]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecKeyAdaptors.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / sec / Security / SecKeyAdaptors.m
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * SecKeyAdaptors.m - Implementation of assorted algorithm adaptors for SecKey.
26 * Algorithm adaptor is able to perform some transformation on provided input and calculated results and invoke
27 * underlying operation with different algorithm. Typical adaptors are message->digest or unpadded->padded.
28 * To invoke underlying operation, add algorithm to the context algorithm array and invoke SecKeyRunAlgorithmAndCopyResult().
29 */
30
31 #import <Foundation/Foundation.h>
32
33 #include <Security/SecBase.h>
34 #include <Security/SecKeyInternal.h>
35 #include <Security/SecItem.h>
36 #include <Security/SecCFAllocator.h>
37
38 #include <AssertMacros.h>
39 #include <utilities/SecCFWrappers.h>
40 #include <utilities/array_size.h>
41 #include <utilities/debugging.h>
42 #include <utilities/SecCFError.h>
43 #include <utilities/SecBuffer.h>
44
45 #include <corecrypto/ccsha1.h>
46 #include <corecrypto/ccsha2.h>
47 #include <corecrypto/ccmd5.h>
48 #include <corecrypto/ccrsa_priv.h>
49 #include <corecrypto/ccansikdf.h>
50 #include <corecrypto/ccmode.h>
51 #include <corecrypto/ccaes.h>
52
53 #pragma mark Algorithm constants value definitions
54
55 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw = CFSTR("algid:sign:RSA:raw");
56 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit = CFSTR("algid:sign:RSA:raw-cc");
57
58 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw = CFSTR("algid:sign:RSA:digest-PKCS1v15");
59 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 = CFSTR("algid:sign:RSA:digest-PKCS1v15:MD5");
60 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA1");
61 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA224");
62 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA256");
63 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA384");
64 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 = CFSTR("algid:sign:RSA:digest-PKCS1v15:SHA512");
65 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1 = CFSTR("algid:sign:RSA:digest-PSS:SHA1:SHA1:20");
66 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224 = CFSTR("algid:sign:RSA:digest-PSS:SHA224:SHA224:24");
67 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256 = CFSTR("algid:sign:RSA:digest-PSS:SHA256:SHA256:32");
68 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384 = CFSTR("algid:sign:RSA:digest-PSS:SHA384:SHA384:48");
69 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512 = CFSTR("algid:sign:RSA:digest-PSS:SHA512:SHA512:64");
70
71 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 = CFSTR("algid:sign:RSA:message-PKCS1v15:MD5");
72 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA1");
73 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA224");
74 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA256");
75 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA384");
76 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 = CFSTR("algid:sign:RSA:message-PKCS1v15:SHA512");
77 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1 = CFSTR("algid:sign:RSA:message-PSS:SHA1:SHA1:20");
78 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224 = CFSTR("algid:sign:RSA:message-PSS:SHA224:SHA224:24");
79 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256 = CFSTR("algid:sign:RSA:message-PSS:SHA256:SHA256:32");
80 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384 = CFSTR("algid:sign:RSA:message-PSS:SHA384:SHA384:48");
81 const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512 = CFSTR("algid:sign:RSA:message-PSS:SHA512:SHA512:64");
82
83 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 = CFSTR("algid:sign:ECDSA:RFC4754");
84
85 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 = CFSTR("algid:sign:ECDSA:digest-X962");
86 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 = CFSTR("algid:sign:ECDSA:digest-X962:SHA1");
87 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 = CFSTR("algid:sign:ECDSA:digest-X962:SHA224");
88 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 = CFSTR("algid:sign:ECDSA:digest-X962:SHA256");
89 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 = CFSTR("algid:sign:ECDSA:digest-X962:SHA384");
90 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 = CFSTR("algid:sign:ECDSA:digest-X962:SHA512");
91
92 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 = CFSTR("algid:sign:ECDSA:message-X962:SHA1");
93 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 = CFSTR("algid:sign:ECDSA:message-X962:SHA224");
94 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 = CFSTR("algid:sign:ECDSA:message-X962:SHA256");
95 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 = CFSTR("algid:sign:ECDSA:message-X962:SHA384");
96 const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 = CFSTR("algid:sign:ECDSA:message-X962:SHA512");
97
98 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw = CFSTR("algid:encrypt:RSA:raw");
99 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit = CFSTR("algid:encrypt:RSA:raw-cc");
100 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 = CFSTR("algid:encrypt:RSA:PKCS1");
101 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 = CFSTR("algid:encrypt:RSA:OAEP:SHA1");
102 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 = CFSTR("algid:encrypt:RSA:OAEP:SHA224");
103 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 = CFSTR("algid:encrypt:RSA:OAEP:SHA256");
104 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 = CFSTR("algid:encrypt:RSA:OAEP:SHA384");
105 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 = CFSTR("algid:encrypt:RSA:OAEP:SHA512");
106
107 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA1:AESGCM");
108 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA224:AESGCM");
109 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA256:AESGCM");
110 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA384:AESGCM");
111 const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM = CFSTR("algid:encrypt:RSA:OAEP:SHA512:AESGCM");
112
113 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA1:AESGCM");
114 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM");
115 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM");
116 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM");
117 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM");
118
119 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA1:AESGCM");
120 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM");
121 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM");
122 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM");
123 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM");
124
125 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA224:AESGCM-KDFIV");
126 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA256:AESGCM-KDFIV");
127 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA384:AESGCM-KDFIV");
128 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDH:KDFX963:SHA512:AESGCM-KDFIV");
129
130 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA224:AESGCM-KDFIV");
