+++ /dev/null
-/* Copyright (c) 1998,2003-2005 Apple Computer, Inc.
- *
- * miniWrap.c - simple key wrap/unwrap exerciser.
- *
- * Revision History
- * ----------------
- * 4 May 2000 Doug Mitchell
- * Ported to X/CDSA2.
- * 22 May 1998 Doug Mitchell at Apple
- * Created.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
-#include <Security/cssm.h>
-#include "cspwrap.h"
-#include "common.h"
-#include "cspdlTesting.h"
-
-/*
- * Temporary hack to use CSSM_KEYBLOB_WRAPPED_FORMAT_{PKCS7,PKCS8}, which
- * are no longer supported as of 7/28/00
- */
-#define PKCS8_FORMAT_ENABLE 1
-#define PKCS7_FORMAT_ENABLE 0
-
-#define ENCR_USAGE_NAME "noLabel"
-#define ENCR_USAGE_NAME_LEN (strlen(ENCR_USAGE_NAME))
-#define WRAP_USAGE_NAME "noWrapLabel"
-#define WRAP_USAGE_NAME_LEN (strlen(WRAP_USAGE_NAME))
-#define LOOPS_DEF 10
-#define MAX_PTEXT_SIZE 1000
-#define LOOP_PAUSE 10
-
-/*
- * A new restriction for X: when wrapping using an RSA key, you can't
- * wrap a key which is bigger than the RSA key itself because the
- * wrap (Encrypt) is a one-shot deal, unlike the OS9 CSP which
- * handled multiple chunks. This only effectively restricts the
- * use of an RSA key to wrap symmetric keys, which doesn't seem like
- * an unreasonable restriction.
- */
-#define RSA_WRAP_RESTRICTION 1
-
-/*
- * Currently the CSP can use wrapping keys flagged exclusively for wrapping
- * (CSSM_KEYUSE_{WRAP,UNWRAP} for the actual wrap sinceĆthe wrap/unwrap op is
- * done with an encrypt/decrypt op. The WrapKey op doesn't even see the
- * wrapping key - it's in the context we pass it. Thus for now wrap/unwrap
- * keys have to be marked with CSSM_KEYUSE_ANY.
- */
-#define WRAP_USAGE_ANY 0
-
-static void usage(char **argv)
-{
- printf("usage: %s [options]\n", argv[0]);
- printf(" Options:\n");
- printf(" f (only wrap RSA private key)\n");
- printf(" d (only wrap DES key)\n");
- printf(" S (do symmetric wrap only)\n");
- printf(" a (do asymmetric wrap only)\n");
- printf(" n (do null wrap only)\n");
- printf(" m (dump malloc info)\n");
- printf(" r (ref keys only)\n");
- printf(" w (wrap only)\n");
- printf(" e (export)\n");
- printf(" q (quiet)\n");
- printf(" k (force PKCS7/8)\n");
- #if PKCS7_FORMAT_ENABLE || PKCS8_FORMAT_ENABLE
- printf(" K (skip PKCS7/8) (pkcs normally enable)\n");
- #else
- printf(" K (allow PKCS7/8) (pkcs normally disabled)\n");
- #endif /* PKCS_FORMAT_ENABLE */
- printf(" D (CSP/DL; default = bare CSP)\n");
- printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF);
- printf(" p(ause every %d loops)\n", LOOP_PAUSE);
- printf(" h(elp)\n");
- exit(1);
-}
-
-/* not all algs need this, pass it in anyway */
-CSSM_DATA initVector = {8, (uint8 *)"someVect"};
-
-/*
- * local verbose wrap/unwrap functions.
