X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp?ds=sidebyside

diff --git a/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp b/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp
deleted file mode 100644
index 1434162d..00000000
--- a/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp
+++ /dev/null
@@ -1,724 +0,0 @@
-/*
- * dsaPartial.cpp - test for partial DSA public handling
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <time.h>
-#include <Security/cssm.h>
-#include <Security/cssmapple.h>
-#include <string.h>
-#include "cspwrap.h"
-#include "common.h"
-#include <security_cdsa_utils/cuFileIo.h>
-#include "nssAppUtils.h"
-
-/*
- * generate key pairs with one set of parameters, dsa1Priv and dsa1Pub;
- * genenate another pair with a different set of params, dsa2Priv and 
- *		dsa2Pub;
- * manually cook up dsa1PubPartial from dsa1Pub;
- * manually cook up dsa2PubPartial from dsa2Pub;
- *
- * with all legal and/or specified combos of {ref,raw} keys {
- * 		sign with dsa1Priv;
- * 		vfy with dsa1Pub;
- * 		vfy with dsa1PubPartial: CSSMERR_CSP_APPLE_DSA_PUBLIC_KEY_INCOMPLETE
- * 		vfy with dsa1PubPartial and dsa1Pub (attrs)
- * 		vfy with dsa2PubPartial and dsa1Pub (attrs) --> vfy fail
- * 		vfy with dsa1PubPartial and dsa2Pub (attrs) --> vfy fail
- *		merge dsa1PubPartial + dsa1Pub --> merged;
- *		vfy with merged, should be good
- *		merge dsa1PubPartial + dsa2Pub -->merged;
- *		vfy with merged; vfy fail;
- * }
- */
- 
-/*
- * Static parameter files. 
- *
- * Regenerate these every once in a while with rsatool:
- *
- * # rsatool g a=d k=/tmp/foo M=dsaParam512_1.der
- */
-#define PARAMS_512_1	"dsaParam512_1.der"
-#define PARAMS_512_2	"dsaParam512_2.der"
-
-#define MAX_PTEXT_SIZE	512
-#define KEY_ALG			CSSM_ALGID_DSA
-#define SIG_ALG			CSSM_ALGID_SHA1WithDSA
-#define LOOPS_DEF		32
-#define KEY_SIZE_DEF	512
-
-static void usage(char **argv)
-{
-	printf("Usage: %s [options]\n", argv[0]);
-	printf("Options:\n");
-	printf("  l=loops\n");
-	printf("  p(ause on loop)\n");
-	printf("  q(uiet)\n");
-	printf("  v(erbose)\n");
-	printf("  D (CSPDL)\n");
-	printf("  r (all keys are raw)\n");
-	printf("  f (all keys are ref)\n");
-	exit(1);
-}
-
-/*
- * Generate DSA key pair with required alg parameters.
- */
-static CSSM_RETURN genDsaKeyPair(
-	CSSM_CSP_HANDLE cspHand,
-	uint32 keySize,					// in bits
-	CSSM_KEY_PTR pubKey,			// mallocd by caller
-	CSSM_BOOL pubIsRef,				// true - reference key, false - data
-	CSSM_KEY_PTR privKey,			// mallocd by caller
-	CSSM_BOOL privIsRef,			// true - reference key, false - data
-	const CSSM_DATA	*params)	
-{
-	CSSM_RETURN				crtn;
-	CSSM_CC_HANDLE 			ccHand;
-	CSSM_DATA				keyLabelData;
-	uint32					pubAttr;
-	uint32					privAttr;
-	
-	if(params == NULL) {
-		return CSSMERR_CSSM_INVALID_POINTER;
-	}
-
-	keyLabelData.Data   = (uint8 *)"foobar",
-	keyLabelData.Length = 6;
-	memset(pubKey, 0, sizeof(CSSM_KEY));
-	memset(privKey, 0, sizeof(CSSM_KEY));
-	
-	crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
-		CSSM_ALGID_DSA,
-		keySize,
-		NULL,					// Seed
-		NULL,					// Salt
-		NULL,					// StartDate
-		NULL,					// EndDate
-		params,	
-		&ccHand);
-	if(crtn) {
-		printError("CSSM_CSP_CreateKeyGenContext", crtn);
-		return crtn;
-	}
-	
-	/* cook up attribute bits */
-	if(pubIsRef) {
-		pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
-	}
-	else {
-		pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
-	}
-	if(privIsRef) {
-		privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
-	}
-	else {
-		privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
-	}
-
-	crtn = CSSM_GenerateKeyPair(ccHand,
-		CSSM_KEYUSE_VERIFY,
-		pubAttr,
-		&keyLabelData,
-		pubKey,
-		CSSM_KEYUSE_SIGN,
-		privAttr,
-		&keyLabelData,			// same labels
-		NULL,					// CredAndAclEntry
-		privKey);
-	if(crtn) {
-		printError("CSSM_GenerateKeyPair", crtn);
-	}
-	CSSM_DeleteContext(ccHand);
-	return crtn;
-}
-
-
-/*
- * Create new public key by merging specified partial key and 
- * parameter-bearing key. All keys can be in any format (though
- * it's the caller's responsibility to avoid using a ref paramKey
- * with the CSPDL). 
