[apple/security.git] / OSX / shared_regressions / si-44-seckey-ec.m

/*
 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */


#import <Foundation/Foundation.h>

#import <corecrypto/ccsha1.h>
#import <corecrypto/ccsha2.h>
#import <corecrypto/ccec.h>

#include "shared_regressions.h"

static void test_export_import_run(int size) {
    NSError *error;
    id privKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(size)}, (void *)&error));
    ok(privKey, "generate private key (size %d, error %@)", size, error);

    NSData *message = [NSData dataWithBytes:"hello" length:5];
    error = nil;
    NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (void *)&error));
    ok(signature, "create signature, %@", error);

    id pubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
    error = nil;
    NSData *pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)pubKey, (void *)&error));
    ok(pubKeyData, "export public key, %@", error);
    size = (size + 7) / 8;
    is(pubKeyData.length, (unsigned)size * 2 + 1, "pubkey data has expected length");

    id importedPubKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)pubKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPublic}, (void *)&error));
    ok(importedPubKey, "import public key, %@", error);
    ok(SecKeyVerifySignature((SecKeyRef)importedPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);

    error = nil;
    NSData *privKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)privKey, (void *)&error));
    ok(privKeyData, "export privKey, %@", error);
    is(privKeyData.length, (unsigned)size * 3 + 1, "privkey data has expected length");

    error = nil;
    id importedPrivKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)privKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
    ok(importedPrivKey, "import privKey, %@", error);

    id importedPrivKeyPubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)importedPrivKey));
    error = nil;
    ok(SecKeyVerifySignature((SecKeyRef)importedPrivKeyPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);
}
static const int TestExportImportRun = 10;

static void test_export_import() {
    test_export_import_run(192);
    test_export_import_run(256);
    test_export_import_run(521);
}
static const int TestExportImport = TestExportImportRun * 3;

static void test_sign_digest_run(id privKey, ccec_const_cp_t cp, SecKeyAlgorithm algorithm, const struct ccdigest_info *di) {
    ok(SecKeyIsAlgorithmSupported((SecKeyRef)privKey, kSecKeyOperationTypeSign, algorithm), "algorithm %@ should be supported", algorithm);

    NSError *error;
    NSData *digest = [NSMutableData dataWithLength:di ? di->output_size : 50];

    error = nil;
    NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
    ok(signature != nil, "signing failed: %@", error);

    error = nil;
    id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
    NSData *pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)publicKey, (void *)&error));
    ok(pubKeyData, "export public key: %@", error);
    ccec_pub_ctx_decl_cp(cp, pubkey);
    ok(ccec_x963_import_pub(cp, pubKeyData.length, pubKeyData.bytes, pubkey) == 0, "error importing cc ec key");
    bool valid = false;
    is(ccec_verify(pubkey, digest.length, digest.bytes, signature.length, signature.bytes, &valid), 0, "ccec_verify");
    is(valid, true, "ccec_verify detected bad signature");

    if (di != NULL) {
        error = nil;
        digest = [NSMutableData dataWithLength:di->output_size + 1];
        signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
        is(signature, nil, "signing long digest fails");
        is(error.code, errSecParam, "wrong error for long digest: %@", error);

        error = nil;
        digest = [NSMutableData dataWithLength:di->output_size - 1];
        signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
        is(signature, nil, "signing short digest fails");
        is(error.code, errSecParam, "wrong error for short digest: %@", error);
    } else {
        // Balance count of tests
        ok(true);
        ok(true);
        ok(true);
        ok(true);
    }
}
static const int TestSignDigestRun = 10;

static void test_sign_digest() {

    NSError *error = nil;
    id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @192}, (void *)&error));
    ok(privateKey, "key properly generated: %@", error);

    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
    test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());

    privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @256}, (void *)&error));
    ok(privateKey, "key properly generated: %@", error);

    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
    test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());


    privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @521}, (void *)&error));
    ok(privateKey, "key properly generated: %@", error);

    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
    test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
}
static const int TestSignDigest = TestSignDigestRun * 18 + 3;

static const int TestCount =
TestExportImport +
TestSignDigest;

int si_44_seckey_ec(int argc, char *const *argv) {
    plan_tests(TestCount);

    @autoreleasepool {
        test_export_import();
        test_sign_digest();
    }
    
