+++ /dev/null
-/*
- * extenTestTp - verify encoding and decoding of extensions using
- * CSSM_TP_SubmitCredRequest() to create the certs.
- */
-
-#include <security_cdsa_utils/cuFileIo.h>
-#include <clAppUtils/CertBuilderApp.h>
-#include <utilLib/common.h>
-#include <utilLib/cspwrap.h>
-#include <clAppUtils/clutils.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-#include <security_cdsa_utils/cuOidParser.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <Security/cssm.h>
-#include <Security/x509defs.h>
-#include <Security/oidsattr.h>
-#include <Security/oidscert.h>
-#include <Security/oidsalg.h>
-#include <Security/certextensions.h>
-#include <Security/cssmapple.h>
-
-#define KEY_ALG CSSM_ALGID_RSA
-#define SIG_ALG CSSM_ALGID_SHA1WithRSA
-#define SIG_OID CSSMOID_SHA1WithRSA
-#define KEY_SIZE_BITS CSP_RSA_KEY_SIZE_DEFAULT
-#define SUBJ_KEY_LABEL "subjectKey"
-
-#define LOOPS_DEF 10
-
-static void usage(char **argv)
-{
- printf("Usage: %s [options]\n", argv[0]);
- printf("Options:\n");
- printf(" e=extenSpec (default = all)\n");
- printf(" k keyUsage\n");
- printf(" b basicConstraints\n");
- printf(" x extendedKeyUsage\n");
- printf(" s subjectKeyId\n");
- printf(" a authorityKeyId\n");
- printf(" t SubjectAltName\n");
- printf(" i IssuerAltName\n");
- printf(" c certPolicies\n");
- printf(" n netscapeCertType\n");
- printf(" p CRLDistributionPoints\n");
- printf(" A AuthorityInfoAccess\n");
- printf(" S SubjectInfoAccess\n");
- printf(" w(rite blobs)\n");
- printf(" f=fileName (default is extension-specific file name)\n");
- printf(" d(isplay certs)\n");
- printf(" l=loops (default = %d)\n", LOOPS_DEF);
- printf(" p(ause on each loop)\n");
- printf(" P(ause on each cert)\n");
- exit(1);
-}
-
-/* subject and issuer - we aren't testing this */
-CSSM_APPLE_TP_NAME_OID dummyRdn[] =
-{
- { "Apple Computer", &CSSMOID_OrganizationName },
- { "Doug Mitchell", &CSSMOID_CommonName }
-};
-#define NUM_DUMMY_NAMES (sizeof(dummyRdn) / sizeof(CB_NameOid))
-
-/*
- * Static components we reuse for each encode/decode.
- */
-static CSSM_KEY subjPrivKey;
-static CSSM_KEY subjPubKey;
-
-static CSSM_BOOL randBool()
-{
- unsigned r = genRand(1, 0x10000000);
- return (r & 0x1) ? CSSM_TRUE : CSSM_FALSE;
-}
-
-/* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */
-static void randData(
- CSSM_DATA_PTR data,
- uint8 maxLen)
-{
- data->Data = (uint8 *)malloc(maxLen);
- simpleGenData(data, 1, maxLen);
-}
-
-/*
- * Various compare tests
- */
-int compBool(
- CSSM_BOOL pre,
- CSSM_BOOL post,
- const char *desc)
-{
- if(pre == post) {
- return 0;
- }
- printf("***Boolean miscompare on %s\n", desc);
- /* in case a CSSM_TRUE isn't exactly right... */
- switch(post) {
- case CSSM_FALSE:
- case CSSM_TRUE:
- break;
- default:
- printf("*** post value is %d expected %d\n",
- (int)post, (int)pre);
- break;
- }
- return 1;
-}
-
-static int compCssmData(
- CSSM_DATA &d1,
- CSSM_DATA &d2,
- const char *desc)
-{
- if(appCompareCssmData(&d1, &d2)) {
- return 0;
- }
- printf("CSSM_DATA miscompare on %s\n", desc);
- return 1;
-}
-
-#pragma mark ----- individual extension tests -----
-
-#pragma mark --- CE_KeyUsage ---
-static void kuCreate(void *arg)
-{
- CE_KeyUsage *ku = (CE_KeyUsage *)arg;
-
- /* set two random valid bits */
- *ku = 0;
- *ku |= 1 << genRand(7, 15);
- *ku |= 1 << genRand(7, 15);
-}
-
-static unsigned kuCompare(const void *pre, const void *post)
-{
- const CE_KeyUsage *kuPre = (CE_KeyUsage *)pre;
- const CE_KeyUsage *kuPost = (CE_KeyUsage *)post;
- if(*kuPre != *kuPost) {
- printf("***Miscompare in CE_KeyUsage\n");
- return 1;
- }
- return 0;
-}
-
-#pragma mark --- CE_BasicConstraints ---
-static void bcCreate(void *arg)
-{
- CE_BasicConstraints *bc = (CE_BasicConstraints *)arg;
- bc->cA = randBool();
- bc->pathLenConstraintPresent = randBool();
- if(bc->pathLenConstraintPresent) {
- bc->pathLenConstraint = genRand(1,10);
- }
-}
-
-static unsigned bcCompare(const void *pre, const void *post)
-{
- const CE_BasicConstraints *bcpre = (CE_BasicConstraints *)pre;
- const CE_BasicConstraints *bcpost = (CE_BasicConstraints *)post;
- unsigned rtn = 0;
-
- rtn += compBool(bcpre->cA, bcpost->cA, "BasicConstraints.cA");
- rtn += compBool(bcpre->pathLenConstraintPresent,
- bcpost->pathLenConstraintPresent,
- "BasicConstraints.pathLenConstraintPresent");
- if(bcpre->pathLenConstraint != bcpost->pathLenConstraint) {
- printf("BasicConstraints.pathLenConstraint mismatch\n");
- rtn++;
- }
- return rtn;
-}
-
-#pragma mark --- CE_SubjectKeyID ---
-static void skidCreate(void *arg)
-{
- CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg;
- randData(skid, 16);
-}
-
