]> git.saurik.com Git - apple/security.git/blob - OSX/shared_regressions/si-44-seckey-proxy.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.230.21.tar.gz
[apple/security.git] / OSX / shared_regressions / si-44-seckey-proxy.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #import <Foundation/Foundation.h>
26 #import <Security/SecKeyPriv.h>
27 #import <Security/SecIdentityPriv.h>
28 #import <Security/SecKeyProxy.h>
29
30 #import "shared_regressions.h"
31
32 static void test_key_proxy_connect() {
33 NSError *error;
34 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
35 ok(serverKey != NULL, "generated local ec256 keypair");
36 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
37 SecKeyRef localKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
38 isnt(localKey, NULL, "connected to remote key, error %@", error);
39 ok(CFGetTypeID(localKey) == SecKeyGetTypeID(), "Connected key is really SecKey");
40
41 // Try another connection to the proxy.
42 SecKeyRef secondKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
43 isnt(secondKey, NULL, "2nd connection should not be refused");
44 isnt(SecKeyGetBlockSize(secondKey), (size_t)0, "2nd connections working normally");
45
46 // Even after deleting (not invalidating!) proxy, existing connections should work right.
47 NSXPCListenerEndpoint *endpoint = keyProxy.endpoint;
48 keyProxy = nil;
49
50 // However, connection to it should not be possible any more.
51 CFRelease(secondKey);
52 secondKey = [SecKeyProxy createKeyFromEndpoint:endpoint error:&error];
53 is(secondKey, NULL, "connecting to deleted proxy should not be possible");
54
55 // Create new proxy and invalidate it (idempotent, so we try invalidate multiple times).
56 keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
57 [keyProxy invalidate];
58 [keyProxy invalidate];
59 secondKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
60 is(secondKey, NULL, "connection to invalidated proxy should be refused.");
61
62 // Invalidate connected proxy, make sure that remote key does not work as expected.
63 keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
64 secondKey = [SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error];
65 isnt(secondKey, NULL, "connecting to proxy failed.");
66
67 is(SecKeyGetBlockSize((__bridge SecKeyRef)serverKey), SecKeyGetBlockSize(secondKey), "connected key should work fine");
68 [keyProxy invalidate];
69 is(SecKeyGetBlockSize(secondKey), (size_t)0, "disconnected key should fail");
70 CFRelease(secondKey);
71 }
72 static const int TestKeyProxyConnectCount = 10;
73
74 static void test_key_proxy_simple_ops() {
75 NSError *error;
76 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
77 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
78 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
79 NSDictionary *serverAttributes = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)serverKey));
80 NSDictionary *localAttributes = CFBridgingRelease(SecKeyCopyAttributes((SecKeyRef)localKey));
81 isnt(localAttributes, nil, "attributes for local remote key failed");
82 ok([serverAttributes isEqual:localAttributes], "local and remote attributes should be identical");