- */
-static CSSM_RETURN dsaMergeParams(
-	CSSM_CSP_HANDLE cspHand,
-	const CSSM_KEY	*partialKey,
-	const CSSM_KEY	*paramKey,
-	CSSM_KEY		&fullKey,		// RETURNED
-	bool			fullIsRef)		// ref/raw
-{
-	/*
-	 * First step is a null wrap or unwrap depending on 
-	 * format of partialKey.
-	 */
-	CSSM_CC_HANDLE ccHand;
-	CSSM_RETURN crtn;
-	CSSM_ACCESS_CREDENTIALS	creds;
-	CSSM_DATA label = {10, (uint8 *)"dummyLabel"};
-	CSSM_DATA descrData = {0, NULL};
-	const CSSM_KEYHEADER &hdr = partialKey->KeyHeader;
-
-	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
-	crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
-			CSSM_ALGID_NONE,
-			CSSM_ALGMODE_NONE,
-			&creds,		
-			NULL,				// wrapping key
-			NULL,				// initVector
-			CSSM_PADDING_NONE,	
-			0,					// Params
-			&ccHand);
-	if(crtn) {
-		printError("CSSM_CSP_CreateSymmetricContext", crtn);
-		return crtn;
-	}
-	
-	/* add in paramKey */
-	crtn = AddContextAttribute(ccHand,
-		CSSM_ATTRIBUTE_PARAM_KEY,
-		sizeof(CSSM_KEY),
-		CAT_Ptr,
-		paramKey,
-		0);
-	if(crtn) {
-		printError("AddContextAttribute", crtn);
-		return crtn;
-	}
-	
-	/* go */
-	CSSM_KEY targetKey;
-	memset(&targetKey, 0, sizeof(targetKey));
-	if(hdr.BlobType == CSSM_KEYBLOB_RAW) {
-		/* raw --> ref : null unwrap */
-		crtn = CSSM_UnwrapKey(ccHand,
-			NULL,				// PublicKey
-			partialKey,
-			hdr.KeyUsage,		// same as original
-			CSSM_KEYATTR_EXTRACTABLE |CSSM_KEYATTR_RETURN_REF,
-			&label,
-			NULL,				// CredAndAclEntry
-			&targetKey,
-			&descrData);		// required
-		if(crtn) {
-			printError("dsaMergeParams CSSM_UnwrapKey (1)", crtn);
-			return crtn;
-		}
-	}
-	else {
-		/* ref --> raw : null wrap */
-		crtn = CSSM_WrapKey(ccHand,
-			&creds,
-			partialKey,
-			NULL,			// DescriptiveData
-			&targetKey);
-		if(crtn) {
-			printError("dsaMergeParams CSSM_WrapKey (1)", crtn);
-			return crtn;
-		}
-	}
-	
-	if(targetKey.KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL) {
-		printf("***merged key still has CSSM_KEYATTR_PARTIAL\n");
-		return CSSMERR_CSSM_INTERNAL_ERROR;
-	}
-
-	CSSM_KEYBLOB_TYPE targetBlob;
-	if(fullIsRef) {
-		targetBlob = CSSM_KEYBLOB_REFERENCE;
-	}
-	else {
-		targetBlob = CSSM_KEYBLOB_RAW;
-	}
-	
-	if(targetKey.KeyHeader.BlobType == targetBlob) {
-		/* we're done */
-		fullKey = targetKey;
-		CSSM_DeleteContext(ccHand);
-		return CSSM_OK;
-	}
-
-	/*
-	 * We're going to reuse the context, but since the parameter merge
-	 * has already been done, remove the CSSM_ATTRIBUTE_PARAM_KEY
-	 * attribute.