-static unsigned skidCompare(const void *pre, const void *post)
-{
- CSSM_DATA_PTR spre = (CSSM_DATA_PTR)pre;
- CSSM_DATA_PTR spost = (CSSM_DATA_PTR)post;
- return compCssmData(*spre, *spost, "SubjectKeyID");
-}
-
-static void skidFree(void *arg)
-{
- CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg;
- free(skid->Data);
-}
-
-#pragma mark --- CE_NetscapeCertType ---
-static void nctCreate(void *arg)
-{
- CE_NetscapeCertType *nct = (CE_NetscapeCertType *)arg;
-
- /* set two random valid bits */
- *nct = 0;
- *nct |= 1 << genRand(8, 15);
- *nct |= 1 << genRand(8, 15);
-}
-
-static unsigned nctCompare(const void *pre, const void *post)
-{
- const CE_NetscapeCertType *nPre = (CE_NetscapeCertType *)pre;
- const CE_NetscapeCertType *nPost = (CE_NetscapeCertType *)post;
- if(*nPre != *nPost) {
- printf("***Miscompare in CE_NetscapeCertType\n");
- return 1;
- }
- return 0;
-}
-
-#pragma mark --- CE_ExtendedKeyUsage ---
-
-/* a static array of meaningless OIDs, use 1.. NUM_SKU_OIDS */
-CSSM_OID ekuOids[] = {
- CSSMOID_CrlNumber,
- CSSMOID_CrlReason,
- CSSMOID_HoldInstructionCode,
- CSSMOID_InvalidityDate
-};
-#define NUM_SKU_OIDS 4
-
-static void ekuCreate(void *arg)
-{
- CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)arg;
- eku->numPurposes = genRand(1, NUM_SKU_OIDS);
- eku->purposes = ekuOids;
-}
-
-static unsigned ekuCompare(const void *pre, const void *post)
-{
- CE_ExtendedKeyUsage *ekupre = (CE_ExtendedKeyUsage *)pre;
- CE_ExtendedKeyUsage *ekupost = (CE_ExtendedKeyUsage *)post;
-
- if(ekupre->numPurposes != ekupost->numPurposes) {
- printf("CE_ExtendedKeyUsage.numPurposes miscompare\n");
- return 1;
- }
- unsigned rtn = 0;
- for(unsigned dex=0; dex<ekupre->numPurposes; dex++) {
- rtn += compCssmData(ekupre->purposes[dex],
- ekupost->purposes[dex], "CE_ExtendedKeyUsage.purposes");
- }
- return rtn;
-}
-
-
-#pragma mark --- general purpose X509 name generator ---
-
-/* Attr/Value pairs, pick one of NUM_ATTR_STRINGS */
-static char *attrStrings[] = {
- (char *)"thisName",
- (char *)"anotherName",
- (char *)"someOtherName"
-};
-#define NUM_ATTR_STRINGS 3
-
-/* A/V type, pick one of NUM_ATTR_TYPES */
-static CSSM_OID attrTypes[] = {
- CSSMOID_Surname,
- CSSMOID_CountryName,
- CSSMOID_OrganizationName,
- CSSMOID_Description
-};
-#define NUM_ATTR_TYPES 4
-
-/* A/V tag, pick one of NUM_ATTR_TAGS */
-static char attrTags[] = {
- BER_TAG_PRINTABLE_STRING,
- BER_TAG_IA5_STRING,
- BER_TAG_T61_STRING
-};
-#define NUM_ATTR_TAGS 3
-
-static void rdnCreate(
- CSSM_X509_RDN_PTR rdn)
-{
- unsigned numPairs = genRand(1,4);
- rdn->numberOfPairs = numPairs;
- unsigned len = numPairs * sizeof(CSSM_X509_TYPE_VALUE_PAIR);
- rdn->AttributeTypeAndValue =
- (CSSM_X509_TYPE_VALUE_PAIR_PTR)malloc(len);
- memset(rdn->AttributeTypeAndValue, 0, len);
-
- for(unsigned atvDex=0; atvDex<numPairs; atvDex++) {
- CSSM_X509_TYPE_VALUE_PAIR &pair =
- rdn->AttributeTypeAndValue[atvDex];
- unsigned die = genRand(1, NUM_ATTR_TYPES);
- pair.type = attrTypes[die - 1];
- die = genRand(1, NUM_ATTR_STRINGS);
- char *str = attrStrings[die - 1];
- pair.value.Data = (uint8 *)str;
- pair.value.Length = strlen(str);
- die = genRand(1, NUM_ATTR_TAGS);
- pair.valueType = attrTags[die - 1];
- }
-}
-
-static unsigned rdnCompare(
- CSSM_X509_RDN_PTR rdn1,
- CSSM_X509_RDN_PTR rdn2)
-{
- if(rdn1->numberOfPairs != rdn2->numberOfPairs) {
- printf("***Mismatch in numberOfPairs\n");
- return 1;
- }
- unsigned rtn = 0;
- for(unsigned atvDex=0; atvDex<rdn1->numberOfPairs; atvDex++) {
- CSSM_X509_TYPE_VALUE_PAIR &p1 =
- rdn1->AttributeTypeAndValue[atvDex];
- CSSM_X509_TYPE_VALUE_PAIR &p2 =
- rdn2->AttributeTypeAndValue[atvDex];
- if(p1.valueType != p2.valueType) {
- printf("***valueType miscompare\n");
- rtn++;
- }
- if(compCssmData(p1.type, p2.type, "ATV.type")) {
- rtn++;
- }
- if(compCssmData(p1.value, p2.value, "ATV.value")) {
- rtn++;
- }
- }
- return rtn;
-}
-
-static void rdnFree(
- CSSM_X509_RDN_PTR rdn)
-{
- free(rdn->AttributeTypeAndValue);
-}
-
-static void x509NameCreate(
- CSSM_X509_NAME_PTR x509Name)
-{
- memset(x509Name, 0, sizeof(*x509Name));
- unsigned numRdns = genRand(1,4);
- x509Name->numberOfRDNs = numRdns;
- unsigned len = numRdns * sizeof(CSSM_X509_RDN);
- x509Name->RelativeDistinguishedName = (CSSM_X509_RDN_PTR)malloc(len);
- memset(x509Name->RelativeDistinguishedName, 0, len);
-
- for(unsigned rdnDex=0; rdnDex<numRdns; rdnDex++) {
- CSSM_X509_RDN &rdn = x509Name->RelativeDistinguishedName[rdnDex];
- rdnCreate(&rdn);
- }
-}
-
-static unsigned x509NameCompare(
- const CSSM_X509_NAME_PTR n1,
- const CSSM_X509_NAME_PTR n2)
-{
- if(n1->numberOfRDNs != n2->numberOfRDNs) {
