[apple/security.git] / SecurityTests / cspxutils / cryptTool / cryptTool.c

/*
	File:		 cryptTool.c
	
	Description: simple encrypt/decrypt utility to demonstrate CDSA API
                 used for symmetric encryption

	Author:		dmitch

	Copyright: 	Copyright (c) 2001,2003,2005-2006 Apple Computer, Inc. All Rights Reserved.
	
	Disclaimer:	IMPORTANT:  This Apple software is supplied to you by Apple 
	            Computer, Inc. ("Apple") in consideration of your agreement to 
				the following terms, and your use, installation, modification 
				or redistribution of this Apple software constitutes acceptance 
				of these terms.  If you do not agree with these terms, please 
				do not use, install, modify or redistribute this Apple software.

				In consideration of your agreement to abide by the following 
				terms, and subject to these terms, Apple grants you a personal, 
				non-exclusive license, under Apple's copyrights in this 
				original Apple software (the "Apple Software"), to use, 
				reproduce, modify and redistribute the Apple Software, with 
				or without modifications, in source and/or binary forms; 
				provided that if you redistribute the Apple Software in 
				its entirety and without modifications, you must retain
				this notice and the following text and disclaimers in all 
				such redistributions of the Apple Software.  Neither the 
				name, trademarks, service marks or logos of Apple Computer, 
				Inc. may be used to endorse or promote products derived from the
				Apple Software without specific prior written permission from 
				Apple.  Except as expressly stated in this notice, no other 
				rights or licenses, express or implied, are granted by Apple 
				herein, including but not limited to any patent rights that
				may be infringed by your derivative works or by other works 
				in which the Apple Software may be incorporated.

				The Apple Software is provided by Apple on an "AS IS" basis.  
				APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
				WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
				MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, 
				REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE 
				OR IN COMBINATION WITH YOUR PRODUCTS.

				IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, 
				INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
				LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
				LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION 
				AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED 
				AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING 
				NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE 
				HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

#include "common.h"
#include <security_cdsa_utils/cuFileIo.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

static void usage(char **argv) 
{
	printf("usage:\n");
	printf("  %s op password keySize inFile outFile [a=algorithm]\n", argv[0]);
	printf("  op:\n");
	printf("     e  encrypt\n");
	printf("     d  decrypt\n");
	printf("  algorithm:\n");
	printf("     4  RC4 (default if no algorithm specified)\n");
	printf("     c  ASC/ComCryption\n");
	printf("     d  DES\n");
	printf("     a  AES\n");
	exit(1);
}

/*
 * Derive symmetric key.
 */
static CSSM_RETURN ctDeriveKey(CSSM_CSP_HANDLE cspHand,
		uint32				keyAlg,			// CSSM_ALGID_RC5, etc.
		const char 			*keyLabel,
		unsigned 			keyLabelLen,
		uint32 				keyUsage,		// CSSM_KEYUSE_ENCRYPT, etc.
		uint32 				keySizeInBits,
		CSSM_DATA_PTR		password,		// in PKCS-5 lingo
		CSSM_DATA_PTR		salt,			// ditto
		uint32				iterationCnt,	// ditto
		CSSM_KEY_PTR		key)
{
	CSSM_RETURN					crtn;
	CSSM_CC_HANDLE 				ccHand;
	uint32						keyAttr;
	CSSM_DATA					dummyLabel;
	CSSM_PKCS5_PBKDF2_PARAMS 	pbeParams;
	CSSM_DATA					pbeData;
	CSSM_ACCESS_CREDENTIALS		creds;
	
	memset(key, 0, sizeof(CSSM_KEY));
	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
		CSSM_ALGID_PKCS5_PBKDF2,
		keyAlg,
		keySizeInBits,
		&creds,
		NULL,			// BaseKey
		iterationCnt,
		salt,
		NULL,			// seed
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateDeriveKeyContext", crtn);
		return crtn;
	}
	keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | 
			  CSSM_KEYATTR_SENSITIVE;
	dummyLabel.Length = keyLabelLen;
	dummyLabel.Data = (uint8 *)keyLabel;
	
