);
		}
		appFreeCssmData(&ctext, CSSM_FALSE);
		appFreeCssmData(&rptext, CSSM_FALSE);
	}
	return CSSM_OK;
}

static int doTest(
	CSSM_CSP_HANDLE		cspHand,
	CSSM_ALGORITHMS		keyAlg,				// RSA/DSA
	CSSM_ALGORITHMS		sigAlg,
	unsigned			sigLoops,			// may be zero
	unsigned			encrLoops,			// ditto; it will be zero for DSA
	CSSM_BOOL			rsaBlinding,
	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,
	uint32				keySizeInBits,		// 0 --> random per alg
	CSSM_BOOL			pubRefKeys,
	CSSM_BOOL			privRefKeys,
	CSSM_BOOL			bareCsp,			// for other workarounds
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_KEY			cdsaGenPubKey;
	CSSM_KEY			cdsaGenPrivKey;		// only used to create bsafeDerivePrivKey
	CSSM_KEY			cdsaTempKey;		// raw key if privRefKeys true
	CSSM_KEY			cdsaDerivePrivKey;	// same as bsafeGenPrivKey
	BU_KEY				bsafeGenPubKey;
	BU_KEY				bsafeGenPrivKey;	// only used to create cdsaDerivePrivKey
	BU_KEY				bsafeDerivePrivKey;	// same as cdsaGenPrivKey
	unsigned			actKeySizeBits;
	CSSM_RETURN			crtn;
	int					rtn;
	
	if(!keySizeInBits) {
		/* random key size */
		actKeySizeBits = randKeySizeBits(keyAlg, OT_Encrypt);
	}
	else {
		/* caller/user specified */
		actKeySizeBits = keySizeInBits;
	}
	if(verbose) {
		printf("   ...generating %s key pair, keySize %d bits...\n",
			algToStr(keyAlg), actKeySizeBits);
	}
	
	/* 
     * Generate two keypairs 
	 */
	if(keyAlg == CSSM_ALGID_DSA) {
		CSSM_BOOL doGenParams;
		
		if(bareCsp || CSPDL_DSA_GEN_PARAMS) {
			doGenParams = CSSM_TRUE;
		}
		else {
			/* CSPDL - no gen params */
			doGenParams = CSSM_FALSE;
		}
		crtn = cspGenDSAKeyPair(cspHand,
			"foo",
			3,
			actKeySizeBits,
			&cdsaGenPubKey,
			pubRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			&cdsaGenPrivKey,
			privRefKeys,
			CSSM_KEYUSE_SIGN,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			doGenParams,		// genParams
			NULL);				// params
	}
	else {
		crtn = cspGenKeyPair(cspHand,
			keyAlg,
			"foo",
			3,
			actKeySizeBits,
			&cdsaGenPubKey,
			pubRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			&cdsaGenPrivKey,
			privRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			CSSM_FALSE);					// genSeed not used 
	}
	if(crtn) {
		return testError(quiet);
	}
	crtn = buGenKeyPair(actKeySizeBits,
		keyAlg,
		&bsafeGenPubKey,
		&bsafeGenPrivKey);
	if(crtn) {
		return testError(quiet);
	}
	
	/* 
	 * Convert private keys to other library. 
	 * NOTE: the reason we're only converting private keys is solely due to the 
	 * fact that BSAFE does not handle PKCS1 formatted public key blobs. Very odd. 
	 * But it's too much of a pain to re-implement that wheel here, and SSL and 
	 * cert handling in general verify the CSP's PKCS1-style public key handling. 
	 */
	if(privRefKeys) {
		/* first generate a temporary raw CDSA key */
		crtn = buBsafePrivKeyToCdsa(keyAlg, 
			actKeySizeBits,
			bsafeGenPrivKey, 
			&cdsaTempKey);
		if(crtn) {
			return testError(quiet);
		}
		
		/* convert it to the ref key we'll actually use */
		crtn = cspRawKeyToRef(cspHand, &cdsaTempKey, &cdsaDerivePrivKey);
		cspFreeKey(cspHand, &cdsaTempKey);
	}
	else {
		crtn = buBsafePrivKeyToCdsa(keyAlg, 
			actKeySizeBits,
			bsafeGenPrivKey, 
			&cdsaDerivePrivKey);
	}
	if(crtn) {
		return testError(quiet);
	}
	if(privRefKeys) {
		/* we have a CDSA priv ref key; convert it to raw format */
		crtn = cspRefKeyToRaw(cspHand, &cdsaGenPrivKey, &cdsaTempKey);
		if(crtn) {
			return testError(quiet);
		}
		/* now convert it to BSAFE */
		crtn = buCdsaPrivKeyToBsafe(&cdsaTempKey, &bsafeDerivePrivKey);
		cspFreeKey(cspHand, &cdsaTempKey);
	}
	else {
		crtn = buCdsaPrivKeyToBsafe(&cdsaGenPrivKey, &bsafeDerivePrivKey);
	}
	if(crtn) {
		return testError(quiet);
	}
	