- printf("***Mismatch in numberOfRDNs\n");
- return 1;
- }
- unsigned rtn = 0;
- for(unsigned rdnDex=0; rdnDex<n1->numberOfRDNs; rdnDex++) {
- CSSM_X509_RDN &rdn1 = n1->RelativeDistinguishedName[rdnDex];
- CSSM_X509_RDN &rdn2 = n2->RelativeDistinguishedName[rdnDex];
- rtn += rdnCompare(&rdn1, &rdn2);
- }
- return rtn;
-}
-
-static void x509NameFree(
- CSSM_X509_NAME_PTR n)
-{
- for(unsigned rdnDex=0; rdnDex<n->numberOfRDNs; rdnDex++) {
- CSSM_X509_RDN &rdn = n->RelativeDistinguishedName[rdnDex];
- rdnFree(&rdn);
- }
- free(n->RelativeDistinguishedName);
-}
-
-#pragma mark --- general purpose GeneralNames generator ---
-
-#define SOME_URL_1 (char *)"http://foo.bar.com"
-#define SOME_URL_2 (char *)"http://bar.foo.com"
-#define SOME_DNS_1 (char *)"Some DNS"
-#define SOME_DNS_2 (char *)"Another DNS"
-unsigned char someIpAdr_1[] = {208, 161, 124, 209 };
-unsigned char someIpAdr_2[] = {10, 0, 61, 5};
-
-static void genNameCreate(CE_GeneralName *name)
-{
- unsigned type = genRand(1, 5);
- const char *src;
- unsigned char *usrc;
- switch(type) {
- case 1:
- name->nameType = GNT_URI;
- name->berEncoded = CSSM_FALSE;
- src = randBool() ? SOME_URL_1 : SOME_URL_2;
- appCopyData(src, strlen(src), &name->name);
- break;
-
- case 2:
- name->nameType = GNT_RegisteredID;
- name->berEncoded = CSSM_FALSE;
- appCopyData(CSSMOID_SubjectDirectoryAttributes.Data,
- CSSMOID_SubjectDirectoryAttributes.Length,
- &name->name);
- break;
-
- case 3:
- name->nameType = GNT_DNSName;
- name->berEncoded = CSSM_FALSE;
- src = randBool() ? SOME_DNS_1 : SOME_DNS_2;
- appCopyData(src, strlen(src), &name->name);
- break;
-
- case 4:
- name->nameType = GNT_IPAddress;
- name->berEncoded = CSSM_FALSE;
- usrc = randBool() ? someIpAdr_1 : someIpAdr_2;
- appCopyData(usrc, 4, &name->name);
- break;
-
- case 5:
- {
- /* X509_NAME, the hard one */
- name->nameType = GNT_DirectoryName;
- name->berEncoded = CSSM_FALSE;
- appSetupCssmData(&name->name, sizeof(CSSM_X509_NAME));
- x509NameCreate((CSSM_X509_NAME_PTR)name->name.Data);
- }
- }
-}
-
-static void genNamesCreate(void *arg)
-{
- CE_GeneralNames *names = (CE_GeneralNames *)arg;
- names->numNames = genRand(1, 3);
- // one at a time
- //names->numNames = 1;
- names->generalName = (CE_GeneralName *)malloc(names->numNames *
- sizeof(CE_GeneralName));
- memset(names->generalName, 0, names->numNames * sizeof(CE_GeneralName));
-
- for(unsigned i=0; i<names->numNames; i++) {
- CE_GeneralName *name = &names->generalName[i];
- genNameCreate(name);
- }
-}
-
-static unsigned genNameCompare(
- CE_GeneralName *npre,
- CE_GeneralName *npost)
-{
- unsigned rtn = 0;
- if(npre->nameType != npost->nameType) {
- printf("***CE_GeneralName.nameType miscompare\n");
- rtn++;
- }
- if(compBool(npre->berEncoded, npost->berEncoded,
- "CE_GeneralName.berEncoded")) {
- rtn++;
- }
-
- /* nameType-specific compare */
- switch(npre->nameType) {
- case GNT_RFC822Name:
- rtn += compCssmData(npre->name, npost->name,
- "CE_GeneralName.RFC822Name");
- break;
- case GNT_DNSName:
- rtn += compCssmData(npre->name, npost->name,
- "CE_GeneralName.DNSName");
- break;
- case GNT_URI:
- rtn += compCssmData(npre->name, npost->name,
- "CE_GeneralName.URI");
- break;
- case GNT_IPAddress:
- rtn += compCssmData(npre->name, npost->name,
- "CE_GeneralName.RFIPAddressC822Name");
- break;
- case GNT_RegisteredID:
- rtn += compCssmData(npre->name, npost->name,
- "CE_GeneralName.RegisteredID");
- break;
- case GNT_DirectoryName:
- rtn += x509NameCompare((CSSM_X509_NAME_PTR)npre->name.Data,
- (CSSM_X509_NAME_PTR)npost->name.Data);
- break;
- default:
- printf("****BRRZAP! genNamesCompare needs work\n");
- rtn++;
- }
- return rtn;
-}
-
-static unsigned genNamesCompare(const void *pre, const void *post)
-{
- const CE_GeneralNames *gnPre = (CE_GeneralNames *)pre;
- const CE_GeneralNames *gnPost = (CE_GeneralNames *)post;
- unsigned rtn = 0;
-
- if((gnPre == NULL) || (gnPost == NULL)) {
- printf("***Bad GenNames pointer\n");
- return 1;
- }
- if(gnPre->numNames != gnPost->numNames) {
- printf("***CE_GeneralNames.numNames miscompare\n");
- return 1;
- }
- for(unsigned dex=0; dex<gnPre->numNames; dex++) {
- CE_GeneralName *npre = &gnPre->generalName[dex];
- CE_GeneralName *npost = &gnPost->generalName[dex];
- rtn += genNameCompare(npre, npost);
- }
- return rtn;
-}
-
-
-static void genNameFree(CE_GeneralName *n)
-{
- switch(n->nameType) {
- case GNT_DirectoryName:
- x509NameFree((CSSM_X509_NAME_PTR)n->name.Data);
- CSSM_FREE(n->name.Data);
- break;
- default:
- CSSM_FREE(n->name.Data);
- break;
- }
-}
-
-
-static void genNamesFree(void *arg)
-{
- const CE_GeneralNames *gn = (CE_GeneralNames *)arg;