83
84 // Just call description, there is no sane way to test the contents, not crashing is enough.
85 CFBridgingRelease(CFCopyDescription((SecKeyRef)localKey));
86
87 is(SecKeyGetAlgorithmId((__bridge SecKeyRef)serverKey), SecKeyGetAlgorithmId((__bridge SecKeyRef)localKey), "GetAlgorithmId failed for remote");
88 }
89 static const int TestKeyProxySimpleOpsCount = 3;
90
91 static void test_crypto_sign(id key1, id key2, SecKeyAlgorithm algorithm) {
92 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
93 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
94 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
95 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
96
97 NSData *message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
98 NSError *error;
99 NSData *signature1 = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key1, algorithm, (CFDataRef)message, (void *)&error));
100 isnt(signature1, nil, "failed to sign data with algorithm %@: %@", algorithm, error);
101 ok(SecKeyVerifySignature((SecKeyRef)pk2, algorithm, (CFDataRef)message, (CFDataRef)signature1, (void *)&error), "failed to verify data with algorithm %@: %@", algorithm, error);
102
103 message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
104 error = nil;
105 NSData *signature2 = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)key2, algorithm, (CFDataRef)message, (void *)&error));
106 isnt(signature2, nil, "failed to sign data with algorithm %@: %@", algorithm, error);
107 ok(SecKeyVerifySignature((SecKeyRef)pk1, algorithm, (CFDataRef)message, (CFDataRef)signature1, (void *)&error), "failed to verify data with algorithm %@: %@", algorithm, error);
108 }
109 static const int TestKeyCryptoSignCount = 6;
110
111 static void test_crypto_encrypt(id key1, id key2, SecKeyAlgorithm algorithm) {
112 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
113 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
114 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
115 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
116
117 NSData *message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
118 NSError *error;
119 NSData *ciphertext1 = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)pk1, algorithm, (CFDataRef)message, (void *)&error));
120 isnt(ciphertext1, nil, "failed to encrypt data with algorithm %@: %@", algorithm, error);
121 NSData *plaintext1 = CFBridgingRelease(SecKeyCreateDecryptedData((SecKeyRef)key2, algorithm, (CFDataRef)ciphertext1, (void *)&error));
122 ok([plaintext1 isEqualToData:message], "encrypt/decrypt differs from message: %@ vs %@", message, plaintext1);
123
124 message = [@"Hello" dataUsingEncoding:NSUTF8StringEncoding];
125 error = nil;
126 NSData *ciphertext2 = CFBridgingRelease(SecKeyCreateEncryptedData((SecKeyRef)pk2, algorithm, (CFDataRef)message, (void *)&error));
127 isnt(ciphertext2, nil, "failed to encrypt data with algorithm %@: %@", algorithm, error);
128 NSData *plaintext2 = CFBridgingRelease(SecKeyCreateDecryptedData((SecKeyRef)key1, algorithm, (CFDataRef)ciphertext2, (void *)&error));
129 ok([plaintext2 isEqualToData:message], "encrypt/decrypt differs from message: %@ vs %@", message, plaintext2);