131 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA256:AESGCM-KDFIV");
132 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA384:AESGCM-KDFIV");
133 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM = CFSTR("algid:encrypt:ECIES:ECDHC:KDFX963:SHA512:AESGCM-KDFIV");
134
135 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard = CFSTR("algid:keyexchange:ECDH");
136 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA1");
137 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA224");
138 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA256");
139 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA384");
140 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 = CFSTR("algid:keyexchange:ECDH:KDFX963:SHA512");
141
142 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor = CFSTR("algid:keyexchange:ECDHC");
143 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA1");
144 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA224");
145 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA256");
146 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA384");
147 const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR("algid:keyexchange:ECDHC:KDFX963:SHA512");
148
149 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
150
151 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
152 CFReleaseNull(context->algorithm);
153 }
154
155 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {
156 PerformWithBuffer(size, ^(size_t size, uint8_t *buffer) {
157 CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)buffer, size, kCFAllocatorNull);
158 operation(buffer, data);
159 CFRelease(data);
160 });
161 }
162
163 static CFDataRef SecKeyCopyDigestForMessage(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2,
164 const struct ccdigest_info *di, CFErrorRef *error) {
165 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
166 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
167 }
168
169 __block CFTypeRef result;
170 PerformWithCFDataBuffer(di->output_size, ^(uint8_t *buffer, CFDataRef data) {
171 ccdigest(di, CFDataGetLength(message), CFDataGetBytePtr(message), buffer);
172 result = SecKeyRunAlgorithmAndCopyResult(context, data, in2, error);
173 });
174 return result;
175 }
176
177 static CFTypeRef SecKeyCopyECDSASignatureForDigest(SecKeyOperationContext *context, CFDataRef digest, CFDataRef in2,
178 SecKeyAlgorithm algorithm, const struct ccdigest_info *di, CFErrorRef *error) {
179 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigestX962);
180 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
181 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
182 }
183
184 if (CFDataGetLength(digest) != (CFIndex)di->output_size) {
185 SecError(errSecParam, error, CFSTR("bad digest size for signing with algorithm %@"), algorithm);
186 return NULL;
187 }
188
189 return SecKeyRunAlgorithmAndCopyResult(context, digest, in2, error);
190 }
191
192 #define DIGEST_RSA_ADAPTORS(name, di) \
193 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessage ## name( \
194 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
195 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigest ## name); \
196 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
197 }
198
199 #define DIGEST_ECDSA_ADAPTORS(name, di) \
200 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessage ## name( \
201 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
202 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDSASignatureDigest ## name); \
203 return SecKeyCopyDigestForMessage(context, in1, in2, di, error); \
204 } \
205 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigest ## name( \
206 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
207 return SecKeyCopyECDSASignatureForDigest(context, in1, in2, kSecKeyAlgorithmECDSASignatureDigest ## name, di, error); \
208 }
209
210 DIGEST_RSA_ADAPTORS(PKCS1v15SHA1, ccsha1_di())
211 DIGEST_RSA_ADAPTORS(PKCS1v15SHA224, ccsha224_di())
212 DIGEST_RSA_ADAPTORS(PKCS1v15SHA256, ccsha256_di())
213 DIGEST_RSA_ADAPTORS(PKCS1v15SHA384, ccsha384_di())
214 DIGEST_RSA_ADAPTORS(PKCS1v15SHA512, ccsha512_di())
215 DIGEST_RSA_ADAPTORS(PKCS1v15MD5, ccmd5_di())
216 DIGEST_RSA_ADAPTORS(PSSSHA1, ccsha1_di())
217 DIGEST_RSA_ADAPTORS(PSSSHA224, ccsha224_di())
218 DIGEST_RSA_ADAPTORS(PSSSHA256, ccsha256_di())
219 DIGEST_RSA_ADAPTORS(PSSSHA384, ccsha384_di())
220 DIGEST_RSA_ADAPTORS(PSSSHA512, ccsha512_di())
221 DIGEST_ECDSA_ADAPTORS(X962SHA1, ccsha1_di())
222 DIGEST_ECDSA_ADAPTORS(X962SHA224, ccsha224_di())
223 DIGEST_ECDSA_ADAPTORS(X962SHA256, ccsha256_di())
224 DIGEST_ECDSA_ADAPTORS(X962SHA384, ccsha384_di())
225 DIGEST_ECDSA_ADAPTORS(X962SHA512, ccsha512_di())
226
227 #undef DIGEST_RSA_ADAPTORS
228 #undef DIGEST_ECDSA_ADAPTORS
229
230 static CFDataRef SecKeyRSACopyBigEndianToCCUnit(CFDataRef bigEndian, size_t size) {
231 CFMutableDataRef result = NULL;
232 if (bigEndian != NULL) {
233 size_t dataSize = CFDataGetLength(bigEndian);
234 if (dataSize > size) {
235 size = dataSize;
236 }
237 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccrsa_sizeof_n_from_size(size));
238 ccn_read_uint(ccn_nof_size(size), (cc_unit *)CFDataGetMutableBytePtr(result), dataSize, CFDataGetBytePtr(bigEndian));
239 }
240 return result;
241 }
242
243 static void PerformWithBigEndianToCCUnit(CFDataRef bigEndian, size_t size, void (^operation)(CFDataRef ccunits)) {
244 if (bigEndian == NULL) {
245 return operation(NULL);
246 }
247 size_t dataSize = CFDataGetLength(bigEndian);
248 if (dataSize > size) {
249 size = dataSize;
250 }
251 PerformWithCFDataBuffer(ccrsa_sizeof_n_from_size(size), ^(uint8_t *buffer, CFDataRef data) {
252 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, dataSize, CFDataGetBytePtr(bigEndian));
253 operation(data);
254 });
255 }
256
257 static CFDataRef SecKeyRSACopyCCUnitToBigEndian(CFDataRef ccunits, size_t size) {
258 CFMutableDataRef result = NULL;
259 if (ccunits != NULL) {
260 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
261 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
262 result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, size);
263 ccn_write_uint_padded(n, s, CFDataGetLength(result), CFDataGetMutableBytePtr(result));
264 }
265 return result;
266 }
267
268 static void PerformWithCCUnitToBigEndian(CFDataRef ccunits, size_t size, void (^operation)(CFDataRef bigEndian)) {
269 if (ccunits == NULL) {
270 return operation(NULL);
271 }
272 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
273 cc_size n = ccn_nof_size(CFDataGetLength(ccunits));
274 const cc_unit *s = (const cc_unit *)CFDataGetBytePtr(ccunits);
275 ccn_write_uint_padded(n, s, size, buffer);
276 operation(data);
277 });
278 }
279
280 static CFTypeRef SecKeyRSACopyEMSASignature(SecKeyOperationContext *context,
281 CFDataRef in1, CFDataRef in2, CFErrorRef *error, bool pss, const struct ccdigest_info *di) {
282 CFDictionaryRef parameters = NULL;
283 __block CFTypeRef result = NULL;
284
285 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
286 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
287 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
288 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
289 CFReleaseNull(parameters);
290
291 if (pss) {
292 // Verify that algorithm is compatible with the modulus size.
