]> git.saurik.com Git - apple/security.git/blob - SecurityTests/cspxutils/keyDate/keyDate.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / cspxutils / keyDate / keyDate.cpp
1 /*
2 * keyDate.cpp - test handling of KeyHeader.{StartDate,EndDate}
3 */
4 #include <Security/Security.h>
5 #include <security_cdsa_utilities/cssmdates.h>
6 #include <stdlib.h>
7 #include <stdio.h>
8 #include <unistd.h>
9 #include "cspwrap.h"
10 #include "common.h"
11 #include <CoreFoundation/CoreFoundation.h>
12
13 /*
14 * Enumerate algs our own way to allow iteration.
15 */
16 typedef unsigned privAlg;
17 enum {
18 ALG_ASC = 1,
19 ALG_DES,
20 ALG_AES,
21 ALG_BFISH,
22 ALG_RSA,
23 };
24
25 #define SYM_FIRST ALG_ASC
26 #define SYM_LAST ALG_BFISH
27 #define ASYM_FIRST ALG_RSA
28 #define ASYM_LAST ALG_RSA
29
30 #define KD_DB_NAME "keyDate.db"
31 #define KD_KEY_LABEL "keyStoreKey"
32
33 static CSSM_DATA keyLabelData = {12, (uint8 *)KD_KEY_LABEL};
34
35 static void usage(char **argv)
36 {
37 printf("usage: %s [options]\n", argv[0]);
38 printf(" Options:\n");
39 printf(" s(ymmetric only)\n");
40 printf(" a(symmetric only)\n");
41 printf(" t (key store only)\n");
42 printf(" D (CSPDL; default is bare CSP)\n");
43 printf(" q(uiet)\n");
44 printf(" h(elp)\n");
45 exit(1);
46 }
47
48 #pragma mark -
49 #pragma mark --- Utilities ---
50
51 /*
52 * Set a CSSM_DATE to "today plus delta days". Delta can be positive
53 * or negative.
54 */
55 static void setDate(
56 CSSM_DATE &cdate,
57 int deltaDays)
58 {
59 CFAbsoluteTime cfTime = CFAbsoluteTimeGetCurrent();
60 float fdelta = 60.0 * 60.0 * 24.0 * deltaDays;
61 cfTime += fdelta;
62 CFDateRef cfDate = CFDateCreate(NULL, cfTime);
63 CssmUniformDate cud(cfDate);
64 CFRelease(cfDate);
65 cdate = cud;
66 }
67
68 /*
69 * Compare two CSSM_DATEs. Returns nonzero on error.
70 */
71 static int compareDates(
72 const CSSM_DATE *refDate, // what we tried to set, or NULL
73 const CSSM_DATE *keyDate,
74 const char *op,
75 CSSM_BOOL quiet)
76 {
77 if(refDate == NULL) {
78 /* make sure key date is empty */
79 bool isZero = true;
80 unsigned char *cp = (unsigned char *)keyDate;
81 for(unsigned i=0; i<sizeof(CSSM_DATE); i++) {
82 if(*cp++ != 0) {
83 isZero = false;
84 break;
85 }
86 }
87 if(!isZero) {
88 printf("%s: refDate NULL, non-empty keyDate\n", op);
89 return testError(quiet);
90 }
91 else {
92 return 0;
93 }
94 }
95 if(memcmp(refDate, keyDate, sizeof(CSSM_DATE))) {
96 printf("%s: refDate/keyDate MISCOMPARE\n", op);
97 return testError(quiet);
98 }
99 else {
100 return 0;
101 }
102 }
103
104 #pragma mark -
105 #pragma mark -- Key generation ---
106
107 /*
108 * symmetric key generator with startDate/endDate
109 */
110 static int genSymKey(
111 CSSM_CSP_HANDLE cspHand,
112 CSSM_KEY_PTR symKey,
113 uint32 alg,
114 const char *keyAlgStr,
115 uint32 keySizeInBits,
116 CSSM_KEYATTR_FLAGS keyAttr,
117 CSSM_KEYUSE keyUsage,
118 CSSM_BOOL quiet,
119 bool setStartDate,
120 int startDeltaDays,
121 bool setEndDate,
122 int endDeltaDays,
123 CSSM_DL_DB_HANDLE *dlDbHand = NULL) // optional
124 {
125 CSSM_RETURN crtn;
126 CSSM_CC_HANDLE ccHand;
127 CSSM_DATE startDate;
128 CSSM_DATE endDate;
129
130 if(setStartDate) {
131 setDate(startDate, startDeltaDays);
132 }
133 if(setEndDate) {
134 setDate(endDate, endDeltaDays);
135 }
136
137 memset(symKey, 0, sizeof(CSSM_KEY));
138 crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
139 alg,
140 keySizeInBits, // keySizeInBits
141 NULL, // Seed
142 NULL, // Salt
143 setStartDate ? &startDate : NULL,
144 setEndDate ? &endDate : NULL,
145 NULL, // Params
146 &ccHand);
147 if(crtn) {
148 printError("CSSM_CSP_CreateKeyGenContext", crtn);
149 return testError(quiet);
150 }
151 if(dlDbHand) {
152 /* add in DL/DB to context */
153 crtn = cspAddDlDbToContext(ccHand, dlDbHand->DLHandle,
154 dlDbHand->DBHandle);
155 if(crtn) {
156 return testError(quiet);
157 }
158 }
159 crtn = CSSM_GenerateKey(ccHand,
160 keyUsage,
161 keyAttr,
162 &keyLabelData,
163 NULL, // ACL
164 symKey);
165 if(crtn) {
166 printError("CSSM_GenerateKey", crtn);
167 return testError(quiet);
168 }
169 CSSM_DeleteContext(ccHand);
170
171 CSSM_KEYHEADER &hdr = symKey->KeyHeader;
172 CSSM_DATE *cdp = NULL;
173 if(setStartDate) {
174 cdp = &startDate;
175 }
176 if(compareDates(cdp, &hdr.StartDate, keyAlgStr, quiet)) {
177 return 1;
178 }
179 if(setEndDate) {
180 cdp = &endDate;
181 }
182 else {
183 cdp = NULL;
184 }
185 if(compareDates(cdp, &hdr.EndDate, keyAlgStr, quiet)) {
186 return 1;
187 }
188 return 0;
189 }
190
191 /*
192 * Common, flexible, error-tolerant key pair generator.