- */
-/* wrap key function. */
-static CSSM_RETURN wrapKey(CSSM_CSP_HANDLE cspHand,
- const CSSM_KEY_PTR unwrappedKey, // must be ref
- const CSSM_KEY_PTR wrappingKey,
- CSSM_ALGORITHMS wrapAlg,
- CSSM_ENCRYPT_MODE wrapMode,
- CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8
- CSSM_PADDING wrapPad,
- CSSM_KEY_PTR wrappedKey) // RETURNED
-{
- CSSM_CC_HANDLE ccHand;
- CSSM_RETURN crtn;
- CSSM_RETURN crtn2;
- #if WRAP_KEY_REQUIRES_CREDS
- CSSM_ACCESS_CREDENTIALS creds;
- #endif
-
- #if 0
- if(unwrappedKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
- printf("Hey! you can only wrap a reference key!\n");
- return CSSM_ERRCODE_INTERNAL_ERROR;
- }
- #endif
- memset(wrappedKey, 0, sizeof(CSSM_KEY));
- memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
- /* special case for NULL wrap - no wrapping key */
- if((wrappingKey == NULL) ||
- (wrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) {
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- wrapAlg,
- wrapMode,
- &creds, // accessCred
- wrappingKey,
- &initVector,
- wrapPad, // Padding
- NULL, // Reserved
- &ccHand);
- if(crtn) {
- printError("cspWrapKey/CreateContext", crtn);
- return CSSM_ERRCODE_INTERNAL_ERROR;
- }
- }
- else {
- crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
- wrapAlg,
- &creds, // passPhrase
- wrappingKey,
- wrapPad, // Padding
- &ccHand);
- if(crtn) {
- printError("cspWrapKey/CreateContext", crtn);
- return CSSM_ERRCODE_INTERNAL_ERROR;
- }
- /* CMS requires 8-byte IV */
- crtn = AddContextAttribute(ccHand,
- CSSM_ATTRIBUTE_INIT_VECTOR,
- sizeof(CSSM_DATA),
- CAT_Ptr,
- &initVector,
- 0);
- if(crtn) {
- printError("CSSM_UpdateContextAttributes", crtn);
- return crtn;
- }
- }
- if(wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) {
- /* only add this attribute if it's not the default */
- CSSM_CONTEXT_ATTRIBUTE attr;
- attr.AttributeType = CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT;
- attr.AttributeLength = sizeof(uint32);
- attr.Attribute.Uint32 = wrapFormat;
- crtn = CSSM_UpdateContextAttributes(
- ccHand,
- 1,
- &attr);
- if(crtn) {
- printError("CSSM_UpdateContextAttributes", crtn);
- return crtn;
- }
- }
- crtn = CSSM_WrapKey(ccHand,
- #if WRAP_KEY_REQUIRES_CREDS
- &creds,
- #else
- NULL, // AccessCred
- #endif
- unwrappedKey,
- NULL, // DescriptiveData
- wrappedKey);
- if(crtn != CSSM_OK) {
- printError("CSSM_WrapKey", crtn);
- }
- if((crtn2 = CSSM_DeleteContext(ccHand))) {
- printError("CSSM_DeleteContext", crtn2);
- }
- return crtn;
-}
-
-/* unwrap key function. */
-static CSSM_RETURN unwrapKey(CSSM_CSP_HANDLE cspHand,
- const CSSM_KEY_PTR wrappedKey,
- const CSSM_KEY_PTR unwrappingKey,
- CSSM_ALGORITHMS unwrapAlg,
- CSSM_ENCRYPT_MODE unwrapMode,
