--- /dev/null
+/* Copyright (c) 1998,2003-2005,2008 Apple Inc.
+ *
+ * wrapTest.c - wrap/unwrap exerciser.
+ *
+ * Revision History
+ * ----------------
+ * 4 May 2000 Doug Mitchell
+ * Ported to X/CDSA2.
+ * 6 Aug 1998 Doug Mitchell at Apple
+ * Created.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#include <Security/cssm.h>
+#include "cspwrap.h"
+#include "common.h"
+#include "cspdlTesting.h"
+
+/*
+ * Currently the CSP can use wrapping keys flagged exclusively for wrapping
+ * (CSSM_KEYUSE_{WRAP,UNWRAP} for the actual wrap sinceĆthe wrp/unwrap op is
+ * done with an encrypt/decrypt op. The WrapKey op doesn't even see the
+ * wrapping key - it's in the context we pass it. Thus for now wrap/unwrap
+ * keys have to be marked with CSSM_KEYUSE_ANY.
+ */
+#define WRAP_USAGE_ANY 0
+
+/*
+ * When false, the CMS wrap algorithm can't deal with RSA encryption - we
+ * have to encrypt something twice with the same key. An impossibility with
+ * BSAFE-based RSA encryption because the output of the first encrypt is
+ * the size of the key modulus, and you can't encrypt something that big
+ * with that key.
+ * This is not a limitation with openssl-based RSA.
+ */
+#define WRAP_WITH_RSA 1
+
+/*
+ * When false, can't wrap with RC4 because the RC4 context is stateful
+ * but doesn't get reinit'd for the second CMS encrypt.
+ */
+#define WRAP_WITH_RC4 1
+
+/*
+ * Temporary hack to use CSSM_KEYBLOB_WRAPPED_FORMAT_{PKCS7,PKCS8}, which
+ * are no longer supported as of 7/28/00
+ */
+#define PKCS7_FORMAT_ENABLE 1 // for wrapping symmetric keys
+#define PKCS8_FORMAT_ENABLE 1 // for wrapping private keys
+
+
+#define ENCR_LABEL "encrKey"
+#define ENCR_LABEL_LEN (strlen(ENCR_LABEL))
+#define WRAP_LABEL "wrapKey"
+#define WRAP_LABEL_LEN (strlen(WRAP_LABEL))
+#define LOOPS_DEF 10
+#define MAX_PTEXT_SIZE 100
+#define LOOP_PAUSE 100
+#define MAX_DESC_DATA_SIZE 16
+
+/*
+ * Enumerate algorithms our way to allow loop interations.
+ */
+typedef unsigned PrivAlg;
+enum {
+ ALG_DES = 1,
+ ALG_3DES,
+ ALG_RC2,
+ ALG_RC4,
+ ALG_RSA,
+ ALG_NULL,
+ ALG_FEEDEXP,
+ ALG_ASC,
+ ALG_AES
+};
+
+#define ALG_MIN ALG_DES
+#define ALG_MAX_WRAP ALG_AES
+#define ALG_MAX_ENCR ALG_AES
+
+static void usage(char **argv)
+{
+ printf("usage: %s [options]\n", argv[0]);
+ printf(" Options:\n");
+ printf(" w=wrapAlg (d=DES, 3=3DES, f=FEEDEXP, r=RSA, A=ASC, 4=RC4, "
+ "a=AES, n=null)\n");
+ printf(" e=encrAlg (d=DES, 3=3DES, f=FEEDEXP, r=RSA, A=ASC, 4=RC4, "
+ "a=AES)\n");
+ printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF);
+ printf(" r (ref keys only)\n");
+ printf(" p(ause every loop)\n");
+ printf(" D (CSP/DL; default = bare CSP)\n");
+ printf(" v(erbose)\n");
+ printf(" k (quick; small keys)\n");
+ printf(" h(elp)\n");
+ exit(1);
+}
+
+/* wrapped format to string */
+static const char *formatString(CSSM_KEYBLOB_FORMAT format)
+{
+ static char noform[100];
+
+ switch(format) {
+ case CSSM_KEYBLOB_WRAPPED_FORMAT_NONE:
+ return "NONE (default)";
+ case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7:
+ return "PKCS7";
+ case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8:
+ return "PKCS8";
+ case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM:
+ return "APPLE_CUSTOM";
+ default:
+ sprintf(noform, "***UNKNOWN (%u)***", (unsigned)format);
+ return noform;
+ }
+}
+
+static int vfyWrapHeader(
+ const CSSM_KEYHEADER *srcHdr,