- for(unsigned dex=0; dex<gn->numNames; dex++) {
- CE_GeneralName *n = (CE_GeneralName *)&gn->generalName[dex];
- genNameFree(n);
- }
- free(gn->generalName);
-}
-
-#pragma mark --- CE_CRLDistPointsSyntax ---
-static void cdpCreate(void *arg)
-{
- CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg;
- //cdp->numDistPoints = genRand(1,3);
- // one at a time
- cdp->numDistPoints = 1;
- unsigned len = sizeof(CE_CRLDistributionPoint) * cdp->numDistPoints;
- cdp->distPoints = (CE_CRLDistributionPoint *)malloc(len);
- memset(cdp->distPoints, 0, len);
-
- for(unsigned dex=0; dex<cdp->numDistPoints; dex++) {
- CE_CRLDistributionPoint *pt = &cdp->distPoints[dex];
-
- /* all fields optional */
- if(randBool()) {
- CE_DistributionPointName *dpn = pt->distPointName =
- (CE_DistributionPointName *)malloc(
- sizeof(CE_DistributionPointName));
- memset(dpn, 0, sizeof(CE_DistributionPointName));
-
- /* CE_DistributionPointName has two flavors */
- if(randBool()) {
- dpn->nameType = CE_CDNT_FullName;
- dpn->dpn.fullName = (CE_GeneralNames *)malloc(
- sizeof(CE_GeneralNames));
- memset(dpn->dpn.fullName, 0, sizeof(CE_GeneralNames));
- genNamesCreate(dpn->dpn.fullName);
- }
- else {
- dpn->nameType = CE_CDNT_NameRelativeToCrlIssuer;
- dpn->dpn.rdn = (CSSM_X509_RDN_PTR)malloc(
- sizeof(CSSM_X509_RDN));
- memset(dpn->dpn.rdn, 0, sizeof(CSSM_X509_RDN));
- rdnCreate(dpn->dpn.rdn);
- }
- } /* creating CE_DistributionPointName */
-
- pt->reasonsPresent = randBool();
- if(pt->reasonsPresent) {
- CE_CrlDistReasonFlags *cdr = &pt->reasons;
- /* set two random valid bits */
- *cdr = 0;
- *cdr |= 1 << genRand(0,7);
- *cdr |= 1 << genRand(0,7);
- }
-
- /* make sure at least one present */
- if((!pt->distPointName && !pt->reasonsPresent) || randBool()) {
- pt->crlIssuer = (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames));
- memset(pt->crlIssuer, 0, sizeof(CE_GeneralNames));
- genNamesCreate(pt->crlIssuer);
- }
- }
-}
-
-static unsigned cdpCompare(const void *pre, const void *post)
-{
- CE_CRLDistPointsSyntax *cpre = (CE_CRLDistPointsSyntax *)pre;
- CE_CRLDistPointsSyntax *cpost = (CE_CRLDistPointsSyntax *)post;
-
- if(cpre->numDistPoints != cpost->numDistPoints) {
- printf("***CE_CRLDistPointsSyntax.numDistPoints miscompare\n");
- return 1;
- }
- unsigned rtn = 0;
- for(unsigned dex=0; dex<cpre->numDistPoints; dex++) {
- CE_CRLDistributionPoint *ptpre = &cpre->distPoints[dex];
- CE_CRLDistributionPoint *ptpost = &cpost->distPoints[dex];
-
- if(ptpre->distPointName) {
- if(ptpost->distPointName == NULL) {
- printf("***NULL distPointName post decode\n");
- rtn++;
- goto checkReason;
- }
- CE_DistributionPointName *dpnpre = ptpre->distPointName;
- CE_DistributionPointName *dpnpost = ptpost->distPointName;
- if(dpnpre->nameType != dpnpost->nameType) {
- printf("***CE_DistributionPointName.nameType miscompare\n");
- rtn++;
- goto checkReason;
- }
- if(dpnpre->nameType == CE_CDNT_FullName) {
- rtn += genNamesCompare(dpnpre->dpn.fullName, dpnpost->dpn.fullName);
- }
- else {
- rtn += rdnCompare(dpnpre->dpn.rdn, dpnpost->dpn.rdn);
- }
-
- }
- else if(ptpost->distPointName != NULL) {
- printf("***NON NULL distPointName post decode\n");
- rtn++;
- }
-
- checkReason:
- if(ptpre->reasons != ptpost->reasons) {
- printf("***CE_CRLDistributionPoint.reasons miscompare\n");
- rtn++;
- }
-
- if(ptpre->crlIssuer) {
- if(ptpost->crlIssuer == NULL) {
- printf("***NULL crlIssuer post decode\n");
- rtn++;
- continue;
- }
- CE_GeneralNames *gnpre = ptpre->crlIssuer;
- CE_GeneralNames *gnpost = ptpost->crlIssuer;
- rtn += genNamesCompare(gnpre, gnpost);
- }
- else if(ptpost->crlIssuer != NULL) {
- printf("***NON NULL crlIssuer post decode\n");
- rtn++;
- }
- }
- return rtn;
-}
-
-static void cdpFree(void *arg)
-{
- CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg;
- for(unsigned dex=0; dex<cdp->numDistPoints; dex++) {
- CE_CRLDistributionPoint *pt = &cdp->distPoints[dex];
- if(pt->distPointName) {
- CE_DistributionPointName *dpn = pt->distPointName;
- if(dpn->nameType == CE_CDNT_FullName) {
- genNamesFree(dpn->dpn.fullName);
- free(dpn->dpn.fullName);
- }
- else {
- rdnFree(dpn->dpn.rdn);
- free(dpn->dpn.rdn);
- }
- free(dpn);
- }
-
- if(pt->crlIssuer) {
- genNamesFree(pt->crlIssuer);
- free(pt->crlIssuer);
- }
- }
- free(cdp->distPoints);
-}
-
-#pragma mark --- CE_AuthorityKeyID ---
-static void authKeyIdCreate(void *arg)
-{
- CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg;
-
- /* all three fields optional */
-
- akid->keyIdentifierPresent = randBool();
- if(akid->keyIdentifierPresent) {
- randData(&akid->keyIdentifier, 16);
- }
-
