]> git.saurik.com Git - apple/security.git/blobdiff - SecurityTests/cspxutils/rsatool/rsatool.c
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57740.51.3.tar.gz
[apple/security.git] / SecurityTests / cspxutils / rsatool / rsatool.c
diff --git a/SecurityTests/cspxutils/rsatool/rsatool.c b/SecurityTests/cspxutils/rsatool/rsatool.c
deleted file mode 100644 (file)
index 234662d..0000000
--- a/SecurityTests/cspxutils/rsatool/rsatool.c
+++ /dev/null
@@ -1,1182 +0,0 @@
-/*
- * rsatool.c - RSA/DSA/ECDSA key pair generator, en/decrypt, sign/verify with file I/O
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
-#include <Security/cssm.h>
-#include "cspwrap.h"
-#include "common.h"
-#include <security_cdsa_utils/cuFileIo.h>
-
-/* For 3141770 - defined true when PR-3074739 merged to TOT Security */
-#define OPENSSL_ENABLE         1
-
-#define USAGE_NAME                             "noUsage"
-#define USAGE_NAME_LEN                 (strlen(USAGE_NAME))
-#define DEFAULT_KEY_SIZE_BITS  512
-
-typedef struct {
-       CSSM_ALGORITHMS         alg;
-       uint32                          keySizeInBits;
-       CSSM_CSP_HANDLE         cspHand;
-       char                            *keyFileName;
-       char                            *outKeyFileName;        // for pub key convert 
-       char                            *plainFileName;
-       char                            *sigFileName;
-       char                            *cipherFileName;
-       char                            *dsaParamFileIn;
-       char                            *dsaParamFileOut;
-       CSSM_BOOL                       swapKeyClass;
-       CSSM_BOOL                       rawSign;
-       CSSM_BOOL                       noPad;
-       CSSM_BOOL                       quiet;
-       CSSM_KEYBLOB_FORMAT     pubKeyFormat;   // FORMAT_NONE ==> default
-       CSSM_KEYBLOB_FORMAT     privKeyFormat;  // FORMAT_NONE ==> default
-       CSSM_KEYBLOB_FORMAT     outPubKeyFormat;// FORMAT_NONE ==> default, for pub key convert
-       CSSM_ALGORITHMS         digestAlg;              // optional digest alg for raw sign/verify
-} opParams;
-
-static void usage(char **argv) 
-{
-       printf("usage: %s op [options]\n", argv[0]);
-       printf("  op:\n");
-       printf("     g  generate key pair\n");
-       printf("     e  encrypt\n");
-       printf("     d  decrypt\n");
-       printf("     s  sign\n");
-       printf("     v  verify\n");
-       printf("     S  SHA-1 digest\n");
-       printf("     M  MD5 digest\n");
-       printf("     C  convert public key format\n");
-       printf("  options:\n");
-       printf("     k=keyfileBase keys are keyFileBase_pub.der, "
-                                       "keyFileBase_priv.der)\n");
-       printf("     K=outputPublicKey\n");
-       printf("     p=plainFile\n");
-       printf("     c=cipherFile\n");
-       printf("     s=sigfile\n");
-       printf("     z=keySizeInBits (default %d)\n", DEFAULT_KEY_SIZE_BITS);
-       printf("     w (swap key class)\n");
-       printf("     r (raw sign/verify)\n");
-       printf("     P (no padding)\n");
-       printf("     d=digestAlg   digestAlg: s(SHA1) 5(MD5) for raw signing\n");
-       printf("     m=dsaParamFileIn\n");
-       printf("     M=dsaParamFileOut (must specify one of dsaParamFile{In,Out}\n");
-       printf("     b=[1xboOL] (pub  key in PKCS1/X509/BSAFE/OpenSSH1/OpenSSH2/OpenSSL form)\n");
-       printf("          RSA = {PKCS1,X509,OpenSSH1,OpenSSH2}     default = PKCS1\n");
-       printf("          DSA = {BSAFE,X509,OpenSSH2}              default = X509\n");
-       printf("          ECDSA = {X509, OpenSSL}                  default = X509\n");
-       printf("          Note: RSA and DSA public keys in OpenSSL form are X509.\n");
-       printf("     v=[18sbo] (priv key in PKCS1/PKCS8/OpenSSH/BSAFE/OpenSSL form)\n");
-       printf("          RSA = {PKCS1,PKCS8,OpenSSH1}             default = PKCS8\n");
-       printf("          DSA = {BSAFE,OpenSSL,PKCS8}              default = OpenSSL\n");
-       printf("          ECDSA = {PKCS8,OpenSSL}                  default = OpenSSL}\n");
-       printf("          Note: RSA private key in OpenSSL form is PKCS1.\n");
-       printf("     B=[1xboO] output public key format\n");
-       printf("     a=alg   d=DSA, r=RSA, e=ECDSA; default = RSA\n");
-       printf("     q(uiet)\n");
-       exit(1);
-}
-
-/* NULL wrap a key to specified format. */
-static CSSM_RETURN nullWrapKey(CSSM_CSP_HANDLE cspHand,
-       const CSSM_KEY                  *refKey,        
-       CSSM_KEYBLOB_FORMAT             blobFormat,
-       CSSM_KEY_PTR                    rawKey)                 // RETURNED
-{
-       CSSM_CC_HANDLE          ccHand;
-       CSSM_RETURN                     crtn;
-       CSSM_ACCESS_CREDENTIALS creds;
-       CSSM_DATA descData = {0, 0};
-       
-       memset(rawKey, 0, sizeof(CSSM_KEY));
-       memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-       crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
-                               CSSM_ALGID_NONE,
-                               CSSM_ALGMODE_NONE,
-                               &creds,                 // passPhrase
-                               NULL,                   // unwrappingKey
-                               NULL,                   // initVector
-                               CSSM_PADDING_NONE,