+ const CSSM_KEYHEADER *dstHdr,
+ CSSM_KEYBLOB_TYPE expectBlob,
+ const char *op,
+ CSSM_BOOL bareCsp,
+ int quiet)
+{
+ if(dstHdr->BlobType != expectBlob) {
+ printf("***%s.BlobType error: expect %u got %u\n",
+ op, (unsigned)expectBlob, (unsigned)dstHdr->BlobType);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ if(srcHdr->KeyClass != dstHdr->KeyClass) {
+ printf("***%s.KeyClass error: expect %u got %u\n",
+ op, (unsigned)srcHdr->KeyClass, (unsigned)dstHdr->KeyClass);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ if(srcHdr->AlgorithmId != dstHdr->AlgorithmId) {
+ printf("***%s.AlgorithmId error: expect %u got %u\n",
+ op, (unsigned)srcHdr->AlgorithmId, (unsigned)dstHdr->AlgorithmId);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ if(srcHdr->KeyUsage != dstHdr->KeyUsage) {
+ printf("***%s.KeyUsage error: expect 0x%x got 0x%x\n",
+ op, (unsigned)srcHdr->KeyUsage, (unsigned)dstHdr->KeyUsage);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ if(bareCsp) {
+ /* GUIDs must match */
+ if(memcmp(&srcHdr->CspId, &dstHdr->CspId, sizeof(CSSM_GUID))) {
+ printf("***%s.CspId mismatch\n", op);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ }
+ else {
+ /* CSPDL - GUIDs do NOT match - ref keys are in the CSPDL's domain;
+ * wrapped keys are in the bare CSP's domain. */
+ if(!memcmp(&srcHdr->CspId, &dstHdr->CspId, sizeof(CSSM_GUID))) {
+ printf("***Unexpected %s.CspId compare\n", op);
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+#define UNWRAPPED_LABEL "unwrapped thing"
+#define SHOW_WRAP_FORMAT 0
+
+/* not all algs need this */
+CSSM_DATA initVector = {16, (uint8 *)"SomeReallyStrangeInitVect"};
+
+static int doTest(CSSM_CSP_HANDLE cspHand,
+ CSSM_KEY_PTR encrKey,
+ CSSM_BOOL wrapEncrKey, // wrap encrKey before using
+ CSSM_KEY_PTR decrKey, // we wrap this one
+ CSSM_KEY_PTR wrappingKey, // ...using this key
+ CSSM_KEY_PTR unwrappingKey,
+ CSSM_ALGORITHMS wrapAlg,
+ CSSM_ENCRYPT_MODE wrapMode,
+ CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8, APPLE_CUSTOM
+ CSSM_KEYBLOB_FORMAT expectFormat, // PKCS7, PKCS8, APPLE_CUSTOM
+ CSSM_PADDING wrapPad,
+ uint32 wrapIvSize,
+ CSSM_ALGORITHMS encrAlg,
+ CSSM_ENCRYPT_MODE encrMode,
+ CSSM_PADDING encrPad,
+ uint32 encrIvSize,
+ uint32 effectiveKeySizeInBits, // for encr/decr - 0 means none specified
+ CSSM_DATA_PTR ptext,
+ CSSM_DATA_PTR descData,
+ CSSM_BOOL quiet,
+ CSSM_BOOL bareCsp)
+{
+ CSSM_DATA ctext;
+ CSSM_DATA rptext;
+ CSSM_KEY wrappedDecrKey;
+ CSSM_KEY unwrappedDecrKey;
+ CSSM_KEY wrappedEncrKey;
+ CSSM_RETURN crtn;
+ CSSM_KEY_PTR actualEncrKey;
+ uint32 maxPtextSize = MAX_PTEXT_SIZE;
+ CSSM_DATA outDescData1 = {0, NULL}; // for encr key
+ CSSM_DATA outDescData2 = {0, NULL}; // for decr key, must match descData
+ CSSM_DATA nullInitVect = {0, NULL}; // for custom unwrap
+ CSSM_DATA_PTR wrapIvp;
+ CSSM_DATA_PTR encrIvp;
+
+ /* Hack to deal with RSA's max encrypt size */
+ #if 0
+ /* no more */
+ if(encrAlg == CSSM_ALGID_RSA) {
+ uint32 keySizeBytes = encrKey->KeyHeader.LogicalKeySizeInBits / 8;
+ maxPtextSize = keySizeBytes - 11;
+ if(maxPtextSize > MAX_PTEXT_SIZE) {
+ maxPtextSize = MAX_PTEXT_SIZE;
+ }
+ }
+ else {
+ maxPtextSize = MAX_PTEXT_SIZE;
+ }
+ #endif
+ simpleGenData(ptext, 1, maxPtextSize);
+
+ /*
+ * Optionaly wrap/unwrap encrKey. If encrKey is a ref key, do a
+ * NULL wrap. If encrKey is a raw key, do a NULL unwrap.
