--- /dev/null
+/* Copyright (c) 2004-2005,2008 Apple Inc.
+ *
+ * dbVerifyKey.cpp - verify that specified DB has exactly one key of specified
+ * algorithm, class, and key size - and no other keys.
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#include <strings.h>
+#include <ctype.h>
+#include <Security/cssm.h>
+#include <Security/cssmapple.h>
+#include "cspwrap.h"
+#include "common.h"
+#include "cspdlTesting.h"
+
+
+static void usage(char **argv)
+{
+ printf("usage: %s dbFileName alg class keysize [options]\n", argv[0]);
+ printf(" alg : rsa|dsa|dh|ecdsa\n");
+ printf(" class : priv|pub\n");
+ printf("Options:\n");
+ printf(" -q quiet\n");
+ exit(1);
+}
+
+static const char *recordTypeStr(
+ CSSM_DB_RECORDTYPE recordType)
+{
+ static char unk[100];
+
+ switch(recordType) {
+ case CSSM_DL_DB_RECORD_PRIVATE_KEY:
+ return "Private Key";
+ case CSSM_DL_DB_RECORD_PUBLIC_KEY:
+ return "Public Key";
+ case CSSM_DL_DB_RECORD_SYMMETRIC_KEY:
+ return "Symmetric Key";
+ default:
+ sprintf(unk, "**Unknown record type %u\n", (unsigned)recordType);
+ return unk;
+ }
+}
+
+/*
+ * Search for specified record type; verify there is exactly one or zero
+ * of them as specified.
+ * Verify key algorthm and key size. Returns nonzero on error.
+ */
+static int doVerify(
+ CSSM_DL_DB_HANDLE dlDbHand,
+ unsigned numRecords, // zero or one
+ CSSM_DB_RECORDTYPE recordType,
+ uint32 keySize,
+ CSSM_ALGORITHMS keyAlg)
+{
+ CSSM_QUERY query;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_RETURN crtn;
+ CSSM_HANDLE resultHand;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+
+ /* no predicates, all records of specified type, no attrs, get the key */
+ query.RecordType = recordType;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 0;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used?
+
+ recordAttrs.DataRecordType = recordType;
+ recordAttrs.NumberOfAttributes = 0;
+ recordAttrs.AttributeData = NULL;
+
+ CSSM_DATA recordData = {0, NULL};
+
+ crtn = CSSM_DL_DataGetFirst(dlDbHand,
+ &query,
+ &resultHand,
+ &recordAttrs,
+ &recordData,
+ &record);
+ switch(crtn) {
+ case CSSM_OK:
+ if(numRecords == 0) {
+ printf("***Expected zero records of type %s, found one\n",
+ recordTypeStr(recordType));
+ CSSM_DL_FreeUniqueRecord(dlDbHand, record);
+ CSSM_DL_DataAbortQuery(dlDbHand, resultHand);
+ return 1;
+ }
+ break; // proceed
+ case CSSMERR_DL_ENDOFDATA:
+ if(numRecords == 0) {
+ /* cool */
+ return 0;
+ }
+ printf("**Error: no records of type %s found\n",
+ recordTypeStr(recordType));
+ return 1;
+ default:
+ printError("DataGetFirst", crtn);
+ return 1;
+ }
+
+ CSSM_KEY_PTR theKey = (CSSM_KEY_PTR)recordData.Data;
+ int ourRtn = 0;
+ CSSM_KEYHEADER &hdr = theKey->KeyHeader;
+ if(hdr.AlgorithmId != keyAlg) {
+ printf("***Algorithm mismatch: expect %u, got %u\n",
+ (unsigned)keyAlg, (unsigned)hdr.AlgorithmId);
+ ourRtn++;
+ }
+ if(hdr.LogicalKeySizeInBits != keySize) {
+ printf("***Key Size: expect %u, got %u\n",
+ (unsigned)keySize, (unsigned)hdr.LogicalKeySizeInBits);
+ ourRtn++;
+ }
+ CSSM_DL_FreeUniqueRecord(dlDbHand, record);
+
+ /* see if there are any more */
+ crtn = CSSM_DL_DataGetNext(dlDbHand,
+ resultHand,
+ &recordAttrs,
+ NULL,
+ &record);
+ if(crtn == CSSM_OK) {
+ printf("***More than 1 record of type %s found\n",
+ recordTypeStr(recordType));
+ ourRtn++;
+ CSSM_DL_FreeUniqueRecord(dlDbHand, record);
+ }
+ CSSM_DL_DataAbortQuery(dlDbHand, resultHand);
+ return ourRtn;
+}
+
+int main(
+ int argc,
+ char **argv)
+{
+ int arg;
+ char *argp;
+ char *dbFileName;
+ CSSM_ALGORITHMS keyAlg;
+ CSSM_DB_RECORDTYPE recordType;
+ uint32 keySize;
+ CSSM_DL_DB_HANDLE dlDbHand;
+ CSSM_BOOL quiet = CSSM_FALSE;
+ CSSM_RETURN crtn = CSSM_OK;
+
+ if(argc < 5) {
+ usage(argv);
+ }
+ dbFileName = argv[1];
+
+ /* key algorithm */
+ if(!strcmp(argv[2], "rsa")) {
+ keyAlg = CSSM_ALGID_RSA;
+ }
+ else if(!strcmp(argv[2], "dsa")) {
+ keyAlg = CSSM_ALGID_DSA;
+ }
+ else if(!strcmp(argv[2], "dh")) {
+ keyAlg = CSSM_ALGID_DH;
+ }
+ else if(!strcmp(argv[2], "ecdsa")) {
+ keyAlg = CSSM_ALGID_ECDSA;
+ }
+ else {
+ usage(argv);
+ }
+
+ /* key class */
+ if(!strcmp(argv[3], "priv")) {
+ recordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
+ }
+ else if(!strcmp(argv[3], "pub")) {
+ recordType = CSSM_DL_DB_RECORD_PUBLIC_KEY;
+ }
+ else {
+ usage(argv);
+ }
+
+ keySize = atoi(argv[4]);
+
+ for(arg=5; arg<argc; arg++) {
+ argp = argv[arg];
+ if(!strcmp(argp, "-q")) {
+ quiet = CSSM_TRUE;
+ }
+ else {
+ usage(argv);
+ }
+ }
+
+ dlDbHand.DLHandle = dlStartup();
+ if(dlDbHand.DLHandle == 0) {
+ exit(1);
+ }
+ crtn = dbCreateOpen(dlDbHand.DLHandle, dbFileName,
+ CSSM_FALSE, CSSM_FALSE, NULL, &dlDbHand.DBHandle);
+ if(crtn) {
+ exit(1);
+ }
+
+ if(doVerify(dlDbHand, 1, recordType, keySize, keyAlg)) {
+ return 1;
+ }
+ if(doVerify(dlDbHand, 0,
+ (recordType == CSSM_DL_DB_RECORD_PRIVATE_KEY) ?
+ CSSM_DL_DB_RECORD_PUBLIC_KEY : CSSM_DL_DB_RECORD_PRIVATE_KEY,
+ keySize, keyAlg)) {
+ return 1;
+ }
+ if(!quiet) {
+ printf("...%s verify succussful\n", recordTypeStr(recordType));
+ }
+ CSSM_DL_DbClose(dlDbHand);
+ CSSM_ModuleDetach(dlDbHand.DLHandle);
+ return 0;
+}
projects / apple / security.git / blobdiff