	/* passing in password is pretty strange....*/
	pbeParams.Passphrase = *password;
	pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
	pbeData.Data = (uint8 *)&pbeParams;
	pbeData.Length = sizeof(pbeParams);
	crtn = CSSM_DeriveKey(ccHand,
		&pbeData,
		keyUsage,
		keyAttr,
		&dummyLabel,
		NULL,			// cred and acl
		key);
	if(crtn) {
		printError("CSSM_DeriveKey", crtn);
		return crtn;
	}
	crtn = CSSM_DeleteContext(ccHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
	}
	return crtn;
}


int main(int argc, char **argv)
{
	int						rtn;
	uint32					keySizeInBytes;		// from cmd line
	char					*password;			// ASCII password from cmd line
	char					*inFileName;		// from cmd line
	unsigned char 			*inFile;			// raw infile data
	unsigned				inFileSize;			// in bytes
	char					*outFileName;		// from cmd line
	CSSM_CSP_HANDLE			cspHand;
	CSSM_RETURN				crtn;
	int						doEncrypt = 0;
	CSSM_DATA				passwordData;
	CSSM_DATA				saltData = {8, (uint8 *)"someSalt"};
	CSSM_DATA				inData;				// data to encrypt/decrypt, from inFile
	CSSM_DATA				outData = {0, NULL};// result data, written to outFile
	CSSM_CC_HANDLE			ccHand;				// crypto context
	CSSM_DATA				remData = {0, NULL};
	CSSM_SIZE				bytesProcessed;
	CSSM_KEY				symKey;
	char					algSpec = '4';
	CSSM_ALGORITHMS			keyAlg = 0;
	CSSM_ALGORITHMS			encrAlg = 0;
	CSSM_ENCRYPT_MODE		encrMode = 0;
	CSSM_PADDING			padding = 0;
	/* max of 16 bytes of init vector for the algs we use */
	CSSM_DATA				initVect = {16, (uint8 *)"someStrangeInitVector"};
	CSSM_DATA_PTR			initVectPtr = NULL;
	
	if(argc < 6) {
		usage(argv);
	}
	
	/* gather up cmd line args */
	switch(argv[1][0]) {
		case 'e':
			doEncrypt = 1;
			break;
		case 'd':
			doEncrypt = 0;
			break;
		default:
			usage(argv);
	}
	password = argv[2];
	passwordData.Data = (uint8 *)password;
	passwordData.Length = strlen(password);
	keySizeInBytes = atoi(argv[3]);
	if(keySizeInBytes == 0) {
		printf("keySize of 0 illegal\n");
		exit(1);
	}
	inFileName = argv[4];
	outFileName = argv[5];

	/* optional algorithm specifier */
	if(argc == 7) {
		if(argv[6][0] != 'a') {
			usage(argv);
		}
		algSpec = argv[6][2];
	}
	
	/* algorithm-specific parameters */
	switch(algSpec) {
		case '4':
			/* RC4 stream cipher - no padding, no IV, variable key size */
			keyAlg   = CSSM_ALGID_RC4;
			encrAlg  = CSSM_ALGID_RC4;
			encrMode = CSSM_ALGMODE_NONE;
			padding  = CSSM_PADDING_NONE;
			break;
		case 'c':
			/* ComCryption stream cipher - no padding, no IV, variable key size */
			keyAlg   = CSSM_ALGID_ASC;
			encrAlg  = CSSM_ALGID_ASC;
			encrMode = CSSM_ALGMODE_NONE;
			padding  = CSSM_PADDING_NONE;
			break;
		case 'd':
			/* DES block cipher, block size = 8 bytes, fixed key size */
			if(keySizeInBytes != 8) {
				printf("***DES must have key size of 8 bytes\n");
				exit(1);
			}
			keyAlg   = CSSM_ALGID_DES;
			encrAlg  = CSSM_ALGID_DES;
			encrMode = CSSM_ALGMODE_CBCPadIV8;
			padding  = CSSM_PADDING_PKCS7;
			initVect.Length = 8;
			initVectPtr = &initVect;
			break;
		case 'a':
			/* AES block cipher, block size = 16 bytes, fixed key size */
			if(keySizeInBytes != 16) {
				printf("***AES must have key size of 8 bytes\n");
				exit(1);
			}
			keyAlg   = CSSM_ALGID_AES;
			encrAlg  = CSSM_ALGID_AES;
			encrMode = CSSM_ALGMODE_CBCPadIV8;
			padding  = CSSM_PADDING_PKCS7;
			initVect.Length = 16;
			initVectPtr = &initVect;
			break;
		default:
			usage(argv);
	}

