[apple/security.git] / OSX / shared_regressions / si-44-seckey-rsa.m

/*
 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */


#import <Foundation/Foundation.h>

#import <Security/SecKeyPriv.h>
#import <Security/oidsalg.h>

#include "shared_regressions.h"

static NSData *decryptAndUnpad(SecKeyRef privateKey, SecKeyAlgorithm algorithm, NSData *ciphertext, NSError **error) {
    NSData *plaintext = CFBridgingRelease(SecKeyCreateDecryptedData(privateKey, algorithm, (CFDataRef)ciphertext, (void *)error));
    if (plaintext != nil && [(__bridge id)algorithm isEqual:(id)kSecKeyAlgorithmRSAEncryptionRaw]) {
        NSRange range = NSMakeRange(0, plaintext.length);
        while (((const UInt8 *)plaintext.bytes)[range.location] == 0x00 && range.location < plaintext.length) {
            range.length--;
            range.location++;
        }
        plaintext = [plaintext subdataWithRange:range];
    }
    return plaintext;
}

static void test_encrypt_run(SecKeyRef privateKey, SecKeyRef publicKey, SecKeyRef iosPrivateKey, SecKeyRef iosPublicKey, SecKeyAlgorithm algorithm) {
    NSData *original = [NSData dataWithBytes:"encrypt" length:7], *plaintext;
    NSError *error;

    error = nil;
    NSData *ciphertext = CFBridgingRelease(SecKeyCreateEncryptedData(publicKey, algorithm, (CFDataRef)original, (void *)&error));
    ok(ciphertext != nil, "RSA encrypt (native) succeeded (error: %@, key %@)", error, publicKey);

    error = nil;
    NSData *iosCiphertext = CFBridgingRelease(SecKeyCreateEncryptedData(iosPublicKey, algorithm, (CFDataRef)original, (void *)&error));
    ok(iosCiphertext != nil, "RSA encrypt (native) succeeded (error: %@, key %@)", error, iosPublicKey);

    error = nil;
    plaintext = decryptAndUnpad(privateKey, algorithm, ciphertext, &error);
    ok(plaintext != nil, "RSA decrypt (native) succeeded (error: %@, key %@)", error, privateKey);
    ok([plaintext isEqual:original], "(native -> native) plaintext equals original (%@ : %@)", original, plaintext);

    error = nil;
    plaintext = decryptAndUnpad(privateKey, algorithm, iosCiphertext, &error);
    ok(plaintext != nil, "RSA decrypt (native) succeeded (error: %@, key %@)", error, privateKey);
    ok([plaintext isEqual:original], "(ios -> native) plaintext equals original (%@ : %@)", original, plaintext);

    error = nil;
    plaintext = decryptAndUnpad(iosPrivateKey, algorithm, ciphertext, &error);
    ok(plaintext != nil, "RSA decrypt (ios) succeeded (error: %@, key %@)", error, privateKey);
    ok([plaintext isEqual:original], "(native -> ios) plaintext equals original (%@ : %@)", original, plaintext);

    error = nil;
    plaintext = decryptAndUnpad(iosPrivateKey, algorithm, iosCiphertext, &error);
    ok(plaintext != nil, "RSA decrypt (ios) succeeded (error: %@, key %@)", error, privateKey);
    ok([plaintext isEqual:original], "(ios -> ios) plaintext equals original (%@ : %@)", original, plaintext);
}
static const int TestCountEncryptRun = 10;

static void test_encrypt_keypair_run(int keySizeInBits, NSArray *algorithms, NSArray *failAlgorithms) {
    NSError *error;
    NSDictionary *params = @{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(keySizeInBits)};

    error = nil;
    id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
    ok(privateKey != nil, "generate private key (error %@)", error);

    id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));
    ok(publicKey != nil, "get public key");