293 size_t blockSize = SecKeyGetBlockSize(context->key);
294 require_action_quiet(blockSize >= di->output_size * 2 + 2, out,
295 SecError(errSecParam, error, CFSTR("algorithm %@ incompatible with %lubit RSA key"),
296 CFArrayGetValueAtIndex(context->algorithm, CFArrayGetCount(context->algorithm) - 1),
297 blockSize * 8));
298 }
299
300 if (!pss && di != NULL) {
301 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw);
302 }
303
304 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
305 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
306 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
307 }
308
309 size_t size = SecKeyGetBlockSize(context->key);
310 if (size == 0) {
311 SecError(errSecParam, error, CFSTR("expecting RSA key"));
312 return NULL;
313 }
314 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
315 NSMutableData *s = [NSMutableData dataWithLength:size];
316 require_action_quiet(s != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
317 if (pss) {
318 NSMutableData *salt = [NSMutableData dataWithLength:di->output_size];
319 require_action_quiet(salt != nil, out, SecError(errSecAllocate, error, CFSTR("out of memory")));
320 int err = ccrng_generate(ccrng_seckey, di->output_size, salt.mutableBytes);
321 require_noerr_action_quiet(err, out, SecError(errSecInternal, error, CFSTR("PSS salt gen fail (%zu bytes), err %d"),
322 di->output_size, err));
323 err = ccrsa_emsa_pss_encode(di, di, di->output_size, salt.bytes,
324 CFDataGetLength(in1), CFDataGetBytePtr(in1), size * 8 - 1, s.mutableBytes);
325 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSASSA-PSS incompatible algorithm for key size")));
326 } else {
327 int err = ccrsa_emsa_pkcs1v15_encode(size, s.mutableBytes, CFDataGetLength(in1), CFDataGetBytePtr(in1), di ? di->oid : NULL);
328 require_noerr_action_quiet(err, out, SecError(errSecParam, error, CFSTR("RSAsign wrong input data length")));
329 }
330 ccn_read_uint(ccn_nof_size(size), (cc_unit *)buffer, size, s.bytes);
331 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
332 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
333 out:;
334 });
335
336 out:
337 CFReleaseSafe(parameters);
338 return result;
339 }
340
341 #define RSA_EMSA_SIGN_ADAPTOR(name, pss, di) \
342 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigest ## name( \
343 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
344 return SecKeyRSACopyEMSASignature(context, in1, in2, error, pss, di); \
345 }
346
347 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA1, false, ccsha1_di())
348 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA224, false, ccsha224_di())
349 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA256, false, ccsha256_di())
350 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA384, false, ccsha384_di())
351 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15SHA512, false, ccsha512_di())
352 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15Raw, false, NULL)
353 RSA_EMSA_SIGN_ADAPTOR(PKCS1v15MD5, false, ccmd5_di())
354 RSA_EMSA_SIGN_ADAPTOR(PSSSHA1, true, ccsha1_di())
355 RSA_EMSA_SIGN_ADAPTOR(PSSSHA224, true, ccsha224_di())
356 RSA_EMSA_SIGN_ADAPTOR(PSSSHA256, true, ccsha256_di())
357 RSA_EMSA_SIGN_ADAPTOR(PSSSHA384, true, ccsha384_di())
358 RSA_EMSA_SIGN_ADAPTOR(PSSSHA512, true, ccsha512_di())
359
360 #undef RSA_EMSA_SIGN_ADAPTOR
361
362 static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context,
363 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
364 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
365 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
366 }
367
368 __block CFTypeRef result = NULL;
369 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
370 result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, in2, error);
371 if (result != NULL) {
372 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
373 }
374 });
375 return result;
376 }
377
378 static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context,
379 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
380 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
381 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
382 }
383
384 __block CFTypeRef result = NULL;
385 PerformWithCCUnitToBigEndian(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef bigEndian) {
386 result = SecKeyRunAlgorithmAndCopyResult(context, bigEndian, in2, error);
387 if (result != NULL) {
388 CFAssignRetained(result, SecKeyRSACopyBigEndianToCCUnit(result, SecKeyGetBlockSize(context->key)));
389 }
390 });
391 return result;
392 }
393
394 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context,
395 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
396 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit);
397 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
398 }
399
400 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context,
401 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
402 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw);
403 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
404 }
405
406 static bool SecKeyVerifyBadSignature(CFErrorRef *error) {
407 return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match"));
408 }
409
410 static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error,
411 Boolean (^verifyBlock)(CFDataRef decrypted)) {
412 CFTypeRef result = NULL;
413 context->operation = kSecKeyOperationTypeDecrypt;
414 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
415 result = SecKeyRunAlgorithmAndCopyResult(context, signature, NULL, error);
416 if (context->mode == kSecKeyOperationModePerform && result != NULL) {
417 if (verifyBlock(result)) {
418 CFRetainAssign(result, kCFBooleanTrue);
419 } else {
420 CFRetainAssign(result, kCFBooleanFalse);
421 SecKeyVerifyBadSignature(error);
422 }
423 }
424 return result;
425 }
426
427 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context,
428 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
429 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) {
430 // Skip zero-padding from the beginning of the decrypted signature.
431 const UInt8 *data = CFDataGetBytePtr(decrypted);
432 CFIndex length = CFDataGetLength(decrypted);
433 while (*data == 0x00 && length > 0) {
434 data++;
435 length--;
436 }
437 // The rest of the decrypted signature must be the same as input data.
438 return length == CFDataGetLength(in1) && memcmp(CFDataGetBytePtr(in1), data, length) == 0;
439 });
440 };
441
442 #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \
443 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \
444 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
445 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
446 return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \
447 (uint8_t *)CFDataGetBytePtr(decrypted), \
448 CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \
449 }); \
450 }
451
452 #define PSS_EMSA_VERIFY_ADAPTOR(name, di) \
453 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSS ## name( \
454 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
455 return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \
456 return ccrsa_emsa_pss_decode(di, di, di->output_size, CFDataGetLength(in1), CFDataGetBytePtr(in1), \
457 CFDataGetLength(decrypted) * 8 - 1, (uint8_t *)CFDataGetBytePtr(decrypted)) == 0; \
458 }); \
459 }
460
461 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di()->oid)
462 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di()->oid)
463 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di()->oid)
464 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di()->oid)
465 PKCS1v15_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di()->oid)
466 PKCS1v15_EMSA_VERIFY_ADAPTOR(Raw, NULL)
467 PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, ccmd5_di()->oid)
468
469 PSS_EMSA_VERIFY_ADAPTOR(SHA1, ccsha1_di())
470 PSS_EMSA_VERIFY_ADAPTOR(SHA224, ccsha224_di())
471 PSS_EMSA_VERIFY_ADAPTOR(SHA256, ccsha256_di())
472 PSS_EMSA_VERIFY_ADAPTOR(SHA384, ccsha384_di())
473 PSS_EMSA_VERIFY_ADAPTOR(SHA512, ccsha512_di())
474
475 #undef PKCS1v15_EMSA_VERIFY_ADAPTOR
476 #undef PSS_EMSA_VERIFY_ADAPTOR
477
478 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context,
479 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
480 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
481 return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error);
482 }
483
484 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context,
485 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
486 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw);
487 return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error);
488 }
489
490 static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
491 CFDataRef in1, CFErrorRef *error) {
492 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
493 size_t size = SecKeyGetBlockSize(context->key);
494 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
495 if (size < minSize) {
496 return kCFNull;
