]> git.saurik.com Git - apple/security.git/blob - SecurityTests/cspxutils/wrap/wrap.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / cspxutils / wrap / wrap.c
1 /*
2 * encypt/decrypt using wrapped key
3 */
4
5 #include <string.h>
6 #include <stdlib.h>
7 #include <stdio.h>
8 #include <time.h>
9 #include <Security/cssm.h>
10 #include "cspwrap.h"
11 #include "common.h"
12 #include <security_cdsa_utils/cuFileIo.h>
13 #include <ctype.h>
14
15 static void usage(char **argv)
16 {
17 printf("Usage: \n");
18 printf(" %s w keyFile passPhrase1 passPhrase2 textToEncrypt textFile\n", argv[0]);
19 printf(" %s u keyFile passPhrase1 textFile\n", argv[0]);
20 exit(1);
21 }
22
23 char *iv = (char *)"someInit";
24 char *salt = (char *)"some20bytesOfGrainySalt";
25
26 char *wrapLabel = (char *)"wrapLabel";
27 char *encrLabel = (char *)"encrLabel";
28
29 #define IV_LEN 8
30 #define SALT_LEN 20
31 #define ITER_COUNT 1000
32 #define WRAPPING_KEY_ALG CSSM_ALGID_3DES_3KEY
33 #define WRAPPING_ALG CSSM_ALGID_3DES_3KEY_EDE
34 #define WRAPPING_KEY_SIZE 192
35 #define ENCRYPTING_KEY_ALG CSSM_ALGID_3DES_3KEY
36 #define ENCRYPTING_ALG CSSM_ALGID_3DES_3KEY_EDE
37 #define ENCRYPTING_KEY_SIZE 192
38
39 int main(int argc, char **argv)
40 {
41 int doWrap = 0;
42 CSSM_RETURN crtn;
43 CSSM_CSP_HANDLE cspHand;
44 CSSM_KEY_PTR wrappingKey;
45 CSSM_DATA saltData = {SALT_LEN, (uint8 *)salt};
46 CSSM_DATA ivData = {IV_LEN, (uint8 *)iv};
47 CSSM_DATA phraseData;
48 unsigned char *keyFileData;
49 unsigned keyFileLen;
50 unsigned char *textFileData;
51 unsigned textFileLen;
52 CSSM_DATA ptext;
53 CSSM_DATA ctext;
54 CSSM_KEY wrappedKey;
55 unsigned i;
56
57 if(argc < 2) {
58 usage(argv);
59 }
60 switch(argv[1][0]) {
61 case 'w':
62 doWrap = 1;
63 if(argc != 7) {
64 usage(argv);
65 }
66 break;
67 case 'u':
68 doWrap = 0;
69 if(argc != 5) {
70 usage(argv);
71 }
72 break;
73 default:
74 usage(argv);
75 }
76 cspHand = cspDlDbStartup(CSSM_TRUE, NULL);
77 if(cspHand == 0) {
78 exit(1);
79 }
80
81 /* passphrase1 ==> wrappingKey */
82 phraseData.Data = (uint8 *)argv[3];
83 phraseData.Length = strlen(argv[3]);
84 wrappingKey = cspDeriveKey(cspHand,
85 CSSM_ALGID_PKCS5_PBKDF2,
86 WRAPPING_KEY_ALG,
87 wrapLabel,
88 strlen(wrapLabel),
89 CSSM_KEYUSE_ANY,
90 WRAPPING_KEY_SIZE,
91 CSSM_TRUE, // ref key
92 &phraseData,
93 &saltData,
94 ITER_COUNT,
95 &ivData);
96 if(wrappingKey == NULL) {
97 printf("Error creating key from \'%s\'\n", argv[3]);
98 exit(1);
99 }
100
101 if(doWrap) {
102 /* passphrase2 ==> encrKey */
103 CSSM_KEY_PTR encrKey;
104 phraseData.Data = (uint8 *)argv[4];
105 phraseData.Length = strlen(argv[4]);
106 encrKey = cspDeriveKey(cspHand,
107 CSSM_ALGID_PKCS5_PBKDF2,
108 ENCRYPTING_KEY_ALG,
109 encrLabel,
110 strlen(encrLabel),
111 CSSM_KEYUSE_ANY,
112 ENCRYPTING_KEY_SIZE,
113 CSSM_TRUE, // ref key
114 &phraseData,
115 &saltData,
116 ITER_COUNT,
117 &ivData);
118 if(encrKey == NULL) {
119 printf("Error creating key from \'%s\'\n", argv[4]);
120 exit(1);
121 }
122
123 /* encrypt textToEncrypt, write it to textFile */
124 ptext.Data = (uint8 *)argv[5];
125 ptext.Length = strlen(argv[5]);
126 ctext.Data = NULL;
127 ctext.Length = 0;
128 crtn = cspEncrypt(cspHand,
129 CSSM_ALGID_3DES_3KEY_EDE,