193 */
194 static int genKeyPair(
195 CSSM_CSP_HANDLE cspHand,
196 uint32 algorithm,
197 const char *keyAlgStr,
198 uint32 keySizeInBits,
199 CSSM_KEY_PTR pubKey,
200 CSSM_KEYATTR_FLAGS pubKeyAttr,
201 CSSM_KEYUSE pubKeyUsage,
202 CSSM_KEY_PTR privKey,
203 CSSM_KEYATTR_FLAGS privKeyAttr,
204 CSSM_KEYUSE privKeyUsage,
205 CSSM_BOOL quiet,
206 bool setStartDate,
207 int startDeltaDays,
208 bool setEndDate,
209 int endDeltaDays,
210 CSSM_DL_DB_HANDLE *dlDbHand = NULL) // optional
211 {
212 CSSM_RETURN crtn;
213 CSSM_CC_HANDLE ccHand;
214 CSSM_DATE startDate;
215 CSSM_DATE endDate;
216
217 if(setStartDate) {
218 setDate(startDate, startDeltaDays);
219 }
220 if(setEndDate) {
221 setDate(endDate, endDeltaDays);
222 }
223
224 memset(pubKey, 0, sizeof(CSSM_KEY));
225 memset(privKey, 0, sizeof(CSSM_KEY));
226
227 crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
228 algorithm,
229 keySizeInBits,
230 NULL, // Seed
231 NULL, // Salt
232 setStartDate ? &startDate : NULL,
233 setEndDate ? &endDate : NULL,
234 NULL, // Params
235 &ccHand);
236 if(crtn) {
237 printError("CSSM_CSP_CreateKeyGenContext", crtn);
238 return testError(quiet);
239 }
240
241 if(dlDbHand) {
242 /* add in DL/DB to context */
243 crtn = cspAddDlDbToContext(ccHand, dlDbHand->DLHandle,
244 dlDbHand->DBHandle);
245 if(crtn) {
246 return testError(quiet);
247 }
248 }
249
250 crtn = CSSM_GenerateKeyPair(ccHand,
251 pubKeyUsage,
252 pubKeyAttr,
253 &keyLabelData,
254 pubKey,
255 privKeyUsage,
256 privKeyAttr,
257 &keyLabelData, // same labels
258 NULL, // CredAndAclEntry
259 privKey);
260 if(crtn) {
261 printError("CSSM_GenerateKeyPair", crtn);
262 return testError(quiet);
263 }
264 CSSM_DeleteContext(ccHand);
265 CSSM_KEYHEADER &pubHdr = pubKey->KeyHeader;
266 CSSM_KEYHEADER &privHdr = privKey->KeyHeader;
267 CSSM_DATE *cdp = NULL;
268 if(setStartDate) {
269 cdp = &startDate;
270 }
271 if(compareDates(cdp, &pubHdr.StartDate, keyAlgStr, quiet)) {
272 return 1;
273 }
274 if(compareDates(cdp, &privHdr.StartDate, keyAlgStr, quiet)) {
275 return 1;
276 }
277 if(setEndDate) {
278 cdp = &endDate;
279 }
280 else {
281 cdp = NULL;
282 }
283 if(compareDates(cdp, &pubHdr.EndDate, keyAlgStr, quiet)) {
284 return 1;
285 }
286 if(compareDates(cdp, &privHdr.EndDate, keyAlgStr, quiet)) {
287 return 1;
288 }
289 return 0;
290 }
291
292 /* map one of our private privAlgs (ALG_DES, etc.) to associated CSSM info. */
293 void privAlgToCssm(
294 privAlg palg,
295 CSSM_ALGORITHMS *keyAlg,
296 CSSM_ALGORITHMS *signAlg, // CSSM_ALGID_NONE means incapable
297 // (e.g., DES)
298 CSSM_ALGORITHMS *encrAlg, // CSSM_ALGID_NONE means incapable
299 CSSM_ENCRYPT_MODE *encrMode,
300 CSSM_PADDING *encrPad,
301 uint32 *keySizeInBits,
302 const char **keyAlgStr)
303 {
304 *signAlg = *encrAlg = CSSM_ALGID_NONE; // default
305 *encrMode = CSSM_ALGMODE_NONE;
306 *encrPad = CSSM_PADDING_NONE;
307 switch(palg) {
308 case ALG_ASC:
309 *encrAlg = *keyAlg = CSSM_ALGID_ASC;
310 *keySizeInBits = CSP_ASC_KEY_SIZE_DEFAULT;
311 *keyAlgStr = "ASC";
312 break;
313 case ALG_DES:
314 *encrAlg = *keyAlg = CSSM_ALGID_DES;
315 *keySizeInBits = CSP_DES_KEY_SIZE_DEFAULT;
316 *keyAlgStr = "DES";
317 *encrMode = CSSM_ALGMODE_CBCPadIV8;
318 *encrPad = CSSM_PADDING_PKCS7;
319 break;
320 case ALG_AES:
321 *encrAlg = *keyAlg = CSSM_ALGID_AES;
322 *keySizeInBits = CSP_AES_KEY_SIZE_DEFAULT;
323 *keyAlgStr = "AES";
324 *encrMode = CSSM_ALGMODE_CBCPadIV8;
325 *encrPad = CSSM_PADDING_PKCS7;
326 break;
327 case ALG_BFISH:
328 *encrAlg = *keyAlg = CSSM_ALGID_BLOWFISH;
329 *keySizeInBits = CSP_BFISH_KEY_SIZE_DEFAULT;
330 *keyAlgStr = "Blowfish";
331 *encrMode = CSSM_ALGMODE_CBCPadIV8;
332 *encrPad = CSSM_PADDING_PKCS7;
333 break;
334 case ALG_RSA:
335 *keyAlg = CSSM_ALGID_RSA;
336 *encrAlg = CSSM_ALGID_RSA;
337 *signAlg = CSSM_ALGID_SHA1WithRSA;
338 *keySizeInBits = 512;
339 *keyAlgStr = "RSA";
340 *encrPad = CSSM_PADDING_PKCS1;
