Add SDR test command

4 files changed, 421 insertions, 0 deletions

diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn
index 8a8b5caa1..0ccd24b80 100644
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -55,6 +55,7 @@ DIRS = lib  \
  p7verify  \
  pp  \
  rngtest \
+ sdrtest \
  selfserv  \
  ssltap  \
  strsclnt \
diff --git a/security/nss/cmd/sdrtest/Makefile b/security/nss/cmd/sdrtest/Makefile
new file mode 100644
index 000000000..490f738e5
--- /dev/null
+++ b/security/nss/cmd/sdrtest/Makefile
@@ -0,0 +1,73 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
diff --git a/security/nss/cmd/sdrtest/manifest.mn b/security/nss/cmd/sdrtest/manifest.mn
new file mode 100644
index 000000000..05e23b867
--- /dev/null
+++ b/security/nss/cmd/sdrtest/manifest.mn
@@ -0,0 +1,52 @@
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = security
+
+CSRCS = \
+	sdrtest.c \
+	$(NULL)
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES = dbm seccmd
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses     OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but 
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = sdrtest
diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c
new file mode 100644
index 000000000..139593868
--- /dev/null
+++ b/security/nss/cmd/sdrtest/sdrtest.c
@@ -0,0 +1,295 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+ * Test program for SDR (Secret Decoder Ring) functions.
+ *
+ * $Id$
+ */
+
+#include "nspr.h"
+#include "string.h"
+#include "nss.h"
+#include "secutil.h"
+#include "cert.h"
+#include "pk11func.h"
+
+#include "plgetopt.h"
+#include "pk11sdr.h"
+
+#define DEFAULT_VALUE "Test"
+
+static void
+synopsis (char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    PR_fprintf (pr_stderr, "Usage:");
+    PR_fprintf (pr_stderr,
+		"\t%s [-i <input-file>] [-o <output-file>] [-r <text>] [-d <dir>]\n",
+		program_name);
+}
+
+
+static void
+short_usage (char *program_name)
+{
+    PR_fprintf (PR_STDERR,
+		"Type %s -H for more detailed descriptions\n",
+		program_name);
+    synopsis (program_name);
+}
+
+
+static void
+long_usage (char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    synopsis (program_name);
+    PR_fprintf (pr_stderr, "\nSecret Decoder Test:\n");
+    PR_fprintf (pr_stderr,
+		"  %-13s Read encrypted data from \"file\"\n",
+		"-i file");
+    PR_fprintf (pr_stderr,
+		"  %-13s Write newly generated encrypted data to \"file\"\n",
+		"-o file");
+    PR_fprintf (pr_stderr,
+		"  %-13s Use \"text\" as the plaintext for encryption and verification\n",
+		"-t text");
+    PR_fprintf (pr_stderr,
+		"  %-13s Find security databases in \"dbdir\"\n",
+		"-d dbdir");
+}
+
+int
+main (int argc, char **argv)
+{
+    int		 retval = 0;  /* 0 - test succeeded.  -1 - test failed */
+    SECStatus	 rv;
+    CERTCertDBHandle *certHandle = NULL;
+    PK11SlotInfo *slot = 0;
+    PLOptState	*optstate;
+    char	*program_name;
+    const char  *input_file = NULL; 	/* read encrypted data from here (or create) */
+    const char  *output_file = NULL;	/* write new encrypted data here */
+    const char  *value = DEFAULT_VALUE;	/* Use this for plaintext */
+    SECItem     data;
+    SECItem     result;
+    SECItem     text;
+    PRBool      verbose = PR_FALSE;
+
+    result.data = 0;
+    text.data = 0; text.len = 0;
+
+    program_name = PL_strrchr(argv[0], '/');
+    program_name = program_name ? (program_name + 1) : argv[0];
+
+    optstate = PL_CreateOptState (argc, argv, "Hd:i:o:t:v");
+    if (optstate == NULL) {
+	SECU_PrintError (program_name, "PL_CreateOptState failed");
+	return -1;
+    }
+
+    while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  case '?':
+	    short_usage (program_name);
+	    return retval;
+
+	  case 'H':
+	    long_usage (program_name);
+	    return retval;
+
+	  case 'd':
+	    SECU_ConfigDirectory(optstate->value);
+	    break;
+
+          case 'i':
+            input_file = optstate->value;
+            break;
+
+          case 'o':
+            output_file = optstate->value;
+            break;
+
+          case 't':
+            value = optstate->value;
+            break;
+
+          case 'v':
+            verbose = PR_TRUE;
+            break;
+	}
+    }
+
+    /*
+     * Initialize the NSPR and Security libraries.
+     */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /*  Initialize NSPR and NSS.  */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    certHandle = SECU_OpenCertDB(PR_FALSE);
+    if (!certHandle) goto prdone;
+
+    SECU_PKCS11Init(PR_FALSE);
+    SEC_Init();
+
+    slot = PK11_GetInternalKeySlot();
+    if (PK11_NeedUserInit(slot))
+    {
+      if (verbose) printf("Initializing new key database\n");
+      PK11_InitPin(slot, 0, 0);
+    }
+
+    /* Convert value into an item */
+    data.data = (unsigned char *)value;
+    data.len = strlen(value);
+
+    /* Get the encrypted result, either from the input file
+     * or from encrypting the plaintext value
+     */
+    if (input_file)
+    {
+      PRFileDesc *file /* = PR_OpenFile(input_file, 0) */;
+      PRFileInfo info;
+      PRStatus s;
+      PRInt32 count;
+
+      if (verbose) printf("Reading data from %s\n", input_file);
+
+      file = PR_Open(input_file, PR_RDONLY, 0);
+      if (!file) {
+        if (verbose) printf("Open of file failed\n");
+        retval = -1;
+        goto loser;
+      }
+
+      s = PR_GetOpenFileInfo(file, &info);
+      if (s != PR_SUCCESS) {
+        if (verbose) printf("File info operation failed\n");
+        retval = -1;
+        goto file_loser;
+      }
+
+      result.len = info.size;
+      result.data = (unsigned char *)malloc(result.len);
+      if (!result.data) {
+        if (verbose) printf("Allocation of buffer failed\n");
+        retval = -1;
+        goto file_loser;
+      }
+
+      count = PR_Read(file, result.data, result.len);
+      if (count != result.len) {
+        if (verbose) printf("Read failed\n");
+        retval = -1;
+        goto file_loser;
+      }
+
+file_loser:
+      PR_Close(file);
+      if (retval != 0) goto loser;
+    }
+    else
+    {
+      SECItem keyid = { 0, 0, 0 };
+
+      rv = PK11SDR_Encrypt(&keyid, &data, &result, 0);
+      if (rv != SECSuccess) {
+        if (verbose) printf("Encrypt operation failed\n");
+        retval = -1;
+        goto loser;
+      }
+
+      if (verbose) printf("Encrypted result is %d bytes long\n", result.len);
+
+      /* -v printf("Result is %.*s\n", text.len, text.data); */
+      if (output_file)
+      {
+         PRFileDesc *file;
+         PRInt32 count;
+
+         if (verbose) printf("Writing result to %s\n", output_file);
+
+         /* Write to file */
+         file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666);
+         if (!file) {
+            if (verbose) printf("Open of output file failed\n");
+            retval = -1;
+            goto loser;
+         }
+
+         count = PR_Write(file, result.data, result.len);
+
+         PR_Close(file);
+
+         if (count != result.len) {
+           if (verbose) printf("Write failed\n");
+           retval = -1;
+           goto loser;
+         }
+      }
+    }
+
+    /* Decrypt the value */
+    rv = PK11SDR_Decrypt(&result, &text, 0);
+    if (rv != SECSuccess) {
+      if (verbose) printf("Decrypt operation failed\n");
+      retval = -1; 
+      goto loser;
+    }
+
+    if (verbose) printf("Decrypted result is %.*s\n", text.len, text.data);
+
+    /* Compare to required value */
+    if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0)
+    {
+      if (verbose) printf("Comparison failed\n");
+      retval = -1;
+      goto loser;
+    }
+
+loser:
+    if (text.data) free(text.data);
+    if (result.data) free(result.data);
+    if (certHandle) CERT_ClosePermCertDB(certHandle);
+    NSS_Shutdown();
+
+prdone:
+    PR_Cleanup ();
+    return retval;
+}