130 }
131 static const int TestKeyCryptoEncryptCount = 6;
132
133 static void test_crypto_kxchg(id key1, id key2, SecKeyAlgorithm algorithm) {
134 id pk1 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key1));
135 isnt(pk1, nil, "failed to get pubkey from key %@", key1);
136 id pk2 = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)key2));
137 isnt(pk2, nil, "failed to get pubkey from key %@", key2);
138
139 NSError *error;
140 NSData *result1 = CFBridgingRelease(SecKeyCopyKeyExchangeResult((SecKeyRef)key1, algorithm, (SecKeyRef)pk2, (CFDictionaryRef)@{}, (void *)&error));
141 isnt(result1, nil, "failed to keyexchange data with algorithm %@: %@", algorithm, error);
142 NSData *result2 = CFBridgingRelease(SecKeyCopyKeyExchangeResult((SecKeyRef)key2, algorithm, (SecKeyRef)pk1, (CFDictionaryRef)@{}, (void *)&error));
143 isnt(result1, nil, "failed to keyexchange data with algorithm %@: %@", algorithm, error);
144 ok([result1 isEqualToData:result2], "keyexchange results differ!");
145 }
146 static const int TestKeyCryptoKeyExchange = 5;
147
148 static void test_key_proxy_crypto_ops_RSA() {
149 NSError *error;
150 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @(2048)}, (void *)&error));
151 ok(serverKey != NULL, "generated local rsa2048 keypair: %@", error);
152 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
153 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
154 isnt(localKey, NULL, "connected to remote key, error %@", error);
155
156 test_crypto_sign(localKey, serverKey, kSecKeyAlgorithmRSASignatureMessagePSSSHA1);
157 test_crypto_sign(serverKey, localKey, kSecKeyAlgorithmRSASignatureMessagePSSSHA256);
158
159 test_crypto_encrypt(localKey, serverKey, kSecKeyAlgorithmRSAEncryptionOAEPSHA1);
160 test_crypto_encrypt(serverKey, localKey, kSecKeyAlgorithmRSAEncryptionOAEPSHA256);
161 }
162 static const int TestKeyCryptoOpsRSACount = 2 + TestKeyCryptoSignCount * 2 + TestKeyCryptoEncryptCount * 2;
163
164 static void test_key_proxy_crypto_ops_EC() {
165 NSError *error;
166 id serverKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @(256)}, (void *)&error));
167 ok(serverKey != NULL, "generated local ec256 keypair: %@", error);
168 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)serverKey];
169 id localKey = CFBridgingRelease([SecKeyProxy createKeyFromEndpoint:keyProxy.endpoint error:&error]);
170 isnt(localKey, NULL, "connected to remote key, error %@", error);
171
172 test_crypto_sign(localKey, serverKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA1);
173 test_crypto_sign(serverKey, localKey, kSecKeyAlgorithmECDSASignatureMessageX962SHA256);
174
175 test_crypto_encrypt(localKey, serverKey, kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM);
176 test_crypto_encrypt(serverKey, localKey, kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM);
177
178 test_crypto_kxchg(localKey, serverKey, kSecKeyAlgorithmECDHKeyExchangeStandard);
179 }
180 static const int TestKeyCryptoOpsECCount = 2 + TestKeyCryptoSignCount * 2 + TestKeyCryptoEncryptCount * 2 + TestKeyCryptoKeyExchange * 1;
181
182 /*
183 Bag Attributes