	if(sigLoops) {
		rtn = sigTest(cspHand,
			sigLoops,
			bsafeDerivePrivKey,
			&cdsaGenPubKey,
			&cdsaDerivePrivKey,
			bsafeGenPubKey,
			ptext,
			maxPtextSize,
			sigAlg,
			rsaBlinding,
			quiet,
			verbose);
		if(rtn) {
			return rtn;
		}
	}
	
	if(encrLoops) {
		rtn = encryptTest(cspHand,
			encrLoops,
			bsafeDerivePrivKey,
			&cdsaGenPubKey,
			&cdsaDerivePrivKey,
			bsafeGenPubKey,
			ptext,
			maxPtextSize,
			rsaBlinding,
			quiet,
			verbose);
		if(rtn) {
			return rtn;
		}
	}

	/* free all six keys */
	buFreeKey(bsafeGenPubKey);
	buFreeKey(bsafeGenPrivKey);
	buFreeKey(bsafeDerivePrivKey);
	cspFreeKey(cspHand, &cdsaGenPubKey);
	cspFreeKey(cspHand, &cdsaGenPrivKey);
	cspFreeKey(cspHand, &cdsaDerivePrivKey);
	return 0;
}

int main(int argc, char **argv)
{
	int					arg;
	char				*argp;
	unsigned			loop;
	CSSM_DATA			ptext;
	CSSM_CSP_HANDLE 	cspHand;
	int					i;
	int					rtn = 0;
	
	/*
	 * User-spec'd params
	 */
	uint32				keySizeInBits = 0;
	unsigned			oloops = OLOOPS_DEF;
	unsigned			sigLoops = SIG_LOOPS_DEF;
	unsigned			encrLoops = ENC_LOOPS_DEF;
	CSSM_BOOL			verbose = CSSM_FALSE;
	CSSM_BOOL			quiet = CSSM_FALSE;
	unsigned			pauseInterval = 0;
	CSSM_BOOL			bareCsp = CSSM_TRUE;
	CSSM_BOOL			doDSA = CSSM_TRUE;
	CSSM_BOOL			doRSA = CSSM_TRUE;
	CSSM_BOOL			pubRefKeys = CSSM_FALSE;
	CSSM_BOOL			privRefKeys = CSSM_FALSE;
	
	for(arg=1; arg<argc; arg++) {
		argp = argv[arg];
		switch(argp[0]) {
			case 'a':
				if(argp[1] != '=') {
					usage(argv);
				}
				switch(argp[2]) {
					case 'r':
						doDSA = CSSM_FALSE;
						break;
					case 'd':
						doRSA = CSSM_FALSE;
						break;
					default:
						usage(argv);
				}
				break;
		    case 'l':
				oloops = atoi(&argp[2]);
				break;
		    case 's':
				sigLoops = atoi(&argp[2]);
				break;
		    case 'e':
				encrLoops = atoi(&argp[2]);
				break;
		    case 'k':
		    	keySizeInBits = atoi(&argp[2]);
				break;
		    case 'v':
		    	verbose = CSSM_TRUE;
				break;
			case 'r':
				privRefKeys = CSSM_TRUE;
				break;
			case 'R':
				pubRefKeys = CSSM_TRUE;
				break;
			case 'D':
				bareCsp = CSSM_FALSE;
				#if 	CSPDL_ALL_KEYS_ARE_REF
				privRefKeys = CSSM_TRUE;
				pubRefKeys = CSSM_TRUE;
				#endif
				break;
		    case 'E':
		    	sigLoops = 0;
				break;
			case 'S':
				encrLoops = 0;
				break;
		    case 'q':
		    	quiet = CSSM_TRUE;
				break;
		    case 'p':
		    	pauseInterval = atoi(&argp[2]);;
				break;
		    case 'h':
		    default:
				usage(argv);
		}
	}
	ptext.Data = (uint8 *)CSSM_MALLOC(MAX_TEXT_SIZE);
	if(ptext.Data == NULL) {
		printf("Insufficient heap space\n");
		exit(1);
	}
	/* ptext length set in inner test loops */
	
	printf("Starting asymCompat; args: ");
	for(i=1; i<argc; i++) {
		printf("%s ", argv[i]);
	}
	printf("\n");
	cspHand = cspDlDbStartup(bareCsp, NULL);
	if(cspHand == 0) {
		exit(1);
	}
	if(pauseInterval) {
		fpurge(stdin);
		printf("Top of test; hit CR to proceed: ");
		getchar();
	}
	for(loop=1; ; loop++) {
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("...oloop %d\n", loop);
			}
		}
		
		if(doRSA) {
			CSSM_ALGORITHMS	sigAlg;
			if(loop & 1) {
				sigAlg = CSSM_ALGID_SHA1WithRSA;
			}
			else {
				sigAlg = CSSM_ALGID_MD5WithRSA;
			}
			
