--- /dev/null
+/* cgConstructThr.cpp - simple version CertGroupConstruct test */
+
+#include "testParams.h"
+#include <Security/cssm.h>
+#include <utilLib/common.h>
+#include <utilLib/cspwrap.h>
+#include <clAppUtils/clutils.h>
+#include <clAppUtils/tpUtils.h>
+#include <clAppUtils/timeStr.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+
+/* for memory leak debug only, with only one thread running */
+#define DO_PAUSE 0
+
+/*** start of code directly copied from ../cgConstruct/cgConstruct.cpp ***/
+#define NUM_CERTS_MIN 4
+#define NUM_DBS_DEF 3
+#define KEYGEN_ALG_DEF CSSM_ALGID_RSA
+#define SIG_ALG_DEF CSSM_ALGID_SHA1WithRSA
+#define LOOPS_DEF 10
+#define DB_NAME_BASE "cgConstruct"
+#define CG_KEY_SIZE_DEFAULT CSP_RSA_KEY_SIZE_DEFAULT
+#define SECONDS_TO_LIVE (60 * 60 * 24) /* certs are valid for this long */
+
+#define CG_CONSTRUCT_TP_DB 0
+
+static int testError()
+{
+ char resp;
+
+ fpurge(stdin);
+ printf("Attach via debugger for more info.\n");
+ printf("a to abort, c to continue: ");
+ resp = getchar();
+ return (resp == 'a');
+}
+
+#if CG_CONSTRUCT_TP_DB
+static int doOpenDbs(
+ CSSM_DL_HANDLE dlHand,
+ char *dbNameBase,
+ CSSM_DL_DB_HANDLE_PTR dlDbPtr,
+ unsigned numDbs,
+ CSSM_BOOL publicReadOnly, // ignored if !PUBLIC_READ_ENABLE
+ CSSM_BOOL quiet)
+{
+ unsigned i;
+ char dbName[20];
+ CSSM_BOOL doCreate = (publicReadOnly ? CSSM_FALSE : CSSM_TRUE);
+
+ for(i=0; i<numDbs; i++) {
+ sprintf(dbName, "%s%d", dbNameBase, i);
+ CSSM_RETURN crtn = tpKcOpen(dbName,
+ &dlDbPtr[i],
+ doCreate,
+ dlHand);
+ if(crtn) {
+ printf("Can't create %d DBs\n", numDbs);
+ return testError(quiet);
+ }
+ }
+ return 0;
+}
+#endif
+
+static int doTest(
+ CSSM_TP_HANDLE tpHand,
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_LIST_PTR dbList,
+ CSSM_DATA_PTR certs,
+ unsigned numCerts,
+ CSSM_BOOL verbose,
+ CSSM_BOOL allInDbs,
+ CSSM_BOOL skipFirstDb,
+ CSSM_BOOL publicRead) // close/open with public access
+{
+ unsigned certsToUse; // # of certs we actually use
+ CSSM_CERTGROUP certGroupFrag; // INPUT to CertGroupConstruct
+ CSSM_CERTGROUP_PTR resultGroup; // OUTPUT from "
+ unsigned certDex;
+ int rtn = 0;
+ CSSM_RETURN crtn;
+
+ #if CG_CONSTRUCT_TP_DB
+ if(publicRead && (dbList != NULL)) {
+ /* DBs are closed on entry, open r/w */
+ if(doOpenDbs(0,
+ DB_NAME_BASE,
+ dbList->DLDBHandle,
+ dbList->NumHandles,
+ CSSM_FALSE,
+ quiet)) { // publicReadOnly: this is create/write
+ return 1;
+ }
+ }
+ /* else DBs are already open and stay that way */
+ #endif
+
+ /*
+ * Pick a random spot to break the cert chain - half the time use the
+ * whole chain, half the time break it.