184 friendlyName: uranusLeaf
185 localKeyID: 46 E0 8A 05 63 4D 17 3F CA A4 AA B6 5A DA CF BA 84 22 7C 23
186 subject=/CN=uranusLeaf/emailAddress=uranus@uranus.com
187 issuer=/CN=plutoCA/emailAddress=pluto@pluto.com
188 */
189 static const uint8_t _c1[] = {
190 0x30, 0x82, 0x02, 0xe0, 0x30, 0x82, 0x01, 0xc8,
191 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
192 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
193 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x30, 0x32, 0x31,
194 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03,
195 0x0c, 0x07, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x43,
196 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a,
197 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
198 0x0c, 0x0f, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x40,
199 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x2e, 0x63, 0x6f,
200 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x35, 0x31,
201 0x32, 0x31, 0x37, 0x30, 0x30, 0x30, 0x34, 0x32,
202 0x35, 0x5a, 0x17, 0x0d, 0x30, 0x36, 0x31, 0x32,
203 0x31, 0x37, 0x30, 0x30, 0x30, 0x34, 0x32, 0x35,
204 0x5a, 0x30, 0x37, 0x31, 0x13, 0x30, 0x11, 0x06,
205 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0a, 0x75, 0x72,
206 0x61, 0x6e, 0x75, 0x73, 0x4c, 0x65, 0x61, 0x66,
207 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86,
208 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x0c,
209 0x11, 0x75, 0x72, 0x61, 0x6e, 0x75, 0x73, 0x40,
210 0x75, 0x72, 0x61, 0x6e, 0x75, 0x73, 0x2e, 0x63,
211 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
212 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
213 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
214 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
215 0x01, 0x01, 0x00, 0xa6, 0x82, 0x8e, 0xc6, 0x7e,
216 0xc9, 0x8c, 0x99, 0x6f, 0xb0, 0x62, 0x32, 0x35,
217 0xe7, 0xdb, 0xff, 0x34, 0x84, 0xdc, 0x72, 0xa8,
218 0xef, 0x22, 0x6f, 0x93, 0x63, 0x64, 0x80, 0x80,
219 0x5d, 0x50, 0x7e, 0xb4, 0x2e, 0x1b, 0x93, 0x93,
220 0x49, 0xca, 0xae, 0xcd, 0x34, 0x44, 0x4b, 0xd7,
221 0xfa, 0x9f, 0x3c, 0xfc, 0x9e, 0x65, 0xa9, 0xfb,
222 0x5e, 0x5d, 0x18, 0xa3, 0xf8, 0xb0, 0x08, 0xac,
223 0x8f, 0xfd, 0x03, 0xcb, 0xbd, 0x7f, 0xa0, 0x2a,
224 0xa6, 0xea, 0xca, 0xa3, 0x24, 0xef, 0x7c, 0xc3,
225 0xeb, 0x95, 0xcb, 0x90, 0x3f, 0x5e, 0xde, 0x78,
226 0xf2, 0x3d, 0x32, 0x72, 0xdb, 0x33, 0x6e, 0x9b,
227 0x52, 0x9f, 0x0c, 0x60, 0x4a, 0x24, 0xa1, 0xf6,
228 0x3b, 0x80, 0xbd, 0xa1, 0xdc, 0x40, 0x03, 0xe7,
229 0xa0, 0x59, 0x1f, 0xdb, 0xb4, 0xed, 0x57, 0xdc,
230 0x74, 0x0d, 0x99, 0x5a, 0x12, 0x74, 0x64, 0xaa,
231 0xb6, 0xa5, 0x96, 0x75, 0xf9, 0x42, 0x43, 0xe2,
232 0x52, 0xc2, 0x57, 0x23, 0x75, 0xd7, 0xa9, 0x4f,
233 0x07, 0x32, 0x99, 0xbd, 0x3d, 0x44, 0xbd, 0x04,
234 0x62, 0xe5, 0xb7, 0x2c, 0x0c, 0x11, 0xc5, 0xb2,
235 0x2e, 0xc4, 0x12, 0x1d, 0x7f, 0x42, 0x1e, 0x71,
236 0xaf, 0x39, 0x2b, 0x78, 0x47, 0x92, 0x23, 0x44,
237 0xef, 0xe3, 0xc1, 0x47, 0x69, 0x5a, 0xf1, 0x48,
238 0xaa, 0x37, 0xa4, 0x94, 0x6b, 0x96, 0xe5, 0x4b,
239 0xfd, 0x05, 0xc7, 0x9c, 0xcc, 0x38, 0xd1, 0x47,
240 0x85, 0x60, 0x7f, 0xef, 0xe9, 0x2e, 0x25, 0x08,
241 0xf8, 0x7d, 0x98, 0xdd, 0x6c, 0xeb, 0x4a, 0x32,