			/* enable RSA blinding on half the loops for RSA */
			CSSM_BOOL rsaBlinding = CSSM_FALSE;
			if(loop & 2) {
				rsaBlinding = CSSM_TRUE;
			}
			
			rtn = doTest(cspHand,
				CSSM_ALGID_RSA,
				sigAlg,
				sigLoops,
				encrLoops,
				rsaBlinding,
				&ptext,
				MAX_TEXT_SIZE,
				keySizeInBits,
				pubRefKeys,
				privRefKeys,
				bareCsp,
				quiet,
				verbose);
			if(rtn) {
				break;
			}
		}
		if(doDSA) {
			rtn = doTest(cspHand,
				CSSM_ALGID_DSA,
				CSSM_ALGID_SHA1WithDSA,
				sigLoops,
				0,					// encrLoops - none for DSA
				CSSM_FALSE,			// blinding
				&ptext,
				MAX_TEXT_SIZE,
				keySizeInBits,
				pubRefKeys,
				privRefKeys,
				bareCsp,
				quiet,
				verbose);
			if(rtn) {
				break;
			}
		}
		if(oloops && (loop == oloops)) {
			break;
		}
		if(pauseInterval && (loop % pauseInterval) == 0) {
			fpurge(stdin);
			printf("hit CR to proceed: ");
			getchar();
		}
	}
	