	/* read inFile from disk */
	rtn = readFile(inFileName, &inFile, &inFileSize);
	if(rtn) {
		printf("Error reading %s: %s\n", inFileName, strerror(rtn));
		exit(1);
	}
	inData.Data = inFile;
	inData.Length = inFileSize;
	
	/* attach to CSP */
	cspHand = cspStartup();
	if(cspHand == 0) {
		exit(1);
	}

	/*
	 * Derive an actual encryption/decryption key from the password ASCII text. 
	 * We could use the ASCII text directly as key material but using the DeriveKey
	 * function is much more secure (besides being an industry-standard way to 
	 * convert an ASCII password into binary key material). 
	 */
	crtn = ctDeriveKey(cspHand,
		keyAlg,
		"someLabel",		// keyLabel, not important
		9,					// keyLabelLen
		doEncrypt ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
		keySizeInBytes * 8,	// keySizeInBits,
		&passwordData,
		&saltData,
		1000,				// iterCount, 1000 is the minimum
		&symKey);
	if(crtn) {
		exit(1);
	}
	
	/*
	 * Cook up a symmetric encrypt/decrypt context using the key we just derived
	 */
	crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
		encrAlg,				// encryption algorithm
		encrMode,				// mode
		NULL,					// access cred
		&symKey,
		initVectPtr,			// InitVector
		padding,				// Padding
		NULL,					// Params
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSymmetricContext", crtn);
		exit(1);
	}

	/* 
	 * Do the encrypt/decrypt.
	 * We do this with the init/update/final sequence only to demonstrate its
	 * usage.
	 */
	if(doEncrypt) {
		crtn = CSSM_EncryptDataInit(ccHand);
		if(crtn) {
			printError("CSSM_EncryptDataInit", crtn);
			exit(1);
		}
		
		/* this step can be performed an arbitrary number of times, with
		 * the appropriate housekeeping of inData and outData */
		crtn = CSSM_EncryptDataUpdate(ccHand,
			&inData,
			1,
			&outData,
			1,
			&bytesProcessed);
		if(crtn) {
			printError("CSSM_EncryptDataUpdate", crtn);
			exit(1);
		}
		outData.Length = bytesProcessed;
		
		/* one call more to clean up */
		crtn = CSSM_EncryptDataFinal(ccHand, &remData);
		if(crtn) {
			printError("CSSM_EncryptDataFinal", crtn);
			exit(1);
		}
		if(remData.Length != 0) {
			/* append remaining data to outData */
			uint32 newLen = outData.Length + remData.Length;
			outData.Data = (uint8 *)appRealloc(outData.Data,
				newLen,
				NULL);
			memmove(outData.Data + outData.Length, remData.Data, remData.Length);
			outData.Length = newLen;
			appFree(remData.Data, NULL);
		}
	}
	else {
		crtn = CSSM_DecryptDataInit(ccHand);
		if(crtn) {
			printError("CSSM_DecryptDataInit", crtn);
			exit(1);
		}
		
		/* this step can be performed an arbitrary number of times, with
		 * the appropriate housekeeping of inData and outData */
		crtn = CSSM_DecryptDataUpdate(ccHand,
			&inData,
			1,
			&outData,
			1,
			&bytesProcessed);
		if(crtn) {
			printError("CSSM_DecryptDataUpdate", crtn);
			exit(1);
		}
		outData.Length = bytesProcessed;
		