- akid->generalNamesPresent = randBool();
- if(akid->generalNamesPresent) {
- akid->generalNames =
- (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames));
- memset(akid->generalNames, 0, sizeof(CE_GeneralNames));
- genNamesCreate(akid->generalNames);
- }
-
- if(!akid->keyIdentifierPresent & !akid->generalNamesPresent) {
- /* force at least one to be present */
- akid->serialNumberPresent = CSSM_TRUE;
- }
- else {
- akid->serialNumberPresent = randBool();
- }
- if(akid->serialNumberPresent) {
- randData(&akid->serialNumber, 16);
- }
-
-}
-
-static unsigned authKeyIdCompare(const void *pre, const void *post)
-{
- CE_AuthorityKeyID *akpre = (CE_AuthorityKeyID *)pre;
- CE_AuthorityKeyID *akpost = (CE_AuthorityKeyID *)post;
- unsigned rtn = 0;
-
- if(compBool(akpre->keyIdentifierPresent, akpost->keyIdentifierPresent,
- "CE_AuthorityKeyID.keyIdentifierPresent")) {
- rtn++;
- }
- else if(akpre->keyIdentifierPresent) {
- rtn += compCssmData(akpre->keyIdentifier,
- akpost->keyIdentifier, "CE_AuthorityKeyID.keyIdentifier");
- }
-
- if(compBool(akpre->generalNamesPresent, akpost->generalNamesPresent,
- "CE_AuthorityKeyID.generalNamesPresent")) {
- rtn++;
- }
- else if(akpre->generalNamesPresent) {
- rtn += genNamesCompare(akpre->generalNames,
- akpost->generalNames);
- }
-
- if(compBool(akpre->serialNumberPresent, akpost->serialNumberPresent,
- "CE_AuthorityKeyID.serialNumberPresent")) {
- rtn++;
- }
- else if(akpre->serialNumberPresent) {
- rtn += compCssmData(akpre->serialNumber,
- akpost->serialNumber, "CE_AuthorityKeyID.serialNumber");
- }
- return rtn;
-}
-
-static void authKeyIdFree(void *arg)
-{
- CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg;
-
- if(akid->keyIdentifier.Data) {
- free(akid->keyIdentifier.Data);
- }
- if(akid->generalNames) {
- genNamesFree(akid->generalNames); // genNamesCreate mallocd
- free(akid->generalNames); // we mallocd
- }
- if(akid->serialNumber.Data) {
- free(akid->serialNumber.Data);
- }
-}
-
-#pragma mark --- CE_CertPolicies ---
-
-/* random OIDs, pick 1..NUM_CP_OIDS */
-static CSSM_OID cpOids[] =
-{
- CSSMOID_EmailAddress,
- CSSMOID_UnstructuredName,
- CSSMOID_ContentType,
- CSSMOID_MessageDigest
-};
-#define NUM_CP_OIDS 4
-
-/* CPS strings, pick one of NUM_CPS_STR */
-static char *someCPSs[] =
-{
- (char *)"http://www.apple.com",
- (char *)"https://cdnow.com",
- (char *)"ftp:backwards.com"
-};
-#define NUM_CPS_STR 3
-
-/* make these looks like real sequences */
-static uint8 someUnotice[] = {0x30, 0x03, BER_TAG_BOOLEAN, 1, 0xff};
-static uint8 someOtherData[] = {0x30, 0x02, BER_TAG_NULL, 0};
-
-static void cpCreate(void *arg)
-{
- CE_CertPolicies *cp = (CE_CertPolicies *)arg;
- cp->numPolicies = genRand(1,3);
- //cp->numPolicies = 1;
- unsigned len = sizeof(CE_PolicyInformation) * cp->numPolicies;
- cp->policies = (CE_PolicyInformation *)malloc(len);
- memset(cp->policies, 0, len);
-
- for(unsigned polDex=0; polDex<cp->numPolicies; polDex++) {
- CE_PolicyInformation *pi = &cp->policies[polDex];
- unsigned die = genRand(1, NUM_CP_OIDS);
- pi->certPolicyId = cpOids[die - 1];
- unsigned numQual = genRand(1,3);
- pi->numPolicyQualifiers = numQual;
- len = sizeof(CE_PolicyQualifierInfo) * numQual;
- pi->policyQualifiers = (CE_PolicyQualifierInfo *)
- malloc(len);
- memset(pi->policyQualifiers, 0, len);
- for(unsigned cpiDex=0; cpiDex<numQual; cpiDex++) {
- CE_PolicyQualifierInfo *qi =
- &pi->policyQualifiers[cpiDex];
- if(randBool()) {
- qi->policyQualifierId = CSSMOID_QT_CPS;
- die = genRand(1, NUM_CPS_STR);
- qi->qualifier.Data = (uint8 *)someCPSs[die - 1];
- qi->qualifier.Length = strlen((char *)qi->qualifier.Data);
- }
- else {
- qi->policyQualifierId = CSSMOID_QT_UNOTICE;
- if(randBool()) {
- qi->qualifier.Data = someUnotice;
- qi->qualifier.Length = 5;
- }
- else {
- qi->qualifier.Data = someOtherData;
- qi->qualifier.Length = 4;
- }
- }
- }
- }
-}
-
-static unsigned cpCompare(const void *pre, const void *post)
-{
- CE_CertPolicies *cppre = (CE_CertPolicies *)pre;
- CE_CertPolicies *cppost = (CE_CertPolicies *)post;
-
- if(cppre->numPolicies != cppost->numPolicies) {
- printf("CE_CertPolicies.numPolicies mismatch\n");
- return 1;
- }
- unsigned rtn = 0;
- for(unsigned polDex=0; polDex<cppre->numPolicies; polDex++) {
- CE_PolicyInformation *pipre = &cppre->policies[polDex];
- CE_PolicyInformation *pipost = &cppost->policies[polDex];
- rtn += compCssmData(pipre->certPolicyId, pipost->certPolicyId,
- "CE_PolicyInformation.certPolicyId");
- if(pipre->numPolicyQualifiers != pipost->numPolicyQualifiers) {
- printf("CE_PolicyInformation.CE_PolicyInformation mismatch\n");
- rtn++;
- continue;
- }
-