-                               0,                              // Params
-                               &ccHand);
-       if(crtn) {
-               printError("cspWrapKey/CreateContext", crtn);
-               return crtn;
-       }
-       if(blobFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) {
-               /* only add this attribute if it's not the default */
-               CSSM_ATTRIBUTE_TYPE attrType;
-       
-               switch(refKey->KeyHeader.KeyClass) {
-                       case CSSM_KEYCLASS_SESSION_KEY:
-                               attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT;
-                               break;
-                       case CSSM_KEYCLASS_PUBLIC_KEY:
-                               attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT;
-                               break;
-                       case CSSM_KEYCLASS_PRIVATE_KEY:
-                               attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT;
-                               break;
-                       default:
-                               printf("***Bogus KeyClass in nullWrapKey\n");
-                               return -1;
-               }
-               CSSM_CONTEXT_ATTRIBUTE attr;
-               attr.AttributeType = attrType;
-               attr.AttributeLength = sizeof(uint32);
-               attr.Attribute.Uint32 = blobFormat;
-               crtn = CSSM_UpdateContextAttributes(
-                       ccHand,
-                       1,
-                       &attr);
-               if(crtn) {
-                       printError("CSSM_UpdateContextAttributes", crtn);
-                       return crtn;
-               }
-       }
-       crtn = CSSM_WrapKey(ccHand,
-               &creds,
-               refKey,
-               &descData,      
-               rawKey);
-       if(crtn != CSSM_OK) {
-               printError("CSSM_WrapKey", crtn);
-       }
-       if(CSSM_DeleteContext(ccHand)) {
-               printf("CSSM_DeleteContext failure\n");
-       }
-       return crtn;
-}
-
-/* 
- * Sign/verify optional "no padding" context attr 
- */
-static CSSM_RETURN sigSign(CSSM_CSP_HANDLE cspHand,
-       uint32 algorithm,                                       // CSSM_ALGID_FEE_MD5, etc.
-       CSSM_KEY_PTR key,                                       // private key
-       const CSSM_DATA *text,
-       CSSM_DATA_PTR sig,
-       uint32 digestAlg,                                       // optional for raw signing
-       CSSM_BOOL noPad)                                        // true --> add PADDING_NONE to context
-{
-       CSSM_CC_HANDLE  sigHand;
-       CSSM_RETURN             crtn;
-       
-       crtn = CSSM_CSP_CreateSignatureContext(cspHand,
-               algorithm,
-               NULL,                           // passPhrase
-               key,
-               &sigHand);
-       if(crtn) {
-               printError("CSSM_CSP_CreateSignatureContext", crtn);
-               return crtn;
-       }
-       if(noPad) {
-               crtn = AddContextAttribute(sigHand,
-                       CSSM_ATTRIBUTE_PADDING,
-                       sizeof(uint32),
-                       CAT_Uint32,
-                       NULL,
-                       CSSM_PADDING_NONE);
-               if(crtn) {
-                       return crtn;
-               }
-       }
-       crtn = CSSM_SignData(sigHand,
-               text,
-               1,
-               digestAlg,
-               sig);
-       if(crtn) {
-               printError("CSSM_SignData", crtn);
-       }
-       CSSM_DeleteContext(sigHand);
-       return crtn;
-}
-
-static CSSM_RETURN sigVerify(CSSM_CSP_HANDLE cspHand,
-       uint32 algorithm,                                       // CSSM_ALGID_FEE_MD5, etc.
-       CSSM_KEY_PTR key,                                       // public key
-       const CSSM_DATA *text,
-       const CSSM_DATA *sig,
-       uint32 digestAlg,                                       // optional for raw signing
-       CSSM_BOOL noPad)                                        // true --> add PADDING_NONE to context
-{
-       CSSM_CC_HANDLE  sigHand;
-       CSSM_RETURN             crtn;
-       
-       crtn = CSSM_CSP_CreateSignatureContext(cspHand,
-               algorithm,
-               NULL,                           // passPhrase
-               key,
-               &sigHand);
-       if(crtn) {
-               printError("CSSM_CSP_CreateSignatureContext", crtn);
-               return crtn;
-       }
-       if(noPad) {
-               crtn = AddContextAttribute(sigHand,
-                       CSSM_ATTRIBUTE_PADDING,
-                       sizeof(uint32),
-                       CAT_Uint32,
-                       NULL,
-                       CSSM_PADDING_NONE);
-               if(crtn) {
-                       return crtn;
-               }
-       }
-       crtn = CSSM_VerifyData(sigHand,
-               text,
-               1,
-               digestAlg,
-               sig);
-       if(crtn) {
-               printError("CSSM_VerifyData", crtn);
-       }
-       CSSM_DeleteContext(sigHand);
-       return crtn;
-}
-
-/*
- * Generate DSA key pair. Algorithm parameters are
- * either specified by caller via inParams, or are generated here
- * and returned to caller in outParams. Exactly one of (inParams,
- * outParams) must be non-NULL.