242 0x33, 0x44, 0x0b, 0x61, 0xb3, 0xf9, 0xae, 0x26,
243 0x41, 0xb5, 0x38, 0xdb, 0xcf, 0x13, 0x72, 0x23,
244 0x5b, 0x66, 0x20, 0x86, 0x4d, 0x24, 0xc2, 0xd4,
245 0x94, 0xde, 0xe3, 0x24, 0xb7, 0xcd, 0x75, 0x9e,
246 0x1d, 0x9f, 0xbc, 0xd0, 0x60, 0x34, 0x7d, 0xf8,
247 0xcb, 0x41, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01,
248 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
249 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
250 0x82, 0x01, 0x01, 0x00, 0x17, 0xa5, 0x22, 0xed,
251 0xb8, 0x3e, 0x1f, 0x11, 0x99, 0xc5, 0xba, 0x28,
252 0x3e, 0x7e, 0xa6, 0xeb, 0x02, 0x81, 0x06, 0xa1,
253 0xc6, 0x80, 0xb9, 0x7e, 0x5c, 0x5a, 0x63, 0xe0,
254 0x8d, 0xeb, 0xd0, 0xec, 0x9c, 0x3a, 0x94, 0x64,
255 0x7c, 0x13, 0x54, 0x0d, 0xd6, 0xe3, 0x27, 0x88,
256 0xa6, 0xd2, 0x4b, 0x36, 0xdd, 0x2e, 0xfa, 0x94,
257 0xe5, 0x03, 0x27, 0xc9, 0xa6, 0x31, 0x02, 0xea,
258 0x40, 0x77, 0x2e, 0x93, 0xc4, 0x4d, 0xe2, 0x70,
259 0xe2, 0x67, 0x1c, 0xa8, 0x0d, 0xcd, 0x1a, 0x72,
260 0x86, 0x2c, 0xea, 0xdc, 0x7f, 0x8c, 0x49, 0x2c,
261 0xe7, 0x99, 0x13, 0xda, 0x3f, 0x58, 0x9e, 0xf5,
262 0x4d, 0x3c, 0x8c, 0x1c, 0xed, 0x85, 0xa7, 0xe2,
263 0xae, 0xda, 0x5f, 0xbe, 0x36, 0x1c, 0x9f, 0x5a,
264 0xa0, 0xdc, 0x2a, 0xc0, 0xee, 0x71, 0x07, 0x26,
265 0x8b, 0xe8, 0x8a, 0xf8, 0x2d, 0x36, 0x78, 0xc9,
266 0x79, 0xfa, 0xbe, 0x98, 0x59, 0x95, 0x12, 0x24,
267 0xf1, 0xda, 0x20, 0xc7, 0x78, 0xf9, 0x7c, 0x6a,
268 0x24, 0x43, 0x82, 0xa8, 0x0f, 0xb1, 0x7d, 0x94,
269 0xaa, 0x30, 0x35, 0xe5, 0x69, 0xdc, 0x0a, 0x0e,
270 0xaf, 0x10, 0x5e, 0x1a, 0x81, 0x50, 0x5c, 0x7e,
271 0x24, 0xb3, 0x07, 0x65, 0x4b, 0xc1, 0x7e, 0xc6,
272 0x38, 0xdb, 0xd3, 0x6a, 0xf0, 0xd8, 0x85, 0x61,
273 0x9a, 0x9f, 0xfe, 0x02, 0x46, 0x29, 0xb2, 0x9a,
274 0xe2, 0x04, 0xe7, 0x72, 0xcc, 0x87, 0x46, 0xba,
275 0x7d, 0xa8, 0xf9, 0xd0, 0x0f, 0x29, 0xfc, 0xfd,
276 0xd1, 0xd0, 0x7f, 0x36, 0xc1, 0xd8, 0x7d, 0x88,
277 0x03, 0x62, 0xf5, 0x8c, 0x00, 0xb5, 0xc2, 0x81,
278 0x44, 0x67, 0x58, 0x11, 0xb4, 0x3a, 0xbb, 0xd1,
279 0x8c, 0x94, 0x20, 0x60, 0xea, 0xa0, 0xac, 0xc1,
280 0xf1, 0x08, 0x54, 0xb8, 0xf6, 0x5e, 0xac, 0xf1,
281 0xec, 0x78, 0x69, 0x9d, 0x7e, 0x4d, 0x06, 0x3b,
282 0x9b, 0x78, 0x78, 0x10
283 };
284
285 /*
286 Bag Attributes
287 friendlyName: uranusLeaf
288 localKeyID: 46 E0 8A 05 63 4D 17 3F CA A4 AA B6 5A DA CF BA 84 22 7C 23
289 Key Attributes: <No Attributes>
290 */
291 static const uint8_t _k1[] = {
292 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02,
293 0x82, 0x01, 0x01, 0x00, 0xa6, 0x82, 0x8e, 0xc6,
294 0x7e, 0xc9, 0x8c, 0x99, 0x6f, 0xb0, 0x62, 0x32,
295 0x35, 0xe7, 0xdb, 0xff, 0x34, 0x84, 0xdc, 0x72,
296 0xa8, 0xef, 0x22, 0x6f, 0x93, 0x63, 0x64, 0x80,
297 0x80, 0x5d, 0x50, 0x7e, 0xb4, 0x2e, 0x1b, 0x93,
298 0x93, 0x49, 0xca, 0xae, 0xcd, 0x34, 0x44, 0x4b,
299 0xd7, 0xfa, 0x9f, 0x3c, 0xfc, 0x9e, 0x65, 0xa9,
300 0xfb, 0x5e, 0x5d, 0x18, 0xa3, 0xf8, 0xb0, 0x08,
301 0xac, 0x8f, 0xfd, 0x03, 0xcb, 0xbd, 0x7f, 0xa0,
302 0x2a, 0xa6, 0xea, 0xca, 0xa3, 0x24, 0xef, 0x7c,
303 0xc3, 0xeb, 0x95, 0xcb, 0x90, 0x3f, 0x5e, 0xde,
304 0x78, 0xf2, 0x3d, 0x32, 0x72, 0xdb, 0x33, 0x6e,
305 0x9b, 0x52, 0x9f, 0x0c, 0x60, 0x4a, 0x24, 0xa1,
306 0xf6, 0x3b, 0x80, 0xbd, 0xa1, 0xdc, 0x40, 0x03,