+ */
+ if(wrapEncrKey) {
+ CSSM_KEYBLOB_TYPE expectBlob;
+
+ if(encrKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) {
+ crtn = cspWrapKey(cspHand,
+ encrKey,
+ NULL, // wrappingKey
+ CSSM_ALGID_NONE,
+ CSSM_ALGMODE_NONE,
+ wrapFormat,
+ CSSM_PADDING_NONE,
+ NULL, // iv
+ descData,
+ &wrappedEncrKey);
+ expectBlob = CSSM_KEYBLOB_RAW;
+ }
+ else {
+ crtn = cspUnwrapKey(cspHand,
+ encrKey,
+ NULL, // unwrappingKey
+ CSSM_ALGID_NONE,
+ CSSM_ALGMODE_NONE,
+ CSSM_PADDING_NONE,
+ NULL, // iv
+ &wrappedEncrKey,
+ &outDescData1,
+ WRAP_LABEL,
+ WRAP_LABEL_LEN);
+ expectBlob = CSSM_KEYBLOB_REFERENCE;
+ }
+ if(crtn) {
+ return testError(quiet);
+ }
+ if(vfyWrapHeader(&encrKey->KeyHeader,
+ &wrappedEncrKey.KeyHeader,
+ expectBlob,
+ "wrappedEncrKey",
+ bareCsp,
+ quiet)) {
+ return 1;
+ }
+ actualEncrKey = &wrappedEncrKey;
+ }
+ else {
+ actualEncrKey = encrKey;
+ }
+ /* encrypt using actualEncrKey ==> ctext */
+ ctext.Data = NULL;
+ ctext.Length = 0;
+ if(encrIvSize) {
+ initVector.Length = encrIvSize;
+ encrIvp = &initVector;
+ }
+ else {
+ encrIvp = NULL;
+ }
+ crtn = cspEncrypt(cspHand,
+ encrAlg,
+ encrMode,
+ encrPad,
+ actualEncrKey,
+ NULL, // no 2nd key
+ effectiveKeySizeInBits,
+ 0, // rounds
+ encrIvp,
+ ptext,
+ &ctext,
+ CSSM_TRUE); // mallocCtext
+ if(crtn) {
+ return testError(quiet);
+ }
+ /* wrap decrKey using wrappingKey ==> wrappedDecrKey */
+ /* Note that APPLE_CUSTOM wrap alg REQUIRES an 8-byte IV */
+ if(expectFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) {
+ initVector.Length = 8;
+ }
+ else {
+ initVector.Length = wrapIvSize;
+ }
+ crtn = cspWrapKey(cspHand,
+ decrKey,
+ wrappingKey,
+ wrapAlg,
+ wrapMode,
+ wrapFormat,
+ wrapPad,
+ &initVector,
+ descData,
+ &wrappedDecrKey);
+ if(crtn) {
+ return testError(quiet);
+ }
+ if(wrapAlg != CSSM_ALGID_NONE) {
+ if(wrappedDecrKey.KeyHeader.Format != expectFormat) {
+ printf("***Wrap format mismatch expect %s got %s\n",
+ formatString(wrappedDecrKey.KeyHeader.Format),
+ formatString(expectFormat));
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ }
+
+ if(vfyWrapHeader(&decrKey->KeyHeader,
+ &wrappedDecrKey.KeyHeader,
+ (wrapAlg == CSSM_ALGID_NONE) ? CSSM_KEYBLOB_RAW : CSSM_KEYBLOB_WRAPPED,
+ "wrappedDecrKey",
+ bareCsp,
+ quiet)) {
+ return 1;
+ }
+
+ if(wrappedDecrKey.KeyHeader.Format == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) {
+ /* special case - no IV needed - test it */
+ wrapIvp = &nullInitVect;
+ }
+ else {
+ wrapIvp = &initVector;
+ initVector.Length = wrapIvSize;
+ }
+
+ /* unwrap wrappedDecrKey using unwrappingKey ==> unwrappedDecrKey; */
+ crtn = cspUnwrapKey(cspHand,
+ &wrappedDecrKey,
+ unwrappingKey,
+ wrapAlg,
+ wrapMode,
+ wrapPad,
+ wrapIvp,
+ &unwrappedDecrKey,
+ &outDescData2,
+ "unwrapped thing",
+ 15);
+ if(crtn) {
+ return testError(quiet);
+ }
+
+ if(vfyWrapHeader(&wrappedDecrKey.KeyHeader,
+ &unwrappedDecrKey.KeyHeader,
+ CSSM_KEYBLOB_REFERENCE,
+ "unwrappedDecrKey",
+ bareCsp,
+ quiet)) {
+ return 1;
+ }
+
+ /* compare descData to outDescData2 */
+ if(descData) {
+ if(descData->Length != outDescData2.Length) {
+ printf("descData length mismatch\n");
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ if(memcmp(descData->Data, outDescData2.Data, outDescData2.Length)) {
+ printf("***descDatadata miscompare\n");
+ if(testError(quiet)) {