341 break;
342 default:
343 printf("***BRRZAP! privAlgToCssm needs work\n");
344 exit(1);
345 }
346 return;
347 }
348
349 #pragma mark -
350 #pragma mark --- basic ops to detect INVALID_KEY_{START,END}_DATE ---
351
352 #define PTEXT_SIZE 64
353 #define IV_SIZE 16
354
355 static int doEncrypt(
356 CSSM_CSP_HANDLE cspHand,
357 const char *algStr,
358 CSSM_KEY_PTR key, // session, public
359 CSSM_ALGORITHMS encrAlg,
360 CSSM_ENCRYPT_MODE encrMode,
361 CSSM_PADDING encrPad,
362 CSSM_RETURN expRtn, // expected result
363 CSSM_BOOL quiet)
364 {
365 uint8 ptextData[PTEXT_SIZE];
366 CSSM_DATA ptext = {PTEXT_SIZE, ptextData};
367 uint8 someIvData[IV_SIZE];
368 CSSM_DATA someIv = {IV_SIZE, someIvData};
369
370 simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE);
371 simpleGenData(&someIv, IV_SIZE, IV_SIZE);
372
373 CSSM_CC_HANDLE cryptHand = 0;
374 CSSM_RETURN crtn;
375 CSSM_ACCESS_CREDENTIALS creds;
376
377 memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
378
379 if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY) {
380 crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
381 encrAlg,
382 encrMode,
383 NULL, // access cred
384 key,
385 &someIv,
386 encrPad,
387 NULL, // Params
388 &cryptHand);
389 if(crtn) {
390 printError("CSSM_CSP_CreateSymmetricContext", crtn);
391 return testError(quiet);
392 }
393 }
394 else if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_PUBLIC_KEY) {
395 crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
396 encrAlg,
397 &creds, // access
398 key,
399 encrPad,
400 &cryptHand);
401 if(crtn) {
402 printError("CSSM_CSP_CreateAsymmetricContext", crtn);
403 return testError(quiet);
404 }
405 }
406 else {
407 printf("***BRRZAP! Only encrypt with session and public keys\n");
408 exit(1);
409 }
410
411 CSSM_DATA ctext = {0, NULL};
412 CSSM_DATA remData = {0, NULL};
413 CSSM_SIZE bEncr;
414 int irtn = 0;
415
416 crtn = CSSM_EncryptData(cryptHand,
417 &ptext,
418 1,
419 &ctext,
420 1,
421 &bEncr,
422 &remData);
423 if(crtn != expRtn) {
424 if(expRtn == CSSM_OK) {
425 printError("CSSM_EncryptData", crtn);
426 printf("Unexpected error encrypting with %s\n", algStr);
427 }
428 else {
429 printf("***Encrypt with %s: expected %s, got %s.\n",
430 algStr, cssmErrToStr(expRtn),
431 cssmErrToStr(crtn));
432 }
433 irtn = testError(quiet);
434 }
435 appFreeCssmData(&ctext, CSSM_FALSE);
436 appFreeCssmData(&remData, CSSM_FALSE);
437 CSSM_DeleteContext(cryptHand);
438 return irtn;
439 }
440
441 /*
442 * Decrypt bad cipher text. If the key is bad the CSP won't even get
443 * to the ciphertext. Bad ciphertext can result in a number of errors,
444 * in some cases it can even result in complete success, which we handle
445 * OK if the key is supposed to be good.
446 */
447
448 typedef enum {
449 DR_BadStartDate, // must be CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE
450 DR_BadEndDate, // must be CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE
451 DR_BadData // CSSMERR_CSP_INVALID_DATA. etc.
452 } DecrResult;
453
454 #define CTEXT_SIZE (PTEXT_SIZE )
455
456 static int doDecrypt(
457 CSSM_CSP_HANDLE cspHand,
458 const char *algStr,
459 CSSM_KEY_PTR key, // session, private
460 CSSM_ALGORITHMS encrAlg,
461 CSSM_ENCRYPT_MODE encrMode,
462 CSSM_PADDING encrPad,
463 DecrResult expResult,
464 CSSM_BOOL quiet)
465 {
466 uint8 ctextData[CTEXT_SIZE];
467 CSSM_DATA ctext = {CTEXT_SIZE, ctextData};
468 uint8 someIvData[IV_SIZE];
469 CSSM_DATA someIv = {IV_SIZE, someIvData};
470
471 /*
472 * I have not found a way to guarantee decrypt failure here, no matter
473 * what ctext and IV I specify. We can't just do an encrypt and
474 * munge because we might be testing a bad (expired) key.
475 * We might have to redesign, first generating a good key, then an
476 * expired key from it...? Until then this test is loose about
477 * handling "key is good" detection.