497 }
498 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
499 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
500 }
501
502 __block CFTypeRef result = NULL;
503 PerformWithCFDataBuffer(size, ^(uint8_t *buffer, CFDataRef data) {
504 int err;
505 if (di != NULL) {
506 err = ccrsa_oaep_encode(di, ccrng_seckey, size, (cc_unit *)buffer,
507 CFDataGetLength(in1), CFDataGetBytePtr(in1));
508 } else {
509 err = ccrsa_eme_pkcs1v15_encode(ccrng_seckey, size, (cc_unit *)buffer,
510 CFDataGetLength(in1), CFDataGetBytePtr(in1));
511 }
512 require_noerr_action_quiet(err, out, SecError(errSecParam, error,
513 CFSTR("RSAencrypt wrong input size (err %d)"), err));
514 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, data, NULL, error), out);
515 CFAssignRetained(result, SecKeyRSACopyCCUnitToBigEndian(result, SecKeyGetBlockSize(context->key)));
516 out:;
517 });
518 return result;
519 }
520
521 static CFTypeRef SecKeyRSACopyDecryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di,
522 CFDataRef in1, CFErrorRef *error) {
523 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit);
524 size_t minSize = (di != NULL) ? di->output_size * 2 + 2 : 11;
525 if (SecKeyGetBlockSize(context->key) < minSize) {
526 return kCFNull;
527 }
528 if (context->mode == kSecKeyOperationModeCheckIfSupported) {
529 return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error);
530 }
531
532 __block CFMutableDataRef result = NULL;
533 PerformWithBigEndianToCCUnit(in1, SecKeyGetBlockSize(context->key), ^(CFDataRef ccunits) {
534 CFDataRef cc_result = NULL;
535 require_quiet(cc_result = SecKeyRunAlgorithmAndCopyResult(context, ccunits, NULL, error), out);
536 size_t size = CFDataGetLength(cc_result);
537 result = CFDataCreateMutableWithScratch(NULL, size);
538 int err;
539 if (di != NULL) {
540 err = ccrsa_oaep_decode(di, &size, CFDataGetMutableBytePtr(result),
541 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
542 } else {
543 err = ccrsa_eme_pkcs1v15_decode(&size, CFDataGetMutableBytePtr(result),
544 CFDataGetLength(cc_result), (cc_unit *)CFDataGetBytePtr(cc_result));
545 }
546 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
547 SecError(errSecParam, error, CFSTR("RSAdecrypt wrong input (err %d)"), err)));
548 CFDataSetLength(result, size);
549 out:
550 CFReleaseSafe(cc_result);
551 });
552 return result;
553 }
554
555 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
556 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
557 return SecKeyRSACopyEncryptedWithPadding(context, NULL, in1, error);
558 }
559
560 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1(SecKeyOperationContext *context,
561 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
562 return SecKeyRSACopyDecryptedWithPadding(context, NULL, in1, error);
563 }
564
565 #define RSA_OAEP_CRYPT_ADAPTOR(name, di) \
566 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## name( \
567 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
568 return SecKeyRSACopyEncryptedWithPadding(context, di, in1, error); \
569 } \
570 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## name( \
571 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
572 return SecKeyRSACopyDecryptedWithPadding(context, di, in1, error); \
573 }
574
575 RSA_OAEP_CRYPT_ADAPTOR(SHA1, ccsha1_di());
576 RSA_OAEP_CRYPT_ADAPTOR(SHA224, ccsha224_di());
577 RSA_OAEP_CRYPT_ADAPTOR(SHA256, ccsha256_di());
578 RSA_OAEP_CRYPT_ADAPTOR(SHA384, ccsha384_di());
579 RSA_OAEP_CRYPT_ADAPTOR(SHA512, ccsha512_di());
580
581 #undef RSA_OAEP_CRYPT_ADAPTOR
582
583 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize = CFSTR("requestedSize");
584 const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo = CFSTR("sharedInfo");
585
586 static CFTypeRef SecKeyECDHCopyX963Result(SecKeyOperationContext *context, const struct ccdigest_info *di,
587 CFTypeRef in1, CFTypeRef params, CFErrorRef *error) {
588 CFTypeRef result = NULL;
589 require_quiet(result = SecKeyRunAlgorithmAndCopyResult(context, in1, NULL, error), out);
590
591 if (context->mode == kSecKeyOperationModePerform) {
592 // Parse params.
593 CFTypeRef value = NULL;
594 CFIndex requestedSize = 0;
595 require_action_quiet((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterRequestedSize)) != NULL
596 && CFGetTypeID(value) == CFNumberGetTypeID() &&
597 CFNumberGetValue(value, kCFNumberCFIndexType, &requestedSize), out,
598 SecError(errSecParam, error, CFSTR("kSecKeyKeyExchangeParameterRequestedSize is missing")));
599 size_t sharedInfoLength = 0;
600 const void *sharedInfo = NULL;
601 if ((value = CFDictionaryGetValue(params, kSecKeyKeyExchangeParameterSharedInfo)) != NULL &&
602 CFGetTypeID(value) == CFDataGetTypeID()) {
603 sharedInfo = CFDataGetBytePtr(value);
604 sharedInfoLength = CFDataGetLength(value);
605 }
606
607 CFMutableDataRef kdfResult = CFDataCreateMutableWithScratch(kCFAllocatorDefault, requestedSize);
608 int err = ccansikdf_x963(di, CFDataGetLength(result), CFDataGetBytePtr(result), sharedInfoLength, sharedInfo,
609 requestedSize, CFDataGetMutableBytePtr(kdfResult));
610 CFAssignRetained(result, kdfResult);
611 require_noerr_action_quiet(err, out, (CFReleaseNull(result),
612 SecError(errSecParam, error, CFSTR("ECDHKeyExchange wrong input (%d)"), err)));
613 }
614 out:
615 return result;
616 }
617
618 #define ECDH_X963_ADAPTOR(hashname, di, cofactor) \
619 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDH ## cofactor ## X963 ## hashname( \
620 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
621 CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmECDHKeyExchange ## cofactor); \
622 return SecKeyECDHCopyX963Result(context, di, in1, in2, error); \
623 }
624
625 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Standard)
626 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Standard)
627 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Standard)
628 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Standard)
629 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Standard)
630 ECDH_X963_ADAPTOR(SHA1, ccsha1_di(), Cofactor)
631 ECDH_X963_ADAPTOR(SHA224, ccsha224_di(), Cofactor)
632 ECDH_X963_ADAPTOR(SHA256, ccsha256_di(), Cofactor)
633 ECDH_X963_ADAPTOR(SHA384, ccsha384_di(), Cofactor)
634 ECDH_X963_ADAPTOR(SHA512, ccsha512_di(), Cofactor)
635
636 #undef ECDH_X963_ADAPTOR
637
638 // Extract number value of either CFNumber or CFString.
639 static CFIndex SecKeyGetCFIndexFromRef(CFTypeRef ref) {
640 CFIndex result = 0;
641 if (CFGetTypeID(ref) == CFNumberGetTypeID()) {
642 if (!CFNumberGetValue(ref, kCFNumberCFIndexType, &result)) {
643 result = 0;
644 }
645 } else if (CFGetTypeID(ref) == CFStringGetTypeID()) {
646 result = CFStringGetIntValue(ref);
647 }
648 return result;
649 }
650
651 typedef CFDataRef (*SecKeyECIESKeyExchangeCopyResult)(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm, bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV, CFErrorRef *error);
652 typedef Boolean (*SecKeyECIESEncryptCopyResult)(CFDataRef keyExchangeResult, CFDataRef inData, CFMutableDataRef result, CFErrorRef *error);
653 typedef CFDataRef SecKeyECIESDecryptCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error);
654
655 static CFTypeRef SecKeyECIESCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
656 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
657 SecKeyECIESEncryptCopyResult encryptCopyResult, bool variableIV,
658 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
659 CFDictionaryRef parameters = NULL;
660 SecKeyRef ephemeralPrivateKey = NULL, ephemeralPublicKey = NULL;
661 CFDataRef pubKeyData = NULL, ephemeralPubKeyData = NULL, keyExchangeResult = NULL;
662 CFTypeRef result = NULL;
663 SecKeyRef originalKey = context->key;
664 CFMutableDataRef ciphertext = NULL;
665
666 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
667 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
668 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
669 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
670
671 // Generate ephemeral key.
672 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
673 CFAssignRetained(parameters, CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
674 kSecAttrKeyType, CFDictionaryGetValue(parameters, kSecAttrKeyType),
675 kSecAttrKeySizeInBits, CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits),
676 NULL));
677 require_quiet(ephemeralPrivateKey = SecKeyCreateRandomKey(parameters, error), out);
678 require_action_quiet(ephemeralPublicKey = SecKeyCopyPublicKey(ephemeralPrivateKey), out,
679 SecError(errSecParam, error, CFSTR("Unable to get public key from generated ECkey")));
680 require_quiet(ephemeralPubKeyData = SecKeyCopyExternalRepresentation(ephemeralPublicKey, error), out);
681
682 context->key = ephemeralPrivateKey;
683 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, true,
684 ephemeralPubKeyData, pubKeyData, variableIV, error), out);
685 if (context->mode == kSecKeyOperationModePerform) {
686 // Encrypt input data using AES-GCM.
