-/*
- File: cryptTool.c
-
- Description: simple encrypt/decrypt utility to demonstrate CDSA API
- used for symmetric encryption
-
- Author: dmitch
-
- Copyright: Copyright (c) 2001,2003,2005-2006 Apple Computer, Inc. All Rights Reserved.
-
- Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
- Computer, Inc. ("Apple") in consideration of your agreement to
- the following terms, and your use, installation, modification
- or redistribution of this Apple software constitutes acceptance
- of these terms. If you do not agree with these terms, please
- do not use, install, modify or redistribute this Apple software.
-
- In consideration of your agreement to abide by the following
- terms, and subject to these terms, Apple grants you a personal,
- non-exclusive license, under Apple's copyrights in this
- original Apple software (the "Apple Software"), to use,
- reproduce, modify and redistribute the Apple Software, with
- or without modifications, in source and/or binary forms;
- provided that if you redistribute the Apple Software in
- its entirety and without modifications, you must retain
- this notice and the following text and disclaimers in all
- such redistributions of the Apple Software. Neither the
- name, trademarks, service marks or logos of Apple Computer,
- Inc. may be used to endorse or promote products derived from the
- Apple Software without specific prior written permission from
- Apple. Except as expressly stated in this notice, no other
- rights or licenses, express or implied, are granted by Apple
- herein, including but not limited to any patent rights that
- may be infringed by your derivative works or by other works
- in which the Apple Software may be incorporated.
-
- The Apple Software is provided by Apple on an "AS IS" basis.
- APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
- REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
- OR IN COMBINATION WITH YOUR PRODUCTS.
-
- IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
- INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
- AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
- AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
- NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
- HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#include "common.h"
-#include <security_cdsa_utils/cuFileIo.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-static void usage(char **argv)
-{
- printf("usage:\n");
- printf(" %s op password keySize inFile outFile [a=algorithm]\n", argv[0]);
- printf(" op:\n");
- printf(" e encrypt\n");
- printf(" d decrypt\n");
- printf(" algorithm:\n");
- printf(" 4 RC4 (default if no algorithm specified)\n");
- printf(" c ASC/ComCryption\n");
- printf(" d DES\n");
- printf(" a AES\n");
- exit(1);
-}
-
-/*
- * Derive symmetric key.
- */
-static CSSM_RETURN ctDeriveKey(CSSM_CSP_HANDLE cspHand,
- uint32 keyAlg, // CSSM_ALGID_RC5, etc.
- const char *keyLabel,
- unsigned keyLabelLen,
- uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
- uint32 keySizeInBits,
- CSSM_DATA_PTR password, // in PKCS-5 lingo
- CSSM_DATA_PTR salt, // ditto
- uint32 iterationCnt, // ditto
- CSSM_KEY_PTR key)
-{
- CSSM_RETURN crtn;
- CSSM_CC_HANDLE ccHand;
- uint32 keyAttr;
- CSSM_DATA dummyLabel;
- CSSM_PKCS5_PBKDF2_PARAMS pbeParams;
- CSSM_DATA pbeData;
- CSSM_ACCESS_CREDENTIALS creds;
-
- memset(key, 0, sizeof(CSSM_KEY));
- memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
- crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
- CSSM_ALGID_PKCS5_PBKDF2,
- keyAlg,
- keySizeInBits,
- &creds,
- NULL, // BaseKey
- iterationCnt,
- salt,
- NULL, // seed
- &ccHand);
- if(crtn) {
- printError("CSSM_CSP_CreateDeriveKeyContext", crtn);
- return crtn;
- }
- keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF |
- CSSM_KEYATTR_SENSITIVE;
- dummyLabel.Length = keyLabelLen;
- dummyLabel.Data = (uint8 *)keyLabel;
-