478 */
479 memset(ctextData, 0, CTEXT_SIZE); // guaranteed bad padding
480 memset(someIvData, 0, IV_SIZE);
481
482 CSSM_CC_HANDLE cryptHand = 0;
483 CSSM_RETURN crtn;
484 CSSM_ACCESS_CREDENTIALS creds;
485
486 memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
487
488 if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY) {
489 crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
490 encrAlg,
491 encrMode,
492 NULL, // access cred
493 key,
494 &someIv,
495 encrPad,
496 NULL, // Params
497 &cryptHand);
498 if(crtn) {
499 printError("CSSM_CSP_CreateSymmetricContext", crtn);
500 return testError(quiet);
501 }
502 }
503 else if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY) {
504 crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
505 encrAlg,
506 &creds, // access
507 key,
508 encrPad,
509 &cryptHand);
510 if(crtn) {
511 printError("CSSM_CSP_CreateAsymmetricContext", crtn);
512 return testError(quiet);
513 }
514 }
515 else {
516 printf("***BRRZAP! Only decrypt with session and private"
517 " keys\n");
518 exit(1);
519 }
520
521 CSSM_DATA ptext = {0, NULL};
522 CSSM_DATA remData = {0, NULL};
523 CSSM_SIZE bDecr;
524 int irtn = 0;
525
526 crtn = CSSM_DecryptData(cryptHand,
527 &ctext,
528 1,
529 &ptext,
530 1,
531 &bDecr,
532 &remData);
533 switch(expResult) {
534 case DR_BadStartDate:
535 if(crtn != CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE) {
536 printf("***Decrypt with %s: expected INVALID_KEY_START_DATE, "
537 "got %s.\n", algStr, cssmErrToStr(crtn));
538 irtn = testError(quiet);
539 }
540 break;
541 case DR_BadEndDate:
542 if(crtn != CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE) {
543 printf("***Decrypt with %s: expected INVALID_KEY_END_DATE, "
544 "got %s.\n", algStr, cssmErrToStr(crtn));
545 irtn = testError(quiet);
546 }
547 break;
548 case DR_BadData:
549 switch(crtn) {
550 case CSSM_OK: // good data, seen sometimes
551 case CSSMERR_CSP_INVALID_DATA: // common case
552 case CSSMERR_CSP_INTERNAL_ERROR: // default case in CSP's
553 // throwRsaDsa() :-(
554 break;
555 default:
556 printf("***Decrypt with %s: expected INVALID_DATA or OK, "
557 "got %s.\n",
558 algStr, cssmErrToStr(crtn));
559 irtn = testError(quiet);
560 break;
561 }
562 break;
563 }
564 appFreeCssmData(&ptext, CSSM_FALSE);
565 appFreeCssmData(&remData, CSSM_FALSE);
566 CSSM_DeleteContext(cryptHand);
567 return irtn;
568 }
569
570 static int doSign(
571 CSSM_CSP_HANDLE cspHand,
572 const char *algStr,
573 CSSM_KEY_PTR key, // private
574 CSSM_ALGORITHMS sigAlg,
575 CSSM_RETURN expRtn, // expected result
576 CSSM_BOOL quiet)
577 {
578 uint8 ptextData[PTEXT_SIZE];
579 CSSM_DATA ptext = {PTEXT_SIZE, ptextData};
580 CSSM_DATA sig = {0, NULL};
581
582 simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE);
583
584 CSSM_CC_HANDLE cryptHand = 0;
585 CSSM_RETURN crtn;
586
587 crtn = CSSM_CSP_CreateSignatureContext(cspHand,
588 sigAlg,
589 NULL, // passPhrase
590 key,
591 &cryptHand);
592 if(crtn) {
593 printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
594 return testError(quiet);
595 }
596 int irtn = 0;
597 crtn = CSSM_SignData(cryptHand,
598 &ptext,
599 1,
600 CSSM_ALGID_NONE,
601 &sig);
602 if(crtn != expRtn) {
603 if(expRtn == CSSM_OK) {
604 printError("CSSM_SignData", crtn);
605 printf("Unexpected error signing with %s\n", algStr);
606 }
607 else {
608 printf("***Sign with %s: expected %s, got %s.\n",
609 algStr, cssmErrToStr(expRtn),
610 cssmErrToStr(crtn));
611 }
612 irtn = testError(quiet);
613 }
614 appFreeCssmData(&sig, CSSM_FALSE);
615 CSSM_DeleteContext(cryptHand);
616 return irtn;
617 }
618
619 /*
620 * Verify bad signature. If the key is bad the CSP won't even get
621 * to the sig verify. Otherwise expect KD_VERIFY_FAIL_ERR.
622 */
623 #define KD_VERIFY_FAIL_ERR CSSMERR_CSP_VERIFY_FAILED
624
625 static int doVerify(
626 CSSM_CSP_HANDLE cspHand,
627 const char *algStr,
628 CSSM_KEY_PTR key, // private
629 CSSM_ALGORITHMS sigAlg,
630 CSSM_RETURN expRtn, // expected result
631 CSSM_BOOL quiet)
632 {
633 uint8 ptextData[PTEXT_SIZE];
634 CSSM_DATA ptext = {PTEXT_SIZE, ptextData};
635 uint8 sigData[PTEXT_SIZE];
636 CSSM_DATA sig = {PTEXT_SIZE, sigData};
637
638 simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE);
639 memset(sigData, 0, PTEXT_SIZE);
640
641 CSSM_CC_HANDLE cryptHand = 0;
642 CSSM_RETURN crtn;
643
644 crtn = CSSM_CSP_CreateSignatureContext(cspHand,
645 sigAlg,
646 NULL, // passPhrase
647 key,
648 &cryptHand);
649 if(crtn) {
650 printError("CSSM_CSP_CreateSignatureContext (2)", crtn);
651 return testError(quiet);
652 }
653 int irtn = 0;
654 crtn = CSSM_VerifyData(cryptHand,
655 &ptext,
656 1,
657 CSSM_ALGID_NONE,
658 &sig);
659 if(crtn != expRtn) {
660 if(expRtn == CSSM_OK) {
661 printError("CSSM_VerifyData", crtn);
662 printf("Unexpected error verifying with %s\n", algStr);
663 }
664 else {
665 printf("***Verify with %s: expected %s, got %s.\n",
666 algStr, cssmErrToStr(expRtn),
667 cssmErrToStr(crtn));
668 }
669 irtn = testError(quiet);
670 }
671 CSSM_DeleteContext(cryptHand);
672 return irtn;
673 }
674
675
676 #pragma mark -
677 #pragma mark -- test suites ---
678
679 int doSymTests(
680 CSSM_CSP_HANDLE cspHand,
681 privAlg palg,
682 CSSM_BOOL refKeys,