687 ciphertext = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, ephemeralPubKeyData);
688 require_quiet(encryptCopyResult(keyExchangeResult, in1, ciphertext, error), out);
689 result = CFRetain(ciphertext);
690 } else {
691 result = CFRetain(keyExchangeResult);
692 }
693
694 out:
695 CFReleaseSafe(parameters);
696 CFReleaseSafe(ephemeralPrivateKey);
697 CFReleaseSafe(ephemeralPublicKey);
698 CFReleaseSafe(pubKeyData);
699 CFReleaseSafe(ephemeralPubKeyData);
700 CFReleaseSafe(keyExchangeResult);
701 CFReleaseSafe(ciphertext);
702 context->key = originalKey;
703 return result;
704 }
705
706 static CFTypeRef SecKeyECIESCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
707 SecKeyECIESKeyExchangeCopyResult keyExchangeCopyResult,
708 SecKeyECIESDecryptCopyResult decryptCopyResult, bool variableIV,
709 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
710 CFTypeRef result = NULL;
711 CFDictionaryRef parameters = NULL;
712 CFDataRef ephemeralPubKeyData = NULL, keyExchangeResult = NULL, pubKeyData = NULL;
713 SecKeyRef pubKey = NULL;
714 CFDataRef ciphertext = NULL;
715 const UInt8 *ciphertextBuffer = NULL;
716 CFIndex keySize = 0;
717
718 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
719 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
720 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom), out, result = kCFNull);
721 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
722
723 if (context->mode == kSecKeyOperationModePerform) {
724 // Extract ephemeral public key from the packet.
725 keySize = (SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits)) + 7) / 8;
726 require_action_quiet(CFDataGetLength(in1) >= keySize * 2 + 1, out,
727 SecError(errSecParam, error, CFSTR("%@: too small input packet for ECIES decrypt"), context->key));
728 ciphertextBuffer = CFDataGetBytePtr(in1);
729 ephemeralPubKeyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, keySize * 2 + 1, kCFAllocatorNull);
730 ciphertextBuffer += keySize * 2 + 1;
731
732 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
733 SecError(errSecParam, error, CFSTR("%@: Unable to get public key"), context->key));
734 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
735 }
736
737 // Perform keyExchange operation.
738 require_quiet(keyExchangeResult = keyExchangeCopyResult(context, keyExchangeAlgorithm, false,
739 ephemeralPubKeyData, pubKeyData, variableIV, error), out);
740 if (context->mode == kSecKeyOperationModePerform) {
741 // Decrypt ciphertext using AES-GCM.
742 ciphertext = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, ciphertextBuffer, CFDataGetLength(in1) - (keySize * 2 + 1),
743 kCFAllocatorNull);
744 require_quiet(result = decryptCopyResult(keyExchangeResult, ciphertext, error), out);
745 } else {
746 result = CFRetain(keyExchangeResult);
747 }
748
749 out:
750 CFReleaseSafe(parameters);
751 CFReleaseSafe(ephemeralPubKeyData);
752 CFReleaseSafe(keyExchangeResult);
753 CFReleaseSafe(pubKeyData);
754 CFReleaseSafe(pubKey);
755 CFReleaseSafe(ciphertext);
756 return result;
757 }
758
759 static const CFIndex kSecKeyIESTagLength = 16;
760 static const UInt8 kSecKeyIESIV[16] = { 0 };
761
762 static CFDataRef SecKeyECIESKeyExchangeKDFX963CopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
763 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
764 CFErrorRef *error) {
765 CFDictionaryRef parameters = NULL;
766 CFNumberRef keySizeRef = NULL;
767 CFDataRef result = NULL;
768
769 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
770 context->operation = kSecKeyOperationTypeKeyExchange;
771
772 if (context->mode == kSecKeyOperationModePerform) {
773 // Use 128bit AES for EC keys <= 256bit, 256bit AES for larger keys.
774 CFIndex keySize = ((CFDataGetLength(pubKey) - 1) / 2) * 8;
775 keySize = (keySize > 256) ? (256 / 8) : (128 / 8);
776
777 if (variableIV) {
778 keySize += sizeof(kSecKeyIESIV);
779 }
780
781 // Generate shared secret using KDF.
782 keySizeRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &keySize);
783 parameters = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
784 kSecKeyKeyExchangeParameterSharedInfo, ephemeralPubKey,
785 kSecKeyKeyExchangeParameterRequestedSize, keySizeRef,
786 NULL);
787 }
788
789 result = SecKeyRunAlgorithmAndCopyResult(context, encrypt ? pubKey : ephemeralPubKey, parameters, error);
790 if (context->mode == kSecKeyOperationModePerform && !variableIV && result != NULL) {
791 // Append all-zero IV to the result.
792 CFMutableDataRef data = CFDataCreateMutableCopy(kCFAllocatorDefault, 0, result);
793 CFDataAppendBytes(data, kSecKeyIESIV, sizeof(kSecKeyIESIV));
794 CFAssignRetained(result, data);
795 }
796 CFReleaseSafe(parameters);
797 CFReleaseSafe(keySizeRef);
798 return result;
799 }
800
801 static Boolean SecKeyECIESEncryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFMutableDataRef result,
802 CFErrorRef *error) {
803 Boolean res = FALSE;
804 CFIndex prefix = CFDataGetLength(result);
805 CFDataSetLength(result, prefix + CFDataGetLength(inData) + kSecKeyIESTagLength);
806 UInt8 *resultBuffer = CFDataGetMutableBytePtr(result) + prefix;
807 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(inData);
808 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
809 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
810 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
811 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
812 sizeof(kSecKeyIESIV), ivBuffer,
813 0, NULL,
814 CFDataGetLength(inData), CFDataGetBytePtr(inData),
815 resultBuffer, kSecKeyIESTagLength, tagBuffer) == 0, out,
816 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm encrypt data")));
817 res = TRUE;
818 out:
819 return res;
820 }
821
822 static CFDataRef SecKeyECIESDecryptAESGCMCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error) {
823 CFDataRef result = NULL;
824 CFMutableDataRef plaintext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData) - kSecKeyIESTagLength);
825 CFMutableDataRef tag = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), kSecKeyIESTagLength);
826 CFDataGetBytes(inData, CFRangeMake(CFDataGetLength(inData) - kSecKeyIESTagLength, kSecKeyIESTagLength),
827 CFDataGetMutableBytePtr(tag));
828 CFIndex aesKeySize = CFDataGetLength(keyExchangeResult) - sizeof(kSecKeyIESIV);
829 const UInt8 *ivBuffer = CFDataGetBytePtr(keyExchangeResult) + aesKeySize;
830 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
831 aesKeySize, CFDataGetBytePtr(keyExchangeResult),
832 sizeof(kSecKeyIESIV), ivBuffer,
833 0, NULL,
834 CFDataGetLength(plaintext), CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(plaintext),
835 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
836 SecError(errSecParam, error, CFSTR("ECIES: Failed to aes-gcm decrypt data")));
837 result = CFRetain(plaintext);
838 out:
839 CFReleaseSafe(plaintext);
840 CFReleaseSafe(tag);
841 return result;
842 }
843
844 #define ECIES_X963_ADAPTOR(hashname, cofactor, namepart, variableIV) \
845 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIES ## cofactor ## namepart ## hashname( \
846 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
847 return SecKeyECIESCopyEncryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