	cspShutdown(cspHand, bareCsp);
	if(pauseInterval) {
		fpurge(stdin);
		printf("ModuleDetach/Unload complete; hit CR to exit: ");
		getchar();
	}
	if((rtn == 0) && !quiet) {
		printf("%s test complete\n", argv[0]);
	}
	CSSM_FREE(ptext.Data);
	return rtn;
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* asymCompat.c - test compatibilty of two different implementations of a
	3	* RSA and DSA - one in the standard AppleCSP, one in BSAFE.
	4	*/
	5
	6	#include <stdlib.h>
	7	#include <stdio.h>
	8	#include <time.h>
	9	#include <Security/cssm.h>
	10	#include <Security/cssmapple.h>
	11	#include "cspwrap.h"
	12	#include "common.h"
	13	#include "bsafeUtils.h"
	14	#include <string.h>
	15	#include "cspdlTesting.h"
	16
	17	/*
	18	* Defaults.
	19	*/
	20	#define OLOOPS_DEF 10 /* outer loops, one set of keys per loop */
	21	#define SIG_LOOPS_DEF 100 /* sig loops */
	22	#define ENC_LOOPS_DEF 100 /* encrypt/decrypt loops */
	23	#define MAX_TEXT_SIZE 1025
	24
	25	#define LOOP_NOTIFY 20
	26
	27	static void usage(char **argv)
	28	{
	29	printf("usage: %s [options]\n", argv[0]);
	30	printf(" Options:\n");
	31	printf(" a=algorithm (r=RSA; d=DSA; default=both)\n");
	32	printf(" l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF);
	33	printf(" s=sigLoops (default=%d)\n", SIG_LOOPS_DEF);
	34	printf(" e=encryptLoops (default=%d)\n", ENC_LOOPS_DEF);
	35	printf(" k=keySizeInBits; default is random\n");
	36	printf(" S (sign/verify only)\n");
	37	printf(" E (encrypt/decrypt only)\n");
	38	printf(" r (generate ref keys)\n");
	39	printf(" R (generate public ref keys)\n");
	40	printf(" p=pauseInterval (default=0, no pause)\n");
	41	printf(" D (CSP/DL; default = bare CSP)\n");
	42	printf(" v(erbose)\n");
	43	printf(" q(uiet)\n");
	44	printf(" h(elp)\n");
	45	exit(1);
	46	}
	47
	48	static const char *algToStr(CSSM_ALGORITHMS sigAlg)
	49	{
	50	switch(sigAlg) {
	51	case CSSM_ALGID_RSA: return "RSA";
	52	case CSSM_ALGID_DSA: return "DSA";
	53	case CSSM_ALGID_SHA1WithRSA: return "SHA1WithRSA";
	54	case CSSM_ALGID_MD5WithRSA: return "MD5WithRSA";
	55	case CSSM_ALGID_SHA1WithDSA: return "SHA1WithDSA";
	56	default:
	57	printf("***Unknown sigAlg\n");
	58	exit(1);
	59	}
	60	/* NOT REACHED */
	61	return "";
	62	}
	63
	64	/*
65	* CDSA private key decrypt with blinding option.
66	*/
67	static CSSM_RETURN _cspDecrypt(CSSM_CSP_HANDLE cspHand,
68	uint32 algorithm, // CSSM_ALGID_FEED, etc.
69	uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs
70	CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc.
71	CSSM_BOOL blinding,
72	const CSSM_KEY *key, // public or session key
73	const CSSM_DATA *ctext,
74	CSSM_DATA_PTR ptext) // RETURNED
75	{
76	CSSM_CC_HANDLE cryptHand;
77	CSSM_RETURN crtn;
78	CSSM_RETURN ocrtn = CSSM_OK;
79	CSSM_SIZE bytesDecrypted;
80	CSSM_DATA remData = {0, NULL};
81
82	cryptHand = genCryptHandle(cspHand,
83	algorithm,
84	mode,
85	padding,
86	key,
87	NULL, // pubKey,
88	NULL, // iv,
89	0, // effectiveKeySizeInBits,
90	0); // rounds
91	if(cryptHand == 0) {
92	return CSSMERR_CSP_INTERNAL_ERROR;
93	}
94	if(blinding) {
95	CSSM_CONTEXT_ATTRIBUTE newAttr;
96	newAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING;
97	newAttr.AttributeLength = sizeof(uint32);
98	newAttr.Attribute.Uint32 = 1;
99	crtn = CSSM_UpdateContextAttributes(cryptHand, 1, &newAttr);
100	if(crtn) {
101	printError("CSSM_UpdateContextAttributes", crtn);
102	return crtn;
103	}
104	}
105
106	crtn = CSSM_DecryptData(cryptHand,
107	ctext,
108	1,
109	ptext,
110	1,
111	&bytesDecrypted,
112	&remData);
113	if(crtn == CSSM_OK) {
114	// NOTE: We return the proper length in ptext....
115	ptext->Length = bytesDecrypted;
116
117	// FIXME - sometimes get mallocd RemData here, but never any valid data
118	// there...side effect of CSPFullPluginSession's buffer handling logic;
119	// but will we ever actually see valid data in RemData? So far we never
120	// have....
121	if(remData.Data != NULL) {
122	appFree(remData.Data, NULL);
123	}
124	}
125	else {
126	printError("CSSM_DecryptData", crtn);
127	ocrtn = crtn;
128	}
129	crtn = CSSM_DeleteContext(cryptHand);