307 0xe7, 0xa0, 0x59, 0x1f, 0xdb, 0xb4, 0xed, 0x57,
308 0xdc, 0x74, 0x0d, 0x99, 0x5a, 0x12, 0x74, 0x64,
309 0xaa, 0xb6, 0xa5, 0x96, 0x75, 0xf9, 0x42, 0x43,
310 0xe2, 0x52, 0xc2, 0x57, 0x23, 0x75, 0xd7, 0xa9,
311 0x4f, 0x07, 0x32, 0x99, 0xbd, 0x3d, 0x44, 0xbd,
312 0x04, 0x62, 0xe5, 0xb7, 0x2c, 0x0c, 0x11, 0xc5,
313 0xb2, 0x2e, 0xc4, 0x12, 0x1d, 0x7f, 0x42, 0x1e,
314 0x71, 0xaf, 0x39, 0x2b, 0x78, 0x47, 0x92, 0x23,
315 0x44, 0xef, 0xe3, 0xc1, 0x47, 0x69, 0x5a, 0xf1,
316 0x48, 0xaa, 0x37, 0xa4, 0x94, 0x6b, 0x96, 0xe5,
317 0x4b, 0xfd, 0x05, 0xc7, 0x9c, 0xcc, 0x38, 0xd1,
318 0x47, 0x85, 0x60, 0x7f, 0xef, 0xe9, 0x2e, 0x25,
319 0x08, 0xf8, 0x7d, 0x98, 0xdd, 0x6c, 0xeb, 0x4a,
320 0x32, 0x33, 0x44, 0x0b, 0x61, 0xb3, 0xf9, 0xae,
321 0x26, 0x41, 0xb5, 0x38, 0xdb, 0xcf, 0x13, 0x72,
322 0x23, 0x5b, 0x66, 0x20, 0x86, 0x4d, 0x24, 0xc2,
323 0xd4, 0x94, 0xde, 0xe3, 0x24, 0xb7, 0xcd, 0x75,
324 0x9e, 0x1d, 0x9f, 0xbc, 0xd0, 0x60, 0x34, 0x7d,
325 0xf8, 0xcb, 0x41, 0x39, 0x02, 0x03, 0x01, 0x00,
326 0x01, 0x02, 0x82, 0x01, 0x00, 0x4d, 0x27, 0xf2,
327 0x40, 0xc8, 0x3f, 0x5c, 0x87, 0x3c, 0xd9, 0xde,
328 0xa6, 0xa5, 0x93, 0xea, 0xbd, 0x36, 0xf8, 0xd9,
329 0xad, 0xc7, 0xda, 0x07, 0x7a, 0xec, 0x31, 0x02,
330 0x41, 0x09, 0x3a, 0x34, 0x32, 0x82, 0x0b, 0x5b,
331 0x7b, 0xe6, 0xa4, 0x2a, 0xe7, 0x14, 0xef, 0x43,
332 0x36, 0x61, 0xbe, 0x20, 0x4b, 0x82, 0x43, 0x63,
333 0x98, 0x80, 0x82, 0x19, 0x61, 0x71, 0x99, 0xaa,
334 0xf8, 0x59, 0xfd, 0xde, 0xa0, 0x03, 0xa8, 0xab,
335 0x9a, 0xec, 0x28, 0xac, 0x63, 0x79, 0x75, 0x84,
336 0x03, 0xac, 0x45, 0x5e, 0x04, 0x15, 0xb3, 0x47,
337 0xa2, 0x8f, 0x28, 0xb0, 0x72, 0xd0, 0x06, 0x02,
338 0xaf, 0x1e, 0x0a, 0x0a, 0xe9, 0x11, 0x35, 0x4a,
339 0x04, 0x42, 0xb5, 0x0f, 0xd2, 0xcf, 0x4d, 0xdf,
340 0xdb, 0xef, 0x58, 0xbd, 0xf3, 0xa5, 0x3b, 0x11,
341 0x3f, 0xc5, 0x47, 0x81, 0x85, 0xad, 0xd7, 0x1f,
342 0x58, 0x06, 0x42, 0xdc, 0x37, 0x3c, 0xdb, 0x98,
343 0x33, 0xa1, 0xc6, 0x80, 0x07, 0xe0, 0x2b, 0xc5,
344 0xf5, 0x60, 0x35, 0x6a, 0xa2, 0x06, 0x40, 0x4a,
345 0xac, 0x64, 0x02, 0x58, 0x4d, 0x07, 0xe3, 0x69,
346 0xd7, 0xe0, 0x8f, 0xb5, 0xf4, 0xbc, 0xfa, 0xab,
347 0x1a, 0xb0, 0xfa, 0x29, 0xf8, 0xca, 0xde, 0x78,
348 0xf0, 0x89, 0xe2, 0xf9, 0xb7, 0x68, 0x5b, 0x0e,
349 0xdc, 0x4e, 0x8a, 0x56, 0x8d, 0x33, 0x20, 0x2e,
350 0xed, 0x2e, 0xab, 0x6f, 0xba, 0x77, 0xef, 0xe6,
351 0x12, 0x62, 0x49, 0x9e, 0x87, 0x76, 0x1c, 0x1e,
352 0xf4, 0x0e, 0x9e, 0x78, 0x98, 0x91, 0x1a, 0xe3,
353 0xb4, 0x51, 0x4b, 0x8c, 0x2f, 0x08, 0x97, 0x8f,
354 0xf9, 0x68, 0x61, 0x40, 0xcd, 0xb6, 0x10, 0xb4,
355 0xfb, 0x75, 0xb4, 0x20, 0xc1, 0x5a, 0xda, 0x64,
356 0xfd, 0x51, 0x06, 0x85, 0x9a, 0x9e, 0x5d, 0x82,
357 0x14, 0xd4, 0x41, 0x4e, 0x75, 0x10, 0xb5, 0x7b,
358 0xd0, 0x4c, 0xd1, 0x00, 0x01, 0x02, 0x81, 0x81,
359 0x00, 0xcf, 0x8e, 0x68, 0x04, 0x67, 0x09, 0xa9,
360 0x6e, 0xff, 0x11, 0x8c, 0xe5, 0xe4, 0x16, 0xdd,
361 0xb6, 0xa6, 0x55, 0xca, 0x4b, 0x0b, 0xbb, 0xb7,
362 0xf5, 0xe5, 0x73, 0xf3, 0x24, 0x84, 0x29, 0xb2,
363 0xc3, 0xbc, 0x7f, 0x2b, 0x4a, 0xc7, 0xdf, 0x46,
364 0x8e, 0xe1, 0x35, 0x69, 0x1b, 0x8e, 0x9f, 0x6b,
365 0x4d, 0xf3, 0x65, 0xae, 0x3d, 0x87, 0x2b, 0xc9,
366 0xf0, 0x8c, 0xf2, 0x88, 0x2f, 0x1b, 0x79, 0x80,
367 0xd2, 0xb2, 0x64, 0x0a, 0xcc, 0x66, 0x69, 0x4c,