		/* one call more to clean up */
		crtn = CSSM_DecryptDataFinal(ccHand, &remData);
		if(crtn) {
			printError("CSSM_DecryptDataFinal", crtn);
			exit(1);
		}
		if(remData.Length != 0) {
			/* append remaining data to outData */
			uint32 newLen = outData.Length + remData.Length;
			outData.Data = (uint8 *)appRealloc(outData.Data,
				newLen,
				NULL);
			memmove(outData.Data + outData.Length, remData.Data, remData.Length);
			outData.Length = newLen;
			appFree(remData.Data, NULL);
		}
	}
	if(crtn == CSSM_OK) {
		rtn = writeFile(outFileName, outData.Data, outData.Length);
		if(rtn) {
			printf("Error writing %s: %s\n", outFileName, strerror(rtn));
			exit(1);
		}
		else {
			printf("SUCCESS: inFile length %u bytes, outFile length %u bytes\n",
				inFileSize, (unsigned)outData.Length);
		}
	}
	/* free resources */
	crtn = CSSM_DeleteContext(ccHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
	}
	crtn = CSSM_FreeKey(cspHand, 
		NULL,			// access cred
		&symKey,	
		CSSM_FALSE);	// don't delete since it wasn't permanent
	if(crtn) {
		printError("CSSM_FreeKey", crtn);
	}
	free(inFile);		// mallocd by readFile() 
	