- for(unsigned qiDex=0; qiDex<pipre->numPolicyQualifiers; qiDex++) {
- CE_PolicyQualifierInfo *qipre = &pipre->policyQualifiers[qiDex];
- CE_PolicyQualifierInfo *qipost = &pipost->policyQualifiers[qiDex];
- rtn += compCssmData(qipre->policyQualifierId,
- qipost->policyQualifierId,
- "CE_PolicyQualifierInfo.policyQualifierId");
- rtn += compCssmData(qipre->qualifier,
- qipost->qualifier,
- "CE_PolicyQualifierInfo.qualifier");
- }
- }
- return rtn;
-}
-
-static void cpFree(void *arg)
-{
- CE_CertPolicies *cp = (CE_CertPolicies *)arg;
- for(unsigned polDex=0; polDex<cp->numPolicies; polDex++) {
- CE_PolicyInformation *pi = &cp->policies[polDex];
- free(pi->policyQualifiers);
- }
- free(cp->policies);
-}
-
-#pragma mark --- CE_AuthorityInfoAccess ---
-
-/* random OIDs, pick 1..NUM_AI_OIDS */
-static CSSM_OID aiOids[] =
-{
- CSSMOID_AD_OCSP,
- CSSMOID_AD_CA_ISSUERS,
- CSSMOID_AD_TIME_STAMPING,
- CSSMOID_AD_CA_REPOSITORY
-};
-#define NUM_AI_OIDS 4
-
-static void aiaCreate(void *arg)
-{
- CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg;
- aia->numAccessDescriptions = genRand(1,3);
- unsigned len = aia->numAccessDescriptions * sizeof(CE_AccessDescription);
- aia->accessDescriptions = (CE_AccessDescription *)malloc(len);
- memset(aia->accessDescriptions, 0, len);
-
- for(unsigned dex=0; dex<aia->numAccessDescriptions; dex++) {
- CE_AccessDescription *ad = &aia->accessDescriptions[dex];
- int die = genRand(1, NUM_AI_OIDS);
- ad->accessMethod = aiOids[die - 1];
- genNameCreate(&ad->accessLocation);
- }
-}
-
-static unsigned aiaCompare(const void *pre, const void *post)
-{
- CE_AuthorityInfoAccess *apre = (CE_AuthorityInfoAccess *)pre;
- CE_AuthorityInfoAccess *apost = (CE_AuthorityInfoAccess *)post;
- unsigned rtn = 0;
-
- if(apre->numAccessDescriptions != apost->numAccessDescriptions) {
- printf("***CE_AuthorityInfoAccess.numAccessDescriptions miscompare\n");
- return 1;
- }
- for(unsigned dex=0; dex<apre->numAccessDescriptions; dex++) {
- CE_AccessDescription *adPre = &apre->accessDescriptions[dex];
- CE_AccessDescription *adPost = &apost->accessDescriptions[dex];
- if(compCssmData(adPre->accessMethod, adPost->accessMethod,
- "CE_AccessDescription.accessMethod")) {
- rtn++;
- }
- rtn += genNameCompare(&adPre->accessLocation, &adPost->accessLocation);
- }
- return rtn;
-}
-
-static void aiaFree(void *arg)
-{
- CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg;
- for(unsigned dex=0; dex<aia->numAccessDescriptions; dex++) {
- CE_AccessDescription *ad = &aia->accessDescriptions[dex];
- genNameFree(&ad->accessLocation);
- }
- free(aia->accessDescriptions);
-}
-
-#pragma mark --- test definitions ---
-
-/*
- * Define one extension test.
- */
-
-/*
- * Cook up this extension with random, reasonable values.
- * Incoming pointer refers to extension-specific C struct, mallocd
- * and zeroed by main test routine.
- */
-typedef void (*extenCreateFcn)(void *arg);
-
-/*
- * Compare two instances of this extension. Return number of
- * compare errors.
- */
-typedef unsigned (*extenCompareFcn)(
- const void *preEncode,
- const void *postEncode);
-
-/*
- * Free struct components mallocd in extenCreateFcn. Do not free
- * the outer struct.
- */
-typedef void (*extenFreeFcn)(void *arg);
-
-typedef struct {
- /* three extension-specific functions */
- extenCreateFcn createFcn;
- extenCompareFcn compareFcn;
- extenFreeFcn freeFcn;
-
- /* size of C struct passed to all three functions */
- unsigned extenSize;
-
- /* the CE_DataType for this extension, used on encode */
- CE_DataType extenType;
-
- /* the OID for this extension, tested on decode */
- CSSM_OID extenOid;
-
- /* description for error logging and blob writing */
- const char *extenDescr;
-
- /* command-line letter for this one */
- char extenLetter;
-
-} ExtenTest;
-
-/* empty freeFcn means no extension-specific resources to free */
-#define NO_FREE NULL
-
-static ExtenTest extenTests[] = {
- { kuCreate, kuCompare, NO_FREE,
- sizeof(CE_KeyUsage),
- DT_KeyUsage, CSSMOID_KeyUsage,
- "KeyUsage", 'k' },
- { bcCreate, bcCompare, NO_FREE,
- sizeof(CE_BasicConstraints),
- DT_BasicConstraints, CSSMOID_BasicConstraints,
- "BasicConstraints", 'b' },
- { ekuCreate, ekuCompare, NO_FREE,
- sizeof(CE_ExtendedKeyUsage),
- DT_ExtendedKeyUsage, CSSMOID_ExtendedKeyUsage,
- "ExtendedKeyUsage", 'x' },
- { skidCreate, skidCompare, skidFree,
- sizeof(CSSM_DATA),
- DT_SubjectKeyID, CSSMOID_SubjectKeyIdentifier,
- "SubjectKeyID", 's' },
- { authKeyIdCreate, authKeyIdCompare, authKeyIdFree,
- sizeof(CE_AuthorityKeyID),
- DT_AuthorityKeyID, CSSMOID_AuthorityKeyIdentifier,
- "AuthorityKeyID", 'a' },
- { genNamesCreate, genNamesCompare, genNamesFree,