    NSData *data = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)privateKey, NULL));
    NSDictionary *attrs = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)privateKey));
    error = nil;
    id iosPrivateKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)data, (CFDictionaryRef)attrs, (void *)&error));
    ok(iosPrivateKey != nil, "get private key created from data");

    data = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)publicKey, NULL));
    attrs = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)publicKey));
    error = nil;
    id iosPublicKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)data, (CFDictionaryRef)attrs, (void *)&error));
    ok(iosPublicKey != nil, "get public key created from data");

    for (id algorithm in algorithms) {
        test_encrypt_run((__bridge SecKeyRef)privateKey, (__bridge SecKeyRef)publicKey,
                         (__bridge SecKeyRef)iosPrivateKey, (__bridge SecKeyRef)iosPublicKey,
                         (__bridge SecKeyAlgorithm)algorithm);
    }

    for (id algorithm in failAlgorithms) {
        error = nil;
        NSData *data = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, (SecKeyAlgorithm)algorithm, (CFDataRef)[NSData data], (void *)&error));
        ok(data == nil && error.code == errSecParam, "incorrect algorithm refused");
    }
}
static const int TestCountEncryptKeypairRun = 4;

static void test_encryption() {
    test_encrypt_keypair_run(1024,
                             @[
                               (id)kSecKeyAlgorithmRSAEncryptionRaw,
                               (id)kSecKeyAlgorithmRSAEncryptionPKCS1,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
                               ],
                             @[
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
                               ]);

    test_encrypt_keypair_run(2048,
                             @[
                               (id)kSecKeyAlgorithmRSAEncryptionRaw,
                               (id)kSecKeyAlgorithmRSAEncryptionPKCS1,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
                               (id)kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
                               ],
                             @[
                               ]);
}
static const int TestCountEncryption =
TestCountEncryptKeypairRun + (TestCountEncryptRun * 6) + (1 * 1) +
TestCountEncryptKeypairRun + (TestCountEncryptRun * 7) + (1 * 0);

static void test_bad_input(NSInteger keySizeInBits, NSInteger inputSize, SecKeyAlgorithm algorithm) {
    NSError *error;
    NSDictionary *params = @{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(keySizeInBits)};

    error = nil;
    id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
    ok(privateKey != nil, "generate private key (error %@)", error);
    id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));

    NSData *input, *output;

    error = nil;
    input = [NSMutableData dataWithLength:inputSize];
    output = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, algorithm, (CFDataRef)input, (void *)&error));
    ok(output, "encryption succeeds at the border size %d (key=%dbytes, %@)", (int)input.length, (int)keySizeInBits / 8, algorithm);
    is((NSInteger)output.length, keySizeInBits / 8, "Unexpected output block size");

    input = [NSMutableData dataWithLength:inputSize + 1];
    output = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, algorithm, (CFDataRef)input, (void *)&error));
    ok(output == nil, "encryption did not fail for border size %d (key=%dbytes, output=%dbytes, %@)", (int)input.length, (int)keySizeInBits / 8, (int)output.length, algorithm);
    is_status((OSStatus)error.code, errSecParam, "Fails with errSecParam for too long input (%@)", algorithm);
}
static const int TestCountBadInputSizeStep = 5;

static void test_bad_input_size() {
    test_bad_input(1024, 128, kSecKeyAlgorithmRSAEncryptionRaw);
    test_bad_input(2048, 256, kSecKeyAlgorithmRSAEncryptionRaw);
    test_bad_input(1024, 128 - 11, kSecKeyAlgorithmRSAEncryptionPKCS1);
    test_bad_input(2048, 256 - 11, kSecKeyAlgorithmRSAEncryptionPKCS1);
    test_bad_input(1024, 128 - 42, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
    test_bad_input(2048, 256 - 42, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
    test_bad_input(1024, 128 - 66, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
    test_bad_input(2048, 256 - 66, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
}
static const int TestCountBadInputSize = TestCountBadInputSizeStep * 8;

static void test_bad_signature() {
    NSDictionary *params = @{ (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @2048 };
    NSError *error;
    id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
    ok(privateKey, "Generate RSA-2048 temporary key, err %@", error);
    id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));
    ok(publicKey, "Get public key from private key");

#if TARGET_OS_IPHONE
    SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1;
#else
    SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1;
#endif

    char digest[20] = "digest";
    NSData *digestData = [NSData dataWithBytes:digest length:sizeof(digest)];
    NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, algorithm, (CFDataRef)digestData, (void *)&error));
    ok(signature, "Sign digest, err %@", error);

    bool result = SecKeyVerifySignature((SecKeyRef)publicKey, algorithm, (CFDataRef)digestData, (CFDataRef)signature, (void *)&error);
    ok(result, "Verify signature, err %@", error);