848 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESEncryptAESGCMCopyResult, variableIV, in1, in2, error); \
849 } \
850 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES ## cofactor ## namepart ## hashname( \
851 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
852 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchange ## cofactor ## X963 ## hashname, \
853 SecKeyECIESKeyExchangeKDFX963CopyResult, SecKeyECIESDecryptAESGCMCopyResult, variableIV, in1, in2, error); \
854 }
855
856 ECIES_X963_ADAPTOR(SHA1, Standard, X963, false)
857 ECIES_X963_ADAPTOR(SHA224, Standard, X963, false)
858 ECIES_X963_ADAPTOR(SHA256, Standard, X963, false)
859 ECIES_X963_ADAPTOR(SHA384, Standard, X963, false)
860 ECIES_X963_ADAPTOR(SHA512, Standard, X963, false)
861 ECIES_X963_ADAPTOR(SHA1, Cofactor, X963, false)
862 ECIES_X963_ADAPTOR(SHA224, Cofactor, X963, false)
863 ECIES_X963_ADAPTOR(SHA256, Cofactor, X963, false)
864 ECIES_X963_ADAPTOR(SHA384, Cofactor, X963, false)
865 ECIES_X963_ADAPTOR(SHA512, Cofactor, X963, false)
866
867 ECIES_X963_ADAPTOR(SHA224, Standard, VariableIVX963, true)
868 ECIES_X963_ADAPTOR(SHA256, Standard, VariableIVX963, true)
869 ECIES_X963_ADAPTOR(SHA384, Standard, VariableIVX963, true)
870 ECIES_X963_ADAPTOR(SHA512, Standard, VariableIVX963, true)
871 ECIES_X963_ADAPTOR(SHA224, Cofactor, VariableIVX963, true)
872 ECIES_X963_ADAPTOR(SHA256, Cofactor, VariableIVX963, true)
873 ECIES_X963_ADAPTOR(SHA384, Cofactor, VariableIVX963, true)
874 ECIES_X963_ADAPTOR(SHA512, Cofactor, VariableIVX963, true)
875
876 #undef ECIES_X963_ADAPTOR
877
878 static CFDataRef SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult(SecKeyOperationContext *context, SecKeyAlgorithm keyExchangeAlgorithm,
879 bool encrypt, CFDataRef ephemeralPubKey, CFDataRef pubKey, bool variableIV,
880 CFErrorRef *error) {
881 CFArrayAppendValue(context->algorithm, keyExchangeAlgorithm);
882 context->operation = kSecKeyOperationTypeKeyExchange;
883 CFMutableDataRef result = (CFMutableDataRef)SecKeyRunAlgorithmAndCopyResult(context, ephemeralPubKey, NULL, error);
884 if (result != NULL && context->mode == kSecKeyOperationModePerform) {
885 const struct ccdigest_info *di = ccsha256_di();
886 ccdigest_di_decl(di, ctx);
887 ccdigest_init(di, ctx);
888 ccdigest_update(di, ctx, CFDataGetLength(result), CFDataGetBytePtr(result));
889 ccdigest_update(di, ctx, CFDataGetLength(ephemeralPubKey), CFDataGetBytePtr(ephemeralPubKey));
890 ccdigest_update(di, ctx, CFDataGetLength(pubKey), CFDataGetBytePtr(pubKey));
891 CFAssignRetained(result, CFDataCreateMutableWithScratch(kCFAllocatorDefault, di->output_size));
892 ccdigest_final(di, ctx, CFDataGetMutableBytePtr(result));
893 }
894 return result;
895 }
896
897 static CFDataRef SecKeyECIESDecryptAESCBCCopyResult(CFDataRef keyExchangeResult, CFDataRef inData, CFErrorRef *error) {
898 CFMutableDataRef result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(inData));
899 cccbc_one_shot(ccaes_cbc_decrypt_mode(),
900 CFDataGetLength(keyExchangeResult), CFDataGetBytePtr(keyExchangeResult),
901 NULL, CFDataGetLength(keyExchangeResult) / CCAES_BLOCK_SIZE,
902 CFDataGetBytePtr(inData), CFDataGetMutableBytePtr(result));
903 return result;
904 }
905
906 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys(
907 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
908 return SecKeyECIESCopyDecryptedData(context, kSecKeyAlgorithmECDHKeyExchangeStandard,
909 SecKeyECIESKeyExchangeSHA2562PubKeysCopyResult,
910 SecKeyECIESDecryptAESCBCCopyResult, false,
911 in1, in2, error);
912 }
913
914 static CFTypeRef SecKeyRSAAESGCMCopyEncryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
915 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
916 CFTypeRef result = NULL;
917 CFDictionaryRef parameters = NULL;
918 CFDataRef pubKeyData = NULL, wrappedKey = NULL, sessionKey = NULL;
919 CFMutableDataRef ciphertext = NULL;
920
921 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
922 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
923 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
924 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPublic), out, result = kCFNull);
925
926 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
927 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
928 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
929
930 // Generate session key. Use 128bit AES for RSA keys < 4096bit, 256bit AES for larger keys.
931 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(context->key, error), out);
932 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
933 require_action_quiet(sessionKey = CFDataCreateWithRandomBytes((keySize >= 4096) ? (256 / 8) : (128 / 8)), out,
934 SecError(errSecParam, error, CFSTR("Failed to generate session key")));
935
936 // Encrypt session key using wrapping algorithm and store at the beginning of the result packet.
937 require_action_quiet(wrappedKey = SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error), out,
938 CFReleaseNull(result));
939 ciphertext = CFDataCreateMutableWithScratch(kCFAllocatorDefault, CFDataGetLength(wrappedKey) + CFDataGetLength(in1) + kSecKeyIESTagLength);
940 UInt8 *resultBuffer = CFDataGetMutableBytePtr(ciphertext);
941 CFDataGetBytes(wrappedKey, CFRangeMake(0, CFDataGetLength(wrappedKey)), resultBuffer);
942 resultBuffer += CFDataGetLength(wrappedKey);
943
944 // Encrypt input data using AES-GCM.
945 UInt8 *tagBuffer = resultBuffer + CFDataGetLength(in1);
946 require_action_quiet(ccgcm_one_shot(ccaes_gcm_encrypt_mode(),
947 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
948 sizeof(kSecKeyIESIV), kSecKeyIESIV,
949 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
950 CFDataGetLength(in1), CFDataGetBytePtr(in1), resultBuffer,
951 kSecKeyIESTagLength, tagBuffer) == 0, out,
952 SecError(errSecParam, error, CFSTR("RSAWRAP: Failed to aes-gcm encrypt data")));
953 result = CFRetain(ciphertext);
954
955 out:
956 CFReleaseSafe(parameters);
957 CFReleaseSafe(pubKeyData);
958 CFReleaseSafe(wrappedKey);
959 CFReleaseSafe(sessionKey);
960 CFReleaseSafe(ciphertext);
961 return result;
962 }
963
964 static CFTypeRef SecKeyRSAAESGCMCopyDecryptedData(SecKeyOperationContext *context, SecKeyAlgorithm keyWrapAlgorithm,
965 CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) {
966 CFTypeRef result = NULL;
967 CFDictionaryRef parameters = NULL;
968 CFMutableDataRef plaintext = NULL, tag = NULL;
969 CFDataRef pubKeyData = NULL, sessionKey = NULL;
970 SecKeyRef pubKey = NULL;
971
972 require_action_quiet(parameters = SecKeyCopyAttributes(context->key), out,
973 SecError(errSecParam, error, CFSTR("Unable to export key parameters")));
974 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyType), kSecAttrKeyTypeRSA), out, result = kCFNull);
975 require_action_quiet(CFEqual(CFDictionaryGetValue(parameters, kSecAttrKeyClass), kSecAttrKeyClassPrivate), out, result = kCFNull);
976
977 CFArrayAppendValue(context->algorithm, keyWrapAlgorithm);
978 require_action_quiet(context->mode == kSecKeyOperationModePerform, out,
979 result = SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error));
980
981 // Extract encrypted session key.