683 CSSM_BOOL quiet)
684 {
685 CSSM_ALGORITHMS keyAlg;
686 CSSM_ALGORITHMS signAlg;
687 CSSM_ALGORITHMS encrAlg;
688 CSSM_ENCRYPT_MODE encrMode;
689 CSSM_PADDING encrPad;
690 uint32 keySizeInBits;
691 const char *keyAlgStr;
692
693 privAlgToCssm(palg, &keyAlg, &signAlg, &encrAlg, &encrMode,
694 &encrPad, &keySizeInBits, &keyAlgStr);
695
696 CSSM_KEY symKey;
697 int irtn;
698 CSSM_KEYATTR_FLAGS keyAttr;
699 if(refKeys) {
700 keyAttr = CSSM_KEYATTR_RETURN_REF;
701 }
702 else {
703 keyAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
704 }
705
706 if(!quiet) {
707 printf("...testing %s with %s keys\n", keyAlgStr,
708 refKeys ? "Ref" : "Raw");
709 printf(" ...verifying empty Dates\n");
710 }
711 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits,
712 keyAttr, CSSM_KEYUSE_ANY, quiet,
713 CSSM_FALSE, 0, // no StartDate
714 CSSM_FALSE, 0); // no EndDate
715 if(irtn) {
716 return irtn;
717 }
718 irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
719 encrPad, CSSM_OK, quiet);
720 if(irtn) {
721 printf("***Failure on encrypting with empty Key Dates\n");
722 return irtn;
723 }
724 irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
725 encrPad, DR_BadData, quiet);
726 if(irtn) {
727 printf("***Failure on decrypting with empty Key Dates\n");
728 return irtn;
729 }
730 cspFreeKey(cspHand, &symKey);
731
732 if(!quiet) {
733 printf(" ...verifying Good Dates\n");
734 }
735 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits,
736 keyAttr, CSSM_KEYUSE_ANY, quiet,
737 CSSM_TRUE, 0, // StartDate = today
738 CSSM_TRUE, 1); // EndDate = tomorrow
739 if(irtn) {
740 return irtn;
741 }
742 irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
743 encrPad, CSSM_OK, quiet);
744 if(irtn) {
745 printf("***Failure on encrypting with good Key Dates\n");
746 return irtn;
747 }
748 irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
749 encrPad, DR_BadData, quiet);
750 if(irtn) {
751 printf("***Failure on decrypting with good Key Dates\n");
752 return irtn;
753 }
754 cspFreeKey(cspHand, &symKey);
755
756 if(!quiet) {
757 printf(" ...verifying Bad StartDate\n");
758 }
759 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits,
760 keyAttr, CSSM_KEYUSE_ANY, quiet,
761 CSSM_TRUE, 1, // StartDate = tomorrow
762 CSSM_TRUE, 1); // EndDate = tomorrow
763 if(irtn) {
764 return irtn;
765 }
766 irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
767 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
768 if(irtn) {
769 printf("***Failure on encrypting with bad StartDate\n");
770 return irtn;
771 }
772 irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
773 encrPad, DR_BadStartDate, quiet);
774 if(irtn) {
775 printf("***Failure on decrypting with bad StartDate\n");
776 return irtn;
777 }
778 cspFreeKey(cspHand, &symKey);
779
780 if(!quiet) {
781 printf(" ...verifying Bad EndDate\n");
782 }
783 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits,
784 keyAttr, CSSM_KEYUSE_ANY, quiet,
785 CSSM_TRUE, 0, // StartDate = today
786 CSSM_TRUE, -1); // EndDate = yesterday
787 if(irtn) {
788 return irtn;
789 }
790 irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
791 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
792 if(irtn) {
793 printf("***Failure on encrypting with bad StartDate\n");
794 return irtn;
795 }
796 irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode,
797 encrPad, DR_BadEndDate, quiet);
798 if(irtn) {
799 printf("***Failure on decrypting with bad EndDate\n");
800 return irtn;
801 }
802 cspFreeKey(cspHand, &symKey);
803
804 return 0;
805 }
806
807 int doAsymTests(
808 CSSM_CSP_HANDLE cspHand,
809 privAlg palg,
810 CSSM_BOOL refKeys,
811 CSSM_BOOL quiet)
812 {
813 CSSM_ALGORITHMS keyAlg;
814 CSSM_ALGORITHMS sigAlg;
815 CSSM_ALGORITHMS encrAlg;
816 CSSM_ENCRYPT_MODE encrMode;
817 CSSM_PADDING encrPad;
818 uint32 keySizeInBits;
819 const char *keyAlgStr;
820
821 privAlgToCssm(palg, &keyAlg, &sigAlg, &encrAlg, &encrMode,
822 &encrPad, &keySizeInBits, &keyAlgStr);
823
824 CSSM_KEY pubKey;
825 CSSM_KEY privKey;
826 int irtn;
827 CSSM_KEYATTR_FLAGS pubKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
828 CSSM_KEYATTR_FLAGS privKeyAttr = CSSM_KEYATTR_EXTRACTABLE;
829 if(refKeys) {
830 pubKeyAttr |= CSSM_KEYATTR_RETURN_REF;
831 privKeyAttr |= CSSM_KEYATTR_RETURN_REF;
832 }
833 else {
834 pubKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
835 privKeyAttr |= CSSM_KEYATTR_RETURN_DATA;
836 }
837
838 if(!quiet) {
839 printf("...testing %s with %s keys\n", keyAlgStr,
840 refKeys ? "Ref" : "Raw");
841 printf(" ...verifying empty Dates\n");
842 }
843 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
844 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
845 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
846 quiet,
847 CSSM_FALSE, 0, // no StartDate
848 CSSM_FALSE, 0); // no EndDate
849 if(irtn) {
850 return irtn;
851 }
852 irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
853 encrPad, CSSM_OK, quiet);
854 if(irtn) {
855 printf("***Failure on encrypting with empty Key Dates\n");
856 return irtn;
857 }
858 irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
859 encrPad, DR_BadData, quiet);
860 if(irtn) {
861 printf("***Failure on decrypting with empty Key Dates\n");