    OSStatus status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
    ok_status(status, "Raw verify correct signature");

    status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t *)digest, sizeof(digest), (void  * _Nonnull)NULL, 0);
    is_status(status, errSSLCrypto, "NULL signature failure");

    const SecAsn1AlgId algId = { .algorithm = CSSMOID_SHA1WithRSA };
    signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1, (CFDataRef)digestData, (void *)&error));
    ok(signature, "Sign message, err %@", error);

    status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
    ok_status(status, "Raw verify correct signature");

    status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), (void * _Nonnull)NULL, 0);
    is_status(status, errSSLCrypto, "NULL signature failure");

    signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, (CFDataRef)digestData, (void *)&error));
    ok(signature, "Sign message, err %@", error);

    status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
    ok_status(status, "Raw verify correct signature");

    status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), (void * _Nonnull)NULL, 0);
    is_status(status, errSSLCrypto, "NULL signature failure");
}
static const int TestCountBadSignature = 12;

static const int TestCount =
TestCountEncryption +
TestCountBadInputSize +
TestCountBadSignature;

int si_44_seckey_rsa(int argc, char *const *argv) {
    plan_tests(TestCount);

    @autoreleasepool {
        test_encryption();
        test_bad_input_size();
        test_bad_signature();
    }
    
    return 0;
}
Commit	Line	Data
fa7225c8 A	1	/*
	2	* Copyright (c) 2016 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	#import <Foundation/Foundation.h>
	26
6b200bc3 A	27	#import <Security/SecKeyPriv.h>
	28	#import <Security/oidsalg.h>
	29
fa7225c8 A	30	#include "shared_regressions.h"
	31
	32	static NSData decryptAndUnpad(SecKeyRef privateKey, SecKeyAlgorithm algorithm, NSData ciphertext, NSError **error) {
	33	NSData plaintext = CFBridgingRelease(SecKeyCreateDecryptedData(privateKey, algorithm, (CFDataRef)ciphertext, (void )error));
	34	if (plaintext != nil && [(__bridge id)algorithm isEqual:(id)kSecKeyAlgorithmRSAEncryptionRaw]) {
	35	NSRange range = NSMakeRange(0, plaintext.length);
	36	while (((const UInt8 *)plaintext.bytes)[range.location] == 0x00 && range.location < plaintext.length) {
	37	range.length--;
	38	range.location++;
	39	}
	40	plaintext = [plaintext subdataWithRange:range];
	41	}
	42	return plaintext;
	43	}
	44
	45	static void test_encrypt_run(SecKeyRef privateKey, SecKeyRef publicKey, SecKeyRef iosPrivateKey, SecKeyRef iosPublicKey, SecKeyAlgorithm algorithm) {
	46	NSData original = [NSData dataWithBytes:"encrypt" length:7], plaintext;
	47	NSError *error;
	48
	49	error = nil;
	50	NSData ciphertext = CFBridgingRelease(SecKeyCreateEncryptedData(publicKey, algorithm, (CFDataRef)original, (void )&error));
	51	ok(ciphertext != nil, "RSA encrypt (native) succeeded (error: %@, key %@)", error, publicKey);
	52
	53	error = nil;
	54	NSData iosCiphertext = CFBridgingRelease(SecKeyCreateEncryptedData(iosPublicKey, algorithm, (CFDataRef)original, (void )&error));
	55	ok(iosCiphertext != nil, "RSA encrypt (native) succeeded (error: %@, key %@)", error, iosPublicKey);
	56
	57	error = nil;
	58	plaintext = decryptAndUnpad(privateKey, algorithm, ciphertext, &error);
	59	ok(plaintext != nil, "RSA decrypt (native) succeeded (error: %@, key %@)", error, privateKey);
	60	ok([plaintext isEqual:original], "(native -> native) plaintext equals original (%@ : %@)", original, plaintext);
	61
	62	error = nil;
	63	plaintext = decryptAndUnpad(privateKey, algorithm, iosCiphertext, &error);
	64	ok(plaintext != nil, "RSA decrypt (native) succeeded (error: %@, key %@)", error, privateKey);
	65	ok([plaintext isEqual:original], "(ios -> native) plaintext equals original (%@ : %@)", original, plaintext);
	66
	67	error = nil;
	68	plaintext = decryptAndUnpad(iosPrivateKey, algorithm, ciphertext, &error);
	69	ok(plaintext != nil, "RSA decrypt (ios) succeeded (error: %@, key %@)", error, privateKey);
	70	ok([plaintext isEqual:original], "(native -> ios) plaintext equals original (%@ : %@)", original, plaintext);
