SecurityTests/cspxutils/utilLib/cspdlTesting.h

   1 /*
   2  * cspdlTesting.h - workaround flags for testing CSPDL using CSP-oriented tests.
   3  */
   4
   5 #ifndef _CSPDL_TESTING_H_
   6 #define _CSPDL_TESTING_H_
   7
   8 #ifdef  __cplusplus
   9 extern "C" {
  10 #endif
  11
  12 /*
  13  * All generated keys must be reference keys.
  14  */
  15 #define CSPDL_ALL_KEYS_ARE_REF          1
  16
  17 /*
  18  * 2nd/public key in two-key FEE ops must be raw. This is because the Security
  19  * Server doesn't go in and deal with ref keys which are only found in a
  20  * Context.
  21  */
  22 #define CSPDL_2ND_PUB_KEY_IS_RAW        1
  23
  24 /*
  25  * Ease off on restriction of ptext size == ctext size in case of symmetric
  26  * en/decrypt with no padding. The sizes will be equal, but we can't ensure
  27  * that by mallocing exactly the right amount after because CSPDL doesn't
  28  * give an exact (proper) outputSize in this case (yet).
  29  */
  30 #define CSPDL_NOPAD_ENFORCE_SIZE        1
  31
  32 /*
  33  * CSPDL can't do SHA1HMAC_LEGACY with bug-for-bug compatibility with
  34  * BSAFE (sinceÊthe bug-for-bug feature involves doing actual HMAC updates
  35  * exactly as the app presents them).
  36  */
  37 #define CSPDL_SHA1HMAC_LEGACY_ENABLE    0
  38
  39 /*
  40  * CSPDL does not support DSA GenerateAlgorithmParameters. Let the secure CSP
  41  * do it implicitly during key gen.
  42  */
  43 #define CSPDL_DSA_GEN_PARAMS                    0
  44
  45 /*
  46  * Can't generate keys with CSSM_KEYATTR_PRIVATE. Is this a bug or a feature?
  47  * Nobody pays any attention to this except the CSP, which rejects it. Shouldn't
  48  * either CSPDL or SS look at this and strip it off before sending the request
  49  * down to the CSP?
  50  */
  51 #define CSPDL_KEYATTR_PRIVATE                   0
  52
  53 /*
  54  * ObtainPrivateKeyFromPublic key not implemented yet (if ever).
  55  */
  56 #define CSPDL_OBTAIN_PRIV_FROM_PUB              0
  57
  58 /*** Workarounds for badattr test only ***/
  59
  60 /*
  61  * Munged header fields in a ref key should result in CSP_INVALID_KEY_REFERENCE,
  62  * but work fine.
  63  */
  64 #define CSPDL_MUNGE_HEADER_CHECK                0
  65
  66 /*
  67  * ALWAYS_SENSITIVE, NEVER_EXTRACTABLE are ignored, should result in
  68  * CSP_INVALID_KEYATTR_MASK at key gen time.
  69  * FIXED per Radar 2879872.
  70  */
  71 #define CSPDL_ALWAYS_SENSITIVE_CHECK    1
  72 #define CSPDL_NEVER_EXTRACTABLE_CHECK   1
  73
  74 /*** end of badattr workarounds ***/
  75
  76 /*
  77  * <rdar://problem/3732910> certtool can't generate keypair
  78  *
  79  * Until this is fixed - actually the underlying problem is in securityd -
  80  * CSPDL can not generate a key pair without private and public both being
  81  * PERMANENT.
  82  */
  83 #define CSPDL_ALL_KEYS_ARE_PERMANENT    0
  84
  85
  86 /***
  87  *** Other differences/bugs/oddities.
  88  ***/
  89
  90 /*
  91  * 1. SS wraps (encrypt) public keys when encoding them, thus the CSP has to allow
  92  *    wrapping of public keys. This may not be what we really want. See
  93  *    AppleCSP/AppleCSP/wrapKey.cpp for workaround per ALLOW_PUB_KEY_WRAP.
  94  */
  95
  96 #ifdef  __cplusplus
  97 }
  98 #endif
  99
 100 #endif  /* _CSPDL_TESTING_H_ */