cspxutils/utilLib/cspwrap.c

/* Copyright (c) 1997,2003-2006,2008,2010,2013 Apple Inc.
 *
 * cspwrap.c - wrappers to simplify access to CDSA
 *
 * Revision History
 * ----------------
 *   3 May 2000 Doug Mitchell
 *		Ported to X/CDSA2.
 *  12 Aug 1997	Doug Mitchell at Apple
 *		Created.
 */

#include <Security/cssmapple.h>
#include <Security/cssm.h>
#include "cspwrap.h"
#include "common.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/* MCF hack */
// #include <CarbonCore/MacTypes.h>
#include <MacTypes.h>
/* end MCF */

#ifndef	NULL
#define NULL ((void *)0)
#endif	/* NULL */
#ifndef	MAX
#define MAX(a,b)	((a > b) ? a : b)
#define MIN(a,b)	((a < b) ? a : b)
#endif

#pragma mark --------- Key Generation ---------

/*
 * Key generation
 */
#define FEE_PRIV_DATA_SIZE	20
/*
 * Debug/test only. BsafeCSP only (long since disabled, in Puma).
 * This results in quicker but less secure RSA key generation.
 */
#define RSA_WEAK_KEYS		0

/*
 * Force bad data in KeyData prior to generating, deriving, or
 * wrapping key to ensure that the CSP ignores incoming
 * KeyData.
 */
static void setBadKeyData(
	CSSM_KEY_PTR key)
{
	key->KeyData.Data = (uint8 *)0xeaaaeaaa;	// bad ptr
	key->KeyData.Length = 1;	// no key can fit here
}

/*
 * Generate key pair of arbitrary algorithm.
 * FEE keys will have random private data.
 */
CSSM_RETURN cspGenKeyPair(CSSM_CSP_HANDLE cspHand,
	uint32 algorithm,
	const char *keyLabel,
	unsigned keyLabelLen,
	uint32 keySize,					// in bits
	CSSM_KEY_PTR pubKey,			// mallocd by caller
	CSSM_BOOL pubIsRef,				// true - reference key, false - data
	uint32 pubKeyUsage,				// CSSM_KEYUSE_ENCRYPT, etc.
	CSSM_KEYBLOB_FORMAT pubFormat,	// Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE
									//   to get the default format.
	CSSM_KEY_PTR privKey,			// mallocd by caller
	CSSM_BOOL privIsRef,			// true - reference key, false - data
	uint32 privKeyUsage,			// CSSM_KEYUSE_DECRYPT, etc.
	CSSM_KEYBLOB_FORMAT privFormat,	// optional 0 ==> default
	CSSM_BOOL genSeed)				// FEE only. True: we generate seed and CSP
									// will hash it. False: CSP generates random
									// seed.
{
	CSSM_RETURN				crtn;
	CSSM_CC_HANDLE 			ccHand;
	CSSM_DATA				privData = {0, NULL};		// mallocd for FEE
	CSSM_CRYPTO_DATA		privCData;
	CSSM_CRYPTO_DATA_PTR	privCDataPtr = NULL;
	CSSM_DATA				keyLabelData;
	uint32					pubAttr;
	uint32					privAttr;
	CSSM_RETURN 			ocrtn = CSSM_OK;

	if(keySize == CSP_KEY_SIZE_DEFAULT) {
		keySize = cspDefaultKeySize(algorithm);
	}

	/* pre-context-create algorithm-specific stuff */
	switch(algorithm) {
		case CSSM_ALGID_FEE:
			if(genSeed) {
				/* cook up random privData */
				privData.Data = (uint8 *)CSSM_MALLOC(FEE_PRIV_DATA_SIZE);
				privData.Length = FEE_PRIV_DATA_SIZE;
				appGetRandomBytes(privData.Data, FEE_PRIV_DATA_SIZE);
				privCData.Param = privData;
				privCData.Callback = NULL;
				privCDataPtr = &privCData;
			}
			/* else CSP generates random seed/key */
			break;
		case CSSM_ALGID_RSA:
			break;
		case CSSM_ALGID_DSA:
			break;
		case CSSM_ALGID_ECDSA:
			break;
		default:
			printf("cspGenKeyPair: Unknown algorithm\n");
			/* but what the hey */
			privCDataPtr = NULL;
			break;
	}
	keyLabelData.Data        = (uint8 *)keyLabel,
	keyLabelData.Length      = keyLabelLen;
	memset(pubKey, 0, sizeof(CSSM_KEY));
	memset(privKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(pubKey);
	setBadKeyData(privKey);

	crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
		algorithm,
		keySize,
		privCDataPtr,			// Seed
		NULL,					// Salt
		NULL,					// StartDate
		NULL,					// EndDate
		NULL,					// Params
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateKeyGenContext", crtn);
		ocrtn = crtn;
		goto abort;
	}
	/* cook up attribute bits */
	if(pubIsRef) {
		pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}
	if(privIsRef) {
		privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}

	/* post-context-create algorithm-specific stuff */
	switch(algorithm) {
		case CSSM_ALGID_RSA:

			#if	RSA_WEAK_KEYS
			{
				/* for testing, speed up key gen by using the
				* undocumented "CUSTOM" key gen mode. This
				* results in the CSP using AI_RsaKeyGen instead of
				* AI_RSAStrongKeyGen.
				*/
				crtn = AddContextAttribute(ccHand,
					CSSM_ATTRIBUTE_MODE,
					sizeof(uint32),
					CAT_Uint32,
					NULL,
					CSSM_ALGMODE_CUSTOM);
				if(crtn) {
					printError("CSSM_UpdateContextAttributes", crtn);
					return crtn;
				}
			}
			#endif	// RSA_WEAK_KEYS
			break;

		 case CSSM_ALGID_DSA:
			/*
			 * extra step - generate params - this just adds some
			 * info to the context
			 */
			{
				CSSM_DATA dummy = {0, NULL};
				crtn = CSSM_GenerateAlgorithmParams(ccHand,
					keySize, &dummy);
				if(crtn) {
					printError("CSSM_GenerateAlgorithmParams", crtn);
					return crtn;
				}
				appFreeCssmData(&dummy, CSSM_FALSE);
			}
			break;
		default:
			break;
	}

	/* optional format specifiers */
	if(!pubIsRef && (pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			pubFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn);
			return crtn;
		}
	}
	if(!privIsRef && (privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT,
			sizeof(uint32),			// currently sizeof CSSM_DATA
			CAT_Uint32,
			NULL,
			privFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn);
			return crtn;
		}
	}
	crtn = CSSM_GenerateKeyPair(ccHand,
		pubKeyUsage,
		pubAttr,
		&keyLabelData,
		pubKey,
		privKeyUsage,
		privAttr,
		&keyLabelData,			// same labels
		NULL,					// CredAndAclEntry
		privKey);
	if(crtn) {
		printError("CSSM_GenerateKeyPair", crtn);
		ocrtn = crtn;
		goto abort;
	}
	/* basic checks...*/
	if(privIsRef) {
		if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("privKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(privKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("privKey blob type: exp raw, got %u\n",
					(unsigned)privKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
	if(pubIsRef) {
		if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("pubKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(pubKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("pubKey blob type: exp raw or raw_berder, got %u\n",
					(unsigned)pubKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
abort:
	if(ccHand != 0) {
		crtn = CSSM_DeleteContext(ccHand);
		if(crtn) {
			printError("CSSM_DeleteContext", crtn);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
		}
	}
	if(privData.Data != NULL) {
		CSSM_FREE(privData.Data);
	}
	return ocrtn;
}

/*
 * Generate FEE key pair with optional primeType, curveType, and seed (password) data.
 */
CSSM_RETURN cspGenFEEKeyPair(CSSM_CSP_HANDLE cspHand,
	const char *keyLabel,
	unsigned keyLabelLen,
	uint32 keySize,					// in bits
	uint32 primeType,				// CSSM_FEE_PRIME_TYPE_MERSENNE, etc.
	uint32 curveType,				// CSSM_FEE_CURVE_TYPE_MONTGOMERY, etc.
	CSSM_KEY_PTR pubKey,			// mallocd by caller
	CSSM_BOOL pubIsRef,				// true - reference key, false - data
	uint32 pubKeyUsage,				// CSSM_KEYUSE_ENCRYPT, etc.
	CSSM_KEYBLOB_FORMAT pubFormat,	// Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE
									//   to get the default format.
	CSSM_KEY_PTR privKey,			// mallocd by caller
	CSSM_BOOL privIsRef,			// true - reference key, false - data
	uint32 privKeyUsage,			// CSSM_KEYUSE_DECRYPT, etc.
	CSSM_KEYBLOB_FORMAT privFormat,	// optional 0 ==> default
	const CSSM_DATA *seedData)		// Present: CSP will hash this for private data.
									// NULL: CSP generates random seed.
{
	CSSM_RETURN				crtn;
	CSSM_CC_HANDLE 			ccHand;
	CSSM_CRYPTO_DATA		privCData;
	CSSM_CRYPTO_DATA_PTR	privCDataPtr = NULL;
	CSSM_DATA				keyLabelData;
	uint32					pubAttr;
	uint32					privAttr;
	CSSM_RETURN 			ocrtn = CSSM_OK;

	/* pre-context-create algorithm-specific stuff */
	if(seedData) {
		privCData.Param = *((CSSM_DATA_PTR)seedData);
		privCData.Callback = NULL;
		privCDataPtr = &privCData;
	}
	/* else CSP generates random seed/key */

	if(keySize == CSP_KEY_SIZE_DEFAULT) {
		keySize = CSP_FEE_KEY_SIZE_DEFAULT;
	}

	keyLabelData.Data        = (uint8 *)keyLabel,
	keyLabelData.Length      = keyLabelLen;
	memset(pubKey, 0, sizeof(CSSM_KEY));
	memset(privKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(pubKey);
	setBadKeyData(privKey);

	crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
		CSSM_ALGID_FEE,
		keySize,
		privCDataPtr,			// Seed
		NULL,					// Salt
		NULL,					// StartDate
		NULL,					// EndDate
		NULL,					// Params
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateKeyGenContext", crtn);
		ocrtn = crtn;
		goto abort;
	}
	/* cook up attribute bits */
	if(pubIsRef) {
		pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}
	if(privIsRef) {
		privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}

	/* optional post-context-create stuff */
	if(primeType != CSSM_FEE_PRIME_TYPE_DEFAULT) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_FEE_PRIME_TYPE,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			primeType);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_FEE_PRIME_TYPE)", crtn);
			return crtn;
		}
	}
	if(curveType != CSSM_FEE_CURVE_TYPE_DEFAULT) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_FEE_CURVE_TYPE,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			curveType);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_FEE_CURVE_TYPE)", crtn);
			return crtn;
		}
	}

	if(pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			pubFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn);
			return crtn;
		}
	}
	if(privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT,
			sizeof(uint32),			// currently sizeof CSSM_DATA
			CAT_Uint32,
			NULL,
			pubFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn);
			return crtn;
		}
	}
	crtn = CSSM_GenerateKeyPair(ccHand,
		pubKeyUsage,
		pubAttr,
		&keyLabelData,
		pubKey,
		privKeyUsage,
		privAttr,
		&keyLabelData,			// same labels
		NULL,					// CredAndAclEntry
		privKey);
	if(crtn) {
		printError("CSSM_GenerateKeyPair", crtn);
		ocrtn = crtn;
		goto abort;
	}
	/* basic checks...*/
	if(privIsRef) {
		if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("privKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(privKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("privKey blob type: exp raw, got %u\n",
					(unsigned)privKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
	if(pubIsRef) {
		if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("pubKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(pubKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("pubKey blob type: exp raw or raw_berder, got %u\n",
					(unsigned)pubKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
abort:
	if(ccHand != 0) {
		crtn = CSSM_DeleteContext(ccHand);
		if(crtn) {
			printError("CSSM_DeleteContext", crtn);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
		}
	}
	return ocrtn;
}

/*
 * Generate DSA key pair with optional generateAlgParams and optional
 * incoming parameters.
 */
CSSM_RETURN cspGenDSAKeyPair(CSSM_CSP_HANDLE cspHand,
	const char *keyLabel,
	unsigned keyLabelLen,
	uint32 keySize,					// in bits
	CSSM_KEY_PTR pubKey,			// mallocd by caller
	CSSM_BOOL pubIsRef,				// true - reference key, false - data
	uint32 pubKeyUsage,				// CSSM_KEYUSE_ENCRYPT, etc.
	CSSM_KEYBLOB_FORMAT pubFormat,	// Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE
									//   to get the default format.
	CSSM_KEY_PTR privKey,			// mallocd by caller
	CSSM_BOOL privIsRef,			// true - reference key, false - data
	uint32 privKeyUsage,			// CSSM_KEYUSE_DECRYPT, etc.
	CSSM_KEYBLOB_FORMAT privFormat,	// Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE
									//   to get the default format.
	CSSM_BOOL genParams,
	CSSM_DATA_PTR paramData)		// optional
{
	CSSM_RETURN				crtn;
	CSSM_CC_HANDLE 			ccHand;
	CSSM_DATA				keyLabelData;
	uint32					pubAttr;
	uint32					privAttr;
	CSSM_RETURN 			ocrtn = CSSM_OK;

	if(keySize == CSP_KEY_SIZE_DEFAULT) {
		keySize = CSP_DSA_KEY_SIZE_DEFAULT;
	}
	keyLabelData.Data        = (uint8 *)keyLabel,
	keyLabelData.Length      = keyLabelLen;
	memset(pubKey, 0, sizeof(CSSM_KEY));
	memset(privKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(pubKey);
	setBadKeyData(privKey);

	crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
		CSSM_ALGID_DSA,
		keySize,
		NULL,					// Seed
		NULL,					// Salt
		NULL,					// StartDate
		NULL,					// EndDate
		paramData,
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateKeyGenContext", crtn);
		ocrtn = crtn;
		goto abort;
	}

	/* cook up attribute bits */
	if(pubIsRef) {
		pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}
	if(privIsRef) {
		privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}

	if(genParams) {
		/*
		 * extra step - generate params - this just adds some
		 * info to the context
		 */
		CSSM_DATA dummy = {0, NULL};
		crtn = CSSM_GenerateAlgorithmParams(ccHand,
			keySize, &dummy);
		if(crtn) {
			printError("CSSM_GenerateAlgorithmParams", crtn);
			return crtn;
		}
		appFreeCssmData(&dummy, CSSM_FALSE);
	}

	/* optional format specifiers */
	if(!pubIsRef && (pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			pubFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn);
			return crtn;
		}
	}
	if(!privIsRef && (privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) {
		crtn = AddContextAttribute(ccHand,
			CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT,
			sizeof(uint32),			// currently sizeof CSSM_DATA
			CAT_Uint32,
			NULL,
			privFormat);
		if(crtn) {
			printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn);
			return crtn;
		}
	}

	crtn = CSSM_GenerateKeyPair(ccHand,
		pubKeyUsage,
		pubAttr,
		&keyLabelData,
		pubKey,
		privKeyUsage,
		privAttr,
		&keyLabelData,			// same labels
		NULL,					// CredAndAclEntry
		privKey);
	if(crtn) {
		printError("CSSM_GenerateKeyPair", crtn);
		ocrtn = crtn;
		goto abort;
	}
	/* basic checks...*/
	if(privIsRef) {
		if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("privKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(privKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("privKey blob type: exp raw, got %u\n",
					(unsigned)privKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
	if(pubIsRef) {
		if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) {
			printf("pubKey blob type: exp %u got %u\n",
				CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
			goto abort;
		}
	}
	else {
		switch(pubKey->KeyHeader.BlobType) {
			case CSSM_KEYBLOB_RAW:
				break;
			default:
				printf("pubKey blob type: exp raw or raw_berder, got %u\n",
					(unsigned)pubKey->KeyHeader.BlobType);
				ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
				goto abort;
		}
	}
abort:
	if(ccHand != 0) {
		crtn = CSSM_DeleteContext(ccHand);
		if(crtn) {
			printError("CSSM_DeleteContext", crtn);
			ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
		}
	}
	return ocrtn;
}


uint32 cspDefaultKeySize(uint32 alg)
{
	uint32 keySizeInBits;
	switch(alg) {
		case CSSM_ALGID_DES:
			keySizeInBits = CSP_DES_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_3DES_3KEY:
		case CSSM_ALGID_DESX:
			keySizeInBits = CSP_DES3_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_RC2:
			keySizeInBits = CSP_RC2_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_RC4:
			keySizeInBits = CSP_RC4_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_RC5:
			keySizeInBits = CSP_RC5_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_ASC:
			keySizeInBits = CSP_ASC_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_BLOWFISH:
			keySizeInBits = CSP_BFISH_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_CAST:
			keySizeInBits = CSP_CAST_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_IDEA:
			keySizeInBits = CSP_IDEA_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_AES:
			keySizeInBits = CSP_AES_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_SHA1HMAC:
			keySizeInBits = CSP_HMAC_SHA_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_MD5HMAC:
			keySizeInBits = CSP_HMAC_MD5_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_FEE:
			keySizeInBits = CSP_FEE_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_RSA:
			keySizeInBits = CSP_RSA_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_DSA:
			keySizeInBits = CSP_DSA_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_ECDSA:
			keySizeInBits = CSP_ECDSA_KEY_SIZE_DEFAULT;
			break;
		case CSSM_ALGID_NONE:
			keySizeInBits = CSP_NULL_CRYPT_KEY_SIZE_DEF;
			break;
		default:
			printf("***cspDefaultKeySize: Unknown symmetric algorithm\n");
			keySizeInBits = 0;
			break;
	}
	return keySizeInBits;
}

/*
 * Create a random symmetric key.
 */
CSSM_KEY_PTR cspGenSymKey(CSSM_CSP_HANDLE cspHand,
		uint32 				alg,
		const char 			*keyLabel,
		unsigned 			keyLabelLen,
		uint32 				keyUsage,		// CSSM_KEYUSE_ENCRYPT, etc.
		uint32 				keySizeInBits,
		CSSM_BOOL			refKey)
{
	CSSM_KEY_PTR 		symKey = (CSSM_KEY_PTR)CSSM_MALLOC(sizeof(CSSM_KEY));
	CSSM_RETURN			crtn;
	CSSM_CC_HANDLE 		ccHand;
	uint32				keyAttr;
	CSSM_DATA			dummyLabel;

	if(symKey == NULL) {
		printf("Insufficient heap space\n");
		return NULL;
	}
	memset(symKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(symKey);
	if(keySizeInBits == CSP_KEY_SIZE_DEFAULT) {
		keySizeInBits = cspDefaultKeySize(alg);
	}
	crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
		alg,
		keySizeInBits,	// keySizeInBits
		NULL,			// Seed
		NULL,			// Salt
		NULL,			// StartDate
		NULL,			// EndDate
		NULL,			// Params
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateKeyGenContext", crtn);
		goto errorOut;
	}
	if(refKey) {
		keyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE;
	}
	else {
		keyAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE;
	}
	dummyLabel.Length = keyLabelLen;
	dummyLabel.Data = (uint8 *)keyLabel;

	crtn = CSSM_GenerateKey(ccHand,
		keyUsage,
		keyAttr,
		&dummyLabel,
		NULL,			// ACL
		symKey);
	if(crtn) {
		printError("CSSM_GenerateKey", crtn);
		goto errorOut;
	}
	crtn = CSSM_DeleteContext(ccHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		goto errorOut;
	}
	return symKey;
errorOut:
	CSSM_FREE(symKey);
	return NULL;
}

/*
 * Derive symmetric key.
 * Note in the X CSP, we never return an IV.
 */
CSSM_KEY_PTR cspDeriveKey(CSSM_CSP_HANDLE cspHand,
		uint32 				deriveAlg,		// CSSM_ALGID_PKCS5_PBKDF2, etc.
		uint32				keyAlg,			// CSSM_ALGID_RC5, etc.
		const char 			*keyLabel,
		unsigned 			keyLabelLen,
		uint32 				keyUsage,		// CSSM_KEYUSE_ENCRYPT, etc.
		uint32 				keySizeInBits,
		CSSM_BOOL			isRefKey,
		CSSM_DATA_PTR		password,		// in PKCS-5 lingo
		CSSM_DATA_PTR		salt,			// ditto
		uint32				iterationCnt,	// ditto
		CSSM_DATA_PTR		initVector)		// mallocd & RETURNED
{
	CSSM_KEY_PTR 				symKey = (CSSM_KEY_PTR)
									CSSM_MALLOC(sizeof(CSSM_KEY));
	CSSM_RETURN					crtn;
	CSSM_CC_HANDLE 				ccHand;
	uint32						keyAttr;
	CSSM_DATA					dummyLabel;
	CSSM_PKCS5_PBKDF2_PARAMS 	pbeParams;
	CSSM_DATA					pbeData;
	CSSM_ACCESS_CREDENTIALS		creds;

	if(symKey == NULL) {
		printf("Insufficient heap space\n");
		return NULL;
	}
	memset(symKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(symKey);
	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	if(keySizeInBits == CSP_KEY_SIZE_DEFAULT) {
		keySizeInBits = cspDefaultKeySize(keyAlg);
	}
	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
		deriveAlg,
		keyAlg,
		keySizeInBits,
		&creds,
		NULL,			// BaseKey
		iterationCnt,
		salt,
		NULL,			// seed
		&ccHand);
	if(crtn) {
		printError("CSSM_CSP_CreateDeriveKeyContext", crtn);
		goto errorOut;
	}
	keyAttr = CSSM_KEYATTR_EXTRACTABLE;
	if(isRefKey) {
		keyAttr |= (CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE);
	}
	else {
		keyAttr |= CSSM_KEYATTR_RETURN_DATA;
	}
	dummyLabel.Length = keyLabelLen;
	dummyLabel.Data = (uint8 *)keyLabel;

	/* passing in password is pretty strange....*/
	pbeParams.Passphrase = *password;
	pbeParams.PseudoRandomFunction =
			CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
	pbeData.Data = (uint8 *)&pbeParams;
	pbeData.Length = sizeof(pbeParams);
	crtn = CSSM_DeriveKey(ccHand,
		&pbeData,
		keyUsage,
		keyAttr,
		&dummyLabel,
		NULL,			// cred and acl
		symKey);
	if(crtn) {
		printError("CSSM_DeriveKey", crtn);
		goto errorOut;
	}
	/* copy IV back to caller */
	/* Nope, not supported */
	#if 0
	if(pbeParams.InitVector.Data != NULL) {
		if(initVector->Data != NULL) {
			if(initVector->Length < pbeParams.InitVector.Length) {
				printf("***Insufficient InitVector\n");
				goto errorOut;
			}
		}
		else {
			initVector->Data =
				(uint8 *)CSSM_MALLOC(pbeParams.InitVector.Length);
		}
		memmove(initVector->Data, pbeParams.InitVector.Data,
				pbeParams.InitVector.Length);
		initVector->Length = pbeParams.InitVector.Length;
		CSSM_FREE(pbeParams.InitVector.Data);
	}
	else {
		printf("***Warning: CSSM_DeriveKey, no InitVector\n");
	}
	#endif
	crtn = CSSM_DeleteContext(ccHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		goto errorOut;
	}
	return symKey;
errorOut:
	CSSM_FREE(symKey);
	return NULL;
}

/*
 * Cook up a symmetric key with specified key bits and other
 * params. Currently the CSPDL can only deal with reference keys except when
 * doing wrap/unwrap, so we manually cook up a raw key, then we null-unwrap it.
 */
CSSM_RETURN cspGenSymKeyWithBits(
	CSSM_CSP_HANDLE		cspHand,
	CSSM_ALGORITHMS		keyAlg,
	CSSM_KEYUSE			keyUsage,
	const CSSM_DATA		*keyBits,
	unsigned			keySizeInBytes,
	CSSM_KEY_PTR		refKey)				// init'd and RETURNED
{
	CSSM_KEY			rawKey;
	CSSM_KEYHEADER_PTR	hdr = &rawKey.KeyHeader;
	CSSM_RETURN			crtn;

	/* set up a raw key the CSP will accept */
	memset(&rawKey, 0, sizeof(CSSM_KEY));
	hdr->HeaderVersion = CSSM_KEYHEADER_VERSION;
	hdr->BlobType = CSSM_KEYBLOB_RAW;
	hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
	hdr->AlgorithmId = keyAlg;
	hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY;
	hdr->LogicalKeySizeInBits = keySizeInBytes * 8;
	hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
	hdr->KeyUsage = keyUsage;
	appSetupCssmData(&rawKey.KeyData, keySizeInBytes);
	memmove(rawKey.KeyData.Data, keyBits->Data, keySizeInBytes);

	/* convert to a ref key */
	crtn = cspRawKeyToRef(cspHand, &rawKey, refKey);
	appFreeCssmData(&rawKey.KeyData, CSSM_FALSE);
	return crtn;
}

/*
 * Free a key. This frees a CSP's resources associated with the key if
 * the key is a reference key. It also frees key->KeyData. The CSSM_KEY
 * struct itself is not freed.
 * Note this has no effect on the CSP or DL cached keys unless the incoming
 * key is a reference key.
 */
CSSM_RETURN	cspFreeKey(CSSM_CSP_HANDLE cspHand,
	CSSM_KEY_PTR key)
{
	CSSM_RETURN crtn;
	crtn = CSSM_FreeKey(cspHand,
		NULL,		// access cred
		key,
		CSSM_FALSE);	// delete - OK? maybe should parameterize?
	if(crtn) {
		printError("CSSM_FreeKey", crtn);
	}
	return crtn;
}

/* generate a random and reasonable key size in bits for specified CSSM algorithm */
uint32 randKeySizeBits(uint32 alg,
	opType op)			// OT_Encrypt, etc.
{
	uint32 minSize;
	uint32 maxSize;
	uint32 size;

	switch(alg) {
		case CSSM_ALGID_DES:
			return CSP_DES_KEY_SIZE_DEFAULT;
		case CSSM_ALGID_3DES_3KEY:
		case CSSM_ALGID_DESX:
			return CSP_DES3_KEY_SIZE_DEFAULT;
		case CSSM_ALGID_ASC:
		case CSSM_ALGID_RC2:
		case CSSM_ALGID_RC4:
		case CSSM_ALGID_RC5:
			minSize = 5 * 8;
			maxSize = MAX_KEY_SIZE_RC245_BYTES * 8 ;	// somewhat arbitrary
			break;
		case CSSM_ALGID_BLOWFISH:
			minSize = 32;
			maxSize = 448;
			break;
		case CSSM_ALGID_CAST:
			minSize = 40;
			maxSize = 128;
			break;
		case CSSM_ALGID_IDEA:
			return CSP_IDEA_KEY_SIZE_DEFAULT;
		case CSSM_ALGID_RSA:
			minSize = CSP_RSA_KEY_SIZE_DEFAULT;
			maxSize = 1024;
			break;
		case CSSM_ALGID_DSA:
			/* signature only, no export restriction */
			minSize = 512;
			maxSize = 1024;
			break;
		case CSSM_ALGID_SHA1HMAC:
			minSize = 20 * 8;
			maxSize = 256 * 8;
			break;
		case CSSM_ALGID_MD5HMAC:
			minSize = 16 * 8;
			maxSize = 256 * 8;
			break;
		case CSSM_ALGID_FEE:
			/* FEE requires discrete sizes */
			size = genRand(1,4);
			switch(size) {
				case 1:
					return 31;
				case 2:
					if(alg == CSSM_ALGID_FEE) {
						return 127;
					}
					else {
						return 128;
					}
				case 3:
					return 161;
				case 4:
					return 192;
				default:
					printf("randKeySizeBits: internal error\n");
					return 0;
			}
		case CSSM_ALGID_ECDSA:
		case CSSM_ALGID_SHA1WithECDSA:
			/* ECDSA require discrete sizes */
			size = genRand(1,4);
			switch(size) {
				case 1:
					return 192;
				case 2:
					return 256;
				case 3:
					return 384;
				case 4:
				default:
					return 521;
			}
		case CSSM_ALGID_AES:
			size = genRand(1, 3);
			switch(size) {
				case 1:
					return 128;
				case 2:
					return 192;
				case 3:
					return 256;
			}
		case CSSM_ALGID_NONE:
			return CSP_NULL_CRYPT_KEY_SIZE_DEF;
		default:
			printf("randKeySizeBits: unknown alg\n");
			return CSP_KEY_SIZE_DEFAULT;
	}
	size = genRand(minSize, maxSize);

	/* per-alg postprocessing.... */
	if(alg != CSSM_ALGID_RC2) {
		size &= ~0x7;
	}
	switch(alg) {
		case CSSM_ALGID_RSA:
			// new for X - strong keys */
			size &= ~(16 - 1);
			break;
		case CSSM_ALGID_DSA:
			/* size mod 64 == 0 */
			size &= ~(64 - 1);
			break;
		default:
			break;
	}
	return size;
}

#pragma mark --------- Encrypt/Decrypt ---------

/*
 * Encrypt/Decrypt
 */
/*
 * Common routine for encrypt/decrypt - cook up an appropriate context handle
 */
/*
 * When true, effectiveKeySizeInBits is passed down via the Params argument.
 * Otherwise, we add a customized context attribute.
 * Setting this true works with the stock Intel CSSM; this may well change.
 * Note this overloading prevent us from specifying RC5 rounds....
 */
#define EFFECTIVE_SIZE_VIA_PARAMS		0
CSSM_CC_HANDLE genCryptHandle(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		const CSSM_KEY *key0,
		const CSSM_KEY *key1,				// for CSSM_ALGID_FEED only - must be the
											// public key
		const CSSM_DATA *iv,				// optional
		uint32 effectiveKeySizeInBits,		// 0 means skip this attribute
		uint32 rounds)						// ditto
{
	CSSM_CC_HANDLE cryptHand = 0;
	uint32 params;
	CSSM_RETURN crtn;
	CSSM_ACCESS_CREDENTIALS	creds;

	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	#if	EFFECTIVE_SIZE_VIA_PARAMS
	params = effectiveKeySizeInBits;
	#else
	params = 0;
	#endif
	switch(algorithm) {
		case CSSM_ALGID_DES:
		case CSSM_ALGID_3DES_3KEY_EDE:
		case CSSM_ALGID_DESX:
		case CSSM_ALGID_ASC:
		case CSSM_ALGID_RC2:
		case CSSM_ALGID_RC4:
		case CSSM_ALGID_RC5:
		case CSSM_ALGID_AES:
		case CSSM_ALGID_BLOWFISH:
		case CSSM_ALGID_CAST:
		case CSSM_ALGID_IDEA:
		case CSSM_ALGID_NONE:		// used for wrapKey()
			crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
				algorithm,
				mode,
				NULL,			// access cred
				key0,
				iv,				// InitVector
				padding,
				NULL,			// Params
				&cryptHand);
			if(crtn) {
				printError("CSSM_CSP_CreateSymmetricContext", crtn);
				return 0;
			}
			break;
		case CSSM_ALGID_FEED:
		case CSSM_ALGID_FEEDEXP:
		case CSSM_ALGID_FEECFILE:
		case CSSM_ALGID_RSA:
			 crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
				algorithm,
				&creds,			// access
				key0,
				padding,
				&cryptHand);
			if(crtn) {
				printError("CSSM_CSP_CreateAsymmetricContext", crtn);
				return 0;
			}
			if(key1 != NULL) {
				/*
				 * FEED, some CFILE. Add (non-standard) second key attribute.
				 */
				crtn = AddContextAttribute(cryptHand,
						CSSM_ATTRIBUTE_PUBLIC_KEY,
						sizeof(CSSM_KEY),			// currently sizeof CSSM_DATA
						CAT_Ptr,
						key1,
						0);
				if(crtn) {
					printError("AddContextAttribute", crtn);
					return 0;
				}
			}
			if(mode != CSSM_ALGMODE_NONE) {
				/* special case, e.g., CSSM_ALGMODE_PUBLIC_KEY */
				crtn = AddContextAttribute(cryptHand,
						CSSM_ATTRIBUTE_MODE,
						sizeof(uint32),
						CAT_Uint32,
						NULL,
						mode);
				if(crtn) {
					printError("AddContextAttribute", crtn);
					return 0;
				}
			}
			break;
		default:
			printf("genCryptHandle: bogus algorithm\n");
			return 0;
	}
	#if		!EFFECTIVE_SIZE_VIA_PARAMS
	/* add optional EffectiveKeySizeInBits and rounds attributes */
	if(effectiveKeySizeInBits != 0) {
		CSSM_CONTEXT_ATTRIBUTE attr;
		attr.AttributeType = CSSM_ATTRIBUTE_EFFECTIVE_BITS;
		attr.AttributeLength = sizeof(uint32);
		attr.Attribute.Uint32 = effectiveKeySizeInBits;
		crtn = CSSM_UpdateContextAttributes(
			cryptHand,
			1,
			&attr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}
	#endif

	if(rounds != 0) {
		CSSM_CONTEXT_ATTRIBUTE attr;
		attr.AttributeType = CSSM_ATTRIBUTE_ROUNDS;
		attr.AttributeLength = sizeof(uint32);
		attr.Attribute.Uint32 = rounds;
		crtn = CSSM_UpdateContextAttributes(
			cryptHand,
			1,
			&attr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}

	return cryptHand;
}

CSSM_RETURN cspEncrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		const CSSM_KEY *key,				// public or session key
		const CSSM_KEY *pubKey,				// for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only
		uint32 effectiveKeySizeInBits,		// 0 means skip this attribute
		uint32 rounds,						// ditto
		const CSSM_DATA *iv,				// init vector, optional
		const CSSM_DATA *ptext,
		CSSM_DATA_PTR ctext,				// RETURNED
		CSSM_BOOL mallocCtext)				// if true, and ctext empty, malloc
											// by getting size from CSP
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_SIZE		bytesEncrypted;
	CSSM_DATA		remData = {0, NULL};
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		origCtextLen;			// the amount we malloc, if any
	CSSM_RETURN		savedErr = CSSM_OK;
	CSSM_BOOL		restoreErr = CSSM_FALSE;

	cryptHand = genCryptHandle(cspHand,
		algorithm,
		mode,
		padding,
		key,
		pubKey,
		iv,
		effectiveKeySizeInBits,
		rounds);
	if(cryptHand == 0) {
		return CSSMERR_CSSM_INTERNAL_ERROR;
	}
	if(mallocCtext && (ctext->Length == 0)) {
		CSSM_QUERY_SIZE_DATA querySize;
		querySize.SizeInputBlock = ptext->Length;
		crtn = CSSM_QuerySize(cryptHand,
			CSSM_TRUE,						// encrypt
			1,
			&querySize);
		if(crtn) {
			printError("CSSM_QuerySize", crtn);
			ocrtn = crtn;
			goto abort;
		}
		if(querySize.SizeOutputBlock == 0) {
			/* CSP couldn't figure this out; skip our malloc */
			printf("***cspEncrypt: warning: cipherTextSize unknown; "
				"skipping malloc\n");
			origCtextLen = 0;
		}
		else {
			ctext->Data = (uint8 *)
				appMalloc(querySize.SizeOutputBlock, NULL);
			if(ctext->Data == NULL) {
				printf("Insufficient heap space\n");
				ocrtn = CSSM_ERRCODE_MEMORY_ERROR;
				goto abort;
			}
			ctext->Length = origCtextLen = querySize.SizeOutputBlock;
			memset(ctext->Data, 0, ctext->Length);
		}
	}
	else {
		origCtextLen = ctext->Length;
	}
	crtn = CSSM_EncryptData(cryptHand,
		ptext,
		1,
		ctext,
		1,
		&bytesEncrypted,
		&remData);
	if(crtn == CSSM_OK) {
		/*
		 * Deal with remData - its contents are included in bytesEncrypted.
		 */
		if((remData.Length != 0) && mallocCtext) {
			/* shouldn't happen - right? */
			if(bytesEncrypted > origCtextLen) {
				/* malloc and copy a new one */
				uint8 *newCdata = (uint8 *)appMalloc(bytesEncrypted, NULL);
				printf("**Warning: app malloced cipherBuf, but got nonzero "
					"remData!\n");
				if(newCdata == NULL) {
					printf("Insufficient heap space\n");
					ocrtn = CSSM_ERRCODE_MEMORY_ERROR;
					goto abort;
				}
				memmove(newCdata, ctext->Data, ctext->Length);
				memmove(newCdata+ctext->Length, remData.Data, remData.Length);
				CSSM_FREE(ctext->Data);
				ctext->Data = newCdata;
			}
			else {
				/* there's room left over */
				memmove(ctext->Data+ctext->Length, remData.Data, remData.Length);
			}
			ctext->Length = bytesEncrypted;
		}
		// NOTE: We return the proper length in ctext....
		ctext->Length = bytesEncrypted;
	}
	else {
		savedErr = crtn;
		restoreErr = CSSM_TRUE;
		printError("CSSM_EncryptData", crtn);
	}
abort:
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(restoreErr) {
		ocrtn = savedErr;
	}
	return ocrtn;
}

#define PAD_IMPLIES_RAND_PTEXTSIZE	1
#define LOG_STAGED_OPS				0
#if		LOG_STAGED_OPS
#define soprintf(s)	printf s
#else
#define soprintf(s)
#endif

CSSM_RETURN cspStagedEncrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		const CSSM_KEY *key,				// public or session key
		const CSSM_KEY *pubKey,				// for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only
		uint32 effectiveKeySizeInBits,		// 0 means skip this attribute
		uint32 cipherBlockSize,				// ditto
		uint32 rounds,						// ditto
		const CSSM_DATA *iv,				// init vector, optional
		const CSSM_DATA *ptext,
		CSSM_DATA_PTR ctext,				// RETURNED, we malloc
		CSSM_BOOL multiUpdates)				// false:single update, true:multi updates
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_SIZE		bytesEncrypted;			// per update
	CSSM_SIZE		bytesEncryptedTotal = 0;
	CSSM_RETURN		ocrtn = CSSM_OK;		// 'our' crtn
	unsigned		toMove;					// remaining
	unsigned		thisMove;				// bytes to encrypt on this update
	CSSM_DATA		thisPtext;				// running ptr into ptext
	CSSM_DATA		ctextWork;				// per update, mallocd by CSP
	CSSM_QUERY_SIZE_DATA querySize;
	uint8			*origCtext;				// initial ctext->Data
	unsigned		origCtextLen;			// amount we mallocd
	CSSM_BOOL		restoreErr = CSSM_FALSE;
	CSSM_RETURN		savedErr = CSSM_OK;


	cryptHand = genCryptHandle(cspHand,
		algorithm,
		mode,
		padding,
		key,
		pubKey,
		iv,
		effectiveKeySizeInBits,
		rounds);
	if(cryptHand == 0) {
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(cipherBlockSize) {
		crtn = AddContextAttribute(cryptHand,
			CSSM_ATTRIBUTE_BLOCK_SIZE,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			cipherBlockSize);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			goto abort;
		}
	}

	/* obtain total required ciphertext size and block size */
	querySize.SizeInputBlock = ptext->Length;
	crtn = CSSM_QuerySize(cryptHand,
		CSSM_TRUE,						// encrypt
		1,
		&querySize);
	if(crtn) {
		printError("CSSM_QuerySize(1)", crtn);
		ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
		goto abort;
	}
	if(querySize.SizeOutputBlock == 0) {
		/* CSP couldn't figure this out; skip our malloc - caller is taking its
		 * chances */
		printf("***cspStagedEncrypt: warning: cipherTextSize unknown; aborting\n");
		ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
		goto abort;
	}
	else {
		origCtextLen = querySize.SizeOutputBlock;
		if(algorithm == CSSM_ALGID_ASC) {
			/* ASC is weird - the more chunks we do, the bigger the
			 * resulting ctext...*/
			origCtextLen *= 2;
		}
		ctext->Length = origCtextLen;
		ctext->Data   = origCtext = (uint8 *)appMalloc(origCtextLen, NULL);
		if(ctext->Data == NULL) {
			printf("Insufficient heap space\n");
			ocrtn = CSSMERR_CSP_MEMORY_ERROR;
			goto abort;
		}
		memset(ctext->Data, 0, ctext->Length);
	}

	crtn = CSSM_EncryptDataInit(cryptHand);
	if(crtn) {
		printError("CSSM_EncryptDataInit", crtn);
		ocrtn = crtn;
		goto abort;
	}

	toMove = ptext->Length;
	thisPtext.Data = ptext->Data;
	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			/* just do one pass thru this loop */
			thisMove = toMove;
		}
		thisPtext.Length = thisMove;
		/* let CSP do the individual mallocs */
		ctextWork.Data = NULL;
		ctextWork.Length = 0;
		soprintf(("*** EncryptDataUpdate: ptextLen 0x%x\n", thisMove));
		crtn = CSSM_EncryptDataUpdate(cryptHand,
			&thisPtext,
			1,
			&ctextWork,
			1,
			&bytesEncrypted);
		if(crtn) {
			printError("CSSM_EncryptDataUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		// NOTE: We return the proper length in ctext....
		ctextWork.Length = bytesEncrypted;
		soprintf(("*** EncryptDataUpdate: ptextLen 0x%x  bytesEncrypted 0x%x\n",
			thisMove, bytesEncrypted));
		thisPtext.Data += thisMove;
		toMove         -= thisMove;
		if(bytesEncrypted > ctext->Length) {
			printf("cspStagedEncrypt: ctext overflow!\n");
			ocrtn = crtn;
			goto abort;
		}
		if(bytesEncrypted != 0) {
			memmove(ctext->Data, ctextWork.Data, bytesEncrypted);
			bytesEncryptedTotal += bytesEncrypted;
			ctext->Data         += bytesEncrypted;
			ctext->Length       -= bytesEncrypted;
		}
		if(ctextWork.Data != NULL) {
			CSSM_FREE(ctextWork.Data);
		}
	}
	/* OK, one more */
	ctextWork.Data = NULL;
	ctextWork.Length = 0;
	crtn = CSSM_EncryptDataFinal(cryptHand, &ctextWork);
	if(crtn) {
		printError("CSSM_EncryptDataFinal", crtn);
		savedErr = crtn;
		restoreErr = CSSM_TRUE;
		goto abort;
	}
	if(ctextWork.Length != 0) {
		bytesEncryptedTotal += ctextWork.Length;
		if(ctextWork.Length > ctext->Length) {
			printf("cspStagedEncrypt: ctext overflow (2)!\n");
			ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
			goto abort;
		}
		memmove(ctext->Data, ctextWork.Data, ctextWork.Length);
	}
	if(ctextWork.Data) {
		/* this could have gotten mallocd and Length still be zero */
		CSSM_FREE(ctextWork.Data);
	}

	/* retweeze ctext */
	ctext->Data   = origCtext;
	ctext->Length = bytesEncryptedTotal;
abort:
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(restoreErr) {
		/* give caller the error from the encrypt */
		ocrtn = savedErr;
	}
	return ocrtn;
}

CSSM_RETURN cspDecrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		const CSSM_KEY *key,				// public or session key
		const CSSM_KEY *pubKey,				// for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only
		uint32 effectiveKeySizeInBits,		// 0 means skip this attribute
		uint32 rounds,						// ditto
		const CSSM_DATA *iv,				// init vector, optional
		const CSSM_DATA *ctext,
		CSSM_DATA_PTR ptext,				// RETURNED
		CSSM_BOOL mallocPtext)				// if true and ptext->Length = 0,
											//   we'll malloc
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	CSSM_SIZE		bytesDecrypted;
	CSSM_DATA		remData = {0, NULL};
	unsigned		origPtextLen;			// the amount we malloc, if any

	cryptHand = genCryptHandle(cspHand,
		algorithm,
		mode,
		padding,
		key,
		pubKey,
		iv,
		effectiveKeySizeInBits,
		rounds);
	if(cryptHand == 0) {
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(mallocPtext && (ptext->Length == 0)) {
		CSSM_QUERY_SIZE_DATA querySize;
		querySize.SizeInputBlock = ctext->Length;
		crtn = CSSM_QuerySize(cryptHand,
			CSSM_FALSE,						// encrypt
			1,
			&querySize);
		if(crtn) {
			printError("CSSM_QuerySize", crtn);
			ocrtn = crtn;
			goto abort;
		}
		if(querySize.SizeOutputBlock == 0) {
			/* CSP couldn't figure this one out; skip our malloc */
			printf("***cspDecrypt: warning: plainTextSize unknown; "
				"skipping malloc\n");
			origPtextLen = 0;
		}
		else {
			ptext->Data =
				(uint8 *)appMalloc(querySize.SizeOutputBlock, NULL);
			if(ptext->Data == NULL) {
				printf("Insufficient heap space\n");
				ocrtn = CSSMERR_CSP_MEMORY_ERROR;
				goto abort;
			}
			ptext->Length = origPtextLen = querySize.SizeOutputBlock;
			memset(ptext->Data, 0, ptext->Length);
		}
	}
	else {
		origPtextLen = ptext->Length;
	}
	crtn = CSSM_DecryptData(cryptHand,
		ctext,
		1,
		ptext,
		1,
		&bytesDecrypted,
		&remData);
	if(crtn == CSSM_OK) {
		/*
		 * Deal with remData - its contents are included in bytesDecrypted.
		 */
		if((remData.Length != 0) && mallocPtext) {
			/* shouldn't happen - right? */
			if(bytesDecrypted > origPtextLen) {
				/* malloc and copy a new one */
				uint8 *newPdata = (uint8 *)appMalloc(bytesDecrypted, NULL);
				printf("**Warning: app malloced ClearBuf, but got nonzero "
					"remData!\n");
				if(newPdata == NULL) {
					printf("Insufficient heap space\n");
					ocrtn = CSSMERR_CSP_MEMORY_ERROR;
					goto abort;
				}
				memmove(newPdata, ptext->Data, ptext->Length);
				memmove(newPdata + ptext->Length,
					remData.Data, remData.Length);
				CSSM_FREE(ptext->Data);
				ptext->Data = newPdata;
			}
			else {
				/* there's room left over */
				memmove(ptext->Data + ptext->Length,
					remData.Data, remData.Length);
			}
			ptext->Length = bytesDecrypted;
		}
		// NOTE: We return the proper length in ptext....
		ptext->Length = bytesDecrypted;

		// FIXME - sometimes get mallocd RemData here, but never any valid data
		// there...side effect of CSPFullPluginSession's buffer handling logic;
		// but will we ever actually see valid data in RemData? So far we never
		// have....
		if(remData.Data != NULL) {
			appFree(remData.Data, NULL);
		}
	}
	else {
		printError("CSSM_DecryptData", crtn);
		ocrtn = crtn;
	}
abort:
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

CSSM_RETURN cspStagedDecrypt(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEED, etc.
		uint32 mode,						// CSSM_ALGMODE_CBC, etc. - only for symmetric algs
		CSSM_PADDING padding,				// CSSM_PADDING_PKCS1, etc.
		const CSSM_KEY *key,				// public or session key
		const CSSM_KEY *pubKey,				// for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only
		uint32 effectiveKeySizeInBits,		// 0 means skip this attribute
		uint32 cipherBlockSize,				// ditto
		uint32 rounds,						// ditto
		const CSSM_DATA *iv,				// init vector, optional
		const CSSM_DATA *ctext,
		CSSM_DATA_PTR ptext,				// RETURNED, we malloc
		CSSM_BOOL multiUpdates)				// false:single update, true:multi updates
{
	CSSM_CC_HANDLE 	cryptHand;
	CSSM_RETURN		crtn;
	CSSM_SIZE		bytesDecrypted;			// per update
	CSSM_SIZE		bytesDecryptedTotal = 0;
	CSSM_RETURN		ocrtn = CSSM_OK;		// 'our' crtn
	unsigned		toMove;					// remaining
	unsigned		thisMove;				// bytes to encrypt on this update
	CSSM_DATA		thisCtext;				// running ptr into ptext
	CSSM_DATA		ptextWork;				// per update, mallocd by CSP
	CSSM_QUERY_SIZE_DATA querySize;
	uint8			*origPtext;				// initial ptext->Data
	unsigned		origPtextLen;			// amount we mallocd

	cryptHand = genCryptHandle(cspHand,
		algorithm,
		mode,
		padding,
		key,
		pubKey,
		iv,
		effectiveKeySizeInBits,
		rounds);
	if(cryptHand == 0) {
		return CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(cipherBlockSize) {
		crtn = AddContextAttribute(cryptHand,
			CSSM_ATTRIBUTE_BLOCK_SIZE,
			sizeof(uint32),
			CAT_Uint32,
			NULL,
			cipherBlockSize);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			goto abort;
		}
	}

	/* obtain total required ciphertext size and block size */
	querySize.SizeInputBlock = ctext->Length;
	crtn = CSSM_QuerySize(cryptHand,
		CSSM_FALSE,						// encrypt
		1,
		&querySize);
	if(crtn) {
		printError("CSSM_QuerySize(1)", crtn);
		ocrtn = crtn;
		goto abort;
	}

	/* required ptext size should be independent of number of chunks */
	if(querySize.SizeOutputBlock == 0) {
		printf("***warning: cspStagedDecrypt: plainTextSize unknown; aborting\n");
		ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
		goto abort;
	}
	else {
		// until exit, ptext->Length indicates remaining bytes of usable data in
		// ptext->Data
		ptext->Length = origPtextLen = querySize.SizeOutputBlock;
		ptext->Data   = origPtext    =
			(uint8 *)appMalloc(origPtextLen, NULL);
		if(ptext->Data == NULL) {
			printf("Insufficient heap space\n");
			ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
			goto abort;
		}
		memset(ptext->Data, 0, ptext->Length);
	}

	crtn = CSSM_DecryptDataInit(cryptHand);
	if(crtn) {
		printError("CSSM_DecryptDataInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = ctext->Length;
	thisCtext.Data = ctext->Data;
	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			/* just do one pass thru this loop */
			thisMove = toMove;
		}
		thisCtext.Length = thisMove;
		/* let CSP do the individual mallocs */
		ptextWork.Data = NULL;
		ptextWork.Length = 0;
		soprintf(("*** DecryptDataUpdate: ctextLen 0x%x\n", thisMove));
		crtn = CSSM_DecryptDataUpdate(cryptHand,
			&thisCtext,
			1,
			&ptextWork,
			1,
			&bytesDecrypted);
		if(crtn) {
			printError("CSSM_DecryptDataUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		//
		// NOTE: We return the proper length in ptext....
		ptextWork.Length = bytesDecrypted;
		thisCtext.Data += thisMove;
		toMove         -= thisMove;
		if(bytesDecrypted > ptext->Length) {
			printf("cspStagedDecrypt: ptext overflow!\n");
			ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
			goto abort;
		}
		if(bytesDecrypted != 0) {
			memmove(ptext->Data, ptextWork.Data, bytesDecrypted);
			bytesDecryptedTotal += bytesDecrypted;
			ptext->Data         += bytesDecrypted;
			ptext->Length       -= bytesDecrypted;
		}
		if(ptextWork.Data != NULL) {
			CSSM_FREE(ptextWork.Data);
		}
	}
	/* OK, one more */
	ptextWork.Data = NULL;
	ptextWork.Length = 0;
	crtn = CSSM_DecryptDataFinal(cryptHand, &ptextWork);
	if(crtn) {
		printError("CSSM_DecryptDataFinal", crtn);
		ocrtn = crtn;
		goto abort;
	}
	if(ptextWork.Length != 0) {
		bytesDecryptedTotal += ptextWork.Length;
		if(ptextWork.Length > ptext->Length) {
			printf("cspStagedDecrypt: ptext overflow (2)!\n");
			ocrtn = CSSMERR_CSP_INTERNAL_ERROR;
			goto abort;
		}
		memmove(ptext->Data, ptextWork.Data, ptextWork.Length);
	}
	if(ptextWork.Data) {
		/* this could have gotten mallocd and Length still be zero */
		CSSM_FREE(ptextWork.Data);
	}

	/* retweeze ptext */
	ptext->Data   = origPtext;
	ptext->Length = bytesDecryptedTotal;
abort:
	crtn = CSSM_DeleteContext(cryptHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

#pragma mark --------- sign/verify/MAC ---------

/*
 * Signature routines
 * This all-in-one sign op has a special case for RSA keys. If the requested
 * alg is MD5 or SHA1, we'll do a manual digest op followed by raw RSA sign.
 * Likewise, if it's CSSM_ALGID_DSA, we'll do manual SHA1 digest followed by
 * raw DSA sign.
 */

CSSM_RETURN cspSign(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		CSSM_DATA_PTR sig)					// RETURNED
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	const CSSM_DATA	*ptext;
	CSSM_DATA		digest = {0, NULL};
	CSSM_ALGORITHMS	digestAlg = CSSM_ALGID_NONE;

	/* handle special cases for raw sign */
	switch(algorithm) {
		case CSSM_ALGID_SHA1:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5:
			digestAlg = CSSM_ALGID_MD5;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_DSA:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_DSA;
			break;
		default:
			break;
	}
	if(digestAlg != CSSM_ALGID_NONE) {
		crtn = cspDigest(cspHand,
			digestAlg,
			CSSM_FALSE,			// mallocDigest
			text,
			&digest);
		if(crtn) {
			return crtn;
		}
		/* sign digest with raw RSA/DSA */
		ptext = &digest;
	}
	else {
		ptext = text;
	}
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
		return crtn;
	}
	crtn = CSSM_SignData(sigHand,
		ptext,
		1,
		digestAlg,
		sig);
	if(crtn) {
		printError("CSSM_SignData", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(digest.Data != NULL) {
		CSSM_FREE(digest.Data);
	}
	return ocrtn;
}

/*
 * Staged sign. Each update does a random number of bytes 'till through.
 */
CSSM_RETURN cspStagedSign(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		CSSM_BOOL multiUpdates,				// false:single update, true:multi updates
		CSSM_DATA_PTR sig)					// RETURNED
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		thisMove;				// this update
	unsigned		toMove;					// total to go
	CSSM_DATA		thisText;				// actaully passed to update
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (1)", crtn);
		return crtn;
	}
	crtn = CSSM_SignDataInit(sigHand);
	if(crtn) {
		printError("CSSM_SignDataInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = text->Length;
	thisText.Data = text->Data;
	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			thisMove = toMove;
		}
		thisText.Length = thisMove;
		crtn = CSSM_SignDataUpdate(sigHand,
			&thisText,
			1);
		if(crtn) {
			printError("CSSM_SignDataUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		thisText.Data += thisMove;
		toMove -= thisMove;
	}
	crtn = CSSM_SignDataFinal(sigHand, sig);
	if(crtn) {
		printError("CSSM_SignDataFinal", crtn);
		ocrtn = crtn;
		goto abort;
	}
abort:
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/*
 * This all-in-one verify op has a special case for RSA keys. If the requested
 * alg is MD5 or SHA1, we'll do a manual digest op followed by raw RSA verify.
 * Likewise, if it's CSSM_ALGID_DSA, we'll do manual SHA1 digest followed by
 * raw DSA sign.
 */

CSSM_RETURN cspSigVerify(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// public key
		const CSSM_DATA *text,
		const CSSM_DATA *sig,
		CSSM_RETURN expectResult)			// expected result is verify failure
											// CSSM_OK - expect success
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		ocrtn = CSSM_OK;
	CSSM_RETURN		crtn;
	const CSSM_DATA	*ptext;
	CSSM_DATA		digest = {0, NULL};
	CSSM_ALGORITHMS	digestAlg = CSSM_ALGID_NONE;

	/* handle special cases for raw sign */
	switch(algorithm) {
		case CSSM_ALGID_SHA1:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_MD5:
			digestAlg = CSSM_ALGID_MD5;
			algorithm = CSSM_ALGID_RSA;
			break;
		case CSSM_ALGID_DSA:
			digestAlg = CSSM_ALGID_SHA1;
			algorithm = CSSM_ALGID_DSA;
			break;
		default:
			break;
	}
	if(digestAlg != CSSM_ALGID_NONE) {
		crtn = cspDigest(cspHand,
			digestAlg,
			CSSM_FALSE,			// mallocDigest
			text,
			&digest);
		if(crtn) {
			return crtn;
		}
		/* sign digest with raw RSA/DSA */
		ptext = &digest;
	}
	else {
		ptext = text;
	}
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (3)", crtn);
		return crtn;
	}

	crtn = CSSM_VerifyData(sigHand,
		ptext,
		1,
		digestAlg,
		sig);
	if(crtn != expectResult) {
		if(!crtn) {
			printf("Unexpected good Sig Verify\n");
		}
		else {
			printError("CSSM_VerifyData", crtn);
		}
		ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
	}
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	if(digest.Data != NULL) {
		CSSM_FREE(digest.Data);
	}
	return ocrtn;
}

/*
 * Staged verify. Each update does a random number of bytes 'till through.
 */
CSSM_RETURN cspStagedSigVerify(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		const CSSM_DATA *sig,
		CSSM_BOOL multiUpdates,				// false:single update, true:multi updates
		CSSM_RETURN expectResult)			// expected result is verify failure
											// CSSM_TRUE - expect success
{
	CSSM_CC_HANDLE	sigHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		thisMove;				// this update
	unsigned		toMove;					// total to go
	CSSM_DATA		thisText;				// actaully passed to update
	crtn = CSSM_CSP_CreateSignatureContext(cspHand,
		algorithm,
		NULL,				// passPhrase
		key,
		&sigHand);
	if(crtn) {
		printError("CSSM_CSP_CreateSignatureContext (4)", crtn);
		return crtn;
	}
	crtn = CSSM_VerifyDataInit(sigHand);
	if(crtn) {
		printError("CSSM_VerifyDataInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = text->Length;
	thisText.Data = text->Data;
	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			thisMove = toMove;
		}
		thisText.Length = thisMove;
		crtn = CSSM_VerifyDataUpdate(sigHand,
			&thisText,
			1);
		if(crtn) {
			printError("CSSM_VerifyDataUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		thisText.Data += thisMove;
		toMove -= thisMove;
	}
	crtn = CSSM_VerifyDataFinal(sigHand, sig);
	if(crtn != expectResult) {
		if(crtn) {
			printError("CSSM_VerifyDataFinal", crtn);
		}
		else {
			printf("Unexpected good Staged Sig Verify\n");
		}
		ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
	}
abort:
	crtn = CSSM_DeleteContext(sigHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/*
 * MAC routines
 */
CSSM_RETURN cspGenMac(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// session key
		const CSSM_DATA *text,
		CSSM_DATA_PTR mac)					// RETURNED
{
	CSSM_CC_HANDLE	macHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	crtn = CSSM_CSP_CreateMacContext(cspHand,
		algorithm,
		key,
		&macHand);
	if(crtn) {
		printError("CSSM_CSP_CreateMacContext (1)", crtn);
		return crtn;
	}
	crtn = CSSM_GenerateMac(macHand,
		text,
		1,
		mac);
	if(crtn) {
		printError("CSSM_GenerateMac", crtn);
		ocrtn = crtn;
	}
	crtn = CSSM_DeleteContext(macHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/*
 * Staged generate mac.
 */
CSSM_RETURN cspStagedGenMac(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		CSSM_BOOL mallocMac,				// if true and digest->Length = 0, we'll
											//		malloc
		CSSM_BOOL multiUpdates,				// false:single update, true:multi updates
		CSSM_DATA_PTR mac)					// RETURNED
{
	CSSM_CC_HANDLE	macHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		thisMove;				// this update
	unsigned		toMove;					// total to go
	CSSM_DATA		thisText;				// actaully passed to update

	crtn = CSSM_CSP_CreateMacContext(cspHand,
		algorithm,
		key,
		&macHand);
	if(crtn) {
		printError("CSSM_CSP_CreateMacContext (2)", crtn);
		return crtn;
	}

	if(mallocMac && (mac->Length == 0)) {
		/* malloc mac - ask CSP for size */
		CSSM_QUERY_SIZE_DATA	querySize = {0, 0};
		crtn = CSSM_QuerySize(macHand,
			CSSM_TRUE,						// encrypt
			1,
			&querySize);
		if(crtn) {
			printError("CSSM_QuerySize(mac)", crtn);
			ocrtn = crtn;
			goto abort;
		}
		if(querySize.SizeOutputBlock == 0) {
			printf("Unknown mac size\n");
			ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
			goto abort;
		}
		mac->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL);
		if(mac->Data == NULL) {
			printf("malloc failure\n");
			ocrtn = CSSMERR_CSSM_MEMORY_ERROR;
			goto abort;
		}
		mac->Length = querySize.SizeOutputBlock;
	}

	crtn = CSSM_GenerateMacInit(macHand);
	if(crtn) {
		printError("CSSM_GenerateMacInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = text->Length;
	thisText.Data = text->Data;

	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			thisMove = toMove;
		}
		thisText.Length = thisMove;
		crtn = CSSM_GenerateMacUpdate(macHand,
			&thisText,
			1);
		if(crtn) {
			printError("CSSM_GenerateMacUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		thisText.Data += thisMove;
		toMove -= thisMove;
	}
	crtn = CSSM_GenerateMacFinal(macHand, mac);
	if(crtn) {
		printError("CSSM_GenerateMacFinal", crtn);
		ocrtn = crtn;
		goto abort;
	}
abort:
	crtn = CSSM_DeleteContext(macHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

CSSM_RETURN cspMacVerify(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// public key
		const CSSM_DATA *text,
		const CSSM_DATA_PTR mac,
		CSSM_RETURN expectResult)			// expected result
											// CSSM_OK - expect success
{
	CSSM_CC_HANDLE	macHand;
	CSSM_RETURN		ocrtn = CSSM_OK;
	CSSM_RETURN		crtn;
	crtn = CSSM_CSP_CreateMacContext(cspHand,
		algorithm,
		key,
		&macHand);
	if(crtn) {
		printError("CSSM_CSP_CreateMacContext (3)", crtn);
		return crtn;
	}
	crtn = CSSM_VerifyMac(macHand,
		text,
		1,
		mac);
	if(crtn != expectResult) {
		if(crtn) {
			printError("CSSM_VerifyMac", crtn);
		}
		else {
			printf("Unexpected good Mac Verify\n");
		}
		ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
	}
	crtn = CSSM_DeleteContext(macHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

/*
 * Staged mac verify. Each update does a random number of bytes 'till through.
 */
CSSM_RETURN cspStagedMacVerify(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_FEE_MD5, etc.
		CSSM_KEY_PTR key,					// private key
		const CSSM_DATA *text,
		const CSSM_DATA_PTR mac,
		CSSM_BOOL multiUpdates,				// false:single update, true:multi updates
		CSSM_RETURN expectResult)			// expected result is verify failure
											// CSSM_OK - expect success
{
	CSSM_CC_HANDLE	macHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		thisMove;				// this update
	unsigned		toMove;					// total to go
	CSSM_DATA		thisText;				// actaully passed to update

	crtn = CSSM_CSP_CreateMacContext(cspHand,
		algorithm,
		key,
		&macHand);
	if(crtn) {
		printError("CSSM_CSP_CreateMacContext (4)", crtn);
		return crtn;
	}
	crtn = CSSM_VerifyMacInit(macHand);
	if(crtn) {
		printError("CSSM_VerifyMacInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = text->Length;
	thisText.Data = text->Data;

	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			thisMove = toMove;
		}
		thisText.Length = thisMove;
		crtn = CSSM_VerifyMacUpdate(macHand,
			&thisText,
			1);
		if(crtn) {
			printError("CSSM_VerifyMacUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		thisText.Data += thisMove;
		toMove -= thisMove;
	}
	crtn = CSSM_VerifyMacFinal(macHand, mac);
	if(crtn != expectResult) {
		if(crtn) {
			printError("CSSM_VerifyMacFinal", crtn);
		}
		else {
			printf("Unexpected good Staged Mac Verify\n");
		}
		ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
	}
abort:
	crtn = CSSM_DeleteContext(macHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

#pragma mark --------- Digest ---------

/*
 * Digest functions
 */
CSSM_RETURN cspDigest(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_MD5, etc.
		CSSM_BOOL mallocDigest,				// if true and digest->Length = 0, we'll malloc
		const CSSM_DATA *text,
		CSSM_DATA_PTR digest)
{
	CSSM_CC_HANDLE	digestHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;

	crtn = CSSM_CSP_CreateDigestContext(cspHand,
		algorithm,
		&digestHand);
	if(crtn) {
		printError("CSSM_CSP_CreateDIgestContext (1)", crtn);
		return crtn;
	}
	if(mallocDigest && (digest->Length == 0)) {
		/* malloc digest - ask CSP for size */
		CSSM_QUERY_SIZE_DATA	querySize = {0, 0};
		crtn = CSSM_QuerySize(digestHand,
			CSSM_FALSE,						// encrypt
			1,
			&querySize);
		if(crtn) {
			printError("CSSM_QuerySize(3)", crtn);
			ocrtn = crtn;
			goto abort;
		}
		if(querySize.SizeOutputBlock == 0) {
			printf("Unknown digest size\n");
			ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
			goto abort;
		}
		digest->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL);
		if(digest->Data == NULL) {
			printf("malloc failure\n");
			ocrtn = CSSMERR_CSSM_MEMORY_ERROR;
			goto abort;
		}
		digest->Length = querySize.SizeOutputBlock;
	}
	crtn = CSSM_DigestData(digestHand,
		text,
		1,
		digest);
	if(crtn) {
		printError("CSSM_DigestData", crtn);
		ocrtn = crtn;
	}
abort:
	crtn = CSSM_DeleteContext(digestHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

CSSM_RETURN cspStagedDigest(CSSM_CSP_HANDLE cspHand,
		uint32 algorithm,					// CSSM_ALGID_MD5, etc.
		CSSM_BOOL mallocDigest,				// if true and digest->Length = 0, we'll
											//		malloc
		CSSM_BOOL multiUpdates,				// false:single update, true:multi updates
		const CSSM_DATA *text,
		CSSM_DATA_PTR digest)
{
	CSSM_CC_HANDLE	digestHand;
	CSSM_RETURN		crtn;
	CSSM_RETURN		ocrtn = CSSM_OK;
	unsigned		thisMove;				// this update
	unsigned		toMove;					// total to go
	CSSM_DATA		thisText;				// actually passed to update

	crtn = CSSM_CSP_CreateDigestContext(cspHand,
		algorithm,
		&digestHand);
	if(crtn) {
		printError("CSSM_CSP_CreateDigestContext (2)", crtn);
		return crtn;
	}
	if(mallocDigest && (digest->Length == 0)) {
		/* malloc digest - ask CSP for size */
		CSSM_QUERY_SIZE_DATA	querySize = {0, 0};
		crtn = CSSM_QuerySize(digestHand,
			CSSM_FALSE,						// encrypt
			1,
			&querySize);
		if(crtn) {
			printError("CSSM_QuerySize(4)", crtn);
			ocrtn = crtn;
			goto abort;
		}
		if(querySize.SizeOutputBlock == 0) {
			printf("Unknown digest size\n");
			ocrtn = CSSMERR_CSSM_INTERNAL_ERROR;
			goto abort;
		}
		digest->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL);
		if(digest->Data == NULL) {
			printf("malloc failure\n");
			ocrtn = CSSMERR_CSSM_MEMORY_ERROR;
			goto abort;
		}
		digest->Length = querySize.SizeOutputBlock;
	}
	crtn = CSSM_DigestDataInit(digestHand);
	if(crtn) {
		printError("CSSM_DigestDataInit", crtn);
		ocrtn = crtn;
		goto abort;
	}
	toMove = text->Length;
	thisText.Data = text->Data;
	while(toMove) {
		if(multiUpdates) {
			thisMove = genRand(1, toMove);
		}
		else {
			thisMove = toMove;
		}
		thisText.Length = thisMove;
		crtn = CSSM_DigestDataUpdate(digestHand,
			&thisText,
			1);
		if(crtn) {
			printError("CSSM_DigestDataUpdate", crtn);
			ocrtn = crtn;
			goto abort;
		}
		thisText.Data += thisMove;
		toMove -= thisMove;
	}
	crtn = CSSM_DigestDataFinal(digestHand, digest);
	if(crtn) {
		printError("CSSM_DigestDataFinal", crtn);
		ocrtn = crtn;
		goto abort;
	}
abort:
	crtn = CSSM_DeleteContext(digestHand);
	if(crtn) {
		printError("CSSM_DeleteContext", crtn);
		ocrtn = crtn;
	}
	return ocrtn;
}

#pragma mark --------- wrap/unwrap ---------

/* wrap key function. */
CSSM_RETURN cspWrapKey(CSSM_CSP_HANDLE cspHand,
	const CSSM_KEY			*unwrappedKey,
	const CSSM_KEY			*wrappingKey,
	CSSM_ALGORITHMS			wrapAlg,
	CSSM_ENCRYPT_MODE		wrapMode,
	CSSM_KEYBLOB_FORMAT		wrapFormat,			// NONE, PKCS7, PKCS8
	CSSM_PADDING			wrapPad,
	CSSM_DATA_PTR			initVector,			// for some wrapping algs
	CSSM_DATA_PTR			descrData,			// optional
	CSSM_KEY_PTR			wrappedKey)			// RETURNED
{
	CSSM_CC_HANDLE		ccHand;
	CSSM_RETURN			crtn;
	CSSM_ACCESS_CREDENTIALS	creds;

	memset(wrappedKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(wrappedKey);
	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	/* special case for NULL wrap - no wrapping key */
	if((wrappingKey == NULL) ||
	   (wrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) {
		crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
				wrapAlg,
				wrapMode,
				&creds,			// passPhrase,
				wrappingKey,
				initVector,
				wrapPad,		// Padding
				0,				// Params
				&ccHand);
	}
	else {
		crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
				wrapAlg,
				&creds,
				wrappingKey,
				wrapPad,		// padding
				&ccHand);
		if(crtn) {
			printError("cspWrapKey/CreateContext", crtn);
			return crtn;
		}
		if(initVector) {
			/* manually add IV for CMS. The actual low-level encrypt doesn't
			 * use it (and must ignore it). */
			crtn = AddContextAttribute(ccHand,
				CSSM_ATTRIBUTE_INIT_VECTOR,
				sizeof(CSSM_DATA),
				CAT_Ptr,
				initVector,
				0);
			if(crtn) {
				printError("CSSM_UpdateContextAttributes", crtn);
				return crtn;
			}
		}
	}
	if(crtn) {
		printError("cspWrapKey/CreateContext", crtn);
		return crtn;
	}
	if(wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) {
		/* only add this attribute if it's not the default */
		CSSM_CONTEXT_ATTRIBUTE attr;
		attr.AttributeType = CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT;
		attr.AttributeLength = sizeof(uint32);
		attr.Attribute.Uint32 = wrapFormat;
		crtn = CSSM_UpdateContextAttributes(
			ccHand,
			1,
			&attr);
		if(crtn) {
			printError("CSSM_UpdateContextAttributes", crtn);
			return crtn;
		}
	}
	crtn = CSSM_WrapKey(ccHand,
		&creds,
		unwrappedKey,
		descrData,			// DescriptiveData
		wrappedKey);
	if(crtn != CSSM_OK) {
		printError("CSSM_WrapKey", crtn);
	}
	if(CSSM_DeleteContext(ccHand)) {
		printf("CSSM_DeleteContext failure\n");
	}
	return crtn;
}

/* unwrap key function. */
CSSM_RETURN cspUnwrapKey(CSSM_CSP_HANDLE cspHand,
	const CSSM_KEY			*wrappedKey,
	const CSSM_KEY			*unwrappingKey,
	CSSM_ALGORITHMS			unwrapAlg,
	CSSM_ENCRYPT_MODE		unwrapMode,
	CSSM_PADDING 			unwrapPad,
	CSSM_DATA_PTR			initVector,			// for some wrapping algs
	CSSM_KEY_PTR			unwrappedKey,		// RETURNED
	CSSM_DATA_PTR			descrData,			// required
	const char 				*keyLabel,
	unsigned 				keyLabelLen)
{
	CSSM_CC_HANDLE		ccHand;
	CSSM_RETURN			crtn;
	CSSM_DATA			labelData;
	uint32				keyAttr;
	CSSM_ACCESS_CREDENTIALS	creds;

	memset(unwrappedKey, 0, sizeof(CSSM_KEY));
	setBadKeyData(unwrappedKey);
	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	if((unwrappingKey == NULL) ||
	   (unwrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) {
		crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
				unwrapAlg,
				unwrapMode,
				&creds,
				unwrappingKey,
				initVector,
				unwrapPad,
				0,				// Params
				&ccHand);
	}
	else {
		crtn = CSSM_CSP_CreateAsymmetricContext(cspHand,
				unwrapAlg,
				&creds,			// passPhrase,
				unwrappingKey,
				unwrapPad,		// Padding
				&ccHand);
		if(crtn) {
			printError("cspUnwrapKey/CreateContext", crtn);
			return crtn;
		}
		if(initVector) {
			/* manually add IV for CMS. The actual low-level encrypt doesn't
			 * use it (and must ignore it). */
			crtn = AddContextAttribute(ccHand,
				CSSM_ATTRIBUTE_INIT_VECTOR,
				sizeof(CSSM_DATA),
				CAT_Ptr,
				initVector,
				0);
			if(crtn) {
				printError("CSSM_UpdateContextAttributes", crtn);
				return crtn;
			}
		}
	}
	if(crtn) {
		printError("cspUnwrapKey/CreateContext", crtn);
		return crtn;
	}
	labelData.Data = (uint8 *)keyLabel;
	labelData.Length = keyLabelLen;

	/*
	 * New keyAttr - clear some old bits, make sure we ask for ref key
	 */
	keyAttr = wrappedKey->KeyHeader.KeyAttr;
	keyAttr &= ~(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE);
	keyAttr |= CSSM_KEYATTR_RETURN_REF;
	crtn = CSSM_UnwrapKey(ccHand,
		NULL,				// PublicKey
		wrappedKey,
		wrappedKey->KeyHeader.KeyUsage,
		keyAttr,
		&labelData,
		NULL,				// CredAndAclEntry
		unwrappedKey,
		descrData);			// required
	if(crtn != CSSM_OK) {
		printError("CSSM_UnwrapKey", crtn);
	}
	if(CSSM_DeleteContext(ccHand)) {
		printf("CSSM_DeleteContext failure\n");
	}
	return crtn;
}

/*
 * Simple NULL wrap to convert a reference key to a raw key.
 */
CSSM_RETURN cspRefKeyToRaw(
	CSSM_CSP_HANDLE cspHand,
	const CSSM_KEY *refKey,
	CSSM_KEY_PTR rawKey)		// init'd and RETURNED
{
	CSSM_DATA descData = {0, 0};

	memset(rawKey, 0, sizeof(CSSM_KEY));
	return cspWrapKey(cspHand,
		refKey,
		NULL,					// unwrappingKey
		CSSM_ALGID_NONE,
		CSSM_ALGMODE_NONE,
		CSSM_KEYBLOB_WRAPPED_FORMAT_NONE,
		CSSM_PADDING_NONE,
		NULL,					// IV
		&descData,
		rawKey);
}

/*
 * Convert ref key to raw key with specified format.
 */
CSSM_RETURN cspRefKeyToRawWithFormat(
	CSSM_CSP_HANDLE cspHand,
	const CSSM_KEY *refKey,
	CSSM_KEYBLOB_FORMAT format,
	CSSM_KEY_PTR rawKey)		// init'd and RETURNED
{
	memset(rawKey, 0, sizeof(CSSM_KEY));
	CSSM_ATTRIBUTE_TYPE attrType;

	switch(refKey->KeyHeader.KeyClass) {
		case CSSM_KEYCLASS_PUBLIC_KEY:
			attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT;
			break;
		case CSSM_KEYCLASS_PRIVATE_KEY:
			attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT;
			break;
		case CSSM_KEYCLASS_SESSION_KEY:
			attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT;
			break;
		default:
			printf("***Unknown key class\n");
			return CSSMERR_CSP_INVALID_KEY;
	}

	CSSM_DATA descData = {0, 0};
	CSSM_CC_HANDLE		ccHand;
	CSSM_RETURN			crtn;
//	uint32				keyAttr;
	CSSM_ACCESS_CREDENTIALS	creds;

	memset(rawKey, 0, sizeof(CSSM_KEY));
	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
				CSSM_ALGID_NONE,
				CSSM_ALGMODE_NONE,
				&creds,
				NULL,			// unwrappingKey
				NULL,			// initVector
				CSSM_PADDING_NONE,
				NULL,			// Reserved
				&ccHand);
	if(crtn) {
		printError("cspRefKeyToRawWithFormat/CreateContext", crtn);
		return crtn;
	}

	/* Add the spec for the resulting format */
	crtn = AddContextAttribute(ccHand,
		attrType,
		sizeof(uint32),
		CAT_Uint32,
		NULL,
		format);

	crtn = CSSM_WrapKey(ccHand,
		&creds,
		refKey,
		&descData,			// DescriptiveData
		rawKey);
	if(crtn != CSSM_OK) {
		printError("CSSM_WrapKey", crtn);
	}
	if(rawKey->KeyHeader.Format != format) {
		printf("***cspRefKeyToRawWithFormat format scewup\n");
		crtn = CSSMERR_CSP_INTERNAL_ERROR;
	}
	if(CSSM_DeleteContext(ccHand)) {
		printf("CSSM_DeleteContext failure\n");
	}
	return crtn;
}

/* unwrap raw key --> ref */
CSSM_RETURN cspRawKeyToRef(
	CSSM_CSP_HANDLE cspHand,
	const CSSM_KEY *rawKey,
	CSSM_KEY_PTR refKey)				// init'd and RETURNED
{
	CSSM_DATA descData = {0, 0};

	memset(refKey, 0, sizeof(CSSM_KEY));
	return cspUnwrapKey(cspHand,
		rawKey,
		NULL,		// unwrappingKey
		CSSM_ALGID_NONE,
		CSSM_ALGMODE_NONE,
		CSSM_PADDING_NONE,
		NULL,		// init vector
		refKey,
		&descData,
		"noLabel",
		7);
}


#pragma mark --------- FEE key/curve support ---------

/*
 * Generate random key size, primeType, curveType for FEE key for specified op.
 *
 * First just enumerate the curves we know about, with ECDSA-INcapable first
 */

typedef struct {
	uint32	keySizeInBits;
	uint32 	primeType;				// CSSM_FEE_PRIME_TYPE_xxx
	uint32 	curveType;				// CSSM_FEE_CURVE_TYPE_xxx
} feeCurveParams;

#define FEE_PROTOTYPE_CURVES	0
#if 	FEE_PROTOTYPE_CURVES
/* obsolete as of 4/9/2001 */
static feeCurveParams feeCurves[] = {
	{	31,		CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_MONTGOMERY },
	{	127,	CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_MONTGOMERY },
	{	127,	CSSM_FEE_PRIME_TYPE_GENERAL,	CSSM_FEE_CURVE_TYPE_MONTGOMERY },
	#define NUM_NON_ECDSA_CURVES	3

	/* start of Weierstrass, IEEE P1363-capable curves */
	{	31,		CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	40,		CSSM_FEE_PRIME_TYPE_FEE,		CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	127,	CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	160,	CSSM_FEE_PRIME_TYPE_FEE,		CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	160,	CSSM_FEE_PRIME_TYPE_GENERAL,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	192,	CSSM_FEE_PRIME_TYPE_FEE,		CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
};
#else	/* FEE_PROTOTYPE_CURVES */
static feeCurveParams feeCurves[] = {
	{	31,		CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_MONTGOMERY },
	{	127,	CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_MONTGOMERY },
	#define NUM_NON_ECDSA_CURVES	2

	/* start of Weierstrass, IEEE P1363-capable curves */
	{	31,		CSSM_FEE_PRIME_TYPE_MERSENNE,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	128,	CSSM_FEE_PRIME_TYPE_FEE,		CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	161,	CSSM_FEE_PRIME_TYPE_FEE,		CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	161,	CSSM_FEE_PRIME_TYPE_GENERAL,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
	{	192,	CSSM_FEE_PRIME_TYPE_GENERAL,	CSSM_FEE_CURVE_TYPE_WEIERSTRASS },
};
#endif	/* FEE_PROTOTYPE_CURVES */
#define NUM_FEE_CURVES	(sizeof(feeCurves) / sizeof(feeCurveParams))

void randFeeKeyParams(
	CSSM_ALGORITHMS	alg,			// ALGID_FEED, CSSM_ALGID_FEE_MD5, etc.
	uint32			*keySizeInBits,	// RETURNED
	uint32 			*primeType,		// CSSM_FEE_PRIME_TYPE_xxx, RETURNED
	uint32 			*curveType)		// CSSM_FEE_CURVE_TYPE_xxx, RETURNED
{
	unsigned minParams;
	unsigned die;
	feeCurveParams *feeParams;

	switch(alg) {
		case CSSM_ALGID_SHA1WithECDSA:
			minParams = NUM_NON_ECDSA_CURVES;
			break;
		default:
			minParams = 0;
			break;
	}
	die = genRand(minParams, (NUM_FEE_CURVES - 1));
	feeParams = &feeCurves[die];
	*keySizeInBits = feeParams->keySizeInBits;
	*primeType = feeParams->primeType;
	*curveType = feeParams->curveType;
}

/*
 * Obtain strings for primeType and curveType.
 */
const char *primeTypeStr(uint32 primeType)
{
	const char *p;
	switch(primeType) {
		case CSSM_FEE_PRIME_TYPE_MERSENNE:
			p = "Mersenne";
			break;
		case CSSM_FEE_PRIME_TYPE_FEE:
			p = "FEE";
			break;
		case CSSM_FEE_PRIME_TYPE_GENERAL:
			p = "General";
			break;
		case CSSM_FEE_PRIME_TYPE_DEFAULT:
			p = "Default";
			break;
		default:
			p = "***UNKNOWN***";
			break;
	}
	return p;
}

const char *curveTypeStr(uint32 curveType)
{
	const char *c;
	switch(curveType) {
		case CSSM_FEE_CURVE_TYPE_DEFAULT:
			c = "Default";
			break;
		case CSSM_FEE_CURVE_TYPE_MONTGOMERY:
			c = "Montgomery";
			break;
		case CSSM_FEE_CURVE_TYPE_WEIERSTRASS:
			c = "Weierstrass";
			break;
		default:
			c = "***UNKNOWN***";
			break;
	}
	return c;
}

/*
 * Perform FEE Key exchange via CSSM_DeriveKey.
 */
#if 0
/* Not implemented in OS X */
CSSM_RETURN cspFeeKeyExchange(CSSM_CSP_HANDLE cspHand,
	CSSM_KEY_PTR 	privKey,
	CSSM_KEY_PTR 	pubKey,
	CSSM_KEY_PTR 	derivedKey,		// mallocd by caller

	/* remaining fields apply to derivedKey */
	uint32 			keyAlg,
	const char 		*keyLabel,
	unsigned 		keyLabelLen,
	uint32 			keyUsage,		// CSSM_KEYUSE_ENCRYPT, etc.
	uint32 			keySizeInBits)
{
	CSSM_CC_HANDLE	dkHand;
	CSSM_RETURN 	crtn;
	CSSM_DATA		labelData;

	if(derivedKey == NULL) {
		printf("cspFeeKeyExchange: no derivedKey\n");
		return CSSMERR_CSSM_INTERNAL_ERROR;
	}
	if((pubKey == NULL) ||
	   (pubKey->KeyHeader.KeyClass != CSSM_KEYCLASS_PUBLIC_KEY) ||
	   (pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW)) {
	 	printf("cspFeeKeyExchange: bad pubKey\n");
	 	return CSSMERR_CSSM_INTERNAL_ERROR;
	}
	if((privKey == NULL) ||
	   (privKey->KeyHeader.KeyClass != CSSM_KEYCLASS_PRIVATE_KEY) ||
	   (privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE)) {
	 	printf("cspFeeKeyExchange: bad privKey\n");
	 	return CSSMERR_CSSM_INTERNAL_ERROR;
	}
	memset(derivedKey, 0, sizeof(CSSM_KEY));

	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
		CSSM_ALGID_FEE_KEYEXCH,			// AlgorithmID
		keyAlg,							// alg of the derived key
		keySizeInBits,
		NULL,							// access creds
		// FIXME
		0,								// IterationCount
		NULL,							// Salt
		NULL,							// Seed
		NULL);							// PassPhrase
	if(dkHand == 0) {
		printError("CSSM_CSP_CreateDeriveKeyContext");
		return CSSM_FAIL;
	}
	labelData.Length = keyLabelLen;
	labelData.Data = (uint8 *)keyLabel;
	crtn = CSSM_DeriveKey(dkHand,
		privKey,
		&pubKey->KeyData,		// Param - pub key blob
		keyUsage,
		CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE |
				  CSSM_KEYATTR_SENSITIVE,
		&labelData,
		derivedKey);

	/* FIXME - save/restore error */
	CSSM_DeleteContext(dkHand);
	if(crtn) {
		printError("CSSM_DeriveKey");
	}
	return crtn;
}
#endif

#pragma mark --------- Key/DL/DB support ---------

/*
 * Add a DL/DB handle to a crypto context.
 */
CSSM_RETURN cspAddDlDbToContext(
	CSSM_CC_HANDLE ccHand,
	CSSM_DL_HANDLE dlHand,
	CSSM_DB_HANDLE dbHand)
{
	CSSM_DL_DB_HANDLE dlDb = { dlHand, dbHand };
	return AddContextAttribute(ccHand,
		CSSM_ATTRIBUTE_DL_DB_HANDLE,
		sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE),
		CAT_Ptr,
		&dlDb,
		0);
}

/*
 * Common routine to do a basic DB lookup by label and key type.
 * Query is aborted prior to exit.
 */
static CSSM_DB_UNIQUE_RECORD_PTR dlLookup(
	CSSM_DL_DB_HANDLE	dlDbHand,
	const CSSM_DATA		*keyLabel,
	CT_KeyType 			keyType,
	CSSM_HANDLE 		*resultHand,			// RETURNED
	CSSM_DATA_PTR		theData,				// RETURED
	CSSM_DB_RECORDTYPE	*recordType)			// RETURNED
{
	CSSM_QUERY						query;
	CSSM_SELECTION_PREDICATE		predicate;
	CSSM_DB_UNIQUE_RECORD_PTR		record = NULL;
	CSSM_RETURN						crtn;

	switch(keyType) {
		case CKT_Public:
			query.RecordType = *recordType = CSSM_DL_DB_RECORD_PUBLIC_KEY;
			break;
		case CKT_Private:
			query.RecordType = *recordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
			break;
		case CKT_Session:
			query.RecordType = *recordType = CSSM_DL_DB_RECORD_SYMMETRIC_KEY;
			break;
		default:
			printf("Hey bozo! Give me a valid key type!\n");
			return NULL;
	}
	query.Conjunctive = CSSM_DB_NONE;
	query.NumSelectionPredicates = 1;
	predicate.DbOperator = CSSM_DB_EQUAL;

	predicate.Attribute.Info.AttributeNameFormat =
		CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
	predicate.Attribute.Info.Label.AttributeName = (char *) "Label";
	predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
	/* hope this cast is OK */
	predicate.Attribute.Value = (CSSM_DATA_PTR)keyLabel;
	query.SelectionPredicate = &predicate;

	query.QueryLimits.TimeLimit = 0;	// FIXME - meaningful?
	query.QueryLimits.SizeLimit = 1;	// FIXME - meaningful?
	query.QueryFlags = CSSM_QUERY_RETURN_DATA;	// FIXME - used?

	crtn = CSSM_DL_DataGetFirst(dlDbHand,
		&query,
		resultHand,
		NULL,
		theData,
		&record);
	/* abort only on success */
	if(crtn == CSSM_OK) {
		crtn = CSSM_DL_DataAbortQuery(dlDbHand, *resultHand);
		if(crtn) {
			printError("CSSM_DL_AbortQuery", crtn);
			return NULL;
		}
	}
	return record;
}

/*
 * Look up a key by label and type.
 */
CSSM_KEY_PTR cspLookUpKeyByLabel(
	CSSM_DL_HANDLE dlHand,
	CSSM_DB_HANDLE dbHand,
	const CSSM_DATA *labelData,
	CT_KeyType keyType)
{
	CSSM_DB_UNIQUE_RECORD_PTR	record;
	CSSM_HANDLE					resultHand;
	CSSM_DATA					theData;
	CSSM_KEY_PTR				key;
	CSSM_DB_RECORDTYPE 			recordType;
	CSSM_DL_DB_HANDLE			dlDbHand;

	dlDbHand.DLHandle = dlHand;
	dlDbHand.DBHandle = dbHand;

	theData.Length = 0;
	theData.Data = NULL;

	record = dlLookup(dlDbHand,
		labelData,
		keyType,
		&resultHand,
		&theData,
		&recordType);
	if(record == NULL) {
		//printf("cspLookUpKeyByLabel: key not found\n");
		return NULL;
	}
	key = (CSSM_KEY_PTR)theData.Data;
	CSSM_DL_FreeUniqueRecord(dlDbHand, record);
	return key;
}

/*
 * Delete and free a key
 */
CSSM_RETURN cspDeleteKey(
	CSSM_CSP_HANDLE		cspHand,		// for free
	CSSM_DL_HANDLE		dlHand,			// for delete
	CSSM_DB_HANDLE		dbHand,			// ditto
	const CSSM_DATA 	*labelData,
	CSSM_KEY_PTR		key)
{
	CSSM_DB_UNIQUE_RECORD_PTR	record;
	CSSM_HANDLE					resultHand;
	CT_KeyType					keyType;
	CSSM_RETURN					crtn = CSSM_OK;
	CSSM_DB_RECORDTYPE 			recordType;
	CSSM_DL_DB_HANDLE			dlDbHand;

	if(key->KeyHeader.KeyAttr & CSSM_KEYATTR_PERMANENT) {
		/* first do a lookup based in this key's fields */
		switch(key->KeyHeader.KeyClass) {
			case CSSM_KEYCLASS_PUBLIC_KEY:
				keyType = CKT_Public;
				break;
			case CSSM_KEYCLASS_PRIVATE_KEY:
				keyType = CKT_Private;
				break;
			case CSSM_KEYCLASS_SESSION_KEY:
				keyType = CKT_Session;
				break;
			default:
				printf("Hey bozo! Give me a valid key type!\n");
				return -1;
		}

		dlDbHand.DLHandle = dlHand;
		dlDbHand.DBHandle = dbHand;

		record = dlLookup(dlDbHand,
			labelData,
			keyType,
			&resultHand,
			NULL,			// don't want actual data
			&recordType);
		if(record == NULL) {
			printf("cspDeleteKey: key not found in DL\n");
			return CSSMERR_DL_RECORD_NOT_FOUND;
		}

		/* OK, nuke it */
		crtn = CSSM_DL_DataDelete(dlDbHand, record);
		if(crtn) {
			printError("CSSM_DL_DataDelete", crtn);
		}
		CSSM_DL_FreeUniqueRecord(dlDbHand, record);
	}

	/* CSSM_FreeKey() should fail due to the delete, but it will
	 * still free KeyData....
	 * FIXME - we should be able to do this in this one single call - right?
	 */
	CSSM_FreeKey(cspHand, NULL, key, CSSM_FALSE);

	return crtn;
}

/*
 * Given any key in either blob or reference format,
 * obtain the associated SHA-1 hash.
 */
CSSM_RETURN cspKeyHash(
	CSSM_CSP_HANDLE		cspHand,
	const CSSM_KEY_PTR	key,			/* public key */
	CSSM_DATA_PTR		*hashData)		/* hash mallocd and RETURNED here */
{
	CSSM_CC_HANDLE		ccHand;
	CSSM_RETURN			crtn;
	CSSM_DATA_PTR		dp;

	*hashData = NULL;

	/* validate input params */
	if((key == NULL) ||
	   (hashData == NULL)) {
	   	printf("cspKeyHash: bogus args\n");
		return CSSMERR_CSSM_INTERNAL_ERROR;
	}

	/* cook up a context for a passthrough op */
	crtn = CSSM_CSP_CreatePassThroughContext(cspHand,
	 	key,
		&ccHand);
	if(ccHand == 0) {
		printError("CSSM_CSP_CreatePassThroughContext", crtn);
		return crtn;
	}

	/* now it's up to the CSP */
	crtn = CSSM_CSP_PassThrough(ccHand,
		CSSM_APPLECSP_KEYDIGEST,
		NULL,
		(void **)&dp);
	if(crtn) {
		printError("CSSM_CSP_PassThrough(PUBKEYHASH)", crtn);
	}
	else {
		*hashData = dp;
		crtn = CSSM_OK;
	}
	CSSM_DeleteContext(ccHand);
	return crtn;
}