368 0xa1, 0x85, 0xc4, 0x6a, 0x94, 0x46, 0x70, 0x69,
369 0xbc, 0x8c, 0x1c, 0x62, 0x65, 0x4d, 0x68, 0xcc,
370 0xe3, 0x3c, 0x6c, 0xe7, 0xd1, 0x09, 0xed, 0xdd,
371 0x42, 0x10, 0x11, 0x6b, 0xdd, 0x7c, 0xe3, 0xe1,
372 0x3b, 0x3b, 0x0d, 0x01, 0x6d, 0xca, 0x2f, 0x4b,
373 0x45, 0x5e, 0x76, 0x5d, 0x5c, 0x6f, 0x53, 0xa4,
374 0x38, 0x74, 0x75, 0x94, 0x2c, 0xda, 0xf8, 0xa6,
375 0x01, 0x02, 0x81, 0x81, 0x00, 0xcd, 0x5f, 0x9d,
376 0x6c, 0x94, 0xf6, 0x44, 0x37, 0x72, 0xfe, 0xcf,
377 0xbe, 0x82, 0x96, 0x24, 0x22, 0x12, 0x07, 0x6f,
378 0xd1, 0x57, 0x7b, 0xc7, 0x63, 0x20, 0xf5, 0x93,
379 0x79, 0x70, 0x0b, 0xe4, 0x38, 0x19, 0x62, 0x7b,
380 0x89, 0x3e, 0x45, 0xdf, 0xd6, 0xae, 0x9d, 0x0d,
381 0xa8, 0x76, 0xc1, 0xbd, 0x04, 0x2b, 0xaa, 0x30,
382 0x6a, 0xac, 0x65, 0x91, 0x61, 0xf0, 0xf8, 0x5d,
383 0xa3, 0x53, 0xa4, 0xfb, 0x99, 0xac, 0x46, 0x7a,
384 0x12, 0x4b, 0xf7, 0xa7, 0x48, 0x41, 0x61, 0x48,
385 0x26, 0x5c, 0x68, 0x2f, 0x73, 0x91, 0xe4, 0x74,
386 0xcd, 0xc9, 0x8b, 0xe7, 0x26, 0xe4, 0x35, 0xde,
387 0x32, 0x6b, 0x24, 0x49, 0xf2, 0x04, 0x67, 0x3d,
388 0x31, 0x8f, 0x22, 0xe5, 0x49, 0xae, 0x49, 0x94,
389 0xb3, 0x45, 0x2b, 0xed, 0x6f, 0x9c, 0xc7, 0x80,
390 0xf0, 0x42, 0xd5, 0x8f, 0x27, 0xd6, 0xd6, 0x49,
391 0xf2, 0x16, 0xcc, 0x4b, 0x39, 0x02, 0x81, 0x81,
392 0x00, 0xbb, 0xb7, 0xd7, 0x59, 0xcb, 0xfb, 0x10,
393 0x13, 0xc4, 0x7b, 0x92, 0x0c, 0x45, 0xcb, 0x6c,
394 0x81, 0x0a, 0x55, 0x63, 0x1d, 0x96, 0xa2, 0x13,
395 0xd2, 0x40, 0xd1, 0x2a, 0xa1, 0xe7, 0x2a, 0x73,
396 0x74, 0xd6, 0x61, 0xc9, 0xbc, 0xdb, 0xa2, 0x93,
397 0x85, 0x1c, 0x28, 0x9b, 0x44, 0x82, 0x2c, 0xaa,
398 0xf7, 0x18, 0x60, 0xe9, 0x42, 0xda, 0xa2, 0xff,
399 0x04, 0x21, 0xe6, 0x24, 0xc7, 0x3e, 0x39, 0x19,
400 0x0a, 0xf6, 0xae, 0xc6, 0x99, 0x71, 0x32, 0x61,
401 0x4d, 0x60, 0xd7, 0x71, 0x71, 0x63, 0x77, 0xbe,
402 0x19, 0xfa, 0x3a, 0x9d, 0xbf, 0x73, 0x50, 0x8a,
403 0xa6, 0x26, 0x7b, 0x74, 0xfa, 0x39, 0xd9, 0xb9,
404 0x18, 0x4b, 0xc2, 0x05, 0xe5, 0x8f, 0x53, 0xe6,
405 0xdc, 0x14, 0x1f, 0x42, 0x20, 0x93, 0x11, 0x4d,
406 0x29, 0x93, 0x32, 0xc8, 0x63, 0x96, 0x88, 0x76,
407 0x69, 0x5c, 0xe3, 0x0e, 0xbd, 0xb6, 0xd9, 0xd6,
408 0x01, 0x02, 0x81, 0x80, 0x62, 0xa2, 0xed, 0x84,
409 0xdc, 0xf6, 0x7a, 0x44, 0xf7, 0x62, 0x12, 0x7c,
410 0xb9, 0x53, 0x4a, 0xff, 0x62, 0x11, 0x58, 0x4e,
411 0xfe, 0xe9, 0x60, 0x15, 0xe8, 0x1a, 0x8a, 0x3d,
412 0xe4, 0xe6, 0x91, 0x31, 0xb0, 0x5f, 0x70, 0x5d,
413 0xb6, 0x1e, 0xf1, 0x26, 0xb6, 0xae, 0x8f, 0x84,
414 0xbd, 0xa4, 0xc7, 0x17, 0x5d, 0xb1, 0x5b, 0x97,
415 0xa0, 0x3d, 0x17, 0xda, 0x26, 0x55, 0xe3, 0x03,
416 0x32, 0x85, 0x26, 0xa1, 0xe3, 0xef, 0xe5, 0x69,
417 0x2c, 0x3b, 0x41, 0x88, 0x9e, 0x7e, 0x0e, 0x9c,
418 0xfd, 0xfc, 0xbb, 0xed, 0x91, 0xc0, 0x5b, 0xa9,
419 0x0a, 0x87, 0xba, 0xf9, 0x1e, 0xda, 0x10, 0x61,
420 0xbe, 0xbb, 0xab, 0x18, 0x25, 0xad, 0x3f, 0xe2,
421 0xb1, 0x90, 0x5c, 0xf7, 0x4a, 0x51, 0xe4, 0xad,
422 0x45, 0x27, 0x97, 0xdd, 0xe7, 0x3a, 0x9a, 0x5e,
423 0xca, 0x7a, 0xaf, 0x4a, 0xbf, 0x10, 0x24, 0x6b,
424 0xb5, 0x2f, 0x61, 0x61, 0x02, 0x81, 0x81, 0x00,
425 0x85, 0x7c, 0x78, 0xa5, 0x11, 0xdf, 0xc3, 0x6a,
426 0x38, 0x48, 0xfa, 0x7e, 0x48, 0xf0, 0x5a, 0x58,
427 0xe2, 0xc5, 0x83, 0x4e, 0x38, 0x3f, 0x4a, 0x2b,
428 0x07, 0x57, 0x31, 0xe7, 0xbe, 0x50, 0xb1, 0xbb,