-	 */
-	CSSM_CONTEXT_ATTRIBUTE attr;
-	memset(&attr, 0, sizeof(attr));
-	attr.AttributeType = CSSM_ATTRIBUTE_PARAM_KEY;
-	crtn = CSSM_DeleteContextAttributes(ccHand, 1, &attr);
-	if(crtn) {
-		printError("CSSM_DeleteContextAttributes", crtn);
-		return crtn;
-	}
-	
-	/* one more conversion */
-	if(targetBlob == CSSM_KEYBLOB_REFERENCE) {
-		/* raw --> ref : null unwrap */
-		crtn = CSSM_UnwrapKey(ccHand,
-			NULL,				// PublicKey
-			&targetKey,
-			hdr.KeyUsage,		// same as original
-			CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF,
-			&label,
-			NULL,				// CredAndAclEntry
-			&fullKey,
-			&descrData);		// required
-		if(crtn) {
-			printError("dsaMergeParams CSSM_UnwrapKey (2)", crtn);
-			return crtn;
-		}
-	}
-	else {
-		/* ref --> raw : null wrap */
-		crtn = CSSM_WrapKey(ccHand,
-			&creds,
-			&targetKey,
-			NULL,			// DescriptiveData
-			&fullKey);
-		if(crtn) {
-			printError("dsaMergeParams CSSM_WrapKey (2)", crtn);
-			return crtn;
-		}
-	}
-	CSSM_FreeKey(cspHand, NULL, &targetKey, CSSM_FALSE);
-	CSSM_DeleteContext(ccHand);
-	return CSSM_OK;
-}
-
-/*
- * Custom cspSigVerify with optional CSSM_ATTRIBUTE_PARAM_KEY
- */
-CSSM_RETURN sigVerify(CSSM_CSP_HANDLE cspHand,
-	uint32 algorithm,				// CSSM_ALGID_SHA1WithDSA, etc. 
-	CSSM_KEY_PTR key,				// public key
-	CSSM_KEY_PTR paramKey,			// optional parameter key
-	const CSSM_DATA *ptext,
-	const CSSM_DATA *sig,
-	CSSM_RETURN expectResult,
-	const char *op,
-	CSSM_BOOL verbose)
-{
-	CSSM_CC_HANDLE	sigHand;
-	CSSM_RETURN		ocrtn = CSSM_OK;
-	CSSM_RETURN		crtn;
-
-	if(verbose) {
-		printf("   ...%s\n", op);
-	}
-	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
-		algorithm,
-		NULL,				// passPhrase
-		key,
-		&sigHand);
-	if(crtn) {
-		printError("CSSM_CSP_CreateSignatureContext", crtn);
-		return crtn;
-	}
-	if(paramKey) {
-		crtn = AddContextAttribute(sigHand,
-			CSSM_ATTRIBUTE_PARAM_KEY,
-			sizeof(CSSM_KEY),
-			CAT_Ptr,
-			paramKey,
-			0);
-		if(crtn) {
-			printError("AddContextAttribute", crtn);
-			return crtn;
-		}
-	}
-	crtn = CSSM_VerifyData(sigHand,
-		ptext,
-		1,
-		CSSM_ALGID_NONE,
-		sig);
-	if(crtn != expectResult) {
-		if(!crtn) {
-			printf("%s: Unexpected good Sig Verify (expect %s)\n",
-				op, cssmErrToStr(expectResult));
-			ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
-		}
-		else {
-			printError(op, crtn);
-			ocrtn = crtn;
-		}
-	}
-	CSSM_DeleteContext(sigHand);
-	return ocrtn;
-}
-
-static int doTest(
-	CSSM_CSP_HANDLE	cspHand,
-	CSSM_KEY_PTR privKey_0,
-	CSSM_KEY_PTR pubKeyBase_0,
-	CSSM_KEY_PTR pubKeyPartial_0,
-	CSSM_KEY_PTR pubKeyParam_0,		// full, raw format if CSPDL
-	CSSM_KEY_PTR pubKeyPartial_1,
-	CSSM_KEY_PTR pubKeyParam_1,		// full, raw format if CSPDL
-	bool mergedIsRef,
-	CSSM_BOOL quiet,
-	CSSM_BOOL verbose)
-{
-	uint8 ptextBuf[MAX_PTEXT_SIZE];
-	CSSM_DATA ptext = {0, ptextBuf};
-	simpleGenData(&ptext, 1, MAX_PTEXT_SIZE);
-	CSSM_DATA sig = {0, NULL};
-	CSSM_RETURN crtn;
-	