	/* this was mallocd by CSP */
	appFree(outData.Data, NULL);
	CSSM_ModuleDetach(cspHand);
	return rtn;
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	File: cryptTool.c
	3
	4	Description: simple encrypt/decrypt utility to demonstrate CDSA API
	5	used for symmetric encryption
	6
	7	Author: dmitch
	8
	9	Copyright: Copyright (c) 2001,2003,2005-2006 Apple Computer, Inc. All Rights Reserved.
	10
	11	Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
	12	Computer, Inc. ("Apple") in consideration of your agreement to
	13	the following terms, and your use, installation, modification
	14	or redistribution of this Apple software constitutes acceptance
	15	of these terms. If you do not agree with these terms, please
	16	do not use, install, modify or redistribute this Apple software.
	17
	18	In consideration of your agreement to abide by the following
	19	terms, and subject to these terms, Apple grants you a personal,
	20	non-exclusive license, under Apple's copyrights in this
	21	original Apple software (the "Apple Software"), to use,
	22	reproduce, modify and redistribute the Apple Software, with
	23	or without modifications, in source and/or binary forms;
	24	provided that if you redistribute the Apple Software in
	25	its entirety and without modifications, you must retain
	26	this notice and the following text and disclaimers in all
	27	such redistributions of the Apple Software. Neither the
	28	name, trademarks, service marks or logos of Apple Computer,
	29	Inc. may be used to endorse or promote products derived from the
	30	Apple Software without specific prior written permission from
	31	Apple. Except as expressly stated in this notice, no other
	32	rights or licenses, express or implied, are granted by Apple
	33	herein, including but not limited to any patent rights that
	34	may be infringed by your derivative works or by other works
	35	in which the Apple Software may be incorporated.
	36
	37	The Apple Software is provided by Apple on an "AS IS" basis.
	38	APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
	39	WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
	40	MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
	41	REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
	42	OR IN COMBINATION WITH YOUR PRODUCTS.
	43
	44	IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
	45	INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	46	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	47	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
	49	AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
	50	AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
	51	NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
	52	HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	53	*/
	54
	55	#include "common.h"
	56	#include <security_cdsa_utils/cuFileIo.h>
	57	#include <stdio.h>
	58	#include <string.h>
	59	#include <stdlib.h>
	60
	61	static void usage(char **argv)
	62	{
	63	printf("usage:\n");
	64	printf(" %s op password keySize inFile outFile [a=algorithm]\n", argv[0]);
65	printf(" op:\n");
66	printf(" e encrypt\n");
67	printf(" d decrypt\n");
68	printf(" algorithm:\n");
69	printf(" 4 RC4 (default if no algorithm specified)\n");
70	printf(" c ASC/ComCryption\n");
71	printf(" d DES\n");
72	printf(" a AES\n");
73	exit(1);
74	}
75
76	/*
77	* Derive symmetric key.
78	*/
79	static CSSM_RETURN ctDeriveKey(CSSM_CSP_HANDLE cspHand,
80	uint32 keyAlg, // CSSM_ALGID_RC5, etc.
81	const char *keyLabel,
82	unsigned keyLabelLen,
83	uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
84	uint32 keySizeInBits,
85	CSSM_DATA_PTR password, // in PKCS-5 lingo
86	CSSM_DATA_PTR salt, // ditto
87	uint32 iterationCnt, // ditto
88	CSSM_KEY_PTR key)
89	{
90	CSSM_RETURN crtn;
91	CSSM_CC_HANDLE ccHand;
92	uint32 keyAttr;
93	CSSM_DATA dummyLabel;
94	CSSM_PKCS5_PBKDF2_PARAMS pbeParams;
95	CSSM_DATA pbeData;
96	CSSM_ACCESS_CREDENTIALS creds;
97
98	memset(key, 0, sizeof(CSSM_KEY));
99	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
100	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
101	CSSM_ALGID_PKCS5_PBKDF2,
102	keyAlg,
103	keySizeInBits,
104	&creds,
105	NULL, // BaseKey
106	iterationCnt,