- /* passing in password is pretty strange....*/
- pbeParams.Passphrase = *password;
- pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
- pbeData.Data = (uint8 *)&pbeParams;
- pbeData.Length = sizeof(pbeParams);
- crtn = CSSM_DeriveKey(ccHand,
- &pbeData,
- keyUsage,
- keyAttr,
- &dummyLabel,
- NULL, // cred and acl
- key);
- if(crtn) {
- printError("CSSM_DeriveKey", crtn);
- return crtn;
- }
- crtn = CSSM_DeleteContext(ccHand);
- if(crtn) {
- printError("CSSM_DeleteContext", crtn);
- }
- return crtn;
-}
-
-
-int main(int argc, char **argv)
-{
- int rtn;
- uint32 keySizeInBytes; // from cmd line
- char *password; // ASCII password from cmd line
- char *inFileName; // from cmd line
- unsigned char *inFile; // raw infile data
- unsigned inFileSize; // in bytes
- char *outFileName; // from cmd line
- CSSM_CSP_HANDLE cspHand;
- CSSM_RETURN crtn;
- int doEncrypt = 0;
- CSSM_DATA passwordData;
- CSSM_DATA saltData = {8, (uint8 *)"someSalt"};
- CSSM_DATA inData; // data to encrypt/decrypt, from inFile
- CSSM_DATA outData = {0, NULL};// result data, written to outFile
- CSSM_CC_HANDLE ccHand; // crypto context
- CSSM_DATA remData = {0, NULL};
- CSSM_SIZE bytesProcessed;
- CSSM_KEY symKey;
- char algSpec = '4';
- CSSM_ALGORITHMS keyAlg = 0;
- CSSM_ALGORITHMS encrAlg = 0;
- CSSM_ENCRYPT_MODE encrMode = 0;
- CSSM_PADDING padding = 0;
- /* max of 16 bytes of init vector for the algs we use */
- CSSM_DATA initVect = {16, (uint8 *)"someStrangeInitVector"};
- CSSM_DATA_PTR initVectPtr = NULL;
-
- if(argc < 6) {
- usage(argv);
- }
-
- /* gather up cmd line args */
- switch(argv[1][0]) {
- case 'e':
- doEncrypt = 1;
- break;
- case 'd':
- doEncrypt = 0;
- break;
- default:
- usage(argv);
- }
- password = argv[2];
- passwordData.Data = (uint8 *)password;
- passwordData.Length = strlen(password);
- keySizeInBytes = atoi(argv[3]);
- if(keySizeInBytes == 0) {
- printf("keySize of 0 illegal\n");
- exit(1);
- }
- inFileName = argv[4];
- outFileName = argv[5];
-
- /* optional algorithm specifier */
- if(argc == 7) {
- if(argv[6][0] != 'a') {
- usage(argv);
- }
- algSpec = argv[6][2];
- }
-
- /* algorithm-specific parameters */
- switch(algSpec) {
- case '4':
- /* RC4 stream cipher - no padding, no IV, variable key size */
- keyAlg = CSSM_ALGID_RC4;
- encrAlg = CSSM_ALGID_RC4;
- encrMode = CSSM_ALGMODE_NONE;
- padding = CSSM_PADDING_NONE;
- break;
- case 'c':
- /* ComCryption stream cipher - no padding, no IV, variable key size */
- keyAlg = CSSM_ALGID_ASC;
- encrAlg = CSSM_ALGID_ASC;
- encrMode = CSSM_ALGMODE_NONE;
- padding = CSSM_PADDING_NONE;
- break;
- case 'd':
- /* DES block cipher, block size = 8 bytes, fixed key size */
- if(keySizeInBytes != 8) {
- printf("***DES must have key size of 8 bytes\n");
- exit(1);
- }
- keyAlg = CSSM_ALGID_DES;
- encrAlg = CSSM_ALGID_DES;
- encrMode = CSSM_ALGMODE_CBCPadIV8;
- padding = CSSM_PADDING_PKCS7;
- initVect.Length = 8;
- initVectPtr = &initVect;
- break;
- case 'a':
- /* AES block cipher, block size = 16 bytes, fixed key size */
- if(keySizeInBytes != 16) {
- printf("***AES must have key size of 8 bytes\n");
- exit(1);
- }
- keyAlg = CSSM_ALGID_AES;
- encrAlg = CSSM_ALGID_AES;
- encrMode = CSSM_ALGMODE_CBCPadIV8;
- padding = CSSM_PADDING_PKCS7;
- initVect.Length = 16;
- initVectPtr = &initVect;
- break;
- default:
- usage(argv);
- }
-
- /* read inFile from disk */
- rtn = readFile(inFileName, &inFile, &inFileSize);
- if(rtn) {
- printf("Error reading %s: %s\n", inFileName, strerror(rtn));
- exit(1);
- }
- inData.Data = inFile;
- inData.Length = inFileSize;
-
- /* attach to CSP */
- cspHand = cspStartup();
- if(cspHand == 0) {
- exit(1);
- }
-
- /*
- * Derive an actual encryption/decryption key from the password ASCII text.
- * We could use the ASCII text directly as key material but using the DeriveKey
- * function is much more secure (besides being an industry-standard way to
- * convert an ASCII password into binary key material).