-	/* the single sign op for this routine */
-	crtn = cspSign(cspHand, SIG_ALG, privKey_0, &ptext, &sig);
-	if(crtn) {
-		return testError(quiet);
-	}
-	
-	/* normal verify with full key */
-	crtn = sigVerify(cspHand, SIG_ALG, pubKeyBase_0, NULL,
-		&ptext, &sig, CSSM_OK, "vfy with full key", verbose);
-	if(crtn) {
-		return testError(quiet);
-	}
-	
-	/* good verify with partial key plus params */
-	crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, pubKeyParam_0, 
-		&ptext, &sig, CSSM_OK, "vfy with partial key and params",
-		verbose);
-	if(crtn) {
-		if(testError(quiet)) {
-			return 1;
-		}
-	}
-	
-	/* partial key failure */
-	crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, NULL, 
-		&ptext, &sig, 
-		CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE, 
-		"vfy with partial key no params", verbose);
-	if(crtn) {
-		if(testError(quiet)) {
-			return 1;
-		}
-	}
-
-	/* partial key, wrong params */
-	crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, pubKeyParam_1, 
-		&ptext, &sig, 
-		CSSMERR_CSP_VERIFY_FAILED, 
-		"vfy with partial key wrong params", verbose);
-	if(crtn) {
-		if(testError(quiet)) {
-			return 1;
-		}
-	}
-	
-	/* wrong partial key, good params */
-	crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_1, pubKeyParam_0, 
-		&ptext, &sig, 
-		CSSMERR_CSP_VERIFY_FAILED, 
-		"vfy with wrong partial key, good params", verbose);
-	if(crtn) {
-		if(testError(quiet)) {
-			return 1;
-		}
-	}
-	
-	/* 
-	 * Test merge via wrap/unwrap.
-	 * First, a good merged key.
-	 */
-	CSSM_KEY merged;
-	crtn = dsaMergeParams(cspHand,
-		pubKeyPartial_0,
-		pubKeyParam_0,
-		merged,
-		mergedIsRef);
-	if(crtn) {
-		return testError(quiet);
-	}
-	crtn = sigVerify(cspHand, SIG_ALG, &merged, NULL,
-		&ptext, &sig, CSSM_OK, "vfy with good merged key", verbose);
-	if(crtn) {
-		return testError(quiet);
-	}
-	CSSM_FreeKey(cspHand, NULL, &merged, CSSM_FALSE);
-
-	/* now with a badly merged key (with the wrong params) */
-	crtn = dsaMergeParams(cspHand,
-		pubKeyPartial_0,
-		pubKeyParam_1,
-		merged,
-		mergedIsRef);
-	if(crtn) {
-		return testError(quiet);
-	}
-	crtn = sigVerify(cspHand, SIG_ALG, &merged, NULL, 
-		&ptext, &sig, 
-		CSSMERR_CSP_VERIFY_FAILED, 
-		"vfy with merged key wrong params", verbose);
-	if(crtn) {
-		if(testError(quiet)) {
-			return 1;
-		}
-	}
-	CSSM_FreeKey(cspHand, NULL, &merged, CSSM_FALSE);
-	
-	CSSM_FREE(sig.Data);
-	return CSSM_OK;
-}
-
-
-int main(int argc, char **argv)
-{
-	char *argp;
-	CSSM_CSP_HANDLE cspHand;
-	CSSM_RETURN crtn;
-	
-	/* user spec'd variables */
-	unsigned loops = LOOPS_DEF;
-	CSSM_BOOL doPause = CSSM_FALSE;
-	CSSM_BOOL quiet = CSSM_FALSE;
-	CSSM_BOOL rawCSP = CSSM_TRUE;
-	CSSM_BOOL verbose = CSSM_FALSE;
-	uint32 keySize = KEY_SIZE_DEF;
-	CSSM_BOOL allRaw = CSSM_FALSE;
-	CSSM_BOOL allRef = CSSM_FALSE;
-	
-	for(int arg=1; arg<argc; arg++) {
-		argp = argv[arg];
-		switch(argp[0]) {
-			case 'l':
-				loops = atoi(&argp[2]);
-				break;
-			case 'q':
-				quiet = CSSM_TRUE;