+ return 1;
+ }
+ }
+ }
+
+ /* decrypt ctext with unwrappedDecrKey ==> rptext; */
+ rptext.Data = NULL;
+ rptext.Length = 0;
+ if(encrIvSize) {
+ initVector.Length = encrIvSize;
+ }
+ crtn = cspDecrypt(cspHand,
+ encrAlg,
+ encrMode,
+ encrPad,
+ &unwrappedDecrKey,
+ NULL, // no 2nd key
+ effectiveKeySizeInBits,
+ 0, // rounds
+ &initVector,
+ &ctext,
+ &rptext,
+ CSSM_TRUE);
+ if(crtn) {
+ return testError(quiet);
+ }
+ /* compare ptext vs. rptext; */
+ if(ptext->Length != rptext.Length) {
+ printf("ptext length mismatch\n");
+ return testError(quiet);
+ }
+ if(memcmp(ptext->Data, rptext.Data, ptext->Length)) {
+ printf("***data miscompare\n");
+ return testError(quiet);
+ }
+ /* free resources */
+ cspFreeKey(cspHand, &wrappedDecrKey);
+ cspFreeKey(cspHand, &unwrappedDecrKey);
+ if(wrapEncrKey) {
+ cspFreeKey(cspHand, actualEncrKey);
+ }
+ CSSM_FREE(ctext.Data);
+ CSSM_FREE(rptext.Data);
+ if(outDescData2.Data != NULL) {
+ CSSM_FREE(outDescData2.Data);
+ }
+ if(outDescData1.Data != NULL) {
+ CSSM_FREE(outDescData1.Data);
+ }
+ return 0;
+}
+
+/*
+ * values associated with a private algorithm (e.g., ALG_DES).
+ */
+typedef enum {
+ WT_Symmetric,
+ WT_Asymmetric,
+ WT_Null
+} wrapType;
+
+typedef struct {
+ uint32 keyGenAlg;
+ wrapType wtype;
+ CSSM_ALGORITHMS encrAlg;
+ CSSM_ENCRYPT_MODE encrMode;
+ CSSM_PADDING encrPad;
+ uint32 ivSize; // in bytes; 0 means no IV
+ const char *algName;
+} AlgInfo;
+
+/*
+ * Convert our private alg to CDSA keygen alg, encr alg, encr mode, pad
+ */
+static void getAlgInfo(PrivAlg privAlg, // e.g., ALG_DES
+ AlgInfo *algInfo)
+{
+ switch(privAlg) {
+ case ALG_DES:
+ algInfo->keyGenAlg = CSSM_ALGID_DES;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_DES;
+ algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8;
+ algInfo->encrPad = CSSM_PADDING_PKCS5;
+ algInfo->ivSize = 8;
+ algInfo->algName = "DES";
+ break;
+ case ALG_3DES:
+ algInfo->keyGenAlg = CSSM_ALGID_3DES_3KEY;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_3DES_3KEY_EDE;
+ algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8;
+ algInfo->encrPad = CSSM_PADDING_PKCS5;
+ algInfo->ivSize = 8;
+ algInfo->algName = "3DES";
+ break;
+ case ALG_FEEDEXP:
+ algInfo->keyGenAlg = CSSM_ALGID_FEE;
+ algInfo->wtype = WT_Asymmetric;
+ algInfo->encrAlg = CSSM_ALGID_FEEDEXP;
+ algInfo->encrMode = CSSM_ALGMODE_NONE;
+ algInfo->encrPad = CSSM_PADDING_NONE;
+ algInfo->ivSize = 0;
+ algInfo->algName = "FEEDEXP";
+ break;
+ case ALG_RSA:
+ algInfo->keyGenAlg = CSSM_ALGID_RSA;
+ algInfo->wtype = WT_Asymmetric;
+ algInfo->encrAlg = CSSM_ALGID_RSA;
+ algInfo->encrMode = CSSM_ALGMODE_NONE;
+ algInfo->encrPad = CSSM_PADDING_PKCS1;
+ algInfo->ivSize = 0;
+ algInfo->algName = "RSA";
+ break;
+ case ALG_ASC:
+ algInfo->keyGenAlg = CSSM_ALGID_ASC;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_ASC;
+ algInfo->encrMode = CSSM_ALGMODE_NONE;
+ algInfo->encrPad = CSSM_PADDING_NONE;
+ algInfo->ivSize = 0;
+ algInfo->algName = "ASC";
+ break;
+ case ALG_RC2:
+ algInfo->keyGenAlg = CSSM_ALGID_RC2;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_RC2;
+ algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8;
+ algInfo->encrPad = CSSM_PADDING_PKCS5;
+ algInfo->ivSize = 8;
+ algInfo->algName = "RC2";
+ break;
+ case ALG_RC4:
+ algInfo->keyGenAlg = CSSM_ALGID_RC4;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_RC4;
+ algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8;
+ algInfo->encrPad = CSSM_PADDING_PKCS5;
+ algInfo->ivSize = 0;
+ algInfo->algName = "RC4";
+ break;
+ case ALG_NULL:
+ algInfo->keyGenAlg = CSSM_ALGID_NONE;
+ algInfo->wtype = WT_Null;
+ algInfo->encrAlg = CSSM_ALGID_NONE;
+ algInfo->encrMode = CSSM_ALGMODE_NONE;
+ algInfo->encrPad = CSSM_PADDING_NONE;
+ algInfo->ivSize = 0;
+ algInfo->algName = "Null";
+ break;
+ case ALG_AES:
+ algInfo->keyGenAlg = CSSM_ALGID_AES;
+ algInfo->wtype = WT_Symmetric;
+ algInfo->encrAlg = CSSM_ALGID_AES;
+ algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8;
+ algInfo->encrPad = CSSM_PADDING_PKCS7;
+ algInfo->ivSize = 16;
+ algInfo->algName = "AES";
+ break;
+ default:
+ printf("Bogus privAlg\n");
+ exit(1);
+ }
+ return;
+}
+
+/* argv letter to private alg */
+static PrivAlg letterToAlg(char **argv, char letter)
+{
+ switch(letter) {
+ case 'd': return ALG_DES;
+ case '3': return ALG_3DES;
+ case 'f': return ALG_FEEDEXP;
+ case 'r': return ALG_RSA;
+ case 'A': return ALG_ASC;
+ case '4': return ALG_RC4;
+ case 'a': return ALG_AES;
+ default:
+ usage(argv);
+ return 0;
+ }
+}
+
+/*
+ * Null wrapping of symmetric keys now allowed
+ */
+#define SYMM_NULL_WRAP_ENABLE 1
+
+/* indices into algInfo[] */
+#define AI_WRAP 0
+#define AI_ENCR 1
+
+int main(int argc, char **argv)
+{
+ int arg;
+ char *argp;
+ unsigned loop;
+ CSSM_CSP_HANDLE cspHand;
+ CSSM_RETURN crtn;
+ CSSM_DATA ptext;
+ uint32 encrKeySizeBits; // well aligned
+ uint32 wrapKeySizeBits;
+ uint32 effectiveKeySizeInBits; // for encr, may be odd
+ int rtn = 0;
+ uint32 maxRsaKeySize = 1024;
+ uint32 maxFeeKeySize = 192;
+ CSSM_KEYBLOB_FORMAT wrapFormat; // NONE, PKCS7, PKCS8, APPLE_CUSTOM
+ CSSM_KEYBLOB_FORMAT expectFormat; // PKCS7, PKCS8, APPLE_CUSTOM
+ CSSM_DATA descData = {0, NULL};
+ CSSM_DATA_PTR descDataP;
+
+ /*
+ * key pointers passed to doTest() - for symmetric algs, the pairs
+ * might point to the same key
+ */
+ CSSM_KEY_PTR encrKeyPtr;
+ CSSM_KEY_PTR decrKeyPtr;
+ CSSM_KEY_PTR wrapKeyPtr;
+ CSSM_KEY_PTR unwrapKeyPtr;
+
+ /* persistent asymmetric keys - symm keys are dynamically allocated */
+ CSSM_KEY pubEncrKey;
+ CSSM_KEY privEncrKey;
+ CSSM_KEY pubWrapKey;
+ CSSM_KEY privWrapKey;
+
+ /* we iterate these values thru all possible algs */
+ PrivAlg privEncrAlg; // ALG_xxx
+ PrivAlg privWrapAlg;
+
+ /* two AlgInfo which contain everything we need to know per alg */
+ AlgInfo algInfo[2];
+ AlgInfo *encrInfo;
+ AlgInfo *wrapInfo;
+ CSSM_BOOL wrapEncrKey = CSSM_FALSE; // varies loop-to-loop
+ CSSM_BOOL encrKeyIsRef = CSSM_TRUE; // ditto
+
+ CSSM_BOOL genSeed; // for FEE key gen
+ int i;
+
+ /* user-specified vars */
+ unsigned loops = LOOPS_DEF;
+ CSSM_BOOL pause = CSSM_FALSE;
+ CSSM_BOOL verbose = CSSM_FALSE;
+ PrivAlg minWrapAlg = ALG_MIN;
+ PrivAlg maxWrapAlg = ALG_MAX_WRAP;
+ PrivAlg minEncrAlg = ALG_MIN;
+ PrivAlg maxEncrAlg = ALG_MAX_ENCR;
+ CSSM_BOOL quick = CSSM_FALSE;
+ CSSM_BOOL quiet = CSSM_FALSE;
+ CSSM_BOOL bareCsp = CSSM_TRUE;
+ CSSM_BOOL refKeysOnly = CSSM_FALSE;
+
+ for(arg=1; arg<argc; arg++) {
+ argp = argv[arg];
+ switch(argp[0]) {
+ case 'w':
+ if(argp[2] == 'n') {
+ minWrapAlg = maxWrapAlg = ALG_NULL;
+ }
+ else {
+ minWrapAlg = maxWrapAlg = letterToAlg(argv, argp[2]);