- CSSM_PADDING unwrapPad,
- CSSM_KEY_PTR unwrappedKey, // RETURNED
- const unsigned char *keyLabel,
- unsigned keyLabelLen)
-{
- CSSM_CC_HANDLE ccHand;
- CSSM_RETURN crtn;
- CSSM_RETURN crtn2;
- CSSM_DATA labelData;
- uint32 keyAttr;
- CSSM_DATA descData = { 0, NULL };
- CSSM_ACCESS_CREDENTIALS creds;
-
- memset(unwrappedKey, 0, sizeof(CSSM_KEY));
- memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
- if((unwrappingKey == NULL) ||
- (unwrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) {
- crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
- unwrapAlg,
- unwrapMode,
- &creds, // accessCreds
- unwrappingKey,
- &initVector,
- unwrapPad, // Padding
- 0, // Reserved
- &ccHand);
- if(crtn) {
- printError("cspUnwrapKey/CreateContext", crtn);
- return CSSM_ERRCODE_INTERNAL_ERROR;
- }
- }
- else {
- crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
- unwrapAlg,
- &creds, // passPhrase,
- unwrappingKey,
- unwrapPad, // Padding
- &ccHand);
- if(crtn) {
- printError("cspUnwrapKey/CreateContext", crtn);
- return CSSM_ERRCODE_INTERNAL_ERROR;
- }
- /* CMS requires 8-byte IV */
- crtn = AddContextAttribute(ccHand,
- CSSM_ATTRIBUTE_INIT_VECTOR,
- sizeof(CSSM_DATA),
- CAT_Ptr,
- &initVector,
- 0);
- if(crtn) {
- printError("CSSM_UpdateContextAttributes", crtn);
- return crtn;
- }
- }
- labelData.Data = (uint8 *)keyLabel;
- labelData.Length = keyLabelLen;
-
- /*
- * New keyAttr - clear some old bits, make sure we ask for ref key
- */
- keyAttr = wrappedKey->KeyHeader.KeyAttr;
- keyAttr &= ~(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE);
- keyAttr |= CSSM_KEYATTR_RETURN_REF;
- crtn = CSSM_UnwrapKey(ccHand,
- NULL, // PublicKey
- wrappedKey,
- CSSM_KEYUSE_ANY, // FIXME
- keyAttr,
- &labelData,
- NULL, // CredAndAclEntry
- unwrappedKey,
- &descData); // required
- if(crtn != CSSM_OK) {
- printError("CSSM_UnwrapKey", crtn);
- }
- if((crtn2 = CSSM_DeleteContext(ccHand))) {
- printError("CSSM_DeleteContext", crtn2);
- }
- return crtn;
-}
-
-#define UNWRAPPED_LABEL "unwrapped thing"
-#define NULL_TEST 0
-#if NULL_TEST
-
-static int doTest(CSSM_CSP_HANDLE cspHand,
- CSSM_KEY_PTR encrKey,
- CSSM_KEY_PTR decrKey, // we wrap this one
- CSSM_KEY_PTR wrappingKey, // ...using this key, NULL for null wrap
- CSSM_KEY_PTR unwrappingKey,
- CSSM_ALGORITHMS wrapAlg,
- CSSM_ENCRYPT_MODE wrapMode,
- CSSM_PADDING wrapPad,
- CSSM_ALGORITHMS encrAlg,
- CSSM_ENCRYPT_MODE encrMode,
- CSSM_PADDING encrPad,
- CSSM_BOOL wrapOnly,
- uint32 maxPtextSize, // max size to encrypt
- CSSM_BOOL quiet)
-{
- return 0;
-}
-#else /* NULL_TEST */
-/*
- * NULL Wrapping decrKey - a private key - only works for DEBUG CSPs.
- * We'll always wrap decrKey, except for NULL wrap when
- * NULL_WRAP_DECR_KEY is false.