130 CSSM_ALGMODE_CBCPadIV8,
131 CSSM_PADDING_PKCS5,
132 encrKey,
133 NULL,
134 0,
135 0,
136 &ivData,
137 &ptext,
138 &ctext,
139 CSSM_FALSE);
140 if(crtn) {
141 printf("Error encrypting.\n");
142 exit(1);
143 }
144 if(writeFile(argv[6], ctext.Data, ctext.Length)) {
145 printf("Error writing to %s\n", argv[6]);
146 exit(1);
147 }
148
149 /* now wrap encrKey with wrappingKey and write the wrapped blob */
150 crtn = cspWrapKey(cspHand,
151 encrKey,
152 wrappingKey,
153 WRAPPING_ALG,
154 CSSM_ALGMODE_CBCPadIV8,
155 CSSM_KEYBLOB_WRAPPED_FORMAT_NONE,
156 CSSM_PADDING_PKCS5,
157 &ivData,
158 NULL,
159 &wrappedKey);
160 if(crtn) {
161 exit(1);
162 }
163 if(writeFile(argv[2], wrappedKey.KeyData.Data, wrappedKey.KeyData.Length)) {
164 printf("error writing to %s\n", argv[2]);
165 exit(1);
166 }
167 printf("...wrote %lu bytes of encrypted text to %s\n",
168 ctext.Length, argv[6]);
169 printf("...wrote %lu bytes of wrapped key data to %s\n",
170 wrappedKey.KeyData.Length, argv[2]);
171 }
172 else {
173 /* read in encrypted text and wrapped key blob */
174 CSSM_KEY decrKey;
175 CSSM_DATA outDescData2 = {0, NULL};
176
177 if(readFile(argv[2], &keyFileData, &keyFileLen)) {
178 printf("Error reading %s\n", argv[2]);
179 }
180 if(readFile(argv[4], &textFileData, &textFileLen)) {
181 printf("Error reading %s\n", argv[2]);
182 }
183
184 /* cook up a reasonable "wrapped key" */
185 memset(&wrappedKey, 0, sizeof(CSSM_KEY));
186 wrappedKey.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION;
187 wrappedKey.KeyHeader.BlobType = CSSM_KEYBLOB_WRAPPED;
188 wrappedKey.KeyHeader.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
189 wrappedKey.KeyHeader.AlgorithmId = CSSM_ALGID_3DES_3KEY;
190 wrappedKey.KeyHeader.KeyClass = CSSM_KEYCLASS_SESSION_KEY;
191 wrappedKey.KeyHeader.LogicalKeySizeInBits = ENCRYPTING_KEY_SIZE;
192 wrappedKey.KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
193 wrappedKey.KeyHeader.KeyUsage = CSSM_KEYUSE_ANY;
194 wrappedKey.KeyHeader.WrapAlgorithmId = WRAPPING_ALG;
195 wrappedKey.KeyHeader.WrapMode = CSSM_ALGMODE_CBCPadIV8;
196 wrappedKey.KeyData.Data = keyFileData;
197 wrappedKey.KeyData.Length = keyFileLen;
198
199 /* unwrap the key to get decrypting key */
200 crtn = cspUnwrapKey(cspHand,
201 &wrappedKey,
202 wrappingKey,
203 WRAPPING_ALG,
204 CSSM_ALGMODE_CBCPadIV8,
205 CSSM_PADDING_PKCS5,
206 &ivData,
207 &decrKey,
208 &outDescData2,
209 encrLabel,
210 strlen(encrLabel));
211 if(crtn) {
212 printf("Error on unwrap.\n");
213 exit(1);
214 }
215
216 /* decrypt the text file and print its result */
217 ctext.Data = textFileData;
218 ctext.Length = textFileLen;
219 ptext.Data = NULL;
220 ptext.Length = 0;
221 crtn = cspDecrypt(cspHand,
222 CSSM_ALGID_3DES_3KEY_EDE,
223 CSSM_ALGMODE_CBCPadIV8,
224 CSSM_PADDING_PKCS5,
225 &decrKey,
226 NULL,
227 0,
228 0,
229 &ivData,
230 &ctext,
231 &ptext,
232 CSSM_FALSE);
233 if(crtn) {
234 printf("Error on decrypt.\n");
235 exit(1);
236 }
237 printf("...original text: ");
238 for(i=0; i<ptext.Length; i++) {
239 if(isprint(ptext.Data[i])) {
240 printf("%c", ptext.Data[i]);
241 }
242 else {
243 printf("-%02X-", ptext.Data[i]);
244 }
245 }
246 printf("\n");
247 }
248 return 0;
249 }
mirror of Security