862 return irtn;
863 }
864 irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
865 CSSM_OK, quiet);
866 if(irtn) {
867 printf("***Failure on signing with empty Key Dates\n");
868 return irtn;
869 }
870 irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
871 KD_VERIFY_FAIL_ERR, quiet);
872 if(irtn) {
873 printf("***Failure on verifying with empty Key Dates\n");
874 return irtn;
875 }
876 cspFreeKey(cspHand, &pubKey);
877 cspFreeKey(cspHand, &privKey);
878
879 if(!quiet) {
880 printf(" ...verifying Good Dates\n");
881 }
882 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
883 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
884 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
885 quiet,
886 CSSM_TRUE, 0, // StartDate = today
887 CSSM_TRUE, 1); // EndDate = tomorrow
888 if(irtn) {
889 return irtn;
890 }
891 irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
892 encrPad, CSSM_OK, quiet);
893 if(irtn) {
894 printf("***Failure on encrypting with good Key Dates\n");
895 return irtn;
896 }
897 irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
898 encrPad, DR_BadData, quiet);
899 if(irtn) {
900 printf("***Failure on decrypting with Good Key Dates\n");
901 return irtn;
902 }
903 irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
904 CSSM_OK, quiet);
905 if(irtn) {
906 printf("***Failure on signing with Good Key Dates\n");
907 return irtn;
908 }
909 irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
910 KD_VERIFY_FAIL_ERR, quiet);
911 if(irtn) {
912 printf("***Failure on verifying with Good Key Dates\n");
913 return irtn;
914 }
915 cspFreeKey(cspHand, &pubKey);
916 cspFreeKey(cspHand, &privKey);
917
918 if(!quiet) {
919 printf(" ...verifying Bad StartDate\n");
920 }
921 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
922 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
923 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
924 quiet,
925 CSSM_TRUE, 1, // StartDate = tomorrow
926 CSSM_TRUE, 1); // EndDate = tomorrow
927 if(irtn) {
928 return irtn;
929 }
930 irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
931 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
932 if(irtn) {
933 printf("***Failure on encrypting with bad StartDate\n");
934 return irtn;
935 }
936 irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
937 encrPad, DR_BadStartDate, quiet);
938 if(irtn) {
939 printf("***Failure on decrypting with bad StartDate\n");
940 return irtn;
941 }
942 irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
943 CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
944 if(irtn) {
945 printf("***Failure on signing with bad StartDate\n");
946 return irtn;
947 }
948 irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
949 CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
950 if(irtn) {
951 printf("***Failure on verifying with bad StartDate\n");
952 return irtn;
953 }
954 cspFreeKey(cspHand, &pubKey);
955 cspFreeKey(cspHand, &privKey);
956
957 if(!quiet) {
958 printf(" ...verifying Bad EndDate\n");
959 }
960 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
961 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
962 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
963 quiet,
964 CSSM_TRUE, 0, // StartDate = today
965 CSSM_TRUE, -1); // EndDate = yesterday
966 if(irtn) {
967 return irtn;
968 }
969 irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode,
970 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
971 if(irtn) {
972 printf("***Failure on encrypting with bad EndDate\n");
973 return irtn;
974 }
975 irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode,
976 encrPad, DR_BadEndDate, quiet);
977 if(irtn) {
978 printf("***Failure on decrypting with bad EndDate\n");
979 return irtn;
980 }
981 irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg,
982 CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
983 if(irtn) {
984 printf("***Failure on signing with bad EndDate\n");
985 return irtn;
986 }
987 irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg,
988 CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
989 if(irtn) {
990 printf("***Failure on verifying with bad EndDate\n");
991 return irtn;
992 }
993 cspFreeKey(cspHand, &pubKey);
994 cspFreeKey(cspHand, &privKey);
995
996 return 0;
997 }
998
999 /*
1000 * fetch stored key from DB, ensure it has same start/end date
1001 */
1002 static int fetchStoredKey(
1003 CSSM_DL_DB_HANDLE dlDbHand,
1004 CT_KeyType lookupType,
1005 CSSM_KEY_PTR compareKey,
1006 const char *op,
1007 CSSM_BOOL quiet,
1008 CSSM_KEY_PTR *lookupKey) // RETURNED
1009 {
1010 CSSM_KEY_PTR lookup = cspLookUpKeyByLabel(dlDbHand.DLHandle,
1011 dlDbHand.DBHandle,
1012 &keyLabelData,
1013 lookupType);
1014 if(lookup == NULL) {
1015 printf("%s: Error looking up key in DB\n", op);
1016 return testError(quiet);
1017 }
1018 if(compareDates(&compareKey->KeyHeader.StartDate,
1019 &lookup->KeyHeader.StartDate,
1020 op, quiet)) {
1021 return 1;
1022 }
1023 *lookupKey = lookup;
1024 return 0;
1025 }
1026
1027 int doStoreTests(
1028 CSSM_CSP_HANDLE cspHand, // must be CSPDL
1029 CSSM_DL_DB_HANDLE dlDbHand,
1030 privAlg palg,
1031 CSSM_BOOL isAsym,
1032 CSSM_BOOL quiet)
1033 {
1034 CSSM_ALGORITHMS keyAlg;