130	if(crtn) {
131	printError("CSSM_DeleteContext", crtn);
132	ocrtn = crtn;
133	}
134	return ocrtn;
135	}
136
137	/* sign with RSA blinging option */
138	static CSSM_RETURN _cspSign(CSSM_CSP_HANDLE cspHand,
139	uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc.
140	CSSM_KEY_PTR key, // private key
141	const CSSM_DATA *text,
142	CSSM_BOOL rsaBlinding,
143	CSSM_DATA_PTR sig) // RETURNED
144	{
145	CSSM_CC_HANDLE sigHand;
146	CSSM_RETURN crtn;
147	CSSM_RETURN ocrtn = CSSM_OK;
148	const CSSM_DATA *ptext;
149	CSSM_DATA digest = {0, NULL};
150	CSSM_ALGORITHMS digestAlg = CSSM_ALGID_NONE;
151
152	/* handle special cases for raw sign */
153	switch(algorithm) {
154	case CSSM_ALGID_SHA1:
155	digestAlg = CSSM_ALGID_SHA1;
156	algorithm = CSSM_ALGID_RSA;
157	break;
158	case CSSM_ALGID_MD5:
159	digestAlg = CSSM_ALGID_MD5;
160	algorithm = CSSM_ALGID_RSA;
161	break;
162	case CSSM_ALGID_DSA:
163	digestAlg = CSSM_ALGID_SHA1;
164	algorithm = CSSM_ALGID_DSA;
165	break;
166	default:
167	break;
168	}
169	if(digestAlg != CSSM_ALGID_NONE) {
170	crtn = cspDigest(cspHand,
171	digestAlg,
172	CSSM_FALSE, // mallocDigest
173	text,
174	&digest);
175	if(crtn) {
176	return crtn;
177	}
178	/* sign digest with raw RSA/DSA */
179	ptext = &digest;
180	}
181	else {
182	ptext = text;
183	}
184	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
185	algorithm,
186	NULL, // passPhrase
187	key,
188	&sigHand);
189	if(crtn) {
190	printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
191	return crtn;
192	}
193	if(rsaBlinding) {
194	CSSM_CONTEXT_ATTRIBUTE newAttr;
195	newAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING;
196	newAttr.AttributeLength = sizeof(uint32);
197	newAttr.Attribute.Uint32 = 1;
198	crtn = CSSM_UpdateContextAttributes(sigHand, 1, &newAttr);
199	if(crtn) {
200	printError("CSSM_UpdateContextAttributes", crtn);
201	return crtn;
202	}
203	}
204	crtn = CSSM_SignData(sigHand,
205	ptext,
206	1,
207	digestAlg,
208	sig);
209	if(crtn) {
210	printError("CSSM_SignData", crtn);
211	ocrtn = crtn;
212	}
213	crtn = CSSM_DeleteContext(sigHand);
214	if(crtn) {
215	printError("CSSM_DeleteContext", crtn);
216	ocrtn = crtn;
217	}
218	if(digest.Data != NULL) {
219	CSSM_FREE(digest.Data);
220	}
221	return ocrtn;
222	}
223
224
225	/*
226	* Sign/verify test.
227	*
228	* for specified numLoops {
229	* generate random text;
230	* sign with BSAFE priv key, verify with CDSA pub key;
231	* sign with CDSA priv key, verify with BSAFE pub key;
232	* }
233	*/
234	static int sigTest(
235	CSSM_CSP_HANDLE cspHand,
236	unsigned numLoops,
237
238	/* one matched key pair */
239	BU_KEY bsafePrivKey,
240	CSSM_KEY_PTR cdsaPubKey,
241
242	/* another matched key pair */
243	CSSM_KEY_PTR cdsaPrivKey,
244	BU_KEY bsafePubKey,
245
246	CSSM_DATA_PTR ptext,
247	unsigned maxPtextSize,
248	CSSM_ALGORITHMS sigAlg,
249	CSSM_BOOL rsaBlinding,
250	CSSM_BOOL quiet,
251	CSSM_BOOL verbose)
252	{
253	CSSM_RETURN crtn;
254	CSSM_DATA sig = {0, NULL};
255	unsigned loop;
256	uint32 keySizeInBits = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits;
257
258	if(!quiet) {
259	printf(" ...sig alg %s keySize %u\n", algToStr(sigAlg), (unsigned)keySizeInBits);
260	}
261	for(loop=0; loop<numLoops; loop++) {
262	simpleGenData(ptext, 1, maxPtextSize);
263	if(!quiet) {
264	if(verbose \|\| ((loop % LOOP_NOTIFY) == 0)) {
265	printf(" ...loop %d keySize %u textSize %lu\n",
266	loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
267	(unsigned long)ptext->Length);
268	}
269	}
270
271	/* sign with BSAFE, verify with CDSA */
272	crtn = buSign(bsafePrivKey,
273	sigAlg,
274	ptext,
275	keySizeInBits,
276	&sig);
277	if(crtn) {
278	return testError(quiet);
279	}
280	crtn = cspSigVerify(cspHand,
281	sigAlg,
282	cdsaPubKey,
283	ptext,
284	&sig,
285	CSSM_OK);
286	if(crtn) {
287	printf("***ERROR: Sign with BSAFE, vfy with CDSA, alg %s\n",
288	algToStr(sigAlg));
289	if(testError(quiet)) {
290	return 1;
291	}
292	}
293	appFreeCssmData(&sig, CSSM_FALSE);
294
295	/* sign with CDSA, verify with BSAFE */
296	crtn = _cspSign(cspHand,
297	sigAlg,
298	cdsaPrivKey,