- */
-static CSSM_RETURN genDsaKeyPair(
-       CSSM_CSP_HANDLE cspHand,
-       const char *keyLabel,
-       unsigned keyLabelLen,
-       uint32 keySize,                                 // in bits
-       CSSM_KEY_PTR pubKey,                    // mallocd by caller
-       CSSM_BOOL pubIsRef,                             // true - reference key, false - data
-       uint32 pubKeyUsage,                             // CSSM_KEYUSE_ENCRYPT, etc.
-       CSSM_KEYBLOB_FORMAT pubFormat,  // Optional. Some algorithms (currently, FEE)
-                                                                       //   provide for multiple key blob formats.
-                                                                       //   Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE
-                                                                       //   to get the default format. 
-       CSSM_KEY_PTR privKey,                   // mallocd by caller
-       CSSM_BOOL privIsRef,                    // true - reference key, false - data
-       uint32 privKeyUsage,                    // CSSM_KEYUSE_DECRYPT, etc.
-       CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default
-       const CSSM_DATA *inParams,              // optional 
-       CSSM_DATA_PTR   outParams)              // optional, we malloc
-{
-       CSSM_RETURN                             crtn;
-       CSSM_CC_HANDLE                  ccHand;
-       CSSM_DATA                               keyLabelData;
-       uint32                                  pubAttr;
-       uint32                                  privAttr;
-       CSSM_RETURN                     ocrtn = CSSM_OK;
-       
-       /* Caller must specify either inParams or outParams, not both */
-       if(inParams && outParams) {
-               return CSSMERR_CSSM_INVALID_POINTER;
-       }
-       if(!inParams && !outParams) {
-               return CSSMERR_CSSM_INVALID_POINTER;
-       }
-
-       keyLabelData.Data        = (uint8 *)keyLabel,
-       keyLabelData.Length      = keyLabelLen;
-       memset(pubKey, 0, sizeof(CSSM_KEY));
-       memset(privKey, 0, sizeof(CSSM_KEY));
-       
-       crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
-               CSSM_ALGID_DSA,
-               keySize,
-               NULL,                                   // Seed
-               NULL,                                   // Salt
-               NULL,                                   // StartDate
-               NULL,                                   // EndDate
-               inParams,                               // Params, may be NULL
-               &ccHand);
-       if(crtn) {
-               printError("CSSM_CSP_CreateKeyGenContext", crtn);
-               return crtn;
-       }
-       /* cook up attribute bits */
-       if(pubIsRef) {
-               pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
-       }
-       else {
-               pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
-       }
-       if(privIsRef) {
-               privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
-       }
-       else {
-               privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
-       }
-
-       if(outParams) {
-               /* explicitly generate params and return them to caller */
-               outParams->Data = NULL;
-               outParams->Length = 0;
-               crtn = CSSM_GenerateAlgorithmParams(ccHand, 
-                       keySize, outParams);
-               if(crtn) {
-                       printError("CSSM_GenerateAlgorithmParams", crtn);
-                       CSSM_DeleteContext(ccHand);
-                       return crtn;
-               }
-       }
-       
-       /* optional format specifiers */
-       if(pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) {
-               crtn = AddContextAttribute(ccHand,
-                       CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT,
-                       sizeof(uint32),         
-                       CAT_Uint32,
-                       NULL,
-                       pubFormat);
-               if(crtn) {
-                       printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn);
-                       return crtn;
-               }
-       }
-       if(privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) {
-               crtn = AddContextAttribute(ccHand,
-                       CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT,
-                       sizeof(uint32),
-                       CAT_Uint32,
-                       NULL,
-                       privFormat);
-               if(crtn) {
-                       printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn);
-                       return crtn;
-               }
-       }
-       crtn = CSSM_GenerateKeyPair(ccHand,
-               pubKeyUsage,
-               pubAttr,
-               &keyLabelData,
-               pubKey,
-               privKeyUsage,
-               privAttr,
-               &keyLabelData,                  // same labels
-               NULL,                                   // CredAndAclEntry
-               privKey);
-       if(crtn) {
-               printError("CSSM_GenerateKeyPair", crtn);
-               ocrtn = crtn;
-       }
-       if(ccHand != 0) {
-               crtn = CSSM_DeleteContext(ccHand);
-               if(crtn) {
-                       printError("CSSM_DeleteContext", crtn);
-                       ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
-               }
-       }
-       return ocrtn;
-}
-
-/*
- * Given keyFileBase, obtain name of public or private name. Output names
- * mallocd by caller.
- */
-#define KEY_FILE_NAME_MAX_LEN  256
-
-static void rtKeyFileName(
-       const char      *keyFileBase,
-       CSSM_BOOL       isPub,
-       char            *outFileName)
-{
-       if(isPub) {
-               sprintf(outFileName, "%s_pub.der", keyFileBase);
-       }
-       else {
-               sprintf(outFileName, "%s_priv.der", keyFileBase);
-       }
-}
-
-/*
- * Given keyFileBase and key type, init a CSSM_KEY.