- */
- crtn = ctDeriveKey(cspHand,
- keyAlg,
- "someLabel", // keyLabel, not important
- 9, // keyLabelLen
- doEncrypt ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
- keySizeInBytes * 8, // keySizeInBits,
- &passwordData,
- &saltData,
- 1000, // iterCount, 1000 is the minimum
- &symKey);
- if(crtn) {
- exit(1);
- }
-
- /*
- * Cook up a symmetric encrypt/decrypt context using the key we just derived
- */
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- encrAlg, // encryption algorithm
- encrMode, // mode
- NULL, // access cred
- &symKey,
- initVectPtr, // InitVector
- padding, // Padding
- NULL, // Params
- &ccHand);
- if(crtn) {
- printError("CSSM_CSP_CreateSymmetricContext", crtn);
- exit(1);
- }
-
- /*
- * Do the encrypt/decrypt.
- * We do this with the init/update/final sequence only to demonstrate its
- * usage.
- */
- if(doEncrypt) {
- crtn = CSSM_EncryptDataInit(ccHand);
- if(crtn) {
- printError("CSSM_EncryptDataInit", crtn);
- exit(1);
- }
-
- /* this step can be performed an arbitrary number of times, with
- * the appropriate housekeeping of inData and outData */
- crtn = CSSM_EncryptDataUpdate(ccHand,
- &inData,
- 1,
- &outData,
- 1,
- &bytesProcessed);
- if(crtn) {
- printError("CSSM_EncryptDataUpdate", crtn);
- exit(1);
- }
- outData.Length = bytesProcessed;
-
- /* one call more to clean up */
- crtn = CSSM_EncryptDataFinal(ccHand, &remData);
- if(crtn) {
- printError("CSSM_EncryptDataFinal", crtn);
- exit(1);
- }
- if(remData.Length != 0) {
- /* append remaining data to outData */
- uint32 newLen = outData.Length + remData.Length;
- outData.Data = (uint8 *)appRealloc(outData.Data,
- newLen,
- NULL);
- memmove(outData.Data + outData.Length, remData.Data, remData.Length);
- outData.Length = newLen;
- appFree(remData.Data, NULL);
- }
- }
- else {
- crtn = CSSM_DecryptDataInit(ccHand);
- if(crtn) {
- printError("CSSM_DecryptDataInit", crtn);
- exit(1);
- }
-
- /* this step can be performed an arbitrary number of times, with
- * the appropriate housekeeping of inData and outData */
- crtn = CSSM_DecryptDataUpdate(ccHand,
- &inData,
- 1,
- &outData,
- 1,
- &bytesProcessed);
- if(crtn) {
- printError("CSSM_DecryptDataUpdate", crtn);
- exit(1);
- }
- outData.Length = bytesProcessed;
-
- /* one call more to clean up */
- crtn = CSSM_DecryptDataFinal(ccHand, &remData);
- if(crtn) {
- printError("CSSM_DecryptDataFinal", crtn);
- exit(1);
- }
- if(remData.Length != 0) {
- /* append remaining data to outData */
- uint32 newLen = outData.Length + remData.Length;
- outData.Data = (uint8 *)appRealloc(outData.Data,
- newLen,
- NULL);
- memmove(outData.Data + outData.Length, remData.Data, remData.Length);
- outData.Length = newLen;
- appFree(remData.Data, NULL);
- }
- }
- if(crtn == CSSM_OK) {
- rtn = writeFile(outFileName, outData.Data, outData.Length);
- if(rtn) {
- printf("Error writing %s: %s\n", outFileName, strerror(rtn));
- exit(1);
- }
- else {
- printf("SUCCESS: inFile length %u bytes, outFile length %u bytes\n",
- inFileSize, (unsigned)outData.Length);
- }
- }
- /* free resources */
- crtn = CSSM_DeleteContext(ccHand);
- if(crtn) {
- printError("CSSM_DeleteContext", crtn);
- }
- crtn = CSSM_FreeKey(cspHand,
- NULL, // access cred
- &symKey,
- CSSM_FALSE); // don't delete since it wasn't permanent
- if(crtn) {
- printError("CSSM_FreeKey", crtn);
- }
- free(inFile); // mallocd by readFile()
-
- /* this was mallocd by CSP */
- appFree(outData.Data, NULL);
- CSSM_ModuleDetach(cspHand);
- return rtn;
-}
-
projects / apple / security.git / blobdiff