📄 testenv.c
字号:
}
cryptCreateContext( &cryptContext, CRYPT_UNUSED, cryptAlgo );
cryptSetAttribute( cryptContext, CRYPT_CTXINFO_MODE, CRYPT_MODE_CFB );
}
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_KEY,
"0123456789ABCDEF", 16 );
/* Create the envelope, push in a password and the data, pop the
enveloped result, and destroy the envelope */
if( !createEnvelope( &cryptEnvelope, formatType ) || \
!addEnvInfoNumeric( cryptEnvelope, CRYPT_ENVINFO_SESSIONKEY,
cryptContext ) )
return( FALSE );
if( useDatasize )
cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_DATASIZE, length );
if( useLargeBuffer )
cryptSetAttribute( cryptEnvelope, CRYPT_ATTRIBUTE_BUFFERSIZE,
length + 1024 );
count = pushData( cryptEnvelope, inBufPtr, length, NULL, 0 );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, outBufPtr, bufSize );
if( cryptStatusError( count ) )
return( FALSE );
if( !destroyEnvelope( cryptEnvelope ) )
return( FALSE );
/* Tell them what happened */
printf( "Enveloped data has size %d bytes.\n", count );
if( !useLargeBuffer )
debugDump( dumpFileName, outBufPtr, count );
/* Create the envelope, push in the data, pop the de-enveloped result,
and destroy the envelope */
if( !createDeenvelope( &cryptEnvelope ) )
return( FALSE );
if( useLargeBuffer )
cryptSetAttribute( cryptEnvelope, CRYPT_ATTRIBUTE_BUFFERSIZE,
length + 1024 );
count = pushData( cryptEnvelope, outBufPtr, count, NULL, cryptContext );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, outBufPtr, bufSize );
if( cryptStatusError( count ) )
return( FALSE );
if( !destroyEnvelope( cryptEnvelope ) )
return( FALSE );
/* Make sure the result matches what we pushed */
if( count != length )
{
puts( "De-enveloped data length != original length." );
return( FALSE );
}
if( useLargeBuffer )
{
int i;
for( i = 0; i < length; i++ )
if( outBufPtr[ i ] != ( i & 0xFF ) )
{
printf( "De-enveloped data != original data at byte %d.\n", i );
return( FALSE );
}
}
else
if( memcmp( outBufPtr, ENVELOPE_TESTDATA, length ) )
{
puts( "De-enveloped data != original data." );
return( FALSE );
}
/* Clean up */
if( useLargeBuffer )
free( inBufPtr );
cryptDestroyContext( cryptContext );
puts( "Enveloping of raw-session-key-encrypted data succeeded.\n" );
return( TRUE );
}
int testEnvelopeSessionCrypt( void )
{
if( !envelopeSessionCrypt( "env_sesn", FALSE, FALSE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Indefinite length */
if( !envelopeSessionCrypt( "env_ses", TRUE, FALSE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Datasize */
#if 0
/* Although in theory PGP supports raw session-key based enveloping, in
practice this key is always (implicitly) derived from a user password,
so the enveloping code doesn't allow the use of raw session keys */
return( envelopeSessionCrypt( "env_ses.pgp", TRUE, FALSE, CRYPT_FORMAT_PGP ) );
#endif /* 0 */
return( TRUE );
}
int testEnvelopeSessionCryptLargeBuffer( void )
{
return( envelopeSessionCrypt( "env_ses", TRUE, TRUE, CRYPT_FORMAT_CRYPTLIB ) );
} /* Datasize, large buffer */
/* Test encrypted enveloping */
static int envelopeDecrypt( BYTE *buffer, const int length,
const CRYPT_CONTEXT cryptContext )
{
CRYPT_ENVELOPE cryptEnvelope;
int count;
/* Create the envelope, push in the data, pop the de-enveloped result,
and destroy the envelope */
if( !createDeenvelope( &cryptEnvelope ) )
return( FALSE );
count = pushData( cryptEnvelope, buffer, length, NULL, cryptContext );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, buffer, BUFFER_SIZE );
if( cryptStatusError( count ) )
return( FALSE );
destroyEnvelope( cryptEnvelope );
return( count );
}
static int envelopeCrypt( const char *dumpFileName,
const BOOLEAN useDatasize,
const CRYPT_FORMAT_TYPE formatType )
{
CRYPT_CONTEXT cryptContext;
CRYPT_ENVELOPE cryptEnvelope;
int count;
printf( "Testing encrypted enveloping%s...\n",
useDatasize ? " with datasize hint" : "" );
/* Create the session key context. We don't check for errors here