	71
	72	error = nil;
	73	plaintext = decryptAndUnpad(iosPrivateKey, algorithm, iosCiphertext, &error);
	74	ok(plaintext != nil, "RSA decrypt (ios) succeeded (error: %@, key %@)", error, privateKey);
	75	ok([plaintext isEqual:original], "(ios -> ios) plaintext equals original (%@ : %@)", original, plaintext);
	76	}
	77	static const int TestCountEncryptRun = 10;
	78
	79	static void test_encrypt_keypair_run(int keySizeInBits, NSArray algorithms, NSArray failAlgorithms) {
	80	NSError *error;
	81	NSDictionary *params = @{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(keySizeInBits)};
	82
	83	error = nil;
	84	id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
	85	ok(privateKey != nil, "generate private key (error %@)", error);
	86
	87	id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));
	88	ok(publicKey != nil, "get public key");
	89
	90	NSData *data = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)privateKey, NULL));
	91	NSDictionary *attrs = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)privateKey));
	92	error = nil;
	93	id iosPrivateKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)data, (CFDictionaryRef)attrs, (void *)&error));
94	ok(iosPrivateKey != nil, "get private key created from data");
95
96	data = CFBridgingRelease(SecKeyCopyExternalRepresentation((SecKeyRef)publicKey, NULL));
97	attrs = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)publicKey));
98	error = nil;
99	id iosPublicKey = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)data, (CFDictionaryRef)attrs, (void *)&error));
100	ok(iosPublicKey != nil, "get public key created from data");
101
102	for (id algorithm in algorithms) {
103	test_encrypt_run((__bridge SecKeyRef)privateKey, (__bridge SecKeyRef)publicKey,
104	(__bridge SecKeyRef)iosPrivateKey, (__bridge SecKeyRef)iosPublicKey,
105	(__bridge SecKeyAlgorithm)algorithm);
106	}
107
108	for (id algorithm in failAlgorithms) {
109	error = nil;
110	NSData data = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, (SecKeyAlgorithm)algorithm, (CFDataRef)[NSData data], (void )&error));
111	ok(data == nil && error.code == errSecParam, "incorrect algorithm refused");
112	}
113	}
114	static const int TestCountEncryptKeypairRun = 4;
115
116	static void test_encryption() {
117	test_encrypt_keypair_run(1024,
118	@[
119	(id)kSecKeyAlgorithmRSAEncryptionRaw,
120	(id)kSecKeyAlgorithmRSAEncryptionPKCS1,
121	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
122	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
123	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
124	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
125	],
126	@[
127	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
128	]);
129
130	test_encrypt_keypair_run(2048,
131	@[
132	(id)kSecKeyAlgorithmRSAEncryptionRaw,
133	(id)kSecKeyAlgorithmRSAEncryptionPKCS1,
134	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
135	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
136	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
137	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
138	(id)kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
139	],
140	@[
141	]);
142	}
143	static const int TestCountEncryption =
144	TestCountEncryptKeypairRun + (TestCountEncryptRun * 6) + (1 * 1) +
145	TestCountEncryptKeypairRun + (TestCountEncryptRun * 7) + (1 * 0);
146
b04fe171 A	147	static void test_bad_input(NSInteger keySizeInBits, NSInteger inputSize, SecKeyAlgorithm algorithm) {
	148	NSError *error;
	149	NSDictionary *params = @{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(keySizeInBits)};
	150
	151	error = nil;
	152	id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
	153	ok(privateKey != nil, "generate private key (error %@)", error);
	154	id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));
	155
	156	NSData input, output;
	157
	158	error = nil;
	159	input = [NSMutableData dataWithLength:inputSize];
	160	output = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, algorithm, (CFDataRef)input, (void *)&error));
	161	ok(output, "encryption succeeds at the border size %d (key=%dbytes, %@)", (int)input.length, (int)keySizeInBits / 8, algorithm);
	162	is((NSInteger)output.length, keySizeInBits / 8, "Unexpected output block size");
