testhl.c

提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发

		}

	/* Query the encrypted key object */
	status = cryptQueryObject( buffer, &cryptObjectInfo );
	if( cryptStatusError( status ) )
		{
		printf( "cryptQueryObject() failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}
	printf( "cryptQueryObject() reports object type %d, algorithm %d, mode "
			"%d.\n", cryptObjectInfo.objectType, cryptObjectInfo.cryptAlgo,
			cryptObjectInfo.cryptMode );
	debugDump( "kek_mac", buffer, length1 );

	/* Recreate the MAC key by importing the encrypted key */
	status = cryptCreateContext( &decryptContext, CRYPT_UNUSED, 
								 cryptObjectInfo.cryptAlgo );
	if( cryptStatusError( status ) )
		{
		printf( "cryptCreateContext() failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}
	cryptSetAttribute( cryptContext, CRYPT_CTXINFO_MODE, 
					   cryptObjectInfo.cryptMode );
	cryptSetAttributeString( decryptContext, CRYPT_CTXINFO_KEYING_SALT,
							 cryptObjectInfo.salt, cryptObjectInfo.saltSize );
	status = cryptSetAttributeString( decryptContext, 
									  CRYPT_CTXINFO_KEYING_VALUE, 
									  userKey, userKeyLength );

	status = cryptImportKey( buffer, decryptContext, macContext2 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptImportKey() failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}

	/* Make sure the two MAC keys match */
	cryptEncrypt( macContext1, "1234", 4 );
	cryptEncrypt( macContext1, "", 0 );
	cryptEncrypt( macContext2, "1234", 4 );
	cryptEncrypt( macContext2, "", 0 );
	cryptGetAttributeString( macContext1, CRYPT_CTXINFO_HASHVALUE,
							 mac1, &length1 );
	cryptGetAttributeString( macContext2, CRYPT_CTXINFO_HASHVALUE,
							 mac2, &length2 );
	if( ( length1 != length2 ) || memcmp( mac1, mac2, length1 ) || \
		!memcmp( mac1, "\x00\x00\x00\x00\x00\x00\x00\x00", 8 ) || \
		!memcmp( mac2, "\x00\x00\x00\x00\x00\x00\x00\x00", 8 ) )
		{
		puts( "Data MAC'd with key1 != data MAC'd with key2." );
		return( FALSE );
		}

	/* Clean up */
	destroyContexts( CRYPT_UNUSED, macContext1, macContext2 );
	destroyContexts( CRYPT_UNUSED, cryptContext, decryptContext );
	printf( "Export/import of MAC key via user-key-based triple DES "
			"conventional\n  encryption succeeded.\n\n" );
	free( buffer );
	return( TRUE );
	}

/* Test the code to export/import an encrypted key and sign data.  We're not 
   as picky with error-checking here since most of the functions have just 
   executed successfully.  We check every algorithm type since there are 
   different code paths for DLP and non-DLP PKCs */

int testKeyExportImport( void )
	{
	int status;

	status = keyExportImport( "RSA", CRYPT_ALGO_RSA, CRYPT_UNUSED,
							  CRYPT_UNUSED );
	if( status )
		status = keyExportImport( "Elgamal", CRYPT_ALGO_ELGAMAL,
								  CRYPT_UNUSED, CRYPT_UNUSED );
	return( status );
	}

int testSignData( void )
	{
	int status;

	status = signData( "RSA", CRYPT_ALGO_RSA, CRYPT_UNUSED, CRYPT_UNUSED );
	if( status )
		status = signData( "DSA", CRYPT_ALGO_DSA, CRYPT_UNUSED, CRYPT_UNUSED );
	return( status );
	}

/* Test the code to exchange a session key via Diffie-Hellman.  We're not as
   picky with error-checking here since most of the functions have just
   executed successfully */

int testKeyAgreement( void )
	{
	CRYPT_OBJECT_INFO cryptObjectInfo;
	CRYPT_CONTEXT cryptContext1, cryptContext2;
	CRYPT_CONTEXT sessionKeyContext1, sessionKeyContext2;
	BYTE *buffer;
	int length, status;

	puts( "Testing key agreement..." );

	/* Create the DH encryption contexts, one with a key loaded and the
	   other as a blank template for the import from the first one */
	if( !loadDHContexts( &cryptContext1, NULL, PKC_KEYSIZE ) )
		return( FALSE );
	cryptCreateContext( &cryptContext2, CRYPT_UNUSED, CRYPT_ALGO_DH );