299	ptext,
300	rsaBlinding,
301	&sig);
302	if(crtn) {
303	return testError(quiet);
304	}
305	crtn = buVerify(bsafePubKey,
306	sigAlg,
307	ptext,
308	&sig);
309	if(crtn) {
310	printf("***ERROR: Sign with CDSA, vfy with BSAFE, alg %s\n",
311	algToStr(sigAlg));
312	if(testError(quiet)) {
313	return 1;
314	}
315	}
316	appFreeCssmData(&sig, CSSM_FALSE);
317	}
318	return CSSM_OK;
319	}
320
321	/*
322	* RSA Encrypt/decrypt test.
323	*
324	* for specified numLoops {
325	* generate random text;
326	* encrypt with BSAFE pub key, decrypt with CDSA priv key, verify;
327	* encrypt with CDSA pub key, decrypt with BSAFE priv key, verify;
328	* }
329	*/
330	static int encryptTest(
331	CSSM_CSP_HANDLE cspHand,
332	unsigned numLoops,
333
334	/* one matched key pair */
335	BU_KEY bsafePrivKey,
336	CSSM_KEY_PTR cdsaPubKey,
337
338	/* another matched key pair */
339	CSSM_KEY_PTR cdsaPrivKey,
340	BU_KEY bsafePubKey,
341
342	CSSM_DATA_PTR ptext,
343	unsigned maxPtextSize,
344	CSSM_BOOL rsaBlinding,
345	CSSM_BOOL quiet,
346	CSSM_BOOL verbose)
347	{
348	CSSM_RETURN crtn;
349	CSSM_DATA ctext = {0, NULL};
350	CSSM_DATA rptext = {0, NULL};
351	unsigned loop;
352	unsigned actKeySizeBytes;
353
354	actKeySizeBytes = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits / 8;
355	if(actKeySizeBytes < 12) {
356	printf("***Key with %u key bits is too small for RSA encrypt\n",
357	(unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits);
358	return 1;
359	}
360	if(maxPtextSize > (actKeySizeBytes - 11)) {
361	maxPtextSize = actKeySizeBytes - 11;
362	}
363	if(!quiet) {
364	printf(" ...encr alg RSA\n");
365	}
366	for(loop=0; loop<numLoops; loop++) {
367	simpleGenData(ptext, 1, maxPtextSize);
368	if(!quiet) {
369	if(verbose \|\| ((loop % LOOP_NOTIFY) == 0)) {
370	printf(" ...loop %d keySize %u textSize %lu\n",
371	loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
372	(unsigned long)ptext->Length);
373	}
374	}
375
376	/* encrypt with BSAFE, decrypt with CDSA */
377	crtn = buEncryptDecrypt(bsafePubKey,
378	CSSM_TRUE, // encrypt
379	CSSM_ALGID_RSA,
380	CSSM_ALGMODE_NONE,
381	NULL, // iv
382	cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
383	0, // rounds
384	ptext,
385	&ctext);
386	if(crtn) {
387	return testError(quiet);
388	}
389	crtn = _cspDecrypt(cspHand,
390	CSSM_ALGID_RSA,
391	CSSM_ALGMODE_NONE,
392	CSSM_PADDING_PKCS1,
393	rsaBlinding,
394	cdsaPrivKey,
395	&ctext,
396	&rptext);
397	if(crtn) {
398	printf("***ERROR: encrypt with BSAFE, decrypt with CDSA\n");
399	return testError(quiet);
400	}
401	if(!appCompareCssmData(ptext, &rptext)) {
402	printf("***DATA MISCOMPARE: encrypt with BSAFE, decrypt with CDSA\n");
403	return testError(quiet);
404	}
405	appFreeCssmData(&ctext, CSSM_FALSE);
406	appFreeCssmData(&rptext, CSSM_FALSE);
407
408	/* encrypt with CDSA, decrypt with BSAFE */
409	crtn = cspEncrypt(cspHand,
410	CSSM_ALGID_RSA,
411	CSSM_ALGMODE_NONE,
412	CSSM_PADDING_PKCS1,
413	cdsaPubKey,
414	NULL, // (FEE) pub key
415	0, // effectiveKeyBits
416	0, // rounds
417	NULL, // IV
418	ptext,
419	&ctext,
420	CSSM_FALSE); // mallocCtext
421	if(crtn) {
422	return testError(quiet);
423	}
424	crtn = buEncryptDecrypt(bsafePrivKey,
425	CSSM_FALSE, // encrypt
426	CSSM_ALGID_RSA,
427	CSSM_ALGMODE_NONE,
428	NULL, // iv
429	cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
430	0, // rounds
431	&ctext,
432	&rptext);
433	if(crtn) {
434	printf("***ERROR: encrypt with CDSA, decrypt with BSAFE\n");
435	return testError(quiet);
436	}
437	if(!appCompareCssmData(ptext, &rptext)) {
438	printf("***DATA MISCOMPARE: encrypt with CDSA, decrypt with BSAFE\n");
439	return testError(quiet);
440	}
441	appFreeCssmData(&ctext, CSSM_FALSE);
442	appFreeCssmData(&rptext, CSSM_FALSE);
443	}
444	return CSSM_OK;
445	}
446
447	static int doTest(
448	CSSM_CSP_HANDLE cspHand,
449	CSSM_ALGORITHMS keyAlg, // RSA/DSA
450	CSSM_ALGORITHMS sigAlg,
451	unsigned sigLoops, // may be zero
452	unsigned encrLoops, // ditto; it will be zero for DSA
453	CSSM_BOOL rsaBlinding,
454	CSSM_DATA_PTR ptext,
455	unsigned maxPtextSize,