429 0x24, 0xf3, 0x3d, 0x8b, 0x53, 0xb7, 0xd1, 0x47,
430 0x72, 0x5e, 0xd5, 0xd6, 0x4c, 0xce, 0x2c, 0x46,
431 0x61, 0x9a, 0xaa, 0xc3, 0x0e, 0xd4, 0x23, 0x2c,
432 0xdd, 0xf5, 0xb7, 0xad, 0x38, 0x52, 0x17, 0xc4,
433 0x16, 0xbb, 0xda, 0x1c, 0x61, 0xb1, 0xca, 0x8d,
434 0xb2, 0xa0, 0xbe, 0x4f, 0x3d, 0x19, 0x0e, 0xe0,
435 0x0e, 0x52, 0xad, 0xf3, 0xaf, 0xd9, 0xcc, 0x78,
436 0xc2, 0xb1, 0x5e, 0x05, 0x5e, 0xf2, 0x27, 0x84,
437 0x15, 0xe4, 0x8f, 0xca, 0xc5, 0x92, 0x43, 0xe0,
438 0x24, 0x8d, 0xf2, 0x5d, 0x55, 0xcc, 0x9d, 0x2f,
439 0xa9, 0xf6, 0x9b, 0x67, 0x6a, 0x87, 0x74, 0x36,
440 0x34, 0x7c, 0xd4, 0x9d, 0xff, 0xad, 0xee, 0x69
441 };
442
443 static void test_key_proxy_identity() {
444 id certificate = CFBridgingRelease(SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)[NSData dataWithBytes:_c1 length:sizeof(_c1)]));
445 isnt(certificate, nil, "created certificate");
446 NSError *error;
447 id key = CFBridgingRelease(SecKeyCreateWithData((CFDataRef)[NSData dataWithBytes:_k1 length:sizeof(_k1)], (CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate}, (void *)&error));
448 isnt(key, nil, "create key: %@", error);
449 id identity = CFBridgingRelease(SecIdentityCreate(kCFAllocatorDefault, (__bridge SecCertificateRef)certificate, (__bridge SecKeyRef)key));
450 isnt(identity, nil, "create identity");
451
452 SecKeyProxy *identityProxy = [[SecKeyProxy alloc] initWithIdentity:(SecIdentityRef)identity];
453 isnt(identityProxy, nil, "create identity proxy");
454
455 id localIdentity = CFBridgingRelease([SecKeyProxy createIdentityFromEndpoint:identityProxy.endpoint error:&error]);
456 isnt(localIdentity, nil, "create remote identity");
457
458 id localKey;
459 id localCertificate;
460 SecIdentityCopyPrivateKey((__bridge SecIdentityRef)identity, (void *)&localKey);
461 SecIdentityCopyCertificate((__bridge SecIdentityRef)identity, (void *)&localCertificate);
462 isnt(localKey, nil, "got key from localIdentity");
463 isnt(localCertificate, nil, "got certificate from localIdentity");
464
465 ok([certificate isEqual:localCertificate], "Certificates are the same");
466 is(SecKeyGetBlockSize((SecKeyRef)key), SecKeyGetBlockSize((SecKeyRef)localKey), "Keys are the same");
467
468 // Check that it is not possible to get identity from key proxy
469 SecKeyProxy *keyProxy = [[SecKeyProxy alloc] initWithKey:(SecKeyRef)key];
470 error = nil;
471 id secondIdentity = CFBridgingRelease([SecKeyProxy createIdentityFromEndpoint:keyProxy.endpoint error:&error]);
472 is(secondIdentity, nil, "connecting identity to key proxy should not be possible.");
473 }
474 static const int TestKeyProxyIdentityCount = 10;
475
476 static const int TestCount =
477 TestKeyProxyConnectCount +
478 TestKeyProxySimpleOpsCount +
479 TestKeyCryptoOpsRSACount +
480 TestKeyCryptoOpsECCount +
481 TestKeyProxyIdentityCount;
482
483 int si_44_seckey_proxy(int argc, char *const *argv) {
484 plan_tests(TestCount);
485
486 @autoreleasepool {
487 test_key_proxy_connect();
488 test_key_proxy_simple_ops();
489 test_key_proxy_crypto_ops_RSA();
490 test_key_proxy_crypto_ops_EC();
491 test_key_proxy_identity();
492 }
493
494 return 0;
495 }
mirror of Security