- */
-#define NULL_WRAP_DECR_KEY 1
-
-static int doTest(CSSM_CSP_HANDLE cspHand,
- CSSM_KEY_PTR encrKey, // we wrap this one
- CSSM_KEY_PTR decrKey, // ...or this one, depending on WRAP_DECR_KEY
- CSSM_KEY_PTR wrappingKey, // ...using this key, NULL for null wrap
- CSSM_KEY_PTR unwrappingKey,
- CSSM_ALGORITHMS wrapAlg,
- CSSM_ENCRYPT_MODE wrapMode,
- CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8
- CSSM_PADDING wrapPad,
- CSSM_ALGORITHMS encrAlg,
- CSSM_ENCRYPT_MODE encrMode,
- CSSM_PADDING encrPad,
- CSSM_BOOL wrapOnly,
- uint32 maxPtextSize, // max size to encrypt
- CSSM_BOOL quiet)
-{
- CSSM_DATA ptext;
- CSSM_DATA ctext;
- CSSM_DATA rptext;
- CSSM_KEY wrappedKey;
- CSSM_KEY unwrappedKey;
- CSSM_RETURN crtn;
- CSSM_KEY_PTR realEncrKey; // encrKey or &unwrappedKey
- CSSM_KEY_PTR realDecrKey; // decrKey or &unwrappedKey
-
- /* wrap decrKey or encrKey using wrappingKey ==> wrappedKey */
- if((wrappingKey == NULL) && !NULL_WRAP_DECR_KEY) {
- /* NULL wrap of pub key */
- crtn = wrapKey(cspHand,
- encrKey,
- wrappingKey,
- wrapAlg,
- wrapMode,
- wrapFormat,
- wrapPad,
- &wrappedKey);
- realEncrKey = &unwrappedKey;
- realDecrKey = decrKey;
- }
- else {
- /* normal case, wrap priv key (may be NULL if NULL_WRAP_DECR_KEY) */
- crtn = wrapKey(cspHand,
- decrKey,
- wrappingKey,
- wrapAlg,
- wrapMode,
- wrapFormat,
- wrapPad,
- &wrappedKey);
- realEncrKey = encrKey;
- realDecrKey = &unwrappedKey;
- }
-
- if(crtn) {
- return testError(quiet);
- }
- if((wrappingKey != NULL) && // skip for NULL wrap
- (wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE)) {
- /* don't want default, verify we got what we want */
- if(wrappedKey.KeyHeader.Format != wrapFormat) {
- printf("wrapped key format mismatch: expect %u; got %u\n",
- (unsigned)wrapFormat, (unsigned)wrappedKey.KeyHeader.Format);
- if(testError(quiet)) {
- return 1;
- }
- }
- }
- if(wrapOnly) {
- cspFreeKey(cspHand, &wrappedKey);
- goto done;
- }
- /* unwrap wrappedKey using unwrappingKey ==> unwrappedKey; */
- crtn = unwrapKey(cspHand,
- &wrappedKey,
- unwrappingKey,
- wrapAlg,
- wrapMode,
- wrapPad,
- &unwrappedKey,
- (uint8 *)UNWRAPPED_LABEL,
- 15);
- if(crtn) {
- return testError(quiet);
- }
-
- /* cook up ptext */
- ptext.Data = (uint8 *)CSSM_MALLOC(maxPtextSize);
- simpleGenData(&ptext, 1, maxPtextSize);
- /* encrypt using realEncrKey ==> ctext */
- ctext.Data = NULL;
- ctext.Length = 0;
- crtn = cspEncrypt(cspHand,
- encrAlg,
- encrMode,
- encrPad,
- realEncrKey,
- NULL, // no 2nd key
- 0, // effectiveKeySize
- 0, // rounds
- &initVector,
- &ptext,
- &ctext,
- CSSM_TRUE); // mallocCtext
- if(crtn) {
- return testError(quiet);
- }
-
- /* decrypt ctext with realDecrKey ==> rptext; */
- rptext.Data = NULL;
- rptext.Length = 0;
- crtn = cspDecrypt(cspHand,
- encrAlg,
- encrMode,
- encrPad,
- realDecrKey,
- NULL, // no 2nd key
- 0, // effectiveKeySize
- 0, // rounds
- &initVector,
- &ctext,
- &rptext,
- CSSM_TRUE);
- if(crtn) {