107	salt,
108	NULL, // seed
109	&ccHand);
110	if(crtn) {
111	printError("CSSM_CSP_CreateDeriveKeyContext", crtn);
112	return crtn;
113	}
114	keyAttr = CSSM_KEYATTR_EXTRACTABLE \| CSSM_KEYATTR_RETURN_REF \|
115	CSSM_KEYATTR_SENSITIVE;
116	dummyLabel.Length = keyLabelLen;
117	dummyLabel.Data = (uint8 *)keyLabel;
118
119	/* passing in password is pretty strange....*/
120	pbeParams.Passphrase = *password;
121	pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
122	pbeData.Data = (uint8 *)&pbeParams;
123	pbeData.Length = sizeof(pbeParams);
124	crtn = CSSM_DeriveKey(ccHand,
125	&pbeData,
126	keyUsage,
127	keyAttr,
128	&dummyLabel,
129	NULL, // cred and acl
130	key);
131	if(crtn) {
132	printError("CSSM_DeriveKey", crtn);
133	return crtn;
134	}
135	crtn = CSSM_DeleteContext(ccHand);
136	if(crtn) {
137	printError("CSSM_DeleteContext", crtn);
138	}
139	return crtn;
140	}
141
142
143	int main(int argc, char **argv)
144	{
145	int rtn;
146	uint32 keySizeInBytes; // from cmd line
147	char *password; // ASCII password from cmd line
148	char *inFileName; // from cmd line
149	unsigned char *inFile; // raw infile data
150	unsigned inFileSize; // in bytes
151	char *outFileName; // from cmd line
152	CSSM_CSP_HANDLE cspHand;
153	CSSM_RETURN crtn;
154	int doEncrypt = 0;
155	CSSM_DATA passwordData;
156	CSSM_DATA saltData = {8, (uint8 *)"someSalt"};
157	CSSM_DATA inData; // data to encrypt/decrypt, from inFile
158	CSSM_DATA outData = {0, NULL};// result data, written to outFile
159	CSSM_CC_HANDLE ccHand; // crypto context
160	CSSM_DATA remData = {0, NULL};
161	CSSM_SIZE bytesProcessed;
162	CSSM_KEY symKey;
163	char algSpec = '4';
164	CSSM_ALGORITHMS keyAlg = 0;
165	CSSM_ALGORITHMS encrAlg = 0;
166	CSSM_ENCRYPT_MODE encrMode = 0;
167	CSSM_PADDING padding = 0;
168	/* max of 16 bytes of init vector for the algs we use */
169	CSSM_DATA initVect = {16, (uint8 *)"someStrangeInitVector"};
170	CSSM_DATA_PTR initVectPtr = NULL;
171
172	if(argc < 6) {
173	usage(argv);
174	}
175
176	/* gather up cmd line args */
177	switch(argv[1][0]) {
178	case 'e':
179	doEncrypt = 1;
180	break;
181	case 'd':
182	doEncrypt = 0;
183	break;
184	default:
185	usage(argv);
186	}
187	password = argv[2];
188	passwordData.Data = (uint8 *)password;
189	passwordData.Length = strlen(password);
190	keySizeInBytes = atoi(argv[3]);
191	if(keySizeInBytes == 0) {
192	printf("keySize of 0 illegal\n");
193	exit(1);
194	}
195	inFileName = argv[4];
196	outFileName = argv[5];
197
198	/* optional algorithm specifier */
199	if(argc == 7) {
200	if(argv[6][0] != 'a') {
201	usage(argv);
202	}
203	algSpec = argv[6][2];
204	}
205
206	/* algorithm-specific parameters */
207	switch(algSpec) {
208	case '4':
209	/* RC4 stream cipher - no padding, no IV, variable key size */
210	keyAlg = CSSM_ALGID_RC4;
211	encrAlg = CSSM_ALGID_RC4;
212	encrMode = CSSM_ALGMODE_NONE;
213	padding = CSSM_PADDING_NONE;
214	break;
215	case 'c':
216	/* ComCryption stream cipher - no padding, no IV, variable key size */
217	keyAlg = CSSM_ALGID_ASC;
218	encrAlg = CSSM_ALGID_ASC;
219	encrMode = CSSM_ALGMODE_NONE;
220	padding = CSSM_PADDING_NONE;
221	break;
222	case 'd':
223	/* DES block cipher, block size = 8 bytes, fixed key size */
224	if(keySizeInBytes != 8) {
225	printf("***DES must have key size of 8 bytes\n");
226	exit(1);
227	}
228	keyAlg = CSSM_ALGID_DES;
229	encrAlg = CSSM_ALGID_DES;
230	encrMode = CSSM_ALGMODE_CBCPadIV8;
231	padding = CSSM_PADDING_PKCS7;
232	initVect.Length = 8;
233	initVectPtr = &initVect;
234	break;
235	case 'a':
236	/* AES block cipher, block size = 16 bytes, fixed key size */
237	if(keySizeInBytes != 16) {
238	printf("***AES must have key size of 8 bytes\n");
239	exit(1);
240	}
241	keyAlg = CSSM_ALGID_AES;
242	encrAlg = CSSM_ALGID_AES;
243	encrMode = CSSM_ALGMODE_CBCPadIV8;
244	padding = CSSM_PADDING_PKCS7;
245	initVect.Length = 16;
246	initVectPtr = &initVect;
247	break;
248	default:
249	usage(argv);
250	}
251
252	/* read inFile from disk */
253	rtn = readFile(inFileName, &inFile, &inFileSize);
254	if(rtn) {
255	printf("Error reading %s: %s\n", inFileName, strerror(rtn));
256	exit(1);
257	}
258	inData.Data = inFile;
259	inData.Length = inFileSize;
260