since this code will already have been tested earlier */
cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_3DES );
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_KEY,
"0123456789ABCDEF", 16 );
/* Create the envelope, push in a KEK and the data, pop the enveloped
result, and destroy the envelope */
if( !createEnvelope( &cryptEnvelope, formatType ) || \
!addEnvInfoNumeric( cryptEnvelope, CRYPT_ENVINFO_KEY, cryptContext ) )
return( FALSE );
if( useDatasize )
cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_DATASIZE,
ENVELOPE_TESTDATA_SIZE );
count = pushData( cryptEnvelope, ENVELOPE_TESTDATA,
ENVELOPE_TESTDATA_SIZE, NULL, 0 );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, globalBuffer, BUFFER_SIZE );
if( cryptStatusError( count ) )
return( FALSE );
if( !destroyEnvelope( cryptEnvelope ) )
return( FALSE );
/* Tell them what happened */
printf( "Enveloped data has size %d bytes.\n", count );
debugDump( dumpFileName, globalBuffer, count );
/* De-envelope the data and make sure the result matches what we
pushed */
count = envelopeDecrypt( globalBuffer, count, cryptContext );
if( !count )
return( FALSE );
if( count != ENVELOPE_TESTDATA_SIZE || \
memcmp( globalBuffer, ENVELOPE_TESTDATA, ENVELOPE_TESTDATA_SIZE ) )
{
puts( "De-enveloped data != original data." );
return( FALSE );
}
/* Clean up */
cryptDestroyContext( cryptContext );
puts( "Enveloping of encrypted data succeeded.\n" );
return( TRUE );
}
int testEnvelopeCrypt( void )
{
if( !envelopeCrypt( "env_kekn", FALSE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Indefinite length */
return( envelopeCrypt( "env_kek", TRUE, CRYPT_FORMAT_CRYPTLIB ) );
} /* Datasize */
/* Test password-based encrypted enveloping */
static int envelopePasswordDecrypt( BYTE *buffer, const int length )
{
CRYPT_ENVELOPE cryptEnvelope;
int count;
/* Create the envelope, push in the data, pop the de-enveloped result,
and destroy the envelope */
if( !createDeenvelope( &cryptEnvelope ) )
return( FALSE );
count = pushData( cryptEnvelope, buffer, length, "Password", 8 );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, buffer, BUFFER_SIZE );
if( cryptStatusError( count ) )
return( FALSE );
destroyEnvelope( cryptEnvelope );
return( count );
}
static int envelopePasswordCrypt( const char *dumpFileName,
const BOOLEAN useDatasize,
const BOOLEAN useAltCipher,
const BOOLEAN multiKeys,
const CRYPT_FORMAT_TYPE formatType )
{
CRYPT_ENVELOPE cryptEnvelope;
int count;
printf( "Testing %s%spassword-encrypted enveloping%s",
( formatType == CRYPT_FORMAT_PGP ) ? "PGP " : "",
multiKeys ? "multiple-" : "",
( useDatasize && ( formatType != CRYPT_FORMAT_PGP ) ) ? \
" with datasize hint" : "" );
if( useAltCipher )
printf( ( formatType == CRYPT_FORMAT_PGP ) ? \
" with non-default cipher type" : " and stream cipher" );
puts( "..." );
/* Create the envelope, push in a password and the data, pop the
enveloped result, and destroy the envelope */
if( !createEnvelope( &cryptEnvelope, formatType ) || \
!addEnvInfoString( cryptEnvelope, CRYPT_ENVINFO_PASSWORD,
"Password", 8 ) )
return( FALSE );
if( useAltCipher )
{
/* Test enveloping with an IV-less stream cipher, which tests the
handling of algorithms that can't be used to wrap themselves in
the RecipientInfo */
int status = cryptSetAttribute( cryptEnvelope,
CRYPT_OPTION_ENCR_ALGO,
CRYPT_ALGO_RC4 );
if( cryptStatusError( status ) )
{
printf( "Couldn't set non-default envelope cipher, error code "
"%d, line %d.\n", status, __LINE__ );
return( FALSE );
}
}
if( multiKeys && \
( !addEnvInfoString( cryptEnvelope, CRYPT_ENVINFO_PASSWORD,
"Password1", 9 ) || \
!addEnvInfoString( cryptEnvelope, CRYPT_ENVINFO_PASSWORD,
"Password2", 9 ) || \
!addEnvInfoString( cryptEnvelope, CRYPT_ENVINFO_PASSWORD,
"Password3", 9 ) ) )
return( FALSE );
if( useDatasize )
cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_DATASIZE,
ENVELOPE_TESTDATA_SIZE );
count = pushData( cryptEnvelope, ENVELOPE_TESTDATA,