- return testError(quiet);
- }
-
- /* compare ptext vs. rptext; */
- if(ptext.Length != rptext.Length) {
- printf("ptext length mismatch\n");
- return testError(quiet);
- }
- if(memcmp(ptext.Data, rptext.Data, ptext.Length)) {
- printf("***data miscompare\n");
- return testError(quiet);
- }
- /* free resources */
- cspFreeKey(cspHand, &wrappedKey);
- cspFreeKey(cspHand, &unwrappedKey);
- CSSM_FREE(ptext.Data);
- CSSM_FREE(ctext.Data);
- CSSM_FREE(rptext.Data);
-done:
- return 0;
-}
-#endif /* NULL_TEST */
-
-int main(int argc, char **argv)
-{
- int arg;
- char *argp;
- int i;
- CSSM_CSP_HANDLE cspHand;
- CSSM_RETURN crtn;
- CSSM_KEY origPub; // we generate if !desSubj
- CSSM_KEY origPriv;
- CSSM_KEY_PTR origSess; // we generate if desSubj
- CSSM_KEY_PTR origEncrKey; // pts to origPub or origSess
- CSSM_KEY_PTR origDecrKey; // pts to origPriv or origSess
- CSSM_ALGORITHMS encrAlg;
- CSSM_ENCRYPT_MODE encrMode;
- CSSM_PADDING encrPad;
- int rtn = 0;
- CSSM_BOOL genRsaKey;
- uint32 maxPtextSize;
- CSSM_BOOL encrIsRef = CSSM_TRUE;
- CSSM_BOOL decrIsRef = CSSM_TRUE;
- CSSM_KEYBLOB_FORMAT wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
- unsigned loop;
-
- /* user-specified vars */
- unsigned loops = LOOPS_DEF;
- CSSM_BOOL pause = CSSM_FALSE;
- CSSM_BOOL doSymmWrap = CSSM_TRUE;
- CSSM_BOOL doAsymmWrap = CSSM_TRUE;
- CSSM_BOOL doNullWrap = CSSM_TRUE;
- CSSM_BOOL doSymmEncrOnly = CSSM_FALSE;
- CSSM_BOOL doAsymmEncrOnly = CSSM_FALSE;
- CSSM_BOOL wrapOnly = CSSM_FALSE;
- CSSM_BOOL quiet = CSSM_FALSE;
- CSSM_BOOL bareCsp = CSSM_TRUE;
- CSSM_BOOL forcePkcs = CSSM_FALSE;
- CSSM_BOOL refKeysOnly = CSSM_FALSE;
- #if PKCS_FORMAT_ENABLE
- CSSM_BOOL skipPkcs = CSSM_FALSE;
- #else
- CSSM_BOOL skipPkcs = CSSM_TRUE;
- #endif
-
- for(arg=1; arg<argc; arg++) {
- argp = argv[arg];
- switch(argp[0]) {
- case 'S':
- doAsymmWrap = CSSM_FALSE;
- doNullWrap = CSSM_FALSE;
- break;
- case 'a':
- doSymmWrap = CSSM_FALSE;
- doNullWrap = CSSM_FALSE;
- break;
- case 'n':
- doSymmWrap = CSSM_FALSE;
- doAsymmWrap = CSSM_FALSE;
- break;
- case 'f':
- doAsymmEncrOnly = CSSM_TRUE;
- break;
- case 'd': // symmetric encrypt only option
- case 'e': // export option - avoids asymetric encrypt/decrypt
- doSymmEncrOnly = CSSM_TRUE;
- break;
- case 'l':
- loops = atoi(&argp[2]);
- break;
- case 'w':
- wrapOnly = CSSM_TRUE;
- break;
- case 'p':
- pause = CSSM_TRUE;
- break;
- case 'D':
- bareCsp = CSSM_FALSE;
- #if CSPDL_ALL_KEYS_ARE_REF
- refKeysOnly = CSSM_TRUE;
- #endif
- break;
- case 'k':
- forcePkcs = CSSM_TRUE;
- break;
- case 'K':
- #if PKCS7_FORMAT_ENABLE || PKCS8_FORMAT_ENABLE
- skipPkcs = CSSM_TRUE;
- #else
- skipPkcs = CSSM_FALSE;
- #endif
- break;
- case 'r':
- refKeysOnly = CSSM_TRUE;
- break;
- case 'q':
- quiet = CSSM_TRUE;
- break;
- default:
- usage(argv);
- }
- }
-
- #if 0
- #if !PKCS_FORMAT_ENABLE
- if(skipPkcs) {
- if(doAsymmEncrOnly) {
- printf("Asymmetric keys can only be wrapped via PKCS; aborting\n");
- usage(argv);