1035 CSSM_ALGORITHMS signAlg;
1036 CSSM_ALGORITHMS encrAlg;
1037 CSSM_ENCRYPT_MODE encrMode;
1038 CSSM_PADDING encrPad;
1039 uint32 keySizeInBits;
1040 const char *keyAlgStr;
1041
1042 privAlgToCssm(palg, &keyAlg, &signAlg, &encrAlg, &encrMode,
1043 &encrPad, &keySizeInBits, &keyAlgStr);
1044
1045 CSSM_KEY symKey;
1046 CSSM_KEY privKey;
1047 CSSM_KEY pubKey;
1048 int irtn;
1049 CSSM_KEY_PTR lookupKey = NULL; // obtained from DB
1050 CSSM_KEY_PTR compareKey; // &symKey or &pubKey
1051 CT_KeyType lookupType;
1052 CSSM_KEYATTR_FLAGS pubKeyAttr =
1053 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE |
1054 CSSM_KEYATTR_PERMANENT;
1055 CSSM_KEYATTR_FLAGS privKeyAttr =
1056 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT;
1057
1058 if(!quiet) {
1059 printf("...testing %s key storage\n", keyAlgStr);
1060 printf(" ...verifying empty Dates\n");
1061 }
1062 if(isAsym) {
1063 lookupType = CKT_Public;
1064 compareKey = &pubKey;
1065 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
1066 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
1067 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
1068 quiet,
1069 CSSM_FALSE, 0, // no StartDate
1070 CSSM_FALSE, 0, // no EndDate
1071 &dlDbHand);
1072 }
1073 else {
1074 lookupType = CKT_Session;
1075 compareKey = &symKey;
1076 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
1077 keySizeInBits,
1078 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
1079 CSSM_KEYUSE_ANY, quiet,
1080 CSSM_FALSE, 0, // no StartDate
1081 CSSM_FALSE, 0, // no EndDate
1082 &dlDbHand);
1083 }
1084 if(irtn) {
1085 return irtn;
1086 }
1087
1088 /*
1089 * fetch stored key from DB, ensure it has same start/end date
1090 */
1091 if(fetchStoredKey(dlDbHand, lookupType,
1092 compareKey, "Store key with empty Dates", quiet,
1093 &lookupKey)) {
1094 return 1;
1095 }
1096
1097 /* quickie test, use it for encrypt */
1098 irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
1099 encrPad, CSSM_OK, quiet);
1100 if(irtn) {
1101 printf("***Failure on encrypt, lookup with empty Key Dates\n");
1102 return irtn;
1103 }
1104
1105 /* free and delete everything */
1106 if(isAsym) {
1107 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1108 &keyLabelData, &pubKey);
1109 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1110 &keyLabelData, &privKey);
1111 }
1112 else {
1113 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1114 &keyLabelData, &symKey);
1115 }
1116 cspFreeKey(cspHand, lookupKey);
1117
1118 /*********************/
1119
1120 if(!quiet) {
1121 printf(" ...verifying Good Dates\n");
1122 }
1123 if(isAsym) {
1124 lookupType = CKT_Public;
1125 compareKey = &pubKey;
1126 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
1127 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
1128 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
1129 quiet,
1130 CSSM_TRUE, 0, // StartDate = today
1131 CSSM_TRUE, 1, // EndDate = tomorrow
1132 &dlDbHand);
1133 }
1134 else {
1135 lookupType = CKT_Session;
1136 compareKey = &symKey;
1137 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
1138 keySizeInBits,
1139 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
1140 CSSM_KEYUSE_ANY, quiet,
1141 CSSM_TRUE, 0, // StartDate = today
1142 CSSM_TRUE, 1, // EndDate = tomorrow
1143 &dlDbHand);
1144 }
1145 if(irtn) {
1146 return irtn;
1147 }
1148
1149 /*
1150 * fetch stored key from DB, ensure it has same start/end date
1151 */
1152 if(fetchStoredKey(dlDbHand, lookupType,
1153 compareKey, "Store key with Good Dates", quiet,
1154 &lookupKey)) {
1155 return 1;
1156 }
1157
1158 /* quickie test, use it for encrypt */
1159 irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
1160 encrPad, CSSM_OK, quiet);
1161 if(irtn) {
1162 printf("***Failure on encrypt, lookup with Good Key Dates\n");
1163 return irtn;
1164 }
1165
1166 /* free and delete everything */
1167 if(isAsym) {
1168 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1169 &keyLabelData, &pubKey);
1170 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1171 &keyLabelData, &privKey);
1172 }
1173 else {
1174 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1175 &keyLabelData, &symKey);
1176 }
1177 cspFreeKey(cspHand, lookupKey);
1178
1179 /*********************/
1180
1181 if(!quiet) {
1182 printf(" ...verifying Bad StartDate\n");
1183 }
1184 if(isAsym) {
1185 lookupType = CKT_Public;
1186 compareKey = &pubKey;
1187 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
1188 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
1189 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
1190 quiet,
1191 CSSM_TRUE, 1, // StartDate = tomorrow
1192 CSSM_TRUE, 1, // EndDate = tomorrow
1193 &dlDbHand);
1194 }
1195 else {
1196 lookupType = CKT_Session;
1197 compareKey = &symKey;
1198 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
1199 keySizeInBits,
1200 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
1201 CSSM_KEYUSE_ANY, quiet,
1202 CSSM_TRUE, 1, // StartDate = tomorrow
1203 CSSM_TRUE, 1, // EndDate = tomorrow
1204 &dlDbHand);
1205 }
1206 if(irtn) {
1207 return irtn;
1208 }
1209
1210 /*
1211 * fetch stored key from DB, ensure it has same start/end date
1212 */
1213 if(fetchStoredKey(dlDbHand, lookupType,