+ }
+ break;
+ case 'e':
+ minEncrAlg = maxEncrAlg = letterToAlg(argv, argp[2]);
+ break;
+ case 'l':
+ loops = atoi(&argp[2]);
+ break;
+ case 'p':
+ pause = CSSM_TRUE;
+ break;
+ case 'v':
+ verbose = CSSM_TRUE;
+ break;
+ case 'D':
+ bareCsp = CSSM_FALSE;
+ #if CSPDL_ALL_KEYS_ARE_REF
+ refKeysOnly = CSSM_TRUE;
+ #endif
+ break;
+ case 'r':
+ refKeysOnly = CSSM_TRUE;
+ break;
+ case 'q':
+ quiet = CSSM_TRUE;
+ break;
+ case 'k':
+ quick = CSSM_TRUE;
+ maxRsaKeySize = 512;
+ maxFeeKeySize = 127;
+ break;
+ default:
+ usage(argv);
+ }
+ }
+ cspHand = cspDlDbStartup(bareCsp, NULL);
+ if(cspHand == 0) {
+ exit(1);
+ }
+ wrapInfo = &algInfo[AI_WRAP];
+ encrInfo = &algInfo[AI_ENCR];
+
+ /* cook up ptext, descData */
+ ptext.Data = (uint8 *)CSSM_MALLOC(MAX_PTEXT_SIZE);
+ descData.Data = (uint8 *)CSSM_MALLOC(MAX_DESC_DATA_SIZE);
+
+ printf("Starting wrapTest; args: ");
+ for(i=1; i<argc; i++) {
+ printf("%s ", argv[i]);
+ }
+ printf("\n");
+
+ for(loop=0; loop<loops; loop++) {
+ if(!quiet) {
+ printf("...loop %d\n", loop);
+ }
+ if(pause) {
+ fpurge(stdin);
+ printf("Hit CR to proceed: ");
+ getchar();
+ }
+
+ /* iterate thru all encryption algs */
+ for(privEncrAlg=minEncrAlg; privEncrAlg<=maxEncrAlg; privEncrAlg++) {
+ /* handle disabled algs */
+ switch(privEncrAlg) {
+ case ALG_NULL: /* just skip this one, it's just for wrap */
+ continue;
+ default:
+ break;
+ }
+
+ /* generate key(s) to be wrapped */
+ getAlgInfo(privEncrAlg, encrInfo);
+ effectiveKeySizeInBits = randKeySizeBits(encrInfo->keyGenAlg, OT_Encrypt);
+ if(!refKeysOnly) {
+ encrKeyIsRef = (loop & 2) ? CSSM_TRUE : CSSM_FALSE;
+ }
+
+ switch(encrInfo->wtype) {
+ case WT_Symmetric:
+ /* round up to even byte */
+ encrKeySizeBits = (effectiveKeySizeInBits + 7) & ~7;
+ if(encrKeySizeBits == effectiveKeySizeInBits) {
+ effectiveKeySizeInBits = 0;
+ }
+ encrKeyPtr = decrKeyPtr = cspGenSymKey(cspHand,
+ encrInfo->keyGenAlg,
+ ENCR_LABEL,
+ ENCR_LABEL_LEN,
+ CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
+ encrKeySizeBits,
+ encrKeyIsRef);
+ if(encrKeyPtr == NULL) {
+ rtn = 1;
+ goto testDone;
+ }
+ #if SYMM_NULL_WRAP_ENABLE
+ /* wrapEncrKey every other loop */
+ if(!refKeysOnly) {
+ wrapEncrKey = (loop & 1) ? CSSM_TRUE : CSSM_FALSE;
+ }
+ #else
+ wrapEncrKey = CSSM_FALSE;
+ #endif /* SYMM_NULL_WRAP_ENABLE */
+ break;
+ case WT_Asymmetric:
+ /* handle alg-specific cases */
+ genSeed = CSSM_FALSE;
+ switch(privEncrAlg) {
+ case ALG_RSA:
+ if(effectiveKeySizeInBits > maxRsaKeySize) {
+ effectiveKeySizeInBits = maxRsaKeySize;
+ }
+ break;
+ case ALG_FEEDEXP:
+ if(effectiveKeySizeInBits > maxFeeKeySize) {
+ effectiveKeySizeInBits = maxFeeKeySize;
+ }
+ if(loop & 4) {
+ genSeed = CSSM_TRUE;
+ }
+ break;
+ default:
+ break;
+ }
+ encrKeySizeBits = effectiveKeySizeInBits;
+ effectiveKeySizeInBits = 0; // i.e., not specified
+ crtn = cspGenKeyPair(cspHand,
+ encrInfo->keyGenAlg,
+ ENCR_LABEL,
+ ENCR_LABEL_LEN,
+ encrKeySizeBits,
+ &pubEncrKey,
+ encrKeyIsRef, // pubIsRef
+ CSSM_KEYUSE_ENCRYPT,
+ CSSM_KEYBLOB_RAW_FORMAT_NONE,
+ &privEncrKey,
+ CSSM_TRUE, // privIsRef
+ CSSM_KEYUSE_DECRYPT,
+ CSSM_KEYBLOB_RAW_FORMAT_NONE,
+ genSeed);
+ if(crtn) {
+ rtn = testError(quiet);
+ goto testDone;
+ }
+ encrKeyPtr = &pubEncrKey;
+ decrKeyPtr = &privEncrKey;
+ /* wrapEncrKey every other loop */
+ if(!refKeysOnly) {