982 require_action_quiet(pubKey = SecKeyCopyPublicKey(context->key), out,
983 SecError(errSecParam, error, CFSTR("%@: unable to get public key"), context->key));
984 require_quiet(pubKeyData = SecKeyCopyExternalRepresentation(pubKey, error), out);
985
986 CFIndex wrappedKeySize = SecKeyGetBlockSize(context->key);
987 require_action_quiet(CFDataGetLength(in1) >= wrappedKeySize + kSecKeyIESTagLength, out,
988 SecError(errSecParam, error, CFSTR("RSA-WRAP too short input data")));
989 sessionKey = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, CFDataGetBytePtr(in1), wrappedKeySize, kCFAllocatorNull);
990
991 // Decrypt session key.
992 CFAssignRetained(sessionKey, SecKeyRunAlgorithmAndCopyResult(context, sessionKey, NULL, error));
993 require_quiet(sessionKey, out);
994 CFIndex keySize = SecKeyGetCFIndexFromRef(CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits));
995 keySize = (keySize >= 4096) ? (256 / 8) : (128 / 8);
996 require_action_quiet(CFDataGetLength(sessionKey) == keySize, out,
997 SecError(errSecParam, error, CFSTR("RSA-WRAP bad ciphertext, unexpected session key size")));
998
999 // Decrypt ciphertext using AES-GCM.
1000 plaintext = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), CFDataGetLength(in1) - wrappedKeySize - kSecKeyIESTagLength);
1001 tag = CFDataCreateMutableWithScratch(kCFAllocatorDefault, kSecKeyIESTagLength);
1002 CFDataGetBytes(in1, CFRangeMake(CFDataGetLength(in1) - kSecKeyIESTagLength, kSecKeyIESTagLength),
1003 CFDataGetMutableBytePtr(tag));
1004 const UInt8 *ciphertextBuffer = CFDataGetBytePtr(in1);
1005 ciphertextBuffer += wrappedKeySize;
1006 require_action_quiet(ccgcm_one_shot(ccaes_gcm_decrypt_mode(),
1007 CFDataGetLength(sessionKey), CFDataGetBytePtr(sessionKey),
1008 sizeof(kSecKeyIESIV), kSecKeyIESIV,
1009 CFDataGetLength(pubKeyData), CFDataGetBytePtr(pubKeyData),
1010 CFDataGetLength(plaintext), ciphertextBuffer, CFDataGetMutableBytePtr(plaintext),
1011 kSecKeyIESTagLength, CFDataGetMutableBytePtr(tag)) == 0, out,
1012 SecError(errSecParam, error, CFSTR("RSA-WRAP: Failed to aes-gcm decrypt data")));
1013 result = CFRetain(plaintext);
1014
1015 out:
1016 CFReleaseSafe(parameters);
1017 CFReleaseSafe(sessionKey);
1018 CFReleaseSafe(tag);
1019 CFReleaseSafe(pubKeyData);
1020 CFReleaseSafe(pubKey);
1021 CFReleaseSafe(plaintext);
1022 return result;
1023 }
1024
1025 #define RSA_OAEP_AESGCM_ADAPTOR(hashname) \
1026 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1027 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1028 return SecKeyRSAAESGCMCopyEncryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1029 } \
1030 static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEP ## hashname ## AESGCM( \
1031 SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \
1032 return SecKeyRSAAESGCMCopyDecryptedData(context, kSecKeyAlgorithmRSAEncryptionOAEP ## hashname, in1, in2, error); \
1033 }
1034
1035 RSA_OAEP_AESGCM_ADAPTOR(SHA1)
1036 RSA_OAEP_AESGCM_ADAPTOR(SHA224)
1037 RSA_OAEP_AESGCM_ADAPTOR(SHA256)
1038 RSA_OAEP_AESGCM_ADAPTOR(SHA384)
1039 RSA_OAEP_AESGCM_ADAPTOR(SHA512)
1040
1041 #undef RSA_OAEP_AESGCM_ADAPTOR
1042
1043 SecKeyAlgorithmAdaptor SecKeyGetAlgorithmAdaptor(SecKeyOperationType operation, SecKeyAlgorithm algorithm) {
1044 static CFDictionaryRef adaptors[kSecKeyOperationTypeCount];
1045 static dispatch_once_t onceToken;
1046 dispatch_once(&onceToken, ^{
1047 const void *signKeys[] = {
1048 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1049 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1050 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1051 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1052 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1053 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1054 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1055
1056 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1057 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1058 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1059 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1060 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1061
1062 kSecKeyAlgorithmRSASignatureRaw,
1063 kSecKeyAlgorithmRSASignatureRawCCUnit,
1064
1065 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1066 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1067 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1068 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1069 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1070 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1071
1072 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1073 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1074 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1075 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1076 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1077
1078 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1079 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1080 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1081 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1082 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1083
1084 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1085 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1086 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1087 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1088 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1089 };
1090 const void *signValues[] = {
1091 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA1,
1092 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA224,
1093 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA256,
1094 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA384,
1095 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15SHA512,
1096 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15Raw,
1097 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPKCS1v15MD5,
1098
1099 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA1,
1100 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA224,
1101 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA256,
1102 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA384,
1103 SecKeyAlgorithmAdaptorCopyResult_Sign_RSASignatureDigestPSSSHA512,
1104
1105 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw,
1106 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit,
1107
1108 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1109 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1110 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1111 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1112 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1113 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1114
1115 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1116 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1117 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1118 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1119 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1120
1121 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1122 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1123 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1124 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1125 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1126
1127 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1128 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1129 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1130 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1131 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1132 };
1133 check_compile_time(array_size(signKeys) == array_size(signValues));
1134 adaptors[kSecKeyOperationTypeSign] = CFDictionaryCreate(kCFAllocatorDefault, signKeys, signValues,
1135 array_size(signKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1136
1137 const void *verifyKeys[] = {
1138 kSecKeyAlgorithmRSASignatureRaw,
1139
1140 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
1141 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224,
1142 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
1143 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
1144 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
1145 kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw,
1146 kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5,
1147
1148 kSecKeyAlgorithmRSASignatureDigestPSSSHA1,
1149 kSecKeyAlgorithmRSASignatureDigestPSSSHA224,
1150 kSecKeyAlgorithmRSASignatureDigestPSSSHA256,
1151 kSecKeyAlgorithmRSASignatureDigestPSSSHA384,
1152 kSecKeyAlgorithmRSASignatureDigestPSSSHA512,
1153
1154 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1,
1155 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224,
1156 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256,
1157 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384,
1158 kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512,
1159 kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5,
1160
1161 kSecKeyAlgorithmRSASignatureMessagePSSSHA1,
1162 kSecKeyAlgorithmRSASignatureMessagePSSSHA224,
1163 kSecKeyAlgorithmRSASignatureMessagePSSSHA256,
1164 kSecKeyAlgorithmRSASignatureMessagePSSSHA384,
1165 kSecKeyAlgorithmRSASignatureMessagePSSSHA512,
1166
1167 kSecKeyAlgorithmECDSASignatureMessageX962SHA1,
1168 kSecKeyAlgorithmECDSASignatureMessageX962SHA224,
1169 kSecKeyAlgorithmECDSASignatureMessageX962SHA256,
1170 kSecKeyAlgorithmECDSASignatureMessageX962SHA384,
1171 kSecKeyAlgorithmECDSASignatureMessageX962SHA512,
1172
1173 kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
1174 kSecKeyAlgorithmECDSASignatureDigestX962SHA224,
1175 kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
1176 kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
1177 kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
1178 };
1179 const void *verifyValues[] = {
1180 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw,
1181
1182 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA1,
1183 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA224,
1184 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA256,
1185 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA384,
1186 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15SHA512,
1187 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15Raw,
1188 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15MD5,
1189
1190 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA1,
1191 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA224,
1192 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA256,
1193 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA384,
1194 SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPSSSHA512,
1195
1196 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA1,
1197 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA224,
1198 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA256,
1199 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA384,
1200 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15SHA512,
1201 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePKCS1v15MD5,
1202
1203 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA1,
1204 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA224,
1205 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA256,
1206 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA384,