- */
-static int rt_readKey(
-       CSSM_CSP_HANDLE         cspHand,
-       const char                      *keyFileBase,
-       CSSM_BOOL                       isPub,
-       CSSM_ALGORITHMS         alg,
-       CSSM_KEYBLOB_FORMAT     format, // FORMAT_NONE ==> default
-       CSSM_KEY_PTR            key)
-{
-       char                            fileName[KEY_FILE_NAME_MAX_LEN];
-       int                             irtn;
-       CSSM_DATA_PTR           keyData = &key->KeyData;
-       CSSM_KEYHEADER_PTR      hdr = &key->KeyHeader;
-       CSSM_RETURN                     crtn;
-       CSSM_KEY_SIZE           keySize;
-       unsigned                        len;
-       
-       memset(key, 0, sizeof(CSSM_KEY));
-       rtKeyFileName(keyFileBase, isPub, fileName);
-       irtn = readFile(fileName, &keyData->Data, &len);
-       if(irtn) {
-               printf("***error %d reading key file %s\n", irtn, fileName);
-               return irtn;
-       }
-       keyData->Length = len;
-       hdr->HeaderVersion = CSSM_KEYHEADER_VERSION;
-       hdr->BlobType = CSSM_KEYBLOB_RAW;
-       hdr->Format = format;
-       hdr->AlgorithmId = alg;
-       hdr->KeyClass = isPub ? CSSM_KEYCLASS_PUBLIC_KEY : 
-               CSSM_KEYCLASS_PRIVATE_KEY;
-       hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
-       hdr->KeyUsage = CSSM_KEYUSE_ANY;
-       
-       /* ask the CSP for key size */
-       crtn = CSSM_QueryKeySizeInBits(cspHand, 0, key, &keySize);
-       if(crtn) {
-               printError("CSSM_QueryKeySizeInBits", crtn);
-               return 1;
-       }
-       hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
-       return 0;
-}
-
-static int rt_generate(opParams *op)
-{
-       CSSM_RETURN     crtn;
-       CSSM_KEY                pubKey;
-       CSSM_KEY                privKey;
-       char                    fileName[KEY_FILE_NAME_MAX_LEN];
-       int                             irtn;
-       CSSM_DATA               paramIn = {0, NULL};
-       CSSM_DATA               paramOut = {0, NULL};
-       CSSM_DATA_PTR   paramInPtr = NULL;
-       CSSM_DATA_PTR   paramOutPtr = NULL;
-       
-       if(op->keyFileName == NULL) {
-               printf("***Need a keyFileName to generate key pair.\n");
-               return 1;
-       }
-       memset(&pubKey, 0, sizeof(CSSM_KEY));
-       memset(&privKey, 0, sizeof(CSSM_KEY));
-       
-       if(op->alg == CSSM_ALGID_DSA) {
-               /* must specify either inParams or outParams, not both */
-               if(op->dsaParamFileIn && op->dsaParamFileOut) {
-                       printf("***DSA key generation requires one parameter file spec.\n");
-                       return 1;
-               }
-               if(!op->dsaParamFileIn && !op->dsaParamFileOut) {
-                       printf("***DSA key generation requires one parameter file spec.\n");
-                       return 1;
-               }
-               if(op->dsaParamFileIn) {
-                       /* caller-specified params */
-                       unsigned len;
-                       irtn = readFile(op->dsaParamFileIn, &paramIn.Data, &len);
-                       if(irtn) {
-                               printf("***Error reading DSA params from %s. Aborting.\n",
-                                       op->dsaParamFileIn);
-                       }
-                       paramIn.Length = len;
-                       paramInPtr = &paramIn;
-               }
-               else {
-                       /* generate params --> paramOut */
-                       paramOutPtr = &paramOut;
-               }
-               crtn = genDsaKeyPair(op->cspHand,
-                       USAGE_NAME,
-                       USAGE_NAME_LEN,
-                       op->keySizeInBits,
-                       &pubKey,
-                       CSSM_FALSE,                                             // not ref
-                       CSSM_KEYUSE_VERIFY,                             // not really important
-                       op->pubKeyFormat,
-                       &privKey,
-                       CSSM_FALSE,                                             // not ref
-                       CSSM_KEYUSE_SIGN,
-                       op->privKeyFormat,
-                       paramInPtr,
-                       paramOutPtr);
-               if(crtn) {
-                       return 1;
-               }
-               if(paramOutPtr) {
-                       irtn = writeFile(op->dsaParamFileOut, paramOut.Data, paramOut.Length);
-                       if(irtn) {
-                               printf("***Error writing DSA params to %s. Aborting.\n",
-                                       op->dsaParamFileOut);
-                               return 1;
-                       }
-                       if(!op->quiet) {
-                               printf("...wrote %lu bytes to %s\n", paramOut.Length, 
-                               op->dsaParamFileOut);
-                       }
-                       CSSM_FREE(paramOut.Data);
-               }
-               else {
-                       /* mallocd by readFile() */
-                       free(paramIn.Data);
-               }
-       }
-       else {
-               /* RSA, ECDSA */
-               crtn = cspGenKeyPair(op->cspHand,
-                       op->alg,
-                       USAGE_NAME,
-                       USAGE_NAME_LEN,
-                       op->keySizeInBits,
-                       &pubKey,
-                       CSSM_FALSE,                                             // not ref
-                       CSSM_KEYUSE_VERIFY,                             // not really important
-                       op->pubKeyFormat,
-                       &privKey,
-                       CSSM_FALSE,                                             // not ref
-                       CSSM_KEYUSE_SIGN,
-                       op->privKeyFormat,
-                       CSSM_FALSE);                                    // genSeed, not used here
-               if(crtn) {
-                       return 1;
-               }
