cspxutils/asymCompat/asymCompat.c

/*
 * asymCompat.c - test compatibilty of two different implementations of a
 * RSA and DSA - one in the standard AppleCSP, one in BSAFE.
 */

#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <Security/cssm.h>
#include <Security/cssmapple.h>
#include "cspwrap.h"
#include "common.h"
#include "bsafeUtils.h"
#include <string.h>
#include "cspdlTesting.h"

/*
 * Defaults.
 */
#define OLOOPS_DEF		10		/* outer loops, one set of keys per loop */
#define SIG_LOOPS_DEF	100		/* sig loops */
#define ENC_LOOPS_DEF	100		/* encrypt/decrypt loops */
#define MAX_TEXT_SIZE	1025

#define LOOP_NOTIFY		20

static void usage(char **argv)
{
	printf("usage: %s [options]\n", argv[0]);
	printf("   Options:\n");
	printf("   a=algorithm (r=RSA; d=DSA; default=both)\n");
	printf("   l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF);
	printf("   s=sigLoops (default=%d)\n", SIG_LOOPS_DEF);
	printf("   e=encryptLoops (default=%d)\n", ENC_LOOPS_DEF);
	printf("   k=keySizeInBits; default is random\n");
	printf("   S (sign/verify only)\n");
	printf("   E (encrypt/decrypt only)\n");
	printf("   r (generate ref keys)\n");
	printf("   R (generate public ref keys)\n");
	printf("   p=pauseInterval (default=0, no pause)\n");
	printf("   D (CSP/DL; default = bare CSP)\n");
	printf("   v(erbose)\n");
	printf("   q(uiet)\n");
	printf("   h(elp)\n");
	exit(1);
}

static const char *algToStr(CSSM_ALGORITHMS sigAlg)
{
	switch(sigAlg) {
		case CSSM_ALGID_RSA:			return "RSA";
		case CSSM_ALGID_DSA:			return "DSA";
		case CSSM_ALGID_SHA1WithRSA:	return "SHA1WithRSA";
		case CSSM_ALGID_MD5WithRSA:		return "MD5WithRSA";
		case CSSM_ALGID_SHA1WithDSA:	return "SHA1WithDSA";
		default:
			printf("***Unknown sigAlg\n");
			exit(1);
	}
	/* NOT REACHED */
	return "";
}

/*
 * CDSA private key decrypt with blinding option.
 */
static CSSM_RETURN _cspDecrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		CSSM_BOOL blinding,
		const CSSM_KEY *key,				// public or session key
		const CSSM_DATA *ctext,
		CSSM_DATA_PTR ptext)				// RETURNED
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	CSSM_SIZE		bytesDecrypted;
	CSSM_DATA		remData = {0, NULL};

	cryptHand = genCryptHandle(cspHand,
		algorithm,
		mode,
		padding,
		key,
		NULL,		// pubKey,
		NULL,		// iv,
		0,			// effectiveKeySizeInBits,
		0);			// rounds
	if(cryptHand == 0) {
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(blinding) {
		CSSM_CONTEXT_ATTRIBUTE	newAttr;
		newAttr.AttributeType     = CSSM_ATTRIBUTE_RSA_BLINDING;
		newAttr.AttributeLength   = sizeof(uint32);
		newAttr.Attribute.Uint32  = 1;
		crtn = CSSM_UpdateContextAttributes(cryptHand, 1, &newAttr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}

	crtn = CSSM_DecryptData(cryptHand,
		ctext,
		1,
		ptext,
		1,
		&bytesDecrypted,
		&remData);
	if(crtn == CSSM_OK) {
		// NOTE: We return the proper length in ptext....
		ptext->Length = bytesDecrypted;