+ */
+ certsToUse = genRand(1, numCerts * 2);
+ if(certsToUse > numCerts) {
+ /* use the whole chain */
+ certsToUse = numCerts;
+ }
+ if(verbose) {
+ printf(" ...numCerts %d certsToUse %d\n", numCerts, certsToUse);
+ }
+
+ if(tpMakeRandCertGroup(clHand,
+ #if CG_CONSTRUCT_TP_DB
+ dbList,
+ #else
+ NULL,
+ #endif
+ certs,
+ certsToUse,
+ &certGroupFrag,
+ CSSM_TRUE, // firstCertIsSubject
+ verbose,
+ allInDbs,
+ skipFirstDb)) {
+ printf("\nError in tpMakeRandCertGroup\n");
+ return testError();
+ }
+
+ if(certGroupFrag.NumCerts > certsToUse) {
+ printf("Error NOMAD sterlize\n");
+ exit(1);
+ }
+
+ #if CG_CONSTRUCT_TP_DB
+ if(publicRead) {
+ /* close existing DBs and open again read-only */
+
+ unsigned i;
+ CSSM_RETURN crtn;
+
+ if(verbose) {
+ printf(" ...closing DBs\n");
+ }
+ for(i=0; i<dbList->NumHandles; i++) {
+ crtn = CSSM_DL_DbClose(dbList->DLDBHandle[i]);
+ if(crtn) {
+ printError("CSSM_DL_DbClose");
+ if(testError()) {
+ return 1;
+ }
+ }
+ }
+ if(verbose) {
+ printf(" ...opening DBs read-only\n");
+ }
+ if(doOpenDbs(0,
+ DB_NAME_BASE,
+ dbList->DLDBHandle,
+ dbList->NumHandles,
+ CSSM_TRUE, // publicReadOnly: this is read only
+ quiet)) {
+ return 1;
+ }
+ }
+ #endif
+
+ /*
+ * Okay, some of the certs we were given are in the DB, some are in
+ * random places in certGroupFrag, some are nowhere (if certsToUse is
+ * less than numCerts). Have the TP construct us an ordered verified
+ * group.
+ */
+ crtn = CSSM_TP_CertGroupConstruct(
+ tpHand,
+ clHand,
+ cspHand,
+ dbList,
+ NULL, // ConstructParams
+ &certGroupFrag,
+ &resultGroup);
+ if(crtn) {
+ printError("CSSM_TP_CertGroupConstruct", crtn);
+ return testError();
+ }
+
+ /* vfy resultGroup is identical to unbroken part of chain */
+ if(verbose) {
+ printf(" ...CSSM_TP_CertGroupConstruct returned %u certs\n",
+ (unsigned)resultGroup->NumCerts);
+ }
+ if(resultGroup->NumCerts != certsToUse) {
+ printf("\n***cgConstruct: resultGroup->NumCerts was %u, expected %u\n",
+ (unsigned)resultGroup->NumCerts, (unsigned)certsToUse);
+ rtn = testError();
+ goto abort;
+ }
+ for(certDex=0; certDex<certsToUse; certDex++) {
+ if(!appCompareCssmData(&certs[certDex],
+ &resultGroup->GroupList.CertList[certDex])) {
+ printf("\ncgConstruct: ***certs[%d] miscompare\n", certDex);
+ rtn = testError();
+ goto abort;
+ }
+ }
+abort:
+ /* free resurces */
+ tpFreeCertGroup(&certGroupFrag,
+ CSSM_FALSE, // caller malloc'd the actual certs
+ CSSM_FALSE); // struct is on stack
+ tpFreeCertGroup(resultGroup,
+ CSSM_TRUE, // mallocd by TP
+ CSSM_TRUE); // ditto
+ #if CG_CONSTRUCT_TP_DB
+ if(dbList != NULL) {
+ int i;
+ CSSM_RETURN crtn;
+
+ if(verbose) {
+ printf(" ...deleting all certs from DBs\n");
+ }
+ for(i=0; i<dbList->NumHandles; i++) {
+ clDeleteAllCerts(dbList->DLDBHandle[i]);
+ }
+ if(publicRead) {
+ if(verbose) {
+ printf(" ...closing DBs\n");
+ }
+ for(i=0; i<dbList->NumHandles; i++) {
+ crtn = CSSM_DL_DbClose(dbList->DLDBHandle[i]);
+ if(crtn) {
+ printError("CSSM_DL_DbClose");
+ if(testError()) {
+ return 1;
+ }
+ }
+ }
+ }
+ }
+ #endif
+ return rtn;
+}
+/*** end of code directly copied from ../cgConstruct/cgConstruct.cpp ***/
+
+/*
+ * key pairs - created in cgConstructInit, stored in testParams->perThread
+ */
+typedef struct {
+ CSSM_KEY_PTR pubKeys;
+ CSSM_KEY_PTR privKeys;
+ unsigned numKeys;
+ char *notBeforeStr; // to use thread-safe tpGenCerts()