-       }
-       
-       /* write the blobs */
-       rtKeyFileName(op->keyFileName, CSSM_TRUE, fileName);
-       irtn = writeFile(fileName, pubKey.KeyData.Data, pubKey.KeyData.Length);
-       if(irtn) {
-               printf("***Error %d writing to %s\n", irtn, fileName);
-               return irtn;
-       }
-       if(!op->quiet) {
-               printf("...wrote %lu bytes to %s\n", pubKey.KeyData.Length, fileName);
-       }
-       rtKeyFileName(op->keyFileName, CSSM_FALSE, fileName);
-       irtn = writeFile(fileName, privKey.KeyData.Data, privKey.KeyData.Length);
-       if(irtn) {
-               printf("***Error %d writing to %s\n", irtn, fileName);
-               return irtn;
-       }
-       if(!op->quiet) {
-               printf("...wrote %lu bytes to %s\n", privKey.KeyData.Length, fileName);
-       }
-       cspFreeKey(op->cspHand, &pubKey);
-       cspFreeKey(op->cspHand, &privKey);
-       return 0;
-}
-
-/* encrypt using public key */
-static int rt_encrypt(opParams *op)
-{
-       CSSM_KEY        pubKey;
-       int             irtn;
-       CSSM_DATA       ptext;
-       CSSM_DATA       ctext;
-       CSSM_RETURN     crtn;
-       CSSM_BOOL       isPub;
-       CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE;
-       CSSM_KEYBLOB_FORMAT format = op->pubKeyFormat;
-    unsigned   len;
-       
-       if(op->keyFileName == NULL) {
-               printf("***Need a keyFileName to encrypt.\n");
-               return 1;
-       }
-       if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) {
-               printf("***Need plainFileName and cipherFileName to encrypt.\n");
-               return 1;
-       }
-       if(op->swapKeyClass) {
-               isPub = CSSM_FALSE;
-               mode = CSSM_ALGMODE_PRIVATE_KEY;
-        format = op->privKeyFormat;
-       }
-       else {
-               isPub = CSSM_TRUE;
-       }
-       irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg, 
-               format, &pubKey);
-       if(irtn) {
-               return irtn;
-       }
-       irtn = readFile(op->plainFileName, &ptext.Data, &len);
-       if(irtn) {
-               printf("***Error reading %s\n", op->plainFileName);
-               return irtn;
-       }
-       ptext.Length = len;
-       ctext.Data = NULL;
-       ctext.Length = 0;
-       
-       crtn = cspEncrypt(op->cspHand,
-               op->alg,
-               mode,
-               op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1,
-               &pubKey,
-               NULL,
-               0,                      // effectiveKeySize
-               0,                      // rounds
-               NULL,           // initVector
-               &ptext,
-               &ctext,
-               CSSM_FALSE);    // mallocCtext
-       if(crtn) {
-               printError("cspEncrypt", crtn);
-               return 1;
-       }
-       irtn = writeFile(op->cipherFileName, ctext.Data, ctext.Length);
-       if(irtn) {
-               printf("***Error writing %s\n", op->cipherFileName);
-       }
-       else {
-               if(!op->quiet) {
-                       printf("...wrote %lu bytes to %s\n", ctext.Length, op->cipherFileName);
-               }
-       }
-
-       free(pubKey.KeyData.Data);                              // allocd by rt_readKey --> readFile
-       free(ptext.Data);                                               // allocd by readFile
-       appFreeCssmData(&ctext, CSSM_FALSE);    // by CSP
-       return irtn;
-}
-
-/* decrypt using private key */
-static int rt_decrypt(opParams *op)
-{
-       CSSM_KEY        privKey;
-       int             irtn;
-       CSSM_DATA       ptext;
-       CSSM_DATA       ctext;
-       CSSM_RETURN     crtn;
-       CSSM_BOOL       isPub;
-       CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE;
-       CSSM_KEYBLOB_FORMAT format = op->privKeyFormat;
-       unsigned        len;
-       
-       if(op->keyFileName == NULL) {
-               printf("***Need a keyFileName to decrypt.\n");
-               return 1;
-       }
-       if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) {
-               printf("***Need plainFileName and cipherFileName to decrypt.\n");
-               return 1;
-       }
-       if(op->swapKeyClass) {
-               isPub = CSSM_TRUE;
-               mode = CSSM_ALGMODE_PUBLIC_KEY;
-        format = op->pubKeyFormat;
-       }
-       else {
-               isPub = CSSM_FALSE;
-       }
-       irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg, 
-               format, &privKey);
-       if(irtn) {
-               return irtn;
-       }
-       irtn = readFile(op->cipherFileName, &ctext.Data, &len);
-       if(irtn) {
-               printf("***Error reading %s\n", op->cipherFileName);
-               return irtn;
-       }
-       ctext.Length = len;
-       ptext.Data = NULL;
-       ptext.Length = 0;
-       
-       crtn = cspDecrypt(op->cspHand,
-               op->alg,
-               mode,
-               op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1,
-               &privKey,
-               NULL,
-               0,                      // effectiveKeySize
-               0,                      // rounds
-               NULL,           // initVector
-               &ctext,
-               &ptext,
-               CSSM_FALSE);    // mallocCtext
-       if(crtn) {
-               return 1;
-       }
-       irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length);
-       if(irtn) {
-               printf("***Error writing %s\n", op->cipherFileName);
-       }
-       else {
-               if(!op->quiet) {
-                       printf("...wrote %lu bytes to %s\n", ptext.Length, op->plainFileName);
-               }
-       }
-       free(privKey.KeyData.Data);                             // allocd by rt_readKey --> readFile
-       free(ctext.Data);                                               // allocd by readFile
-       appFreeCssmData(&ptext, CSSM_FALSE);    // by CSP
-       return irtn;
-}
-
-static int rt_sign(opParams *op)
-{
-       CSSM_KEY        privKey;
-       int             irtn;
-       CSSM_DATA       ptext;
-       CSSM_DATA       sig;
-       CSSM_RETURN     crtn;
-       CSSM_ALGORITHMS alg;
-       unsigned len;
-       
-       if(op->keyFileName == NULL) {
-               printf("***Need a keyFileName to sign.\n");
-               return 1;
-       }
-       if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
-               printf("***Need plainFileName and sigFileName to sign.\n");
-               return 1;
-       }
-       irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_FALSE, op->alg, 
-               op->privKeyFormat, &privKey);
-       if(irtn) {
-               return irtn;
-       }
-       irtn = readFile(op->plainFileName, &ptext.Data, &len);
-       if(irtn) {
-               printf("***Error reading %s\n", op->plainFileName);
-               return irtn;
-       }
-       ptext.Length = len;
-       sig.Data = NULL;
-       sig.Length = 0;
-       switch(op->alg) {
-               case CSSM_ALGID_RSA:
-                       if(op->rawSign) {
-                               alg = CSSM_ALGID_RSA;
-                       }
-                       else {
-                               alg = CSSM_ALGID_SHA1WithRSA;
-                       }
-                       break;
-               case CSSM_ALGID_DSA:
-                       alg = CSSM_ALGID_SHA1WithDSA;
-                       break;
-               case CSSM_ALGID_ECDSA:
-                       if(op->rawSign) {
-                               alg = CSSM_ALGID_ECDSA;
-                       }
-                       else {
-                               alg = CSSM_ALGID_SHA1WithECDSA;
-                       }
-                       break;
-               default:
-                       printf("Hey! Try another alg!\n");
-                       exit(1);
-       }
-       crtn = sigSign(op->cspHand,
-               alg,
-               &privKey,
-               &ptext,
-               &sig,
-               op->digestAlg,
-               op->noPad);
-       if(crtn) {
-               printError("cspSign", crtn);
-               return 1;
-       }
-       irtn = writeFile(op->sigFileName, sig.Data, sig.Length);
-       if(irtn) {
-               printf("***Error writing %s\n", op->sigFileName);
-       }
-       else if(!op->quiet) {
-               printf("...wrote %lu bytes to %s\n", sig.Length, op->sigFileName);
-       }
-       free(privKey.KeyData.Data);                             // allocd by rt_readKey --> readFile
-       free(ptext.Data);                                               // allocd by readFile
-       appFreeCssmData(&sig, CSSM_FALSE);              // by CSP
-       return irtn;
-}
-
-static int rt_verify(opParams *op)
-{
-       CSSM_KEY        pubKey;
-       int             irtn;
-       CSSM_DATA       ptext;
-       CSSM_DATA       sig;
-       CSSM_RETURN     crtn;
-       CSSM_ALGORITHMS alg;
-       unsigned        len;
-       
-       if(op->keyFileName == NULL) {
-               printf("***Need a keyFileName to verify.\n");
-               return 1;
-       }
-       if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
-               printf("***Need plainFileName and sigFileName to verify.\n");
-               return 1;
-       }
-       irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, 
-               op->pubKeyFormat, &pubKey);
-       if(irtn) {
-               return irtn;
-       }
-       irtn = readFile(op->plainFileName, &ptext.Data, &len);
-       if(irtn) {
-               printf("***Error reading %s\n", op->plainFileName);
-               return irtn;
-       }
-       ptext.Length = len;
-       irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length);
-       if(irtn) {
-               printf("***Error reading %s\n", op->sigFileName);
-               return irtn;
-       }
-       switch(op->alg) {
-               case CSSM_ALGID_RSA:
-                       if(op->rawSign) {
-                               alg = CSSM_ALGID_RSA;
-                       }
-                       else {
-                               alg = CSSM_ALGID_SHA1WithRSA;
-                       }
-                       break;
-               case CSSM_ALGID_DSA:
-                       alg = CSSM_ALGID_SHA1WithDSA;
-                       break;
-               case CSSM_ALGID_ECDSA:
-                       if(op->rawSign) {
-                               alg = CSSM_ALGID_ECDSA;
-                       }
-                       else {
-                               alg = CSSM_ALGID_SHA1WithECDSA;
-                       }
-                       break;
-               default:
-                       printf("Hey! Try another alg!\n");
-                       exit(1);
-       }
-       crtn = sigVerify(op->cspHand,
-               alg,
-               &pubKey,
-               &ptext,
-               &sig,
-               op->digestAlg,
-               op->noPad);
-       if(crtn) {
-               printError("sigVerify", crtn);
-               irtn = 1;
-       }
-       else if(!op->quiet){
-               printf("...signature verifies OK\n");
-               irtn = 0;
-       }
-       free(pubKey.KeyData.Data);                              // allocd by rt_readKey --> readFile
-       free(ptext.Data);                                               // allocd by readFile
-       free(sig.Data);                                                 // ditto
-       return irtn;
-}
-
-static int rt_digest(opParams *op)
-{
-       int             irtn;
-       CSSM_DATA       ptext;
-       CSSM_DATA       digest = {0, NULL};
-       CSSM_RETURN     crtn;
-       unsigned        len;
-       
-       if((op->plainFileName == NULL) || (op->sigFileName == NULL)) {
-               printf("***Need plainFileName and sigFileName to digest.\n");
-               return 1;
-       }
-       irtn = readFile(op->plainFileName, &ptext.Data, &len);
-       if(irtn) {
-               printf("***Error reading %s\n", op->plainFileName);
-               return irtn;
-       }
-       ptext.Length = len;
-       crtn = cspDigest(op->cspHand,
-               op->alg,
-               CSSM_FALSE,             // mallocDigest - let CSP do it
-               &ptext,
-               &digest);
-       if(crtn) {
-               printError("cspDigest", crtn);
-               return 1;
-       }
-       irtn = writeFile(op->sigFileName, digest.Data, digest.Length);
-       if(irtn) {
-               printf("***Error writing %s\n", op->sigFileName);
-       }
-       else if(!op->quiet){
-               printf("...wrote %lu bytes to %s\n", digest.Length, op->sigFileName);
-       }
-       free(ptext.Data);                                               // allocd by readFile
-       appFreeCssmData(&digest, CSSM_FALSE);   // by CSP
-       return irtn;
-}
-
-static int rt_convertPubKey(opParams *op)
-{
-       CSSM_RETURN crtn;
-       int irtn;
-       CSSM_KEY pubKeyIn;
-       CSSM_KEY pubKeyOut;
-       CSSM_KEY refKey;
-       char fileName[KEY_FILE_NAME_MAX_LEN];
-
-       if((op->keyFileName == NULL) || (op->outKeyFileName == NULL)) {
-               printf("***I need input and output key file names for public key concersion.\n");
-               return 1;
-       }
-       irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, 
-               op->pubKeyFormat, &pubKeyIn);
-       if(irtn) {
-               return irtn;
-       }
-       crtn = cspRawKeyToRef(op->cspHand, &pubKeyIn, &refKey);
-       if(crtn) {
-               printf("***Error on NULL unwrap of %s\n", op->keyFileName);
-               return -1;
-       }
-       crtn = nullWrapKey(op->cspHand, &refKey, op->outPubKeyFormat, &pubKeyOut);
-       if(crtn) {
-               printf("***Error on NULL wrap\n");
-               return 1;
-       }
-               
-       /* write the blobs */
-       rtKeyFileName(op->outKeyFileName, CSSM_TRUE, fileName);
-       irtn = writeFile(fileName, pubKeyOut.KeyData.Data, pubKeyOut.KeyData.Length);
-       if(irtn) {
-               printf("***Error %d writing to %s\n", irtn, fileName);
-               return irtn;
-       }
-       if(!op->quiet) {
-               printf("...wrote %lu bytes to %s\n", pubKeyOut.KeyData.Length, fileName);
-       }
-       cspFreeKey(op->cspHand, &pubKeyOut);
-       free(pubKeyIn.KeyData.Data);
-       cspFreeKey(op->cspHand, &refKey);
-       return 0;
-}
-
-/* parse public key format character */
-static CSSM_KEYBLOB_FORMAT parsePubKeyFormat(char c, char **argv)
-{
-       switch(c) {
-               case '1':
-                       return CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
-               case 'x':
-                       return CSSM_KEYBLOB_RAW_FORMAT_X509;
-               case 'b':
-                       return CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
-               case 'o':
-                       return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH;
-               case 'O':
-                       return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2;
-               case 'L':
-                       /* This is the "parse a private+public key as public only" option */
-                       return CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
-               default:
-                       usage(argv);
-       }
-       /* not reached */
-       return -1;
-}
-
-int main(int argc, char **argv)
-{
-       int                                     arg;
-       char                            *argp;
-       int                                     rtn;
-       opParams                        op;
-       
-       if(argc < 2) {
-               usage(argv);
-       }
-       memset(&op, 0, sizeof(opParams));
-       op.keySizeInBits = DEFAULT_KEY_SIZE_BITS;
-       op.alg = CSSM_ALGID_RSA;
-       op.swapKeyClass = CSSM_FALSE;
-       op.rawSign = CSSM_FALSE;
-       op.noPad = CSSM_FALSE;
-       
-       for(arg=2; arg<argc; arg++) {
-               argp = argv[arg];
-               switch(argp[0]) {
-                       case 'a':
-                               if(argp[1] != '=') {
-                                       usage(argv);
-                               }
-                               switch(argp[2]) {
-                                       case 'r':
-                                               op.alg = CSSM_ALGID_RSA;
-                                               break;
-                                       case 'd':
-                                               op.alg = CSSM_ALGID_DSA;
-                                               break;
-                                       case 'e':
-                                               op.alg = CSSM_ALGID_ECDSA;
-                                               break;
-                                       default:
-                                               usage(argv);
-                               }
-                               break;
-                       case 'z':
-                               op.keySizeInBits = atoi(&argp[2]);
-                               break;
-                       case 'k':
-                               op.keyFileName = &argp[2];
-                               break;
-                       case 'K':
-                               op.outKeyFileName = &argp[2];
-                               break;
-                       case 'p':
-                               op.plainFileName = &argp[2];
-                               break;
-                       case 'c':
-                               op.cipherFileName = &argp[2];
-                               break;
-                       case 's':
-                               op.sigFileName = &argp[2];
-                               break;
-                       case 'w':
-                               op.swapKeyClass = CSSM_TRUE;
-                               break;
-                       case 'r':
-                               op.rawSign = CSSM_TRUE;
-                               break;
-                       case 'P':
-                               op.noPad = CSSM_TRUE;
-                               break;
-                       case 'm':
-                               op.dsaParamFileIn = &argp[2];
-                               break;
-                       case 'M':
-                               op.dsaParamFileOut = &argp[2];
-                               break;
-                       case 'q':
-                               op.quiet = CSSM_TRUE;
-                               break;
-                       case 'b':
-                               if(argp[1] != '=') {
-                                       usage(argv);
-                               }
-                               op.pubKeyFormat = parsePubKeyFormat(argp[2], argv);
-                               break;
-                       case 'B':
-                               if(argp[1] != '=') {
-                                       usage(argv);
-                               }
-                               op.outPubKeyFormat = parsePubKeyFormat(argp[2], argv);
-                               break;
-                       case 'v':
-                               if(argp[1] != '=') {
-                                       usage(argv);
-                               }
-                               switch(argp[2]) {
-                                       case '1':
-                                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
-                                               break;
-                                       case '8':
-                                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
-                                               break;
-                                       case 's':
-                                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_OPENSSH;
-                                               break;
-                                       case 'b':
-                                               op.pubKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
-                                               break;
-                                       #if OPENSSL_ENABLE
-                                       case 'o':
-                                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
-                                               break;
-                                       #endif
-                                       default:
-                                               usage(argv);
-                               }
-                               break;
-                       case 'd':
-                               if(argp[1] != '=') {
-                                       usage(argv);
-                               }
-                               switch(argp[2]) {
-                                       case 's':
-                                               op.digestAlg = CSSM_ALGID_SHA1;
-                                               break;
-                                       case '5':
-                                               op.digestAlg = CSSM_ALGID_MD5;
-                                               break;
-                                       default:
-                                               usage(argv);
-                               }
-                               break;
-                       case 'h':
-                       default:
-                               usage(argv);
-               }
-       }
-       op.cspHand = cspDlDbStartup(CSSM_TRUE, NULL);
-       if(op.cspHand == 0) {
-               exit(1);
-       }
-       
-       /* specify blob formats if user didn't */
-       if(op.pubKeyFormat == CSSM_KEYBLOB_RAW_FORMAT_NONE) {
-               switch(op.alg) {
-                       case CSSM_ALGID_RSA:
-                               op.pubKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
-                               break;
-                       case CSSM_ALGID_DSA:
-                       case CSSM_ALGID_ECDSA:
-                               op.pubKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_X509;
-                               break;
-                       default:
-                               printf("BRRZAP!\n");
-                               exit(1);
-               }
-       }
-       if(op.privKeyFormat == CSSM_KEYBLOB_RAW_FORMAT_NONE) {
-               switch(op.alg) {
-                       case CSSM_ALGID_RSA:
-                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
-                               break;
-                       case CSSM_ALGID_DSA:
-                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
-                               break;
-                       case CSSM_ALGID_ECDSA:
-                               op.privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
-                               break;
-                       default:
-                               printf("BRRZAP!\n");
-                               exit(1);
-               }
-       }
-       switch(argv[1][0]) {
-               case 'g':
-                       rtn = rt_generate(&op);
-                       break;
-               case 'e':
-                       rtn = rt_encrypt(&op);
-                       break;
-               case 'd':
-                       rtn = rt_decrypt(&op);
-                       break;
-               case 's':
-                       rtn = rt_sign(&op);
-                       break;
-               case 'v':
-                       rtn = rt_verify(&op);
-                       break;
-               case 'S':
-                       op.alg = CSSM_ALGID_SHA1;
-                       rtn = rt_digest(&op);
-                       break;
-               case 'M':
-                       op.alg = CSSM_ALGID_MD5;
-                       rtn = rt_digest(&op);
-                       break;
-               case 'C':
-                       rtn = rt_convertPubKey(&op);
-                       break;
-               default:
-                       usage(argv);
-                       exit(1);                // fool the compiler
-       }
-       CSSM_ModuleDetach(op.cspHand);
-       return rtn;
-}
mirror of Security