--- /dev/null
+/*
+ * cspdlTesting.h - workaround flags for testing CSPDL using CSP-oriented tests.
+ */
+
+#ifndef _CSPDL_TESTING_H_
+#define _CSPDL_TESTING_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * All generated keys must be reference keys.
+ */
+#define CSPDL_ALL_KEYS_ARE_REF 1
+
+/*
+ * 2nd/public key in two-key FEE ops must be raw. This is because the Security
+ * Server doesn't go in and deal with ref keys which are only found in a
+ * Context.
+ */
+#define CSPDL_2ND_PUB_KEY_IS_RAW 1
+
+/*
+ * Ease off on restriction of ptext size == ctext size in case of symmetric
+ * en/decrypt with no padding. The sizes will be equal, but we can't ensure
+ * that by mallocing exactly the right amount after because CSPDL doesn't
+ * give an exact (proper) outputSize in this case (yet).
+ */
+#define CSPDL_NOPAD_ENFORCE_SIZE 1
+
+/*
+ * CSPDL can't do SHA1HMAC_LEGACY with bug-for-bug compatibility with
+ * BSAFE (sinceĆthe bug-for-bug feature involves doing actual HMAC updates
+ * exactly as the app presents them).
+ */
+#define CSPDL_SHA1HMAC_LEGACY_ENABLE 0
+
+/*
+ * CSPDL does not support DSA GenerateAlgorithmParameters. Let the secure CSP
+ * do it implicitly during key gen.
+ */
+#define CSPDL_DSA_GEN_PARAMS 0
+
+/*
+ * Can't generate keys with CSSM_KEYATTR_PRIVATE. Is this a bug or a feature?
+ * Nobody pays any attention to this except the CSP, which rejects it. Shouldn't
+ * either CSPDL or SS look at this and strip it off before sending the request
+ * down to the CSP?
+ */
+#define CSPDL_KEYATTR_PRIVATE 0
+
+/*
+ * ObtainPrivateKeyFromPublic key not implemented yet (if ever).
+ */
+#define CSPDL_OBTAIN_PRIV_FROM_PUB 0
+
+/*** Workarounds for badattr test only ***/
+
+/*
+ * Munged header fields in a ref key should result in CSP_INVALID_KEY_REFERENCE,
+ * but work fine.
+ */
+#define CSPDL_MUNGE_HEADER_CHECK 0
+
+/*
+ * ALWAYS_SENSITIVE, NEVER_EXTRACTABLE are ignored, should result in
+ * CSP_INVALID_KEYATTR_MASK at key gen time.
+ * FIXED per Radar 2879872.
+ */
+#define CSPDL_ALWAYS_SENSITIVE_CHECK 1
+#define CSPDL_NEVER_EXTRACTABLE_CHECK 1
+
+/*** end of badattr workarounds ***/
+
+/*
+ * <rdar://problem/3732910> certtool can't generate keypair
+ *
+ * Until this is fixed - actually the underlying problem is in securityd -
+ * CSPDL can not generate a key pair without private and public both being
+ * PERMANENT.
+ */
+#define CSPDL_ALL_KEYS_ARE_PERMANENT 0
+
+
+/***
+ *** Other differences/bugs/oddities.
+ ***/
+
+/*
+ * 1. SS wraps (encrypt) public keys when encoding them, thus the CSP has to allow
+ * wrapping of public keys. This may not be what we really want. See
+ * AppleCSP/AppleCSP/wrapKey.cpp for workaround per ALLOW_PUB_KEY_WRAP.
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _CSPDL_TESTING_H_ */
projects / apple / security.git / blobdiff