1214 compareKey, "Store key with Bad StartDate", quiet,
1215 &lookupKey)) {
1216 return 1;
1217 }
1218
1219 /* quickie test, use it for encrypt */
1220 irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
1221 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet);
1222 if(irtn) {
1223 printf("***Failure on encrypt, lookup with Bad Start Dates\n");
1224 return irtn;
1225 }
1226
1227 /* free and delete everything */
1228 if(isAsym) {
1229 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1230 &keyLabelData, &pubKey);
1231 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1232 &keyLabelData, &privKey);
1233 }
1234 else {
1235 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1236 &keyLabelData, &symKey);
1237 }
1238 cspFreeKey(cspHand, lookupKey);
1239
1240 /*********************/
1241
1242 if(!quiet) {
1243 printf(" ...verifying Bad EndDate\n");
1244 }
1245 if(isAsym) {
1246 lookupType = CKT_Public;
1247 compareKey = &pubKey;
1248 irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits,
1249 &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY,
1250 &privKey, privKeyAttr, CSSM_KEYUSE_ANY,
1251 quiet,
1252 CSSM_TRUE, 0, // StartDate = today
1253 CSSM_TRUE, -1, // EndDate = yesterday
1254 &dlDbHand);
1255 }
1256 else {
1257 lookupType = CKT_Session;
1258 compareKey = &symKey;
1259 irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr,
1260 keySizeInBits,
1261 CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
1262 CSSM_KEYUSE_ANY, quiet,
1263 CSSM_TRUE, 0, // StartDate = today
1264 CSSM_TRUE, -1, // EndDate = yesterday
1265 &dlDbHand);
1266 }
1267 if(irtn) {
1268 return irtn;
1269 }
1270
1271 /*
1272 * fetch stored key from DB, ensure it has same start/end date
1273 */
1274 if(fetchStoredKey(dlDbHand, lookupType,
1275 compareKey, "Store key with Bad EndDate", quiet,
1276 &lookupKey)) {
1277 return 1;
1278 }
1279
1280 /* quickie test, use it for encrypt */
1281 irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode,
1282 encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet);
1283 if(irtn) {
1284 printf("***Failure on encrypt, lookup with Bad End Dates\n");
1285 return irtn;
1286 }
1287
1288 /* free and delete everything */
1289 if(isAsym) {
1290 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1291 &keyLabelData, &pubKey);
1292 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1293 &keyLabelData, &privKey);
1294 }
1295 else {
1296 cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle,
1297 &keyLabelData, &symKey);
1298 }
1299 cspFreeKey(cspHand, lookupKey);
1300
1301 return 0;
1302 }
1303
1304
1305 int main(int argc, char **argv)
1306 {
1307 CSSM_CSP_HANDLE cspHand;
1308 int irtn;
1309 CSSM_DL_DB_HANDLE dlDbHand = {0, 0};
1310 char dbName[100]; /* KD_DB_NAME_pid */
1311
1312 /* user-spec'd variables */
1313 CSSM_BOOL quiet = CSSM_FALSE;
1314 CSSM_BOOL doSym = CSSM_TRUE;
1315 CSSM_BOOL doAsym = CSSM_TRUE;
1316 CSSM_BOOL doKeyStore = CSSM_TRUE;
1317 CSSM_BOOL bareCsp = CSSM_TRUE;
1318
1319 int arg;
1320 for(arg=1; arg<argc; arg++) {
1321 switch(argv[arg][0]) {
1322 case 's':
1323 doAsym = doKeyStore = CSSM_FALSE;
1324 break;
1325 case 'a':
1326 doSym = CSSM_FALSE;
1327 break;
1328 case 'D':
1329 bareCsp = CSSM_FALSE;
1330 break;
1331 case 'q':
1332 quiet = CSSM_TRUE;
1333 break;
1334 case 'h':
1335 default:
1336 usage(argv);
1337 }
1338 }
1339
1340 sprintf(dbName, "%s_%d", KD_DB_NAME, (int)getpid());
1341
1342 testStartBanner("keyDate", argc, argv);
1343 cspHand = cspDlDbStartup(bareCsp, NULL);
1344 if(cspHand == 0) {
1345 exit(1);
1346 }
1347 if(!bareCsp) {
1348 dlDbHand.DLHandle = dlStartup();
1349 if(dlDbHand.DLHandle == 0) {
1350 exit(1);
1351 }
1352 CSSM_RETURN crtn = dbCreateOpen(dlDbHand.DLHandle,
1353 dbName, CSSM_TRUE, CSSM_TRUE, dbName,
1354 &dlDbHand.DBHandle);
1355 if(crtn) {
1356 printf("Error creating %s. Aborting.\n", dbName);
1357 exit(1);
1358 }
1359 }
1360 privAlg palg;
1361 if(doSym) {
1362 for(palg=SYM_FIRST; palg<=SYM_LAST; palg++) {
1363 /* once with ref keys */
1364 irtn = doSymTests(cspHand, palg, CSSM_TRUE, quiet);
1365 if(irtn) {
1366 goto abort;
1367 }
1368 if(bareCsp) {
1369 /* and once with raw keys for bare CSP only */
1370 irtn = doSymTests(cspHand, palg, CSSM_FALSE, quiet);
1371 if(irtn) {
1372 goto abort;
1373 }
1374 }
1375 else {
1376 /* test store/retrieve */
1377 irtn = doStoreTests(cspHand, dlDbHand,
1378 palg, CSSM_FALSE, quiet);
1379 if(irtn) {
1380 goto abort;
1381 }
1382 }
1383 }
1384 }
1385 if(doAsym) {
1386 for(palg=ASYM_FIRST; palg<=ASYM_LAST; palg++) {
1387 /* once with ref keys */
1388 irtn = doAsymTests(cspHand, palg, CSSM_TRUE, quiet);
1389 if(irtn) {
1390 goto abort;
1391 }
1392 if(bareCsp) {
1393 /* and once with raw keys for bare CSP only */
1394 irtn = doAsymTests(cspHand, palg, CSSM_TRUE, quiet);
1395 if(irtn) {
1396 goto abort;
1397 }
1398 }
1399 else if(doKeyStore) {
1400 /* test store/retrieve */
1401 irtn = doStoreTests(cspHand, dlDbHand,
1402 palg, CSSM_TRUE, quiet);
1403 if(irtn) {
1404 goto abort;
1405 }
1406 }
1407 }
1408 }
1409 abort:
1410 if(irtn == 0) {
1411 /* be nice: if we ran OK delete the cruft DB we created */
1412 unlink(dbName);
1413 }
1414 return irtn;
1415 }
mirror of Security