+ char *notAfterStr; // to use thread-safe tpGenCerts()
+} TT_KeyPairs;
+
+int cgConstructInit(TestParams *testParams)
+{
+ unsigned numKeys = NUM_CERTS_MIN + testParams->threadNum;
+ TT_KeyPairs *keyPairs;
+
+ if(testParams->verbose) {
+ printf("cgConstruct thread %d: generating keys...\n",
+ testParams->threadNum);
+ }
+ keyPairs = (TT_KeyPairs *)CSSM_MALLOC(sizeof(TT_KeyPairs));
+ keyPairs->numKeys = numKeys;
+ keyPairs->pubKeys = (CSSM_KEY_PTR)CSSM_CALLOC(numKeys, sizeof(CSSM_KEY));
+ keyPairs->privKeys = (CSSM_KEY_PTR)CSSM_CALLOC(numKeys, sizeof(CSSM_KEY));
+ CSSM_DL_DB_HANDLE nullDb = {0, 0};
+ if(tpGenKeys(testParams->cspHand,
+ nullDb, // dbHand
+ numKeys,
+ KEYGEN_ALG_DEF,
+ CG_KEY_SIZE_DEFAULT,
+ "cgConstruct", // keyLabelBase
+ keyPairs->pubKeys,
+ keyPairs->privKeys)) {
+ goto abort;
+ }
+ keyPairs->notBeforeStr = genTimeAtNowPlus(0);
+ keyPairs->notAfterStr = genTimeAtNowPlus(SECONDS_TO_LIVE);
+
+ testParams->perThread = keyPairs;
+ return 0;
+
+abort:
+ printf("Error generating keys; aborting\n");
+ CSSM_FREE(keyPairs->pubKeys);
+ CSSM_FREE(keyPairs->privKeys);
+ CSSM_FREE(keyPairs);
+ return 1;
+}
+
+int cgConstruct(TestParams *testParams)
+{
+ unsigned loopNum;
+ int status = -1; // exit status, default = error
+ TT_KeyPairs *keyPairs = (TT_KeyPairs *)testParams->perThread;
+ unsigned dex;
+
+ /* all three of these are arrays with numCert elements */
+ CSSM_KEY_PTR pubKeys = keyPairs->pubKeys;
+ CSSM_KEY_PTR privKeys = keyPairs->privKeys;
+ CSSM_DATA_PTR certs = NULL;
+
+ unsigned numCerts = keyPairs->numKeys;
+ uint32 sigAlg = SIG_ALG_DEF;
+ CSSM_DL_DB_LIST dbList = {0, NULL}; /* for storing certs */
+ CSSM_DL_DB_LIST_PTR dbListPtr; /* pts to dbList or NULL */
+ CSSM_BOOL publicRead = CSSM_FALSE;
+ CSSM_BOOL allInDbs = CSSM_FALSE;
+ CSSM_BOOL skipFirstDb = CSSM_FALSE;
+
+ /* malloc empty certs */
+ certs = (CSSM_DATA_PTR)CSSM_CALLOC(numCerts, sizeof(CSSM_DATA));
+ if(certs == NULL) {
+ printf("not enough memory for %u certs.\n", numCerts);
+ goto abort;
+ }
+ memset(certs, 0, numCerts * sizeof(CSSM_DATA));
+
+ dbList.NumHandles = 0;
+ dbList.DLDBHandle = NULL;
+ dbListPtr = &dbList;
+ for(loopNum=0; loopNum<testParams->numLoops; loopNum++) {
+
+ /* generate certs */
+ if(testParams->verbose) {
+ printf("cgConstruct thread %d: generating certs...\n",
+ testParams->threadNum);
+ }
+ else if(!testParams->quiet) {
+ printChar(testParams->progressChar);
+ }
+ if(tpGenCerts(testParams->cspHand,
+ testParams->clHand,
+ numCerts,
+ sigAlg,
+ "cgConstruct", // nameBase
+ pubKeys,
+ privKeys,
+ certs,
+ keyPairs->notBeforeStr,
+ keyPairs->notAfterStr)) {
+ status = 1;
+ goto abort;
+ }
+
+ status = doTest(testParams->tpHand,
+ testParams->clHand,
+ testParams->cspHand,
+ dbListPtr,
+ certs,
+ numCerts,
+ testParams->verbose,
+ allInDbs,
+ skipFirstDb,
+ publicRead);
+ if(status) {
+ break;
+ }
+
+ /* free certs */
+ for(dex=0; dex<numCerts; dex++) {
+ CSSM_FREE(certs[dex].Data);
+ }
+ memset(certs, 0, numCerts * sizeof(CSSM_DATA));
+
+ #if DO_PAUSE
+ fpurge(stdin);
+ printf("Hit CR to proceed: ");
+ getchar();
+ #endif
+ }
+abort:
+ /* free resources */
+ for(dex=0; dex<numCerts; dex++) {
+ if(certs[dex].Data) {
+ CSSM_FREE(certs[dex].Data);
+ }
+ }
+ CSSM_FREE(keyPairs->pubKeys);
+ CSSM_FREE(keyPairs->privKeys);
+ CSSM_FREE(keyPairs);
+ return status;
+}
+
projects / apple / security.git / blobdiff