261	/* attach to CSP */
262	cspHand = cspStartup();
263	if(cspHand == 0) {
264	exit(1);
265	}
266
267	/*
268	* Derive an actual encryption/decryption key from the password ASCII text.
269	* We could use the ASCII text directly as key material but using the DeriveKey
270	* function is much more secure (besides being an industry-standard way to
271	* convert an ASCII password into binary key material).
272	*/
273	crtn = ctDeriveKey(cspHand,
274	keyAlg,
275	"someLabel", // keyLabel, not important
276	9, // keyLabelLen
277	doEncrypt ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
278	keySizeInBytes * 8, // keySizeInBits,
279	&passwordData,
280	&saltData,
281	1000, // iterCount, 1000 is the minimum
282	&symKey);
283	if(crtn) {
284	exit(1);
285	}
286
287	/*
288	* Cook up a symmetric encrypt/decrypt context using the key we just derived
289	*/
290	crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
291	encrAlg, // encryption algorithm
292	encrMode, // mode
293	NULL, // access cred
294	&symKey,
295	initVectPtr, // InitVector
296	padding, // Padding
297	NULL, // Params
298	&ccHand);
299	if(crtn) {
300	printError("CSSM_CSP_CreateSymmetricContext", crtn);
301	exit(1);
302	}
303
304	/*
305	* Do the encrypt/decrypt.
306	* We do this with the init/update/final sequence only to demonstrate its
307	* usage.
308	*/
309	if(doEncrypt) {
310	crtn = CSSM_EncryptDataInit(ccHand);
311	if(crtn) {
312	printError("CSSM_EncryptDataInit", crtn);
313	exit(1);
314	}
315
316	/* this step can be performed an arbitrary number of times, with
317	* the appropriate housekeeping of inData and outData */
318	crtn = CSSM_EncryptDataUpdate(ccHand,
319	&inData,
320	1,
321	&outData,
322	1,
323	&bytesProcessed);
324	if(crtn) {
325	printError("CSSM_EncryptDataUpdate", crtn);
326	exit(1);
327	}
328	outData.Length = bytesProcessed;
329
330	/* one call more to clean up */
331	crtn = CSSM_EncryptDataFinal(ccHand, &remData);
332	if(crtn) {
333	printError("CSSM_EncryptDataFinal", crtn);
334	exit(1);
335	}
336	if(remData.Length != 0) {
337	/* append remaining data to outData */
338	uint32 newLen = outData.Length + remData.Length;
339	outData.Data = (uint8 *)appRealloc(outData.Data,
340	newLen,
341	NULL);
342	memmove(outData.Data + outData.Length, remData.Data, remData.Length);
343	outData.Length = newLen;
344	appFree(remData.Data, NULL);
345	}
346	}
347	else {
348	crtn = CSSM_DecryptDataInit(ccHand);
349	if(crtn) {
350	printError("CSSM_DecryptDataInit", crtn);
351	exit(1);
352	}
353
354	/* this step can be performed an arbitrary number of times, with
355	* the appropriate housekeeping of inData and outData */
356	crtn = CSSM_DecryptDataUpdate(ccHand,
357	&inData,
358	1,
359	&outData,
360	1,
361	&bytesProcessed);
362	if(crtn) {
363	printError("CSSM_DecryptDataUpdate", crtn);
364	exit(1);
365	}
366	outData.Length = bytesProcessed;
367
368	/* one call more to clean up */
369	crtn = CSSM_DecryptDataFinal(ccHand, &remData);
370	if(crtn) {
371	printError("CSSM_DecryptDataFinal", crtn);
372	exit(1);
373	}
374	if(remData.Length != 0) {
375	/* append remaining data to outData */
376	uint32 newLen = outData.Length + remData.Length;
377	outData.Data = (uint8 *)appRealloc(outData.Data,
378	newLen,
379	NULL);
380	memmove(outData.Data + outData.Length, remData.Data, remData.Length);
381	outData.Length = newLen;
382	appFree(remData.Data, NULL);
383	}
384	}
385	if(crtn == CSSM_OK) {
386	rtn = writeFile(outFileName, outData.Data, outData.Length);
387	if(rtn) {
388	printf("Error writing %s: %s\n", outFileName, strerror(rtn));
389	exit(1);
390	}
391	else {
392	printf("SUCCESS: inFile length %u bytes, outFile length %u bytes\n",
393	inFileSize, (unsigned)outData.Length);
394	}
395	}
396	/* free resources */
397	crtn = CSSM_DeleteContext(ccHand);
398	if(crtn) {
399	printError("CSSM_DeleteContext", crtn);
400	}
401	crtn = CSSM_FreeKey(cspHand,
402	NULL, // access cred
403	&symKey,
404	CSSM_FALSE); // don't delete since it wasn't permanent
405	if(crtn) {
406	printError("CSSM_FreeKey", crtn);
407	}
408	free(inFile); // mallocd by readFile()
409
410	/* this was mallocd by CSP */
411	appFree(outData.Data, NULL);
412	CSSM_ModuleDetach(cspHand);
413	return rtn;
414	}
415