    return 0;
}
Commit	Line	Data
fa7225c8 A	1	/*
	2	* Copyright (c) 2016 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	#import <Foundation/Foundation.h>
	26
866f8763 A	27	#import <corecrypto/ccsha1.h>
	28	#import <corecrypto/ccsha2.h>
	29	#import <corecrypto/ccec.h>
	30
fa7225c8 A	31	#include "shared_regressions.h"
	32
	33	static void test_export_import_run(int size) {
	34	NSError *error;
	35	id privKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(size)}, (void *)&error));
	36	ok(privKey, "generate private key (size %d, error %@)", size, error);
	37
	38	NSData *message = [NSData dataWithBytes:"hello" length:5];
	39	error = nil;
	40	NSData signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (void )&error));
	41	ok(signature, "create signature, %@", error);
	42
	43	id pubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
	44	error = nil;
	45	NSData pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)pubKey, (void )&error));
	46	ok(pubKeyData, "export public key, %@", error);
	47	size = (size + 7) / 8;
	48	is(pubKeyData.length, (unsigned)size * 2 + 1, "pubkey data has expected length");
	49
	50	id importedPubKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)pubKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPublic}, (void *)&error));
	51	ok(importedPubKey, "import public key, %@", error);
	52	ok(SecKeyVerifySignature((SecKeyRef)importedPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);
	53
	54	error = nil;
	55	NSData privKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)privKey, (void )&error));
	56	ok(privKeyData, "export privKey, %@", error);
	57	is(privKeyData.length, (unsigned)size * 3 + 1, "privkey data has expected length");
	58
	59	error = nil;
	60	id importedPrivKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)privKeyData, (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
	61	ok(importedPrivKey, "import privKey, %@", error);
	62
	63	id importedPrivKeyPubKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)importedPrivKey));
	64	error = nil;
	65	ok(SecKeyVerifySignature((SecKeyRef)importedPrivKeyPubKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1, (CFDataRef)message, (CFDataRef)signature, (void *)&error), "verify signature, %@", error);
	66	}
	67	static const int TestExportImportRun = 10;
	68
	69	static void test_export_import() {
	70	test_export_import_run(192);
	71	test_export_import_run(256);
	72	test_export_import_run(521);
	73	}
	74	static const int TestExportImport = TestExportImportRun * 3;
	75
866f8763 A	76	static void test_sign_digest_run(id privKey, ccec_const_cp_t cp, SecKeyAlgorithm algorithm, const struct ccdigest_info *di) {
	77	ok(SecKeyIsAlgorithmSupported((SecKeyRef)privKey, kSecKeyOperationTypeSign, algorithm), "algorithm %@ should be supported", algorithm);
	78
	79	NSError *error;
	80	NSData *digest = [NSMutableData dataWithLength:di ? di->output_size : 50];
	81
	82	error = nil;
	83	NSData signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void )&error));
	84	ok(signature != nil, "signing failed: %@", error);
	85
	86	error = nil;
	87	id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privKey));
	88	NSData pubKeyData = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)publicKey, (void )&error));
	89	ok(pubKeyData, "export public key: %@", error);
	90	ccec_pub_ctx_decl_cp(cp, pubkey);
	91	ok(ccec_x963_import_pub(cp, pubKeyData.length, pubKeyData.bytes, pubkey) == 0, "error importing cc ec key");
	92	bool valid = false;
	93	is(ccec_verify(pubkey, digest.length, digest.bytes, signature.length, signature.bytes, &valid), 0, "ccec_verify");
	94	is(valid, true, "ccec_verify detected bad signature");
	95
	96	if (di != NULL) {
	97	error = nil;
	98	digest = [NSMutableData dataWithLength:di->output_size + 1];
	99	signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
	100	is(signature, nil, "signing long digest fails");
	101	is(error.code, errSecParam, "wrong error for long digest: %@", error);
	102
	103	error = nil;
	104	digest = [NSMutableData dataWithLength:di->output_size - 1];
	105	signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privKey, algorithm, (CFDataRef)digest, (void *)&error));
	106	is(signature, nil, "signing short digest fails");
	107	is(error.code, errSecParam, "wrong error for short digest: %@", error);
	108	} else {
	109	// Balance count of tests
	110	ok(true);
	111	ok(true);
	112	ok(true);
	113	ok(true);
	114	}
	115	}
	116	static const int TestSignDigestRun = 10;
	117
	118	static void test_sign_digest() {
	119
	120	NSError *error = nil;
	121	id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @192}, (void *)&error));
	122	ok(privateKey, "key properly generated: %@", error);
	123
	124	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
	125	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
	126	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
	127	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
	128	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
	129	test_sign_digest_run(privateKey, ccec_cp_192(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
	130
	131	privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @256}, (void *)&error));
	132	ok(privateKey, "key properly generated: %@", error);
	133
	134	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
	135	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
	136	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
	137	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
	138	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
	139	test_sign_digest_run(privateKey, ccec_cp_256(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
140
141
142	privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @521}, (void *)&error));
143	ok(privateKey, "key properly generated: %@", error);
144
145	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962, NULL);
146	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA1, ccsha1_di());
147	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA224, ccsha224_di());
148	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA256, ccsha256_di());
149	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA384, ccsha384_di());
150	test_sign_digest_run(privateKey, ccec_cp_521(), kSecKeyAlgorithmECDSASignatureDigestX962SHA512, ccsha512_di());
151	}
152	static const int TestSignDigest = TestSignDigestRun * 18 + 3;
153
154	static const int TestCount =
155	TestExportImport +
156	TestSignDigest;
157
fa7225c8 A	158	int si_44_seckey_ec(int argc, char const argv) {
	159	plan_tests(TestCount);
	160
	161	@autoreleasepool {
	162	test_export_import();
866f8763	163	test_sign_digest();
fa7225c8 A	164	}
	165
	166	return 0;
	167	}