	/* Create the session key templates */
	cryptCreateContext( &sessionKeyContext1, CRYPT_UNUSED, 
						selectCipher( CRYPT_ALGO_RC5 ) );
	cryptCreateContext( &sessionKeyContext2, CRYPT_UNUSED, 
						selectCipher( CRYPT_ALGO_RC5 ) );
	cryptSetAttribute( sessionKeyContext1, CRYPT_CTXINFO_MODE, CRYPT_MODE_CBC );
	cryptSetAttribute( sessionKeyContext2, CRYPT_CTXINFO_MODE, CRYPT_MODE_CBC );

	/* Find out how big the exported key will be */
	status = cryptExportKey( NULL, &length, cryptContext1, sessionKeyContext1 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptExportKey() failed with error code %d, line %d.\n",
				status, __LINE__ );
		return( FALSE );
		}
	printf( "cryptExportKey() reports exported key object will be %d bytes "
			"long\n", length );
	if( ( buffer = malloc( length ) ) == NULL )
		return( FALSE );

	/* Perform phase 1 of the exchange */
	status = cryptExportKey( buffer, &length, cryptContext1, sessionKeyContext1 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptExportKey() #1 failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}
	status = cryptImportKey( buffer, cryptContext2, sessionKeyContext2 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptImportKey() #1 failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}

	/* Query the encrypted key object */
	status = cryptQueryObject( buffer, &cryptObjectInfo );
	if( cryptStatusError( status ) )
		{
		printf( "cryptQueryObject() failed with error code %d, line %d.\n",
				status );
		free( buffer );
		return( FALSE );
		}
	printf( "cryptQueryObject() reports object type %d, algorithm %d, mode "
			"%d.\n", cryptObjectInfo.objectType, cryptObjectInfo.cryptAlgo,
			cryptObjectInfo.cryptMode );
	memset( &cryptObjectInfo, 0, sizeof( CRYPT_OBJECT_INFO ) );
	debugDump( "keyagree", buffer, length );

	/* Perform phase 2 of the exchange */
	status = cryptExportKey( buffer, &length, cryptContext2, sessionKeyContext2 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptExportKey() #2 failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}
	status = cryptImportKey( buffer, cryptContext1, sessionKeyContext1 );
	if( cryptStatusError( status ) )
		{
		printf( "cryptImportKey() #2 failed with error code %d, line %d.\n",
				status, __LINE__ );
		free( buffer );
		return( FALSE );
		}

	/* Make sure the two keys match */
	if( !compareSessionKeys( sessionKeyContext1, sessionKeyContext2 ) )
		return( FALSE );

	/* Clean up */
	destroyContexts( CRYPT_UNUSED, sessionKeyContext1, sessionKeyContext2 );
	destroyContexts( CRYPT_UNUSED, cryptContext1, cryptContext2 );
	printf( "Exchange of session key via %d-bit Diffie-Hellman succeeded.\n\n",
			PKC_KEYSIZE );
	free( buffer );
	return( TRUE );
	}

/* Test normal and asynchronous public-key generation */

static int keygen( const CRYPT_ALGO cryptAlgo, const char *algoName )
	{
	CRYPT_CONTEXT cryptContext;
	BYTE buffer[ BUFFER_SIZE ];
	int length, status;

	printf( "Testing %s key generation...\n", algoName );

	/* Create an encryption context and generate a (short) key into it.
	   Generating a minimal-length 512 bit key is faster than the default
	   1-2K bit keys */
	cryptCreateContext( &cryptContext, CRYPT_UNUSED, cryptAlgo );
	cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL,
							 "Private key", 11 );
	cryptSetAttribute( cryptContext, CRYPT_CTXINFO_KEYSIZE, 64 );
	status = cryptGenerateKey( cryptContext );
	if( cryptStatusError( status ) )
		{
		printf( "cryptGenerateKey() failed with error code %d, line %d.\n",
				status );
		return( FALSE );
		}

	/* Perform a test operation to check the new key */
	if( cryptAlgo == CRYPT_ALGO_RSA || cryptAlgo == CRYPT_ALGO_DSA )
		{
		CRYPT_CONTEXT hashContext;
		BYTE hashBuffer[] = "abcdefghijklmnopqrstuvwxyz";

		/* Create an SHA hash context and hash the test buffer */
		cryptCreateContext( &hashContext, CRYPT_UNUSED, CRYPT_ALGO_SHA );
		cryptEncrypt( hashContext, hashBuffer, 26 );
		cryptEncrypt( hashContext, hashBuffer, 0 );