- }
- else if(!doSymmWrap) {
- printf("AsymmetricWrapping can only be done via PKCS; aborting\n");
- usage(argv);
- }
- doSymmEncrOnly = CSSM_TRUE;
- doSymmWrap = CSSM_TRUE;
- doAsymmWrap = CSSM_FALSE;
- }
- #endif /* !PKCS_FORMAT_ENABLE */
- #endif
-
- cspHand = cspDlDbStartup(bareCsp, NULL);
- if(cspHand == 0) {
- exit(1);
- }
-
- printf("Starting miniWrap; args: ");
- for(i=1; i<argc; i++) {
- printf("%s ", argv[i]);
- }
- printf("\n");
-
- for(loop=1; ; loop++) {
- if((loop % LOOP_PAUSE) == 0) {
- if(!quiet) {
- printf("...loop %d\n", loop);
- }
- if(pause) {
- fpurge(stdin);
- printf("Hit CR to proceed: ");
- getchar();
- }
- }
-
- /* mix up ref and raw keys - with X, we can wrap a raw key */
- if(!refKeysOnly) {
- encrIsRef = (loop & 2) ? CSSM_TRUE : CSSM_FALSE;
- decrIsRef = (loop & 4) ? CSSM_TRUE : CSSM_FALSE;
- }
-
- /* first generate key to be wrapped */
- if(!doAsymmEncrOnly && (doSymmEncrOnly || ((loop & 1) == 0))) {
- if(!quiet) {
- printf("...wrapping DES key (%s)\n",
- encrIsRef ? "ref" : "raw");
- }
- origSess = cspGenSymKey(cspHand,
- CSSM_ALGID_DES,
- ENCR_USAGE_NAME,
- ENCR_USAGE_NAME_LEN,
- CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
- CSP_KEY_SIZE_DEFAULT,
- encrIsRef);
- if(origSess == NULL) {
- rtn = 1;
- goto testDone;
- }
- origDecrKey = origEncrKey = origSess;
- encrAlg = CSSM_ALGID_DES;
- encrMode = CSSM_ALGMODE_CBCPadIV8;
- encrPad = CSSM_PADDING_PKCS5;
- maxPtextSize = MAX_PTEXT_SIZE; // i.e., unlimited
- }
- else {
- origSess = NULL;
- }
- if(!doSymmEncrOnly && (doAsymmEncrOnly || ((loop & 1) == 1))) {
- if(!quiet) {
- printf("...wrapping RSA key (pub %s priv %s)\n",
- (encrIsRef ? "ref" : "raw"),
- (decrIsRef ? "ref" : "raw"));
- }
- crtn = cspGenKeyPair(cspHand,
- CSSM_ALGID_RSA,
- ENCR_USAGE_NAME,
- ENCR_USAGE_NAME_LEN,
- CSP_KEY_SIZE_DEFAULT,
- &origPub,
- encrIsRef, // pubIsRef
- CSSM_KEYUSE_ENCRYPT,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- &origPriv,
- decrIsRef, // privIsRef
- CSSM_KEYUSE_DECRYPT,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- CSSM_FALSE); // genSeed
- if(crtn) {
- rtn = 1;
- goto testDone;
- }
- origDecrKey = &origPriv;
- origEncrKey = &origPub;
- encrAlg = CSSM_ALGID_RSA;
- encrMode = CSSM_ALGMODE_NONE;
- encrPad = CSSM_PADDING_PKCS1;
- genRsaKey = CSSM_TRUE;
- maxPtextSize = origPriv.KeyHeader.LogicalKeySizeInBits / 8;
- // a weird BSAFE requirement which is not documented
- maxPtextSize -= 11;
- }
- else {
- genRsaKey = CSSM_FALSE;
- }
-
- /* now the tests, symmetric and/or asymmetric wrapping */
- if(doSymmWrap) {
- CSSM_KEY_PTR wrapKey;
- if(!quiet) {
- printf(" ...Doing symmetric wrap\n");
- }
- wrapKey = cspGenSymKey(cspHand,
- CSSM_ALGID_DES,
- WRAP_USAGE_NAME,
- WRAP_USAGE_NAME_LEN,
- /* for now, wrapping keys have to have keyuse_any */
- /* CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, */
- WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY :
- CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP,
