Security-58286.200.222.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-23-key-export-symmetric.m

/*
 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the xLicense.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#import <Security/Security.h>

#include "keychain_regressions.h"
#include "kc-helpers.h"

#import <Cocoa/Cocoa.h>
#import <Security/SecTransform.h>
#import <Security/SecItemPriv.h>
#import <Security/CMSEncoder.h>
#import <Security/CMSDecoder.h>
#import <Foundation/NSData_Private.h>
#import <SecurityFoundation/SFCertificateAuthority.h>
#import <SecurityFoundation/SFCertificateAuthorityPriv.h>
#import <SecurityFoundation/CACertInfo.h>
#import <SecurityFoundation/CAKeyUsageExtension.h>
#import <SecurityFoundation/CAExtendedKeyUsageExtension.h>

#if 0
static void checkCryptoError(OSStatus status, NSString *functionName) {
        if (status != errSecSuccess) {
                NSError *underlyingError = [[NSError alloc] initWithDomain:NSOSStatusErrorDomain code:status userInfo:nil];
                NSDictionary *userInfo = [[NSDictionary alloc] initWithObjectsAndKeys:underlyingError, NSUnderlyingErrorKey, nil];

                [underlyingError release];

                CFStringRef message = SecCopyErrorMessageString(status, NULL);

                NSLog(@"%@ failed with error %d: %@: %@: %@", functionName, (int)status, underlyingError, userInfo, message);

                CFRelease(message);

                cssmPerror([functionName UTF8String], status);

                exit(EXIT_FAILURE);
        }
}
#endif

static CF_RETURNS_RETAINED SecKeyRef generateSymmetricKey(SecKeychainRef keychainRef, CFStringRef label)
{
        CFMutableDictionaryRef parameters;
        int32_t rawnum;
        CFNumberRef num;
        CFErrorRef error = NULL;
        SecKeyRef cryptokey;

        rawnum = 256;

        // Type
        parameters = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
        CFDictionarySetValue(parameters, kSecAttrKeyType, kSecAttrKeyTypeAES);

        num = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &rawnum);
        CFDictionarySetValue(parameters, kSecAttrKeySizeInBits, num);
    CFReleaseNull(num);

        // Store in keychain
        CFDictionarySetValue(parameters, kSecUseKeychain, keychainRef);
        CFDictionarySetValue(parameters, kSecAttrApplicationLabel, label);
        CFDictionarySetValue(parameters, kSecAttrLabel, label);


        // Extractable and permanent
        CFDictionarySetValue(parameters, kSecAttrIsExtractable, kCFBooleanTrue);
        CFDictionarySetValue(parameters, kSecAttrIsPermanent, kCFBooleanTrue);


        cryptokey = SecKeyGenerateSymmetric(parameters, &error);
    is(error, NULL, "%s: SecKeyGenerateSymmetric: %s", testName, (error) ? CFStringGetCStringPtr(CFErrorCopyDescription(error), kCFStringEncodingUTF8) : "no error");
        if (error) {
                return NULL;
        }

        return cryptokey;
}

int kc_23_key_export_symmetric(int argc, char *const *argv)
{
    plan_tests(6);
    initializeKeychainTests(__FUNCTION__);
    
    SecKeychainRef kc = getPopulatedTestKeychain();

        SecKeyRef cryptokey;
        OSStatus status;

        CFStringRef label = (__bridge_retained CFStringRef)([NSString stringWithFormat:@"Symmetric Cryptotest %ld %d", (long)time(NULL), arc4random(), nil]);
        cryptokey = generateSymmetricKey(kc, label);
    CFReleaseNull(label);

        // Using SecItemExport
        CFMutableArrayRef keyUsage = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
        CFArrayAppendValue(keyUsage, kSecAttrCanEncrypt);
        CFArrayAppendValue(keyUsage, kSecAttrCanDecrypt);
        CFMutableArrayRef keyAttributes = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
        SecItemImportExportKeyParameters exportParams;
        exportParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
        exportParams.flags = 0;
        exportParams.passphrase = NULL;
        exportParams.alertTitle = NULL;
        exportParams.alertPrompt = NULL;
        exportParams.accessRef = NULL;
        exportParams.keyUsage = keyUsage;
        exportParams.keyAttributes = keyAttributes;
        CFDataRef exportedKey2;
        status = SecItemExport(cryptokey, kSecFormatRawKey, 0, &exportParams, (CFDataRef *)&exportedKey2);
    ok_status(status, "%s: SecItemExport", testName);

    CFReleaseNull(cryptokey);

    is(CFDataGetLength(exportedKey2), 32, "%s: wrong AES-256 key size", testName);

    CFRelease(exportedKey2);

    ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
    CFReleaseNull(kc);

    deleteTestFiles();
        return 0;
}