		/* Sign the hashed data and check the signature */
		status = cryptCreateSignature( buffer, &length, cryptContext, hashContext );
		if( cryptStatusOK( status ) )
			status = cryptCheckSignature( buffer, cryptContext, hashContext );

		/* Clean up */
		cryptDestroyContext( hashContext );
		cryptDestroyContext( cryptContext );
		if( cryptStatusError( status ) )
			{
			printf( "Sign/signature check with generated key failed with "
					"error code %d, line %d.\n", status, __LINE__ );
			return( FALSE );
			}
		}
	else
	if( cryptAlgo == CRYPT_ALGO_ELGAMAL )
		{
		CRYPT_CONTEXT sessionKeyContext1, sessionKeyContext2;

		/* Test the key exchange */
		cryptCreateContext( &sessionKeyContext1, CRYPT_UNUSED, 
							CRYPT_ALGO_DES );
		cryptCreateContext( &sessionKeyContext2, CRYPT_UNUSED, 
							CRYPT_ALGO_DES );
		cryptSetAttribute( sessionKeyContext1, CRYPT_CTXINFO_MODE, 
						   CRYPT_MODE_CBC );
		cryptSetAttribute( sessionKeyContext2, CRYPT_CTXINFO_MODE, 
						   CRYPT_MODE_CBC );
		cryptGenerateKey( sessionKeyContext1 );
		status = cryptExportKey( buffer, &length, cryptContext,
								  sessionKeyContext1 );
		if( cryptStatusOK( status ) )
			status = cryptImportKey( buffer, cryptContext,
									 sessionKeyContext2 );
		cryptDestroyContext( cryptContext );
		if( cryptStatusError( status ) )
			{
			destroyContexts( CRYPT_UNUSED, sessionKeyContext1,
							 sessionKeyContext2 );
			printf( "Key exchange with generated key failed with error code "
					"%d, line %d.\n", status, __LINE__ );
			return( FALSE );
			}

		/* Make sure the two keys match */
		if( !compareSessionKeys( sessionKeyContext1, sessionKeyContext2 ) )
			return( FALSE );

		/* Clean up */
		destroyContexts( CRYPT_UNUSED, sessionKeyContext1,
						 sessionKeyContext2 );
		}
	else
	if( cryptAlgo == CRYPT_ALGO_DH )
		{
		CRYPT_CONTEXT dhContext;
		CRYPT_CONTEXT sessionKeyContext1, sessionKeyContext2;

KLUDGE_WARN( "DH test because of absence of DH key exchange mechanism" );
cryptDestroyContext( cryptContext );
return( TRUE );

		/* Test the key exchange */
		cryptCreateContext( &sessionKeyContext1, CRYPT_UNUSED, 
							CRYPT_ALGO_DES );
		cryptCreateContext( &sessionKeyContext2, CRYPT_UNUSED, 
							CRYPT_ALGO_DES );
		cryptSetAttribute( sessionKeyContext1, CRYPT_CTXINFO_MODE, 
						   CRYPT_MODE_CBC );
		cryptSetAttribute( sessionKeyContext2, CRYPT_CTXINFO_MODE, 
						   CRYPT_MODE_CBC );
		cryptCreateContext( &dhContext, CRYPT_UNUSED, CRYPT_ALGO_DH );
		status = cryptExportKey( buffer, &length, cryptContext,
								  sessionKeyContext1 );
		if( cryptStatusOK( status ) )
			status = cryptImportKey( buffer, dhContext,
									 sessionKeyContext2 );
		if( cryptStatusOK( status ) )
			status = cryptExportKey( buffer, &length, dhContext,
									 sessionKeyContext2 );
		if( cryptStatusOK( status ) )
			status = cryptImportKey( buffer, cryptContext,
									 sessionKeyContext1 );
		cryptDestroyContext( cryptContext );
		cryptDestroyContext( dhContext );
		if( cryptStatusError( status ) )
			{
			destroyContexts( CRYPT_UNUSED, sessionKeyContext1,
							 sessionKeyContext2 );
			printf( "Key exchange with generated key failed with error code "
					"%d, line %d.\n", status, __LINE__ );
			return( FALSE );
			}

		/* Make sure the two keys match */
		if( !compareSessionKeys( sessionKeyContext1, sessionKeyContext2 ) )
			return( FALSE );

		/* Clean up */
		destroyContexts( CRYPT_UNUSED, sessionKeyContext1,
						 sessionKeyContext2 );
		}
	else