- CSP_KEY_SIZE_DEFAULT,
- CSSM_TRUE); // FIXME - try both
- if(wrapKey == NULL) {
- rtn = 1;
- goto testDone;
- }
- if(forcePkcs) {
- /* symmetric wrapping key ==> PKCS7 */
- wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7;
- }
- else {
- /* default */
- wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
- }
- if(doTest(cspHand,
- origEncrKey,
- origDecrKey,
- wrapKey,
- wrapKey,
- CSSM_ALGID_DES, // wrapAlg
- CSSM_ALGMODE_CBCPadIV8, // wrapMode
- wrapFormat,
- CSSM_PADDING_PKCS5, // wrapPad
- encrAlg,
- encrMode,
- encrPad,
- wrapOnly,
- maxPtextSize,
- quiet)) {
- rtn = 1;
- goto testDone;
- }
- cspFreeKey(cspHand, wrapKey);
- CSSM_FREE(wrapKey); // mallocd by cspGenSymKey
- wrapKey = NULL;
- }
- if(doAsymmWrap &&
- !(RSA_WRAP_RESTRICTION && (origEncrKey != origDecrKey))) {
- /* skip wrapping asymmetric key with asymmetric key */
- CSSM_KEY wrapPrivKey;
- CSSM_KEY wrapPubKey;
-
- if(!quiet) {
- printf(" ...Doing asymmetric wrap\n");
- }
- crtn = cspGenKeyPair(cspHand,
- CSSM_ALGID_RSA,
- WRAP_USAGE_NAME,
- WRAP_USAGE_NAME_LEN,
- CSP_RSA_KEY_SIZE_DEFAULT,
- &wrapPubKey,
- CSSM_TRUE, // both are ref
- WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_WRAP,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- &wrapPrivKey,
- CSSM_TRUE, // FIXME privIsRef
- WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_UNWRAP,
- CSSM_KEYBLOB_RAW_FORMAT_NONE,
- CSSM_FALSE); // genSeed
- if(crtn) {
- rtn = 1;
- goto testDone;
- }
- if(forcePkcs) {
- /* asymmetric wrapping key ==> PKCS8 */
- wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8;
- }
- else {
- wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE;
- }
- if(doTest(cspHand,
- origEncrKey,
- origDecrKey,
- &wrapPubKey,
- &wrapPrivKey,
- CSSM_ALGID_RSA, // wrapAlg
- CSSM_ALGMODE_NONE, // wrapMode
- wrapFormat,
- CSSM_PADDING_PKCS1, // wrapPad
- encrAlg,
- encrMode,
- encrPad,
- wrapOnly,
- maxPtextSize,
- quiet)) {
- rtn = 1;
- goto testDone;
- }
- cspFreeKey(cspHand, &wrapPubKey);
- cspFreeKey(cspHand, &wrapPrivKey);
- }
- //if(doNullWrap && (origDecrKey != origEncrKey)) {
- if(doNullWrap) {
- /* with X, we can do NULL wrap/unwrap of any key */
- if(!quiet) {
- printf(" ...Doing NULL wrap\n");
- }
- if(doTest(cspHand,
- origEncrKey,
- origDecrKey,
- NULL,
- NULL,
- CSSM_ALGID_NONE, // wrapAlg
- CSSM_ALGMODE_NONE, // wrapMode
- CSSM_KEYBLOB_WRAPPED_FORMAT_NONE,
- CSSM_PADDING_NONE, // wrapPad
- encrAlg,
- encrMode,
- encrPad,
- wrapOnly,
- maxPtextSize,
- quiet)) {
- rtn = 1;
- goto testDone;
- }
- }
-
- if(origSess != NULL) {
- cspFreeKey(cspHand, origSess);
- CSSM_FREE(origSess);
- }
- if(genRsaKey) {
- cspFreeKey(cspHand, &origPub);
- cspFreeKey(cspHand, &origPriv);
- }
- if(loops && (loop == loops)) {
- break;
- }
- }
-testDone:
- CSSM_ModuleDetach(cspHand);
- if((rtn == 0) && !quiet) {
- printf("%s test complete\n", argv[0]);
- }
- return rtn;
-}
projects / apple / security.git / blobdiff