ENVELOPE_TESTDATA_SIZE, NULL, 0 );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, globalBuffer, BUFFER_SIZE );
if( cryptStatusError( count ) )
return( FALSE );
if( !destroyEnvelope( cryptEnvelope ) )
return( FALSE );
/* Tell them what happened */
printf( "Enveloped data has size %d bytes.\n", count );
debugDump( dumpFileName, globalBuffer, count );
/* De-envelope the data and make sure the result matches what we
pushed */
count = envelopePasswordDecrypt( globalBuffer, count );
if( !count )
return( FALSE );
if( count != ENVELOPE_TESTDATA_SIZE || \
memcmp( globalBuffer, ENVELOPE_TESTDATA, ENVELOPE_TESTDATA_SIZE ) )
{
puts( "De-enveloped data != original data." );
return( FALSE );
}
/* Clean up */
puts( "Enveloping of password-encrypted data succeeded.\n" );
return( TRUE );
}
int testEnvelopePasswordCrypt( void )
{
if( !envelopePasswordCrypt( "env_pasn", FALSE, FALSE, FALSE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Indefinite length */
if( !envelopePasswordCrypt( "env_pas", TRUE, FALSE, FALSE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Datasize */
if( !envelopePasswordCrypt( "env_mpas", TRUE, FALSE, TRUE, CRYPT_FORMAT_CRYPTLIB ) )
return( FALSE ); /* Datasize, multiple keys */
if( !envelopePasswordCrypt( "env_pas.pgp", TRUE, FALSE, FALSE, CRYPT_FORMAT_PGP ) )
return( FALSE ); /* PGP format */
return( envelopePasswordCrypt( "env_pasr", TRUE, TRUE, FALSE, CRYPT_FORMAT_CRYPTLIB ) );
} /* IV-less cipher */
/* Test PKC-encrypted enveloping */
static int envelopePKCDecrypt( BYTE *buffer, const int length,
const KEYFILE_TYPE keyFileType )
{
CRYPT_ENVELOPE cryptEnvelope;
CRYPT_KEYSET cryptKeyset;
const char *keysetName = getKeyfileName( keyFileType, TRUE );
const char *password = getKeyfilePassword( keyFileType );
int count, status;
/* Create the envelope and push in the decryption keyset */
if( !createDeenvelope( &cryptEnvelope ) )
return( FALSE );
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
keysetName, CRYPT_KEYOPT_READONLY );
if( cryptStatusOK( status ) )
status = addEnvInfoNumeric( cryptEnvelope,
CRYPT_ENVINFO_KEYSET_DECRYPT, cryptKeyset );
cryptKeysetClose( cryptKeyset );
if( !status )
return( FALSE );
/* Push in the data */
count = pushData( cryptEnvelope, buffer, length, password, 0 );
if( cryptStatusError( count ) )
return( FALSE );
count = popData( cryptEnvelope, buffer, BUFFER_SIZE );
if( cryptStatusError( count ) )
return( FALSE );
destroyEnvelope( cryptEnvelope );
return( count );
}
static int envelopePKCCrypt( const char *dumpFileName,
const BOOLEAN useDatasize,
const KEYFILE_TYPE keyFileType,
const BOOLEAN useRecipient,
const BOOLEAN useMultipleKeyex,
const BOOLEAN useAltAlgo,
const CRYPT_FORMAT_TYPE formatType )
{
CRYPT_ENVELOPE cryptEnvelope;
CRYPT_KEYSET cryptKeyset;
CRYPT_HANDLE cryptKey;
const char *keysetName = getKeyfileName( keyFileType, FALSE );
/* When reading keys we have to explicitly use the first matching
key in the PGP 2.x keyring since the remaining keys are (for some
reason) stored unencrypted, and the keyring read code will
disallow the use of the key if it's stored in this manner */
const char *keyID = ( keyFileType == KEYFILE_PGP ) ? \
"test" : getKeyfileUserID( keyFileType );
int count, status;
if( !keyReadOK )
{
puts( "Couldn't find key files, skipping test of public-key "
"encrypted enveloping..." );
return( TRUE );
}
printf( "Testing %spublic-key encrypted enveloping%s using ",
( formatType == CRYPT_FORMAT_PGP ) ? \
( ( keyFileType == KEYFILE_PGP ) ? "PGP " : "OpenPGP " ) : \
"", \
( useDatasize && ( formatType != CRYPT_FORMAT_PGP ) && \
!( useRecipient || useMultipleKeyex) ) ? \
" with datasize hint" : "" );
printf( ( keyFileType == KEYFILE_PGP || \
keyFileType == KEYFILE_OPENPGP ) ? \
( ( formatType == CRYPT_FORMAT_PGP ) ? \
"PGP key" : "raw public key" ) : \
"X.509 cert" );
if( useRecipient && !useAltAlgo )
printf( " and recipient info" );
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -