kc-22-key-symmetric.c [plain text]
#include <Security/x509defs.h>
#include <Security/SecKeyPriv.h>
#include <Security/SecKeychainSearch.h>
#include <stdlib.h>
#include <unistd.h>
#include "testenv.h"
#include "testleaks.h"
#include "testmore.h"
#include "testsecevent.h"
void tests(int dont_skip)
{
SecKeychainRef keychain;
ok_status(SecKeychainCreate("test", 4, "test", FALSE, NULL, &keychain),
"create keychain");
#ifdef DEBUG
ok_status(test_sec_event_register(kSecAddEventMask | kSecDeleteEventMask),
"register for add events");
SecKeychainItemRef aes_key = NULL;
#endif
ok_status(SecKeyGenerate(keychain, CSSM_ALGID_AES, 128,
0 ,
CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_ENCRYPT,
CSSM_KEYATTR_EXTRACTABLE,
NULL, NULL), "SecKeyGenerate");
#ifdef DEBUG
is_sec_event(kSecAddEvent, NULL, &aes_key, NULL,
"got add event for key");
#endif
uint32 btrue = 1;
SecKeychainAttribute sym_attrs[] =
{
{ kSecKeyEncrypt, sizeof(btrue), &btrue }
};
SecKeychainAttributeList sym_attr_list =
{ sizeof(sym_attrs) / sizeof(*sym_attrs), sym_attrs };
SecKeychainSearchRef search = NULL;
ok_status(SecKeychainSearchCreateFromAttributes(keychain,
CSSM_DL_DB_RECORD_SYMMETRIC_KEY, &sym_attr_list, &search),
"create symmetric encryption key search");
SecKeychainItemRef item = NULL;
ok_status(SecKeychainSearchCopyNext(search, &item), "get first key");
#ifdef DEBUG
cmp_ok((intptr_t)aes_key, ==, (intptr_t)item, "is key found the right one?");
#endif
if (item) CFRelease(item);
is_status(SecKeychainSearchCopyNext(search, &item),
errSecItemNotFound, "copy next returns no more keys");
CFRelease(search);
ok_status(SecKeychainSearchCreateFromAttributes(keychain,
CSSM_DL_DB_RECORD_ANY, NULL, &search),
"create any item search");
item = NULL;
TODO: {
todo("<rdar://problem/3760340> Searching for CSSM_DL_DB_RECORD_ANY does not return "
"user-added symmetric keys");
ok_status(SecKeychainSearchCopyNext(search, &item), "get first key");
#ifdef DEBUG
cmp_ok((intptr_t)aes_key, ==, (intptr_t)item, "is key found the right one?");
#endif
}
if (item) CFRelease(item);
is_status(SecKeychainSearchCopyNext(search, &item),
errSecItemNotFound, "copy next returns no more keys");
CFRelease(search);
#ifdef DEBUG
ok_status(SecKeychainItemDelete(aes_key), "delete key");
is(CFGetRetainCount(aes_key), 2, "key retain count is 2");
#endif
#ifdef DEBUG
SecKeychainItemRef deleted_item = NULL;
is_sec_event(kSecDeleteEvent, NULL, &deleted_item, NULL, "got delete event for key");
is((intptr_t)aes_key, (intptr_t)deleted_item, "key was the deleted item");
#endif
#ifdef DEBUG
ok_status(test_sec_event_deregister(), "deregister for events");
#endif
SecKeyRef aes_key2 = NULL;
ok_status(SecKeyGenerate(keychain, CSSM_ALGID_AES, 128,
0 ,
CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_ENCRYPT,
CSSM_KEYATTR_EXTRACTABLE,
NULL, &aes_key2), "SecKeyGenerate and get key");
is(CFGetRetainCount(aes_key2), 1, "retain count is 1");
CFRelease(aes_key2);
CFRelease(keychain);
ok(tests_end(1), "cleanup");
}
int main(int argc, char *const *argv)
{
int dont_skip = argc > 1 && !strcmp(argv[1], "-s");
plan_tests(12);
if (!tests_begin(argc, argv))
BAIL_OUT("tests_begin failed");
tests(dont_skip);
ok_leaks("no leaks");
return 0;
}