		// FIXME - sometimes get mallocd RemData here, but never any valid data
		// there...side effect of CSPFullPluginSession's buffer handling logic;
		// but will we ever actually see valid data in RemData? So far we never
		// have....
		if(remData.Data != NULL) {
			appFree(remData.Data, NULL);
		}
	}
	else {
		printError("CSSM_DecryptData", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/* sign with RSA blinging option */
static CSSM_RETURN _cspSign(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		CSSM_BOOL rsaBlinding,
		CSSM_DATA_PTR sig)					// RETURNED
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	const CSSM_DATA	*ptext;
	CSSM_DATA		digest = {0, NULL};
	CSSM_ALGORITHMS	digestAlg = CSSM_ALGID_NONE;

	/* handle special cases for raw sign */
	switch(algorithm) {
		case CSSM_ALGID_SHA1:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5:
			digestAlg = CSSM_ALGID_MD5;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_DSA:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_DSA;
			break;
		default:
			break;
	}
	if(digestAlg != CSSM_ALGID_NONE) {
		crtn = cspDigest(cspHand,
			digestAlg,
			CSSM_FALSE,			// mallocDigest
			text,
			&digest);
		if(crtn) {
			return crtn;
		}
		/* sign digest with raw RSA/DSA */
		ptext = &digest;
	}
	else {
		ptext = text;
	}
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
		return crtn;
	}
	if(rsaBlinding) {
		CSSM_CONTEXT_ATTRIBUTE	newAttr;
		newAttr.AttributeType     = CSSM_ATTRIBUTE_RSA_BLINDING;
		newAttr.AttributeLength   = sizeof(uint32);
		newAttr.Attribute.Uint32  = 1;
		crtn = CSSM_UpdateContextAttributes(sigHand, 1, &newAttr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}
	crtn = CSSM_SignData(sigHand,
		ptext,
		1,
		digestAlg,
		sig);
	if(crtn) {
		printError("CSSM_SignData", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(digest.Data != NULL) {
		CSSM_FREE(digest.Data);
	}
	return ocrtn;
}


/*
 * Sign/verify test.
 *
 * for specified numLoops {
 *		generate random text;
 *		sign with BSAFE priv key, verify with CDSA pub key;
 *		sign with CDSA priv key, verify with BSAFE pub key;
 * }
 */
static int sigTest(
	CSSM_CSP_HANDLE		cspHand,
	unsigned			numLoops,

	/* one matched key pair */
	BU_KEY				bsafePrivKey,
	CSSM_KEY_PTR		cdsaPubKey,

	/* another matched key pair */
	CSSM_KEY_PTR		cdsaPrivKey,
	BU_KEY				bsafePubKey,

	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,
	CSSM_ALGORITHMS		sigAlg,
	CSSM_BOOL			rsaBlinding,
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_RETURN crtn;
	CSSM_DATA	sig = {0, NULL};
	unsigned	loop;
	uint32		keySizeInBits = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits;

	if(!quiet) {
		printf("   ...sig alg %s  keySize %u\n", algToStr(sigAlg), (unsigned)keySizeInBits);
	}
	for(loop=0; loop<numLoops; loop++) {
		simpleGenData(ptext, 1, maxPtextSize);
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("      ...loop %d keySize %u textSize %lu\n",
					loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
					(unsigned long)ptext->Length);
			}
		}

		/* sign with BSAFE, verify with CDSA */
		crtn = buSign(bsafePrivKey,
			sigAlg,
			ptext,
			keySizeInBits,
			&sig);
		if(crtn) {
			return testError(quiet);
		}
		crtn = cspSigVerify(cspHand,
			sigAlg,
			cdsaPubKey,
			ptext,
			&sig,
			CSSM_OK);
		if(crtn) {
			printf("***ERROR: Sign with BSAFE, vfy with CDSA, alg %s\n",
				algToStr(sigAlg));
			if(testError(quiet)) {
				return 1;
			}
		}
		appFreeCssmData(&sig, CSSM_FALSE);

		/* sign with CDSA, verify with BSAFE */
		crtn = _cspSign(cspHand,
			sigAlg,
			cdsaPrivKey,
			ptext,
			rsaBlinding,
			&sig);
		if(crtn) {
			return testError(quiet);
		}
		crtn = buVerify(bsafePubKey,
			sigAlg,
			ptext,
			&sig);
		if(crtn) {
			printf("***ERROR: Sign with CDSA, vfy with BSAFE, alg %s\n",
				algToStr(sigAlg));
			if(testError(quiet)) {
				return 1;
			}
		}
		appFreeCssmData(&sig, CSSM_FALSE);
	}
	return CSSM_OK;
}

/*
 * RSA Encrypt/decrypt test.
 *
 * for specified numLoops {
 *		generate random text;
 *		encrypt with BSAFE pub key, decrypt with CDSA priv key, verify;
 *		encrypt with CDSA pub key, decrypt with BSAFE priv key, verify;
 * }
 */
static int encryptTest(
	CSSM_CSP_HANDLE		cspHand,
	unsigned			numLoops,

	/* one matched key pair */
	BU_KEY				bsafePrivKey,
	CSSM_KEY_PTR		cdsaPubKey,

	/* another matched key pair */
	CSSM_KEY_PTR		cdsaPrivKey,
	BU_KEY				bsafePubKey,

	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,
	CSSM_BOOL			rsaBlinding,
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_RETURN crtn;
	CSSM_DATA	ctext = {0, NULL};
	CSSM_DATA	rptext = {0, NULL};
	unsigned	loop;
	unsigned	actKeySizeBytes;

	actKeySizeBytes = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits / 8;
	if(actKeySizeBytes < 12) {
		printf("***Key with %u key bits is too small for RSA encrypt\n",
			(unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits);
		return 1;
	}
	if(maxPtextSize > (actKeySizeBytes - 11)) {
		maxPtextSize = actKeySizeBytes - 11;
	}
	if(!quiet) {
		printf("   ...encr alg RSA\n");
	}
	for(loop=0; loop<numLoops; loop++) {
		simpleGenData(ptext, 1, maxPtextSize);
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("      ...loop %d keySize %u textSize %lu\n",
					loop, (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
					(unsigned long)ptext->Length);
			}
		}

		/* encrypt with BSAFE, decrypt with CDSA */
		crtn = buEncryptDecrypt(bsafePubKey,
			CSSM_TRUE,		// encrypt
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			NULL,			// iv
			cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
			0,				// rounds
			ptext,
			&ctext);
		if(crtn) {
			return testError(quiet);
		}
		crtn = _cspDecrypt(cspHand,
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			CSSM_PADDING_PKCS1,
			rsaBlinding,
			cdsaPrivKey,
			&ctext,
			&rptext);
		if(crtn) {
			printf("***ERROR: encrypt with BSAFE, decrypt with CDSA\n");
			return testError(quiet);
		}
		if(!appCompareCssmData(ptext, &rptext)) {
			printf("***DATA MISCOMPARE: encrypt with BSAFE, decrypt with CDSA\n");
			return testError(quiet);
		}
		appFreeCssmData(&ctext, CSSM_FALSE);
		appFreeCssmData(&rptext, CSSM_FALSE);

		/* encrypt with CDSA, decrypt with BSAFE */
		crtn = cspEncrypt(cspHand,
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			CSSM_PADDING_PKCS1,
			cdsaPubKey,
			NULL,					// (FEE) pub key
			0,						// effectiveKeyBits
			0,						// rounds
			NULL,					// IV
			ptext,
			&ctext,
			CSSM_FALSE);			// mallocCtext
		if(crtn) {
			return testError(quiet);
		}
		crtn = buEncryptDecrypt(bsafePrivKey,
			CSSM_FALSE,		// encrypt
			CSSM_ALGID_RSA,
			CSSM_ALGMODE_NONE,
			NULL,			// iv
			cdsaPrivKey->KeyHeader.LogicalKeySizeInBits,
			0,				// rounds
			&ctext,
			&rptext);
		if(crtn) {
			printf("***ERROR: encrypt with CDSA, decrypt with BSAFE\n");
			return testError(quiet);
		}
		if(!appCompareCssmData(ptext, &rptext)) {
			printf("***DATA MISCOMPARE: encrypt with CDSA, decrypt with BSAFE\n");
			return testError(quiet);
		}
		appFreeCssmData(&ctext, CSSM_FALSE);
		appFreeCssmData(&rptext, CSSM_FALSE);
	}
	return CSSM_OK;
}

static int doTest(
	CSSM_CSP_HANDLE		cspHand,
	CSSM_ALGORITHMS		keyAlg,				// RSA/DSA
	CSSM_ALGORITHMS		sigAlg,
	unsigned			sigLoops,			// may be zero
	unsigned			encrLoops,			// ditto; it will be zero for DSA
	CSSM_BOOL			rsaBlinding,
	CSSM_DATA_PTR		ptext,
	unsigned			maxPtextSize,
	uint32				keySizeInBits,		// 0 --> random per alg
	CSSM_BOOL			pubRefKeys,
	CSSM_BOOL			privRefKeys,
	CSSM_BOOL			bareCsp,			// for other workarounds
	CSSM_BOOL			quiet,
	CSSM_BOOL			verbose)
{
	CSSM_KEY			cdsaGenPubKey;
	CSSM_KEY			cdsaGenPrivKey;		// only used to create bsafeDerivePrivKey
	CSSM_KEY			cdsaTempKey;		// raw key if privRefKeys true
	CSSM_KEY			cdsaDerivePrivKey;	// same as bsafeGenPrivKey
	BU_KEY				bsafeGenPubKey;
	BU_KEY				bsafeGenPrivKey;	// only used to create cdsaDerivePrivKey
	BU_KEY				bsafeDerivePrivKey;	// same as cdsaGenPrivKey
	unsigned			actKeySizeBits;
	CSSM_RETURN			crtn;
	int					rtn;

	if(!keySizeInBits) {
		/* random key size */
		actKeySizeBits = randKeySizeBits(keyAlg, OT_Encrypt);
	}
	else {
		/* caller/user specified */
		actKeySizeBits = keySizeInBits;
	}
	if(verbose) {
		printf("   ...generating %s key pair, keySize %d bits...\n",
			algToStr(keyAlg), actKeySizeBits);
	}

	/*
     * Generate two keypairs
	 */
	if(keyAlg == CSSM_ALGID_DSA) {
		CSSM_BOOL doGenParams;

		if(bareCsp || CSPDL_DSA_GEN_PARAMS) {
			doGenParams = CSSM_TRUE;
		}
		else {
			/* CSPDL - no gen params */
			doGenParams = CSSM_FALSE;
		}
		crtn = cspGenDSAKeyPair(cspHand,
			"foo",
			3,
			actKeySizeBits,
			&cdsaGenPubKey,
			pubRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			&cdsaGenPrivKey,
			privRefKeys,
			CSSM_KEYUSE_SIGN,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			doGenParams,		// genParams
			NULL);				// params
	}
	else {
		crtn = cspGenKeyPair(cspHand,
			keyAlg,
			"foo",
			3,
			actKeySizeBits,
			&cdsaGenPubKey,
			pubRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			&cdsaGenPrivKey,
			privRefKeys,
			CSSM_KEYUSE_ANY,
			CSSM_KEYBLOB_RAW_FORMAT_NONE,
			CSSM_FALSE);					// genSeed not used
	}
	if(crtn) {
		return testError(quiet);
	}
	crtn = buGenKeyPair(actKeySizeBits,
		keyAlg,
		&bsafeGenPubKey,
		&bsafeGenPrivKey);
	if(crtn) {
		return testError(quiet);
	}

	/*
	 * Convert private keys to other library.
	 * NOTE: the reason we're only converting private keys is solely due to the
	 * fact that BSAFE does not handle PKCS1 formatted public key blobs. Very odd.
	 * But it's too much of a pain to re-implement that wheel here, and SSL and
	 * cert handling in general verify the CSP's PKCS1-style public key handling.
	 */
	if(privRefKeys) {
		/* first generate a temporary raw CDSA key */
		crtn = buBsafePrivKeyToCdsa(keyAlg,
			actKeySizeBits,
			bsafeGenPrivKey,
			&cdsaTempKey);
		if(crtn) {
			return testError(quiet);
		}

		/* convert it to the ref key we'll actually use */
		crtn = cspRawKeyToRef(cspHand, &cdsaTempKey, &cdsaDerivePrivKey);
		cspFreeKey(cspHand, &cdsaTempKey);
	}
	else {
		crtn = buBsafePrivKeyToCdsa(keyAlg,
			actKeySizeBits,
			bsafeGenPrivKey,
			&cdsaDerivePrivKey);
	}
	if(crtn) {
		return testError(quiet);
	}
	if(privRefKeys) {
		/* we have a CDSA priv ref key; convert it to raw format */
		crtn = cspRefKeyToRaw(cspHand, &cdsaGenPrivKey, &cdsaTempKey);
		if(crtn) {
			return testError(quiet);
		}
		/* now convert it to BSAFE */
		crtn = buCdsaPrivKeyToBsafe(&cdsaTempKey, &bsafeDerivePrivKey);
		cspFreeKey(cspHand, &cdsaTempKey);
	}
	else {
		crtn = buCdsaPrivKeyToBsafe(&cdsaGenPrivKey, &bsafeDerivePrivKey);
	}
	if(crtn) {
		return testError(quiet);
	}

	if(sigLoops) {
		rtn = sigTest(cspHand,
			sigLoops,
			bsafeDerivePrivKey,
			&cdsaGenPubKey,
			&cdsaDerivePrivKey,
			bsafeGenPubKey,
			ptext,
			maxPtextSize,
			sigAlg,
			rsaBlinding,
			quiet,
			verbose);
		if(rtn) {
			return rtn;
		}
	}

	if(encrLoops) {
		rtn = encryptTest(cspHand,
			encrLoops,
			bsafeDerivePrivKey,
			&cdsaGenPubKey,
			&cdsaDerivePrivKey,
			bsafeGenPubKey,
			ptext,
			maxPtextSize,
			rsaBlinding,
			quiet,
			verbose);
		if(rtn) {
			return rtn;
		}
	}

	/* free all six keys */
	buFreeKey(bsafeGenPubKey);
	buFreeKey(bsafeGenPrivKey);
	buFreeKey(bsafeDerivePrivKey);
	cspFreeKey(cspHand, &cdsaGenPubKey);
	cspFreeKey(cspHand, &cdsaGenPrivKey);
	cspFreeKey(cspHand, &cdsaDerivePrivKey);
	return 0;
}

int main(int argc, char **argv)
{
	int					arg;
	char				*argp;
	unsigned			loop;
	CSSM_DATA			ptext;
	CSSM_CSP_HANDLE 	cspHand;
	int					i;
	int					rtn = 0;

	/*
	 * User-spec'd params
	 */
	uint32				keySizeInBits = 0;
	unsigned			oloops = OLOOPS_DEF;
	unsigned			sigLoops = SIG_LOOPS_DEF;
	unsigned			encrLoops = ENC_LOOPS_DEF;
	CSSM_BOOL			verbose = CSSM_FALSE;
	CSSM_BOOL			quiet = CSSM_FALSE;
	unsigned			pauseInterval = 0;
	CSSM_BOOL			bareCsp = CSSM_TRUE;
	CSSM_BOOL			doDSA = CSSM_TRUE;
	CSSM_BOOL			doRSA = CSSM_TRUE;
	CSSM_BOOL			pubRefKeys = CSSM_FALSE;
	CSSM_BOOL			privRefKeys = CSSM_FALSE;

	for(arg=1; arg<argc; arg++) {
		argp = argv[arg];
		switch(argp[0]) {
			case 'a':
				if(argp[1] != '=') {
					usage(argv);
				}
				switch(argp[2]) {
					case 'r':
						doDSA = CSSM_FALSE;
						break;
					case 'd':
						doRSA = CSSM_FALSE;
						break;
					default:
						usage(argv);
				}
				break;
		    case 'l':
				oloops = atoi(&argp[2]);
				break;
		    case 's':
				sigLoops = atoi(&argp[2]);
				break;
		    case 'e':
				encrLoops = atoi(&argp[2]);
				break;
		    case 'k':
		    	keySizeInBits = atoi(&argp[2]);
				break;
		    case 'v':
		    	verbose = CSSM_TRUE;
				break;
			case 'r':
				privRefKeys = CSSM_TRUE;
				break;
			case 'R':
				pubRefKeys = CSSM_TRUE;
				break;
			case 'D':
				bareCsp = CSSM_FALSE;
				#if 	CSPDL_ALL_KEYS_ARE_REF
				privRefKeys = CSSM_TRUE;
				pubRefKeys = CSSM_TRUE;
				#endif
				break;
		    case 'E':
		    	sigLoops = 0;
				break;
			case 'S':
				encrLoops = 0;
				break;
		    case 'q':
		    	quiet = CSSM_TRUE;
				break;
		    case 'p':
		    	pauseInterval = atoi(&argp[2]);;
				break;
		    case 'h':
		    default:
				usage(argv);
		}
	}
	ptext.Data = (uint8 *)CSSM_MALLOC(MAX_TEXT_SIZE);
	if(ptext.Data == NULL) {
		printf("Insufficient heap space\n");
		exit(1);
	}
	/* ptext length set in inner test loops */

	printf("Starting asymCompat; args: ");
	for(i=1; i<argc; i++) {
		printf("%s ", argv[i]);
	}
	printf("\n");
	cspHand = cspDlDbStartup(bareCsp, NULL);
	if(cspHand == 0) {
		exit(1);
	}
	if(pauseInterval) {
		fpurge(stdin);
		printf("Top of test; hit CR to proceed: ");
		getchar();
	}
	for(loop=1; ; loop++) {
		if(!quiet) {
			if(verbose || ((loop % LOOP_NOTIFY) == 0)) {
				printf("...oloop %d\n", loop);
			}
		}

		if(doRSA) {
			CSSM_ALGORITHMS	sigAlg;
			if(loop & 1) {
				sigAlg = CSSM_ALGID_SHA1WithRSA;
			}
			else {
				sigAlg = CSSM_ALGID_MD5WithRSA;
			}

			/* enable RSA blinding on half the loops for RSA */
			CSSM_BOOL rsaBlinding = CSSM_FALSE;
			if(loop & 2) {
				rsaBlinding = CSSM_TRUE;
			}

			rtn = doTest(cspHand,
				CSSM_ALGID_RSA,
				sigAlg,
				sigLoops,
				encrLoops,
				rsaBlinding,
				&ptext,
				MAX_TEXT_SIZE,
				keySizeInBits,
				pubRefKeys,
				privRefKeys,
				bareCsp,
				quiet,
				verbose);
			if(rtn) {
				break;
			}
		}
		if(doDSA) {
			rtn = doTest(cspHand,
				CSSM_ALGID_DSA,
				CSSM_ALGID_SHA1WithDSA,
				sigLoops,
				0,					// encrLoops - none for DSA
				CSSM_FALSE,			// blinding
				&ptext,
				MAX_TEXT_SIZE,
				keySizeInBits,
				pubRefKeys,
				privRefKeys,
				bareCsp,
				quiet,
				verbose);
			if(rtn) {
				break;
			}
		}
		if(oloops && (loop == oloops)) {
			break;
		}
		if(pauseInterval && (loop % pauseInterval) == 0) {
			fpurge(stdin);
			printf("hit CR to proceed: ");
			getchar();
		}
	}

	cspShutdown(cspHand, bareCsp);
	if(pauseInterval) {
		fpurge(stdin);
		printf("ModuleDetach/Unload complete; hit CR to exit: ");
		getchar();
	}
	if((rtn == 0) && !quiet) {
		printf("%s test complete\n", argv[0]);
	}
	CSSM_FREE(ptext.Data);
	return rtn;
}