	163
	164	input = [NSMutableData dataWithLength:inputSize + 1];
	165	output = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)publicKey, algorithm, (CFDataRef)input, (void *)&error));
	166	ok(output == nil, "encryption did not fail for border size %d (key=%dbytes, output=%dbytes, %@)", (int)input.length, (int)keySizeInBits / 8, (int)output.length, algorithm);
	167	is_status((OSStatus)error.code, errSecParam, "Fails with errSecParam for too long input (%@)", algorithm);
	168	}
	169	static const int TestCountBadInputSizeStep = 5;
	170
	171	static void test_bad_input_size() {
	172	test_bad_input(1024, 128, kSecKeyAlgorithmRSAEncryptionRaw);
	173	test_bad_input(2048, 256, kSecKeyAlgorithmRSAEncryptionRaw);
	174	test_bad_input(1024, 128 - 11, kSecKeyAlgorithmRSAEncryptionPKCS1);
	175	test_bad_input(2048, 256 - 11, kSecKeyAlgorithmRSAEncryptionPKCS1);
	176	test_bad_input(1024, 128 - 42, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
	177	test_bad_input(2048, 256 - 42, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
	178	test_bad_input(1024, 128 - 66, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
	179	test_bad_input(2048, 256 - 66, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
	180	}
	181	static const int TestCountBadInputSize = TestCountBadInputSizeStep * 8;
	182
6b200bc3 A	183	static void test_bad_signature() {
	184	NSDictionary *params = @{ (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @2048 };
	185	NSError *error;
	186	id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error));
	187	ok(privateKey, "Generate RSA-2048 temporary key, err %@", error);
	188	id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey));
	189	ok(publicKey, "Get public key from private key");
	190
	191	#if TARGET_OS_IPHONE
	192	SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1;
	193	#else
	194	SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1;
	195	#endif
	196
	197	char digest[20] = "digest";
	198	NSData *digestData = [NSData dataWithBytes:digest length:sizeof(digest)];
	199	NSData signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, algorithm, (CFDataRef)digestData, (void )&error));
	200	ok(signature, "Sign digest, err %@", error);
	201
	202	bool result = SecKeyVerifySignature((SecKeyRef)publicKey, algorithm, (CFDataRef)digestData, (CFDataRef)signature, (void *)&error);
	203	ok(result, "Verify signature, err %@", error);
	204
	205	OSStatus status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
	206	ok_status(status, "Raw verify correct signature");
	207
	208	status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t )digest, sizeof(digest), (void _Nonnull)NULL, 0);
	209	is_status(status, errSSLCrypto, "NULL signature failure");
	210
	211	const SecAsn1AlgId algId = { .algorithm = CSSMOID_SHA1WithRSA };
	212	signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1, (CFDataRef)digestData, (void *)&error));
	213	ok(signature, "Sign message, err %@", error);
	214
	215	status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
	216	ok_status(status, "Raw verify correct signature");
	217
	218	status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t )digest, sizeof(digest), (void _Nonnull)NULL, 0);
	219	is_status(status, errSSLCrypto, "NULL signature failure");
	220
	221	signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, (CFDataRef)digestData, (void *)&error));
	222	ok(signature, "Sign message, err %@", error);
	223
	224	status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length);
	225	ok_status(status, "Raw verify correct signature");
	226
	227	status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t )digest, sizeof(digest), (void _Nonnull)NULL, 0);
	228	is_status(status, errSSLCrypto, "NULL signature failure");
	229	}
	230	static const int TestCountBadSignature = 12;
	231
b04fe171 A	232	static const int TestCount =
b04fe171 A	233	TestCountEncryption +
6b200bc3 A	234	TestCountBadInputSize +
6b200bc3 A	235	TestCountBadSignature;
b04fe171	236
fa7225c8 A	237	int si_44_seckey_rsa(int argc, char const argv) {
	238	plan_tests(TestCount);
	239
	240	@autoreleasepool {
	241	test_encryption();
b04fe171	242	test_bad_input_size();
6b200bc3	243	test_bad_signature();
fa7225c8 A	244	}
	245
	246	return 0;
	247	}