- sizeof(CE_GeneralNames),
- DT_SubjectAltName, CSSMOID_SubjectAltName,
- "SubjectAltName", 't' },
- { genNamesCreate, genNamesCompare, genNamesFree,
- sizeof(CE_GeneralNames),
- DT_IssuerAltName, CSSMOID_IssuerAltName,
- "IssuerAltName", 'i' },
- { nctCreate, nctCompare, NO_FREE,
- sizeof(CE_NetscapeCertType),
- DT_NetscapeCertType, CSSMOID_NetscapeCertType,
- "NetscapeCertType", 'n' },
- { cdpCreate, cdpCompare, cdpFree,
- sizeof(CE_CRLDistPointsSyntax),
- DT_CrlDistributionPoints, CSSMOID_CrlDistributionPoints,
- "CRLDistPoints", 'p' },
- { cpCreate, cpCompare, cpFree,
- sizeof(CE_CertPolicies),
- DT_CertPolicies, CSSMOID_CertificatePolicies,
- "CertPolicies", 'c' },
- { aiaCreate, aiaCompare, aiaFree,
- sizeof(CE_AuthorityInfoAccess),
- DT_AuthorityInfoAccess, CSSMOID_AuthorityInfoAccess,
- "AuthorityInfoAccess", 'A' },
- #if 0
- /* TP doesn't have this, neither does certextensions.h! */
- { aiaCreate, aiaCompare, aiaFree,
- sizeof(CE_AuthorityInfoAccess), CSSMOID_SubjectInfoAccess,
- "SubjectInfoAccess", 'S' },
- #endif
-};
-
-#define NUM_EXTEN_TESTS (sizeof(extenTests) / sizeof(ExtenTest))
-
-static void printExtenPre(
- CE_DataAndType *extenData,
- CSSM_OID *extenOid,
- OidParser &parser)
-{
- CSSM_FIELD field;
- CSSM_X509_EXTENSION extn;
-
- /*
- * Convert pre-digested into CSSM_X509_EXTENSION that
- * printCertField() can understand
- */
- extn.extnId = *extenOid;
- extn.critical = extenData->critical;
- extn.format = CSSM_X509_DATAFORMAT_PARSED;
- extn.value.parsedValue = &extenData->extension;
- field.FieldOid = *extenOid;
- field.FieldValue.Data = (uint8 *)&extn;
- field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION);
- printf("=== PRE-ENCODE:\n");
- printCertField(field, parser, CSSM_TRUE);
-}
-
-
-static void printExten(
- CSSM_X509_EXTENSION &extn,
- OidParser &parser)
-{
- CSSM_FIELD field;
- field.FieldOid = extn.extnId;
- field.FieldValue.Data = (uint8 *)&extn;
- field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION);
- printf("=== POST-DECODE:\n");
- printCertField(field, parser, CSSM_TRUE);
-}
-
-static int doTest(
- CSSM_CL_HANDLE clHand,
- CSSM_TP_HANDLE tpHand,
- CSSM_CSP_HANDLE cspHand,
- ExtenTest &extenTest,
- bool writeBlobs,
- const char *constFileName, // all blobs to this file if non-NULL
- bool displayExtens,
- OidParser &parser)
-{
- CSSM_APPLE_TP_CERT_REQUEST certReq;
- CSSM_TP_REQUEST_SET reqSet;
- sint32 estTime;
- CSSM_BOOL confirmRequired;
- CSSM_TP_RESULT_SET_PTR resultSet;
- CSSM_ENCODED_CERT *encCert;
- CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext;
- CSSM_FIELD policyId;
- CE_DataAndType extPre;
- CSSM_RETURN crtn;
- CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest
- CSSM_DATA signedCert = {0, NULL};
-
- memset(&certReq, 0, sizeof(certReq));
- memset(&extPre, 0, sizeof(extPre));
-
- /*
- * Cook up a random and reasonable instance of the C struct
- * associated with this extension.
- */
- extenTest.createFcn(&extPre.extension);
-
- /*
- * Cook up the associated CSSM_X509_EXTENSION.
- */
- extPre.type = extenTest.extenType;
- extPre.critical = randBool();
-
- /*
- * Now the cert request proper.
- */
- certReq.cspHand = cspHand;
- certReq.clHand = clHand;
- certReq.serialNumber = 0x8765;
- certReq.numSubjectNames = NUM_DUMMY_NAMES;
- certReq.subjectNames = dummyRdn;
- certReq.numIssuerNames = NUM_DUMMY_NAMES;
- certReq.issuerNames = dummyRdn;
- certReq.certPublicKey = &subjPubKey;
- certReq.issuerPrivateKey = &subjPrivKey;
- certReq.signatureAlg = CSSM_ALGID_SHA1WithRSA;
- certReq.signatureOid = SIG_OID;
- certReq.notBefore = 0; // now
- certReq.notAfter = 10000; // seconds from now
- certReq.numExtensions = 1;
- certReq.extensions = &extPre;
-
- reqSet.NumberOfRequests = 1;
- reqSet.Requests = &certReq;
-
- /* a big CSSM_TP_CALLERAUTH_CONTEXT just to specify an OID */
- memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT));
- memset(&policyId, 0, sizeof(CSSM_FIELD));
- policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN;
- CallerAuthContext.Policy.NumberOfPolicyIds = 1;
- CallerAuthContext.Policy.PolicyIds = &policyId;
-
- /* GO */
- crtn = CSSM_TP_SubmitCredRequest(tpHand,
- NULL, // PreferredAuthority
- CSSM_TP_AUTHORITY_REQUEST_CERTISSUE,
- &reqSet,
- &CallerAuthContext,
- &estTime,
- &refId);
- if(crtn) {
- printError("CSSM_TP_SubmitCredRequest", crtn);
- /* show what we tried to encode and decode */
- printExtenPre(&extPre, &extenTest.extenOid, parser);
- return 1;
- }
- crtn = CSSM_TP_RetrieveCredResult(tpHand,
- &refId,
- NULL, // CallerAuthCredentials
- &estTime,
- &confirmRequired,
- &resultSet); // leaks.....
- if(crtn) {
- printError("CSSM_TP_RetrieveCredResult", crtn);
- /* show what we tried to encode and decode */
- printExtenPre(&extPre, &extenTest.extenOid, parser);
- return 1;
- }
- if(resultSet == NULL) {
- printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n");
- /* show what we tried to encode and decode */
- printExtenPre(&extPre, &extenTest.extenOid, parser);
- return 1;
- }
- encCert = (CSSM_ENCODED_CERT *)resultSet->Results;
- signedCert = encCert->CertBlob;
-
- if(writeBlobs) {
- char fileName[200];
- if(constFileName) {
- strcpy(fileName, constFileName);
- }
- else {
- sprintf(fileName, "%scert.der", extenTest.extenDescr);
- }
- writeFile(fileName, signedCert.Data, signedCert.Length);
- printf("...wrote %lu bytes to %s\n", signedCert.Length, fileName);
- }
-
- /* snag the same extension from the encoded cert */
- CSSM_DATA_PTR postField;
- CSSM_HANDLE resultHand;
- uint32 numFields;
-
- crtn = CSSM_CL_CertGetFirstFieldValue(clHand,
- &signedCert,
- &extenTest.extenOid,
- &resultHand,
- &numFields,
- &postField);
- if(crtn) {
- printf("****Extension field not found on decode for %s\n",
- extenTest.extenDescr);
- printError("CSSM_CL_CertGetFirstFieldValue", crtn);
-
- /* show what we tried to encode and decode */
- printExtenPre(&extPre, &extenTest.extenOid, parser);
- return 1;
- }
-
- if(numFields != 1) {
- printf("****GetFirstFieldValue: expect 1 value, got %u\n",
- (unsigned)numFields);
- return 1;
- }
- CSSM_CL_CertAbortQuery(clHand, resultHand);
-
- /* verify the fields we generated */
- CSSM_X509_EXTENSION *extnPost = (CSSM_X509_EXTENSION *)postField->Data;
- if((extnPost == NULL) ||
- (postField->Length != sizeof(CSSM_X509_EXTENSION))) {
- printf("***Malformed CSSM_X509_EXTENSION (1) after decode\n");
- return 1;
- }
- int rtn = 0;
- rtn += compBool(extPre.critical, extnPost->critical,
- "CSSM_X509_EXTENSION.critical");
- rtn += compCssmData(extenTest.extenOid, extnPost->extnId,
- "CSSM_X509_EXTENSION.extnId");
-
- if(extnPost->format != CSSM_X509_DATAFORMAT_PARSED) {
- printf("***Expected CSSM_X509_DATAFORMAT_PARSED (%x(x), got %x(x)\n",
- CSSM_X509_DATAFORMAT_PARSED, extnPost->format);
- }
- if(extnPost->value.parsedValue == NULL) {
- printf("***no parsedValue pointer!\n");
- return 1;
- }
-
- /* down to extension-specific compare */
- rtn += extenTest.compareFcn(&extPre.extension, extnPost->value.parsedValue);
-
- if(rtn) {
- /* print preencode only on error */
- printExtenPre(&extPre, &extenTest.extenOid, parser);
- }
- if(displayExtens || rtn) {
- printExten(*extnPost, parser);
- }
-
- /* free the allocated data */
- if(extenTest.freeFcn) {
- extenTest.freeFcn(&extPre.extension);
- }
- CSSM_CL_FreeFieldValue(clHand, &extenTest.extenOid, postField);
- CSSM_FREE(signedCert.Data);
- CSSM_FREE(encCert);
- CSSM_FREE(resultSet);
- return rtn;
-}
-
-static void doPause(bool pause)
-{
- if(!pause) {
- return;
- }
- fpurge(stdin);
- printf("CR to continue ");
- getchar();
-}
-
-int main(int argc, char **argv)
-{
- CSSM_CL_HANDLE clHand;
- CSSM_TP_HANDLE tpHand;
- CSSM_CSP_HANDLE cspHand;
- CSSM_RETURN crtn;
- int arg;
- int rtn;
- OidParser parser;
- char *argp;
- unsigned i;
-
- /* user-specificied params */
- unsigned minExtenNum = 0;
- unsigned maxExtenNum = NUM_EXTEN_TESTS-1;
- bool writeBlobs = false;
- bool displayExtens = false;
- bool quiet = false;
- unsigned loops = LOOPS_DEF;
- bool pauseLoop = false;
- bool pauseCert = false;
- const char *constFileName = NULL;
-
- for(arg=1; arg<argc; arg++) {
- argp = argv[arg];
- switch(argp[0]) {
- case 'w':
- writeBlobs = true;
- break;
- case 'd':
- displayExtens = true;
- break;
- case 'q':
- quiet = true;
- break;
- case 'p':
- pauseLoop = true;
- break;
- case 'P':
- pauseCert = true;
- break;
- case 'l':
- loops = atoi(&argp[2]);
- break;
- case 'f':
- constFileName = &argp[2];
- break;
- case 'e':
- if(argp[1] != '=') {
- usage(argv);
- }
- /* scan thru test array looking for epecified extension */
- for(i=0; i<NUM_EXTEN_TESTS; i++) {
- if(extenTests[i].extenLetter == argp[2]) {
- minExtenNum = maxExtenNum = i;
- break;
- }
- }
- if(i == NUM_EXTEN_TESTS) {
- usage(argv);
- }
- break;
- default:
- usage(argv);
- }
- }
-
-
- /* common setup */
- clHand = clStartup();
- if(clHand == 0) {
- return 0;
- }
- tpHand = tpStartup();
- if(tpHand == 0) {
- return 0;
- }
- cspHand = cspStartup();
- if(cspHand == 0) {
- return 0;
- }
-
- printf("Starting extenTestTp; args: ");
- for(i=1; i<(unsigned)argc; i++) {
- printf("%s ", argv[i]);
- }
- printf("\n");
-
- /* one common key pair - we're definitely not testing this */
- crtn = cspGenKeyPair(cspHand,
- KEY_ALG,
- SUBJ_KEY_LABEL,
- strlen(SUBJ_KEY_LABEL),
- KEY_SIZE_BITS,
- &subjPubKey,
- CSSM_FALSE, // pubIsRef - should work both ways, but not yet
- CSSM_KEYUSE_VERIFY,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- &subjPrivKey,
- CSSM_TRUE, // privIsRef - doesn't matter
- CSSM_KEYUSE_SIGN,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- CSSM_FALSE);
- if(crtn) {
- exit(1);
- }
-
- for(unsigned loop=0; loop<loops; loop++) {
- if(!quiet) {
- printf("...loop %u\n", loop);
- }
- for(unsigned extenDex=minExtenNum; extenDex<=maxExtenNum; extenDex++) {
- rtn = doTest(clHand, tpHand, cspHand, extenTests[extenDex],
- writeBlobs, constFileName, displayExtens, parser);
- if(rtn) {
- break;
- }
- doPause(pauseCert);
- }
- if(rtn) {
- break;
- }
- doPause(pauseLoop);
- }
-
- if(rtn) {
- printf("***%s FAILED\n", argv[0]);
- }
- else if(!quiet) {
- printf("...%s passed\n", argv[0]);
- }
-
-
- /* cleanup */
- CSSM_ModuleDetach(cspHand);
- CSSM_ModuleDetach(clHand);
- CSSM_ModuleDetach(tpHand);
- return 0;
-}
-
projects / apple / security.git / blobdiff