456	uint32 keySizeInBits, // 0 --> random per alg
457	CSSM_BOOL pubRefKeys,
458	CSSM_BOOL privRefKeys,
459	CSSM_BOOL bareCsp, // for other workarounds
460	CSSM_BOOL quiet,
461	CSSM_BOOL verbose)
462	{
463	CSSM_KEY cdsaGenPubKey;
464	CSSM_KEY cdsaGenPrivKey; // only used to create bsafeDerivePrivKey
465	CSSM_KEY cdsaTempKey; // raw key if privRefKeys true
466	CSSM_KEY cdsaDerivePrivKey; // same as bsafeGenPrivKey
467	BU_KEY bsafeGenPubKey;
468	BU_KEY bsafeGenPrivKey; // only used to create cdsaDerivePrivKey
469	BU_KEY bsafeDerivePrivKey; // same as cdsaGenPrivKey
470	unsigned actKeySizeBits;
471	CSSM_RETURN crtn;
472	int rtn;
473
474	if(!keySizeInBits) {
475	/* random key size */
476	actKeySizeBits = randKeySizeBits(keyAlg, OT_Encrypt);
477	}
478	else {
479	/* caller/user specified */
480	actKeySizeBits = keySizeInBits;
481	}
482	if(verbose) {
483	printf(" ...generating %s key pair, keySize %d bits...\n",
484	algToStr(keyAlg), actKeySizeBits);
485	}
486
487	/*
488	* Generate two keypairs
489	*/
490	if(keyAlg == CSSM_ALGID_DSA) {
491	CSSM_BOOL doGenParams;
492
493	if(bareCsp \|\| CSPDL_DSA_GEN_PARAMS) {
494	doGenParams = CSSM_TRUE;
495	}
496	else {
497	/* CSPDL - no gen params */
498	doGenParams = CSSM_FALSE;
499	}
500	crtn = cspGenDSAKeyPair(cspHand,
501	"foo",
502	3,
503	actKeySizeBits,
504	&cdsaGenPubKey,
505	pubRefKeys,
506	CSSM_KEYUSE_ANY,
507	CSSM_KEYBLOB_RAW_FORMAT_NONE,
508	&cdsaGenPrivKey,
509	privRefKeys,
510	CSSM_KEYUSE_SIGN,
511	CSSM_KEYBLOB_RAW_FORMAT_NONE,
512	doGenParams, // genParams
513	NULL); // params
514	}
515	else {
516	crtn = cspGenKeyPair(cspHand,
517	keyAlg,
518	"foo",
519	3,
520	actKeySizeBits,
521	&cdsaGenPubKey,
522	pubRefKeys,
523	CSSM_KEYUSE_ANY,
524	CSSM_KEYBLOB_RAW_FORMAT_NONE,
525	&cdsaGenPrivKey,
526	privRefKeys,
527	CSSM_KEYUSE_ANY,
528	CSSM_KEYBLOB_RAW_FORMAT_NONE,
529	CSSM_FALSE); // genSeed not used
530	}
531	if(crtn) {
532	return testError(quiet);
533	}
534	crtn = buGenKeyPair(actKeySizeBits,
535	keyAlg,
536	&bsafeGenPubKey,
537	&bsafeGenPrivKey);
538	if(crtn) {
539	return testError(quiet);
540	}
541
542	/*
543	* Convert private keys to other library.
544	* NOTE: the reason we're only converting private keys is solely due to the
545	* fact that BSAFE does not handle PKCS1 formatted public key blobs. Very odd.
546	* But it's too much of a pain to re-implement that wheel here, and SSL and
547	* cert handling in general verify the CSP's PKCS1-style public key handling.
548	*/
549	if(privRefKeys) {
550	/* first generate a temporary raw CDSA key */
551	crtn = buBsafePrivKeyToCdsa(keyAlg,
552	actKeySizeBits,
553	bsafeGenPrivKey,
554	&cdsaTempKey);
555	if(crtn) {
556	return testError(quiet);
557	}
558
559	/* convert it to the ref key we'll actually use */
560	crtn = cspRawKeyToRef(cspHand, &cdsaTempKey, &cdsaDerivePrivKey);
561	cspFreeKey(cspHand, &cdsaTempKey);
562	}
563	else {
564	crtn = buBsafePrivKeyToCdsa(keyAlg,
565	actKeySizeBits,
566	bsafeGenPrivKey,
567	&cdsaDerivePrivKey);
568	}
569	if(crtn) {
570	return testError(quiet);
571	}
572	if(privRefKeys) {
573	/* we have a CDSA priv ref key; convert it to raw format */
574	crtn = cspRefKeyToRaw(cspHand, &cdsaGenPrivKey, &cdsaTempKey);
575	if(crtn) {
576	return testError(quiet);
577	}
578	/* now convert it to BSAFE */
579	crtn = buCdsaPrivKeyToBsafe(&cdsaTempKey, &bsafeDerivePrivKey);
580	cspFreeKey(cspHand, &cdsaTempKey);
581	}
582	else {
583	crtn = buCdsaPrivKeyToBsafe(&cdsaGenPrivKey, &bsafeDerivePrivKey);
584	}
585	if(crtn) {
586	return testError(quiet);
587	}
588
589	if(sigLoops) {
590	rtn = sigTest(cspHand,
591	sigLoops,
592	bsafeDerivePrivKey,
593	&cdsaGenPubKey,
594	&cdsaDerivePrivKey,
595	bsafeGenPubKey,
596	ptext,
597	maxPtextSize,
598	sigAlg,
599	rsaBlinding,
600	quiet,
601	verbose);
602	if(rtn) {
603	return rtn;
604	}
605	}
606
607	if(encrLoops) {
608	rtn = encryptTest(cspHand,
609	encrLoops,
610	bsafeDerivePrivKey,
611	&cdsaGenPubKey,
612	&cdsaDerivePrivKey,
613	bsafeGenPubKey,
614	ptext,
615	maxPtextSize,
616	rsaBlinding,
617	quiet,
618	verbose);
619	if(rtn) {
620	return rtn;
621	}
622	}
623
624	/* free all six keys */