1207 SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureMessagePSSSHA512,
1208
1209 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA1,
1210 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA224,
1211 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA256,
1212 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA384,
1213 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureMessageX962SHA512,
1214
1215 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA1,
1216 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA224,
1217 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA256,
1218 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA384,
1219 SecKeyAlgorithmAdaptorCopyResult_SignVerify_ECDSASignatureDigestX962SHA512,
1220 };
1221 check_compile_time(array_size(verifyKeys) == array_size(verifyValues));
1222 adaptors[kSecKeyOperationTypeVerify] = CFDictionaryCreate(kCFAllocatorDefault, verifyKeys, verifyValues,
1223 array_size(verifyKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1224
1225 const void *encryptKeys[] = {
1226 kSecKeyAlgorithmRSAEncryptionRaw,
1227 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1228
1229 kSecKeyAlgorithmRSAEncryptionPKCS1,
1230 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1231 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1232 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1233 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1234 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1235
1236 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1237 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1238 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1239 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1240 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1241
1242 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1243 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1244 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1245 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1246 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1247
1248 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1249 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1250 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1251 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1252 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1253
1254 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1255 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1256 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1257 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1258
1259 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1260 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1261 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1262 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1263 };
1264 const void *encryptValues[] = {
1265 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1266 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1267
1268 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionPKCS1,
1269 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1,
1270 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224,
1271 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256,
1272 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384,
1273 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512,
1274
1275 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA1AESGCM,
1276 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA224AESGCM,
1277 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA256AESGCM,
1278 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA384AESGCM,
1279 SecKeyAlgorithmAdaptorCopyResult_Encrypt_RSAEncryptionOAEPSHA512AESGCM,
1280
1281 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA1,
1282 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA224,
1283 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA256,
1284 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA384,
1285 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardX963SHA512,
1286
1287 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA1,
1288 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA224,
1289 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA256,
1290 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA384,
1291 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorX963SHA512,
1292
1293 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA224,
1294 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA256,
1295 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA384,
1296 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESStandardVariableIVX963SHA512,
1297
1298 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA224,
1299 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA256,
1300 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA384,
1301 SecKeyAlgorithmAdaptorCopyResult_Encrypt_ECIESCofactorVariableIVX963SHA512,
1302 };
1303 check_compile_time(array_size(encryptKeys) == array_size(encryptValues));
1304 adaptors[kSecKeyOperationTypeEncrypt] = CFDictionaryCreate(kCFAllocatorDefault, encryptKeys, encryptValues,
1305 array_size(encryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1306
1307 const void *decryptKeys[] = {
1308 kSecKeyAlgorithmRSAEncryptionRaw,
1309 kSecKeyAlgorithmRSAEncryptionRawCCUnit,
1310
1311 kSecKeyAlgorithmRSAEncryptionPKCS1,
1312 kSecKeyAlgorithmRSAEncryptionOAEPSHA1,
1313 kSecKeyAlgorithmRSAEncryptionOAEPSHA224,
1314 kSecKeyAlgorithmRSAEncryptionOAEPSHA256,
1315 kSecKeyAlgorithmRSAEncryptionOAEPSHA384,
1316 kSecKeyAlgorithmRSAEncryptionOAEPSHA512,
1317
1318 kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM,
1319 kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM,
1320 kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM,
1321 kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM,
1322 kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM,
1323
1324 kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM,
1325 kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM,
1326 kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM,
1327 kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM,
1328 kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
1329
1330 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM,
1331 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM,
1332 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM,
1333 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM,
1334 kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM,
1335
1336 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM,
1337 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM,
1338 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM,
1339 kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM,
1340
1341 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM,
1342 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM,
1343 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM,
1344 kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM,
1345
1346 kSecKeyAlgorithmECIESEncryptionAKSSmartCard,
1347 };
1348 const void *decryptValues[] = {
1349 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw,
1350 SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit,
1351
1352 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionPKCS1,
1353 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1,
1354 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224,
1355 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256,
1356 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384,
1357 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512,
1358
1359 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA1AESGCM,
1360 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA224AESGCM,
1361 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA256AESGCM,
1362 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA384AESGCM,
1363 SecKeyAlgorithmAdaptorCopyResult_Decrypt_RSAEncryptionOAEPSHA512AESGCM,
1364
1365 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA1,
1366 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA224,
1367 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA256,
1368 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA384,
1369 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardX963SHA512,
1370
1371 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA1,
1372 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA224,
1373 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA256,
1374 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA384,
1375 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorX963SHA512,
1376
1377 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA224,
1378 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA256,
1379 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA384,
1380 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESStandardVariableIVX963SHA512,
1381
1382 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA224,
1383 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA256,
1384 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA384,
1385 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIESCofactorVariableIVX963SHA512,
1386
1387 SecKeyAlgorithmAdaptorCopyResult_Decrypt_ECIES_Standard_SHA256_2PubKeys,
1388 };
1389 check_compile_time(array_size(decryptKeys) == array_size(decryptValues));
1390 adaptors[kSecKeyOperationTypeDecrypt] = CFDictionaryCreate(kCFAllocatorDefault, decryptKeys, decryptValues,
1391 array_size(decryptKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1392
1393 const void *keyExchangeKeys[] = {
1394 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1,
1395 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224,
1396 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256,
1397 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384,
1398 kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512,
1399
1400 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1,
1401 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224,
1402 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256,
1403 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384,
1404 kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512,
1405 };
1406 const void *keyExchangeValues[] = {
1407
1408 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA1,
1409 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA224,
1410 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA256,
1411 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA384,
1412 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHStandardX963SHA512,
1413
1414 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA1,
1415 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA224,
1416 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA256,
1417 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA384,
1418 SecKeyAlgorithmAdaptorCopyResult_KeyExchange_ECDHCofactorX963SHA512,
1419 };
1420 check_compile_time(array_size(keyExchangeKeys) == array_size(keyExchangeKeys));
1421 adaptors[kSecKeyOperationTypeKeyExchange] = CFDictionaryCreate(kCFAllocatorDefault, keyExchangeKeys, keyExchangeValues,
1422 array_size(keyExchangeKeys), &kCFTypeDictionaryKeyCallBacks, NULL);
1423 });
1424
1425 return CFDictionaryGetValue(adaptors[operation], algorithm);
1426 }
mirror of Security