+ wrapEncrKey = (loop & 1) ? CSSM_TRUE : CSSM_FALSE;
+ }
+ break;
+ case WT_Null:
+ printf("***BRRZAP: can't do null encrypt\n");
+ goto testDone;
+ }
+ if(verbose) {
+ printf(" ...encrAlg %s wrapEncrKey %d encrKeyIsRef %d size %u "
+ "bits effectSize %u\n",
+ encrInfo->algName, (int)wrapEncrKey, (int)encrKeyIsRef,
+ (unsigned)encrKeySizeBits, (unsigned)effectiveKeySizeInBits);
+ }
+ /* iterate thru all wrap algs */
+ for(privWrapAlg=minWrapAlg; privWrapAlg<=maxWrapAlg; privWrapAlg++) {
+ /* handle disabled algs */
+ if((privWrapAlg == ALG_AES) && (privEncrAlg == ALG_FEEDEXP)) {
+ /*
+ * Can't do it. FEED can't do PKCS8 because it doesn't
+ * support PKCS8 private key format, and AES can't
+ * do APPLE_CUSTOM because AES needs a 16-byte IV.
+ */
+ continue;
+ }
+ /* any other restrictions/ */
+
+ /* generate wrapping key(s) */
+ getAlgInfo(privWrapAlg, wrapInfo);
+ switch(wrapInfo->wtype) {
+ case WT_Symmetric:
+ /* note we can't do odd-size wrapping keys */
+ wrapKeySizeBits = randKeySizeBits(wrapInfo->keyGenAlg,
+ OT_KeyExch);
+ wrapKeySizeBits &= ~7;
+ wrapKeyPtr = unwrapKeyPtr = cspGenSymKey(cspHand,
+ wrapInfo->keyGenAlg,
+ WRAP_LABEL,
+ WRAP_LABEL_LEN,
+ WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY :
+ CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP,
+ wrapKeySizeBits,
+ CSSM_TRUE);
+ if(wrapKeyPtr == NULL) {
+ rtn = 1;
+ goto testDone;
+ }
+ break;
+ case WT_Asymmetric:
+ wrapKeySizeBits = randKeySizeBits(wrapInfo->keyGenAlg,
+ OT_KeyExch);
+ genSeed = CSSM_FALSE;
+ switch(privWrapAlg) {
+ case ALG_RSA:
+ if(wrapKeySizeBits > maxRsaKeySize) {
+ wrapKeySizeBits = maxRsaKeySize;
+ }
+ break;
+ case ALG_FEEDEXP:
+ if(wrapKeySizeBits > maxFeeKeySize) {
+ wrapKeySizeBits = maxFeeKeySize;
+ }
+ if(loop & 2) {
+ genSeed = CSSM_TRUE;
+ }
+ break;
+ default:
+ break;
+ }
+ crtn = cspGenKeyPair(cspHand,
+ wrapInfo->keyGenAlg,
+ WRAP_LABEL,
+ WRAP_LABEL_LEN,
+ wrapKeySizeBits,
+ &pubWrapKey,
+ CSSM_TRUE, // pubIsRef
+ WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_WRAP,
+ CSSM_KEYBLOB_RAW_FORMAT_NONE,
+ &privWrapKey,
+ CSSM_TRUE, // privIsRef
+ WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_UNWRAP,
+ CSSM_KEYBLOB_RAW_FORMAT_NONE,
+ genSeed);
+ if(crtn) {
+ rtn = testError(quiet);
+ goto testDone;
+ }
+ wrapKeyPtr = &pubWrapKey;
+ unwrapKeyPtr = &privWrapKey;
+ break;
+ case WT_Null:
+ #if !SYMM_NULL_WRAP_ENABLE
+ if(encrInfo->wtype == WT_Symmetric) {
+ /* can't do null wrap of symmetric key */
+ continue;
+ }
+ #endif
+ wrapKeySizeBits = 0;
+ wrapKeyPtr = NULL;
+ unwrapKeyPtr = NULL;
+ break;
+ }
+
+ /* special case for 3DES/3DES */
+ #if 0
+ if((wrapKeyPtr != NULL) &&
+ (wrapKeyPtr->KeyHeader.AlgorithmId == CSSM_ALGID_3DES_3KEY) &&
+ (decrKeyPtr->KeyHeader.AlgorithmId == CSSM_ALGID_3DES_3KEY)) {
+ isAppleCustom = CSSM_TRUE;
+ }
+ else {
+ isAppleCustom = CSSM_FALSE;
+ }
+ #endif
+
+ /* cook up a wrapFormat - every other loop use default, others
+ * specify a reasonable one */
+ if(wrapInfo->wtype == WT_Null) {
+ wrapFormat = expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
+ }
+ else if((loop & 1)) {
+ /*
+ * FORMAT_NONE - default - figure out expected format;
+ * this has to track CSP behavior
+ */
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
+ switch(encrInfo->wtype) {
+ case WT_Symmetric:
+ expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7;
+ break;
+ case WT_Asymmetric:
+ if(privEncrAlg == ALG_FEEDEXP) {
+ expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
+ }
+ else {
+ expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
+ }
+ break;
+ default:
+ /* NULL encr not done */
+ printf("**GAK! Internal error\n");
+ }
+ }
+ else {
+ /* pick a good explicit one - this encapsulates the
+ * range of legal wrap formats per wrap/encrypt alg */
+ int die = loop & 2;
+ switch(encrInfo->wtype) {
+ case WT_Symmetric:
+ if(privWrapAlg == ALG_AES) {
+ /* can't do APPLE_CUSTOM - 16 byte IV */
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7;
+ }
+ else if(die) {
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7;
+ }
+ else {
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
+ }
+ break;
+ case WT_Asymmetric:
+ /* Can't wrap FEE key with AES no way, no how -
+ * this is detected at the top of the privWrapAlg
+ * loop
+ */
+ if(privEncrAlg == ALG_FEEDEXP) {
+ /* FEE doesn't do PKCS8 private key format */
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
+ }
+ else if(die) {
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
+ }
+ else if(privWrapAlg == ALG_AES) {
+ /* AES can't do APPLE_CUSTOM - 16 byte IV */
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
+ }
+ else {
+ wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM;
+ }
+ break;
+ default:
+ /* NULL encr not done */
+ printf("***GAK! Internal error\n");
+ exit(1);
+ }
+ expectFormat = wrapFormat;
+ }
+
+ /*
+ * If wrapping with apple custom - either by default or
+ * explicitly - generate some descriptive data.
+ */
+ if(expectFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) {
+ simpleGenData(&descData, 1, MAX_DESC_DATA_SIZE);
+ descDataP = &descData;
+ }
+ else {
+ descDataP = NULL;
+ }
+
+ if(verbose) {
+ printf(" ...wrapAlg = %s size %u bits format %s expect %s\n",
+ wrapInfo->algName, (unsigned)wrapKeySizeBits, formatString(wrapFormat),
+ formatString(expectFormat));
+ }
+ /* OK, here we go! */
+ if(doTest(cspHand,
+ encrKeyPtr,
+ wrapEncrKey,
+ decrKeyPtr,
+ wrapKeyPtr,
+ unwrapKeyPtr,
+ wrapInfo->encrAlg,
+ wrapInfo->encrMode,
+ wrapFormat,
+ expectFormat,
+ wrapInfo->encrPad,
+ wrapInfo->ivSize,
+ encrInfo->encrAlg,
+ encrInfo->encrMode,
+ encrInfo->encrPad,
+ encrInfo->ivSize,
+ effectiveKeySizeInBits,
+ &ptext,
+ descDataP,
+ quiet,
+ bareCsp)) {
+ rtn = 1;
+ goto testDone;
+ }
+ /* end of wrap alg loop - free/delete wrap key(s) */
+ switch(wrapInfo->wtype) {
+ case WT_Symmetric:
+ cspFreeKey(cspHand, wrapKeyPtr);
+ /* mallocd by cspGenSymKey */
+ CSSM_FREE(wrapKeyPtr);
+ break;
+ case WT_Asymmetric:
+ cspFreeKey(cspHand, wrapKeyPtr);
+ cspFreeKey(cspHand, unwrapKeyPtr);
+ break;
+ default:
+ break;
+ }
+ } /* for wrapAlg */
+ /* end of encr alg loop - free encr key(s) */
+ cspFreeKey(cspHand, encrKeyPtr);
+ if(encrInfo->wtype == WT_Symmetric) {
+ /* mallocd by cspGenSymKey */
+ CSSM_FREE(decrKeyPtr);
+ }
+ else {
+ cspFreeKey(cspHand, decrKeyPtr);
+ }
+ }
+ }
+testDone:
+ cspShutdown(cspHand, bareCsp);
+ if(pause) {
+ fpurge(stdin);
+ printf("ModuleDetach/Unload complete; hit CR to exit: ");
+ getchar();
+ }
+ if((rtn == 0) && !quiet) {
+ printf("%s test complete\n", argv[0]);
+ }
+ return rtn;
+}
projects / apple / security.git / blobdiff