625	buFreeKey(bsafeGenPubKey);
626	buFreeKey(bsafeGenPrivKey);
627	buFreeKey(bsafeDerivePrivKey);
628	cspFreeKey(cspHand, &cdsaGenPubKey);
629	cspFreeKey(cspHand, &cdsaGenPrivKey);
630	cspFreeKey(cspHand, &cdsaDerivePrivKey);
631	return 0;
632	}
633
634	int main(int argc, char **argv)
635	{
636	int arg;
637	char *argp;
638	unsigned loop;
639	CSSM_DATA ptext;
640	CSSM_CSP_HANDLE cspHand;
641	int i;
642	int rtn = 0;
643
644	/*
645	* User-spec'd params
646	*/
647	uint32 keySizeInBits = 0;
648	unsigned oloops = OLOOPS_DEF;
649	unsigned sigLoops = SIG_LOOPS_DEF;
650	unsigned encrLoops = ENC_LOOPS_DEF;
651	CSSM_BOOL verbose = CSSM_FALSE;
652	CSSM_BOOL quiet = CSSM_FALSE;
653	unsigned pauseInterval = 0;
654	CSSM_BOOL bareCsp = CSSM_TRUE;
655	CSSM_BOOL doDSA = CSSM_TRUE;
656	CSSM_BOOL doRSA = CSSM_TRUE;
657	CSSM_BOOL pubRefKeys = CSSM_FALSE;
658	CSSM_BOOL privRefKeys = CSSM_FALSE;
659
660	for(arg=1; arg<argc; arg++) {
661	argp = argv[arg];
662	switch(argp[0]) {
663	case 'a':
664	if(argp[1] != '=') {
665	usage(argv);
666	}
667	switch(argp[2]) {
668	case 'r':
669	doDSA = CSSM_FALSE;
670	break;
671	case 'd':
672	doRSA = CSSM_FALSE;
673	break;
674	default:
675	usage(argv);
676	}
677	break;
678	case 'l':
679	oloops = atoi(&argp[2]);
680	break;
681	case 's':
682	sigLoops = atoi(&argp[2]);
683	break;
684	case 'e':
685	encrLoops = atoi(&argp[2]);
686	break;
687	case 'k':
688	keySizeInBits = atoi(&argp[2]);
689	break;
690	case 'v':
691	verbose = CSSM_TRUE;
692	break;
693	case 'r':
694	privRefKeys = CSSM_TRUE;
695	break;
696	case 'R':
697	pubRefKeys = CSSM_TRUE;
698	break;
699	case 'D':
700	bareCsp = CSSM_FALSE;
701	#if CSPDL_ALL_KEYS_ARE_REF
702	privRefKeys = CSSM_TRUE;
703	pubRefKeys = CSSM_TRUE;
704	#endif
705	break;
706	case 'E':
707	sigLoops = 0;
708	break;
709	case 'S':
710	encrLoops = 0;
711	break;
712	case 'q':
713	quiet = CSSM_TRUE;
714	break;
715	case 'p':
716	pauseInterval = atoi(&argp[2]);;
717	break;
718	case 'h':
719	default:
720	usage(argv);
721	}
722	}
723	ptext.Data = (uint8 *)CSSM_MALLOC(MAX_TEXT_SIZE);
724	if(ptext.Data == NULL) {
725	printf("Insufficient heap space\n");
726	exit(1);
727	}
728	/* ptext length set in inner test loops */
729
730	printf("Starting asymCompat; args: ");
731	for(i=1; i<argc; i++) {
732	printf("%s ", argv[i]);
733	}
734	printf("\n");
735	cspHand = cspDlDbStartup(bareCsp, NULL);
736	if(cspHand == 0) {
737	exit(1);
738	}
739	if(pauseInterval) {
740	fpurge(stdin);
741	printf("Top of test; hit CR to proceed: ");
742	getchar();
743	}
744	for(loop=1; ; loop++) {
745	if(!quiet) {
746	if(verbose \|\| ((loop % LOOP_NOTIFY) == 0)) {
747	printf("...oloop %d\n", loop);
748	}
749	}
750
751	if(doRSA) {
752	CSSM_ALGORITHMS sigAlg;
753	if(loop & 1) {
754	sigAlg = CSSM_ALGID_SHA1WithRSA;
755	}
756	else {
757	sigAlg = CSSM_ALGID_MD5WithRSA;
758	}
759
760	/* enable RSA blinding on half the loops for RSA */
761	CSSM_BOOL rsaBlinding = CSSM_FALSE;
762	if(loop & 2) {
763	rsaBlinding = CSSM_TRUE;
764	}
765
766	rtn = doTest(cspHand,
767	CSSM_ALGID_RSA,
768	sigAlg,
769	sigLoops,
770	encrLoops,
771	rsaBlinding,
772	&ptext,
773	MAX_TEXT_SIZE,
774	keySizeInBits,
775	pubRefKeys,
776	privRefKeys,
777	bareCsp,
778	quiet,
779	verbose);
780	if(rtn) {
781	break;
782	}
783	}
784	if(doDSA) {
785	rtn = doTest(cspHand,
786	CSSM_ALGID_DSA,
787	CSSM_ALGID_SHA1WithDSA,
788	sigLoops,
789	0, // encrLoops - none for DSA
790	CSSM_FALSE, // blinding
791	&ptext,
792	MAX_TEXT_SIZE,
793	keySizeInBits,
794	pubRefKeys,
795	privRefKeys,
796	bareCsp,
797	quiet,
798	verbose);
799	if(rtn) {
800	break;
801	}
802	}
803	if(oloops && (loop == oloops)) {
804	break;
805	}
806	if(pauseInterval && (loop % pauseInterval) == 0) {
807	fpurge(stdin);
808	printf("hit CR to proceed: ");
809	getchar();
810	}
811	}
812
813	cspShutdown(cspHand, bareCsp);
814	if(pauseInterval) {
815	fpurge(stdin);
816	printf("ModuleDetach/Unload complete; hit CR to exit: ");
817	getchar();
818	}
819	if((rtn == 0) && !quiet) {
820	printf("%s test complete\n", argv[0]);
821	}
822	CSSM_FREE(ptext.Data);
823	return rtn;
824	}
825
826