-				break;
-			case 'p':
-				doPause = CSSM_TRUE;
-				break;
-			case 'v':
-				verbose = CSSM_TRUE;
-				break;
-			case 'D':
-				rawCSP = CSSM_FALSE;
-				break;
-			case 'r':
-				allRaw = CSSM_TRUE;
-				break;
-			case 'f':
-				allRef = CSSM_TRUE;
-				break;
-			default:
-				usage(argv);
-		}
-	}
-	
-	if(!rawCSP && (allRaw || allRef)) {
-		printf("CSPDL inconsistent with allRef and allRaw\n");
-		usage(argv);
-	}
-	if(allRef && allRaw) {
-		printf("allRef and allRaw are mutually exclusive\n");
-		usage(argv);
-	}
-	
-	/* read in params for two keypairs */
-	CSSM_DATA params1;
-	CSSM_DATA params2;
-	unsigned len;
-	if(readFile(PARAMS_512_1, (unsigned char **)&params1.Data, &len)) {
-		printf("***Error reading %s. Aborting.\n", PARAMS_512_1);
-		printf("***This test must be run from the cspxutils/dsaPartial directory.\n");
-		exit(1);
-	}
-	params1.Length = len;
-	if(readFile(PARAMS_512_2, (unsigned char **)&params2.Data, &len)) {
-		printf("***Error reading %s. Aborting.\n", PARAMS_512_2);
-		printf("***This test must be run from the cspxutils/dsaPartial directory.\n");
-		exit(1);
-	}
-	params2.Length = len;
-	
-	printf("Starting dsaPartial; args: ");
-	for(int i=1; i<argc; i++) {
-		printf("%s ", argv[i]);
-	}
-	printf("\n");
-	cspHand = cspDlDbStartup(rawCSP, NULL);
-	if(cspHand == 0) {
-		exit(1);
-	}
-
-	/* generate two keypairs */
-	CSSM_KEY dsa1Priv;
-	CSSM_KEY dsa1Pub;
-	CSSM_KEY dsa2Priv;
-	CSSM_KEY dsa2Pub;
-	
-	if(verbose) {
-		printf("...generating keys...\n");
-	}
-	CSSM_BOOL genRefKeys = CSSM_FALSE;
-	if(!rawCSP || allRef) {
-		genRefKeys = CSSM_TRUE;
-	}
-	crtn = genDsaKeyPair(cspHand, keySize, 
-		&dsa1Pub,  genRefKeys,
-		&dsa1Priv, genRefKeys,
-		&params1);
-	if(crtn) {
-		exit(1);
-	}
-	crtn = genDsaKeyPair(cspHand, keySize, 
-		&dsa2Pub,  genRefKeys,
-		&dsa2Priv, genRefKeys,
-		&params2);
-	if(crtn) {
-		exit(1);
-	}
-	
-	/* CSPDL also requires separate raw parameter keys */
-	CSSM_KEY dsa1PubParam;
-	CSSM_KEY dsa2PubParam;
-	if(!rawCSP) {
-		if(cspRefKeyToRaw(cspHand, &dsa1Pub, &dsa1PubParam) ||
-		   cspRefKeyToRaw(cspHand, &dsa2Pub, &dsa2PubParam)) {
-			exit(1);
-		}
-	}
-	
-	/* generate partial pub keys in raw form */
-	CSSM_KEY dsa1PubPartial;
-	CSSM_KEY dsa2PubPartial;
-	crtn = extractDsaPartial(cspHand, &dsa1Pub, &dsa1PubPartial);
-	if(crtn) {
-		exit(1);
-	}
-	crtn = extractDsaPartial(cspHand, &dsa2Pub, &dsa2PubPartial);
-	if(crtn) {
-		exit(1);
-	}
-	
-	/* 
-	 * Reference version of all 4 pub keys if we're going to mix & match 
-	 */
-	CSSM_KEY dsa1PubRef;
-	CSSM_KEY dsa2PubRef;
-	CSSM_KEY dsa1PubPartialRef;
-	CSSM_KEY dsa2PubPartialRef;
-	if(rawCSP && 		// CSPDL --> these were created as ref keys
-	  !allRaw &&		// allRaw --> don't want ref keys
-	  !allRef) {		// allRef --> these were created as ref keys
-		if(cspRawKeyToRef(cspHand, &dsa1Pub, &dsa1PubRef) ||
-		   cspRawKeyToRef(cspHand, &dsa2Pub, &dsa2PubRef)) {
-			exit(1);
-		}
-	}
-	if(!rawCSP || !allRaw) {
-		/* these were created in raw form unconditionally */
-		if(cspRawKeyToRef(cspHand, &dsa1PubPartial, 
-				&dsa1PubPartialRef) ||
-			cspRawKeyToRef(cspHand, &dsa2PubPartial, 
-				&dsa2PubPartialRef)) {
-			exit(1);
-		}
-		
-		/* verify that these came back with the partial flag set */
-		if(!(dsa1PubPartialRef.KeyHeader.KeyAttr &
-				CSSM_KEYATTR_PARTIAL)) {
-			printf("***CSSM_KEYATTR_PARTIAL not set after null unwrap"
-				" of partial DSA key\n");
-			if(testError(quiet)) {
-				exit(1);
-			}
-		}
-		if(!(dsa2PubPartialRef.KeyHeader.KeyAttr &
-				CSSM_KEYATTR_PARTIAL)) {
-			printf("***CSSM_KEYATTR_PARTIAL not set after null unwrap"
-				" of partial DSA key\n");
-			if(testError(quiet)) {
-				exit(1);
-			}
-		}
-	}
-	
-	int rtn = 0;
-	for(unsigned loop=0; loop<loops; loop++) {
-		/* four pub keys - raw or ref */
-		CSSM_KEY_PTR pubKey_a;
-		CSSM_KEY_PTR pubKey_b;
-		CSSM_KEY_PTR pubKeyPartial_a;
-		CSSM_KEY_PTR pubKeyPartial_b;
-		bool mergedIsRef;
-		
-		if(allRef) {
-			/* raw CSP only - all ref keys */
-			/* base keys were generated as ref */
-			pubKey_a = &dsa1Pub;
-			pubKey_b = &dsa2Pub;
-			/* these alwasy generated as raw */
-			pubKeyPartial_a = &dsa1PubPartialRef;
-			pubKeyPartial_b = &dsa2PubPartialRef;
-			/* generated merged key ref too */
-			mergedIsRef = true;
-		}
-		else if(allRaw) {
-			/* raw CSP only - all raw keys */
-			pubKey_a = &dsa1Pub;
-			pubKey_b = &dsa2Pub;
-			pubKeyPartial_a = &dsa1PubPartial;
-			pubKeyPartial_b = &dsa2PubPartial;
-			/* generated merged key ref too */
-			mergedIsRef = false;
-		}
-		else if(!rawCSP) {
-			/* CSPDL - base keys are ref, partials are raw */
-			pubKey_a = &dsa1Pub;
-			pubKey_b = &dsa2Pub;
-			pubKeyPartial_a = &dsa1PubPartialRef;
-			pubKeyPartial_b = &dsa2PubPartialRef;
-			/* generated merged key ref too */
-			mergedIsRef = true;
-		}
-		else {
-			/* default: mix & match */
-			pubKey_a = (loop & 1) ? &dsa1Pub : &dsa1PubRef;
-			pubKey_b = (loop & 2) ? &dsa2Pub : &dsa2PubRef;
-			pubKeyPartial_a = (loop & 4) ? 
-				&dsa1PubPartial : &dsa1PubPartialRef;
-			pubKeyPartial_b = (loop & 8) ? 
-				&dsa2PubPartial : &dsa2PubPartialRef;
-			/* generated merged key different from partial_a*/
-			mergedIsRef = (loop & 2) ? true : false;
-		}
-		
-		/* and two param keys - CSPDL requires raw, else the same as
-		 * the "base" public key */
-		CSSM_KEY_PTR pubKeyParam_a = pubKey_a;
-		CSSM_KEY_PTR pubKeyParam_b = pubKey_b;
-		if(!rawCSP) {
-			pubKeyParam_a = &dsa1PubParam;
-			pubKeyParam_b = &dsa2PubParam;
-		}
-		if(!quiet) {
-			printf("...loop %u\n", loop);
-		}
-		rtn = doTest(cspHand, &dsa1Priv,
-			pubKey_a, pubKeyPartial_a, pubKeyParam_a,
-			pubKeyPartial_b, pubKeyParam_b,
-			mergedIsRef, quiet, verbose);
-		if(rtn) {
-			break;
-		}
-		if(doPause) {
-			fpurge(stdin);
-			printf("Hit CR to proceed, q to quit: ");
-			char inch = getchar();
-			if(inch == 'q') {
-				break;
-			}
-		}
-	}
-	
-